Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
California Supreme Court rules that ZIP codes are personal identification information (March 17, 2011)
Retail stores across California routinely ask customers to provide a ZIP code when making a purchase. This practice may now be prohibited following the California Supreme Court decision in Pineda v. Williams Sonoma, __ Cal. 4th__ (February 10, 2011), holding that ZIP codes are "personal identification information” for the purposes of the Song-Beverly Credit Card Act.
Notes from the IAPP President (March 1, 2011)
I cannot recall a time in the past decade when there has been so much activity in the field of privacy. This month’s Privacy Advisor articles cover a breadth of topics, including the Federal Trade Commission and Department of Commerce privacy reports, the use of analytics and privacy enhancing technologies, recent rulings in Canadian and Israeli courts and a case coming up in the U.S. Supreme Court. All of this activity creates substantial challenges for our members.
A comparison of the recent FTC and Commerce Department data privacy frameworks (March 1, 2011)
The privacy landscape in the U.S. is undergoing a major revamping. In December, the Federal Trade Commission (FTC) and the Department of Commerce (DoC) separately proposed new policy frameworks for analyzing data privacy. These proposals are the culmination of separate—and comprehensive—reviews conducted by the agencies over the past year. This article summarizes the two proposed frameworks, explores where they are similar and where they differ and suggests what impact these frameworks, if adopted, may have on businesses that collect, use or disclose information about consumers.
The ethical use of analytics (March 1, 2011)
The term “analytics” refers to the use of information technology to harness statistics, algorithms and other tools of mathematics to improve decision-making. A wide variety of organizations use analytics to convert data to actionable knowledge. Analytics represent a change from the long-standing approaches to management that often relied on instinct and were largely unsupported and undocumented. Analytics permit corporate decision-making to be driven, assessed and tested by the use of data.
Government options for encouraging use of online privacy-enhancing technologies (March 1, 2011)
Recent reports issued by the U.S. Federal Trade Commission and U.S. Department of Commerce call for the use of “privacy-enhancing technologies” (PETs) to improve the quality of information and privacy choice control mechanisms available to individual Internet users. But how will government encourage the use of such technologies? This article briefly surveys the array of regulatory tools available to the government and suggests that mandates of specific PETs be used as a tool of last resort.
Privacy at issue in upcoming Supreme Court case (March 1, 2011)
Privacy professionals may find an upcoming United States Supreme Court case, Sorrell v. IMS Health, to be of interest. Certiorari was granted on January 7, 2011, and both sides are actively engaged in preparing for the case at this time.
CANADA — Court’s e-mail decision raises implications (March 1, 2011)
In December 2010, the Ontario Superior Court of Justice, Divisional Court, issued its Reason for Decision in a case dealing with an access request made to the City of Ottawa requesting an employee’s e-mails.
FRANCE — Focus on consumer online protection: more investigations ahead (March 1, 2011)
The Secretary of State in charge of consumption matters, the data protection authority and the authority in charge of competition regulation and consumer protection have signed a cooperation protocol to improve the protection of consumers’ personal data in the e-commerce environment.
FRANCE — The CNIL under attack? (March 1, 2011)
The French data protection authority, CNIL, is one of the few authorities to have survived the French Government’s restructuring initiatives, which began in 2009.
UK — Two councils fined for the loss of unencrypted laptops (March 1, 2011)
The ICO has handed out monetary penalties of £80,000 and £70,000 to Ealing Council and Hounslow Council, respectively, after two unencrypted laptops containing sensitive personal data of around 1,700 individuals were stolen from the home of an employee of Ealing Council.
Technologists hired to help regulators (March 1, 2011)
As technology advances, so must privacy regulators’ knowledge and understanding of such technologies. Without understanding how various technologies function, it is difficult to determine whether privacy is protected within those functions and equally as difficult to investigate resulting breaches. In this vein, some regulators have begun hiring technologists on staff.
Medical Device Privacy Consortium formed (March 1, 2011)
Privacy and compliance leaders in the medical device industry have formed the Medical Device Privacy Consortium, which will focus on addressing the data privacy challenges that medical device companies face.
This month on the Privacy List (March 1, 2011)
Privacy pros continue to turn to the IAPP Privacy List to share knowledge and ask questions on the topics most relevant to them and their daily job functions. When a major privacy-related headline drops, it’s often not long after that list activity accelerates with questions or predictions on how such news will affect the status quo.