Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Notes from the IAPP President (June 1, 2011)
There is perhaps no greater indication of the raised profile of data protection than the fact it is on the agenda of this week’s G8 Summit.
China issues data handling guidelines for public comment (June 1, 2011)
What happens when you combine a few high-profile cases along with some cries for standards from the business community? Even the Chinese government gets interested in expanding personal privacy rights. While no one would mistake China as a pioneer in the area of personal data privacy protection, several efforts have been made in recent years—most notably changes to Chinese criminal and tort law. These developments have been able to fill some of the void resulting from previous failed attempts to adopt a comprehensive national law on data privacy.
Cloud computing privacy and data security: Domestic and international issues (June 1, 2011)
With data storage costs plummeting, a great deal of information that was once stored on local computer hard drives is now being stored on remote servers, sometimes referred to as “clouds.” The term “cloud computing” has many meanings, but in general, it refers to the outsourcing of data processing functions to a group of servers connected via the Internet. Cloud computing offers the scalable use of information technology (IT) resources and facilities to save costs. In some cases, entire technological processes are transferred to the cloud; in others, cloud computing simply covers peaks in demand that overburden internal IT infrastructures.
Reducing social media risk (June 1, 2011)
Social media is carrying more and more information of all kinds every minute—business and personal, helpful and harmful. The potential for serious consequences to an organization through private and privileged information being unleashed via social networking is increasing dramatically every day.
FRANCE—Whistleblowing—Not the end of story (June 1, 2011)
After having released its revised “Standard Authorization” on professional alert systems at the end of December 2010, the CNIL is granting specific authorizations to professional alert systems implemented by data controllers for very targeted purposes.
FRANCE—Cookies and security breach amendments to French DP Law (June 1, 2011)
Last year, the French Parliament authorized the government to implement by way of “ordinance” the so-called “telecom package” of Directives of 25 November 2009 (2009/139/EC and 2009/140/EC). The draft text includes an amendment to the provision of the French Data Protection Act relating to cookies and other web beacons. The government just completed a public consultation on the text, and the CNIL’s opinion is forthcoming.
ITALY—The “Google Suggest” case (June 1, 2011)
On 31 March 2011, the Court of Milan declared Google, Inc., liable for defamation in relation to its Google Suggest “auto-complete” function that recommends words and characters to complete a partial search for its users.
Fulbright funds privacy pro grant (June 1, 2011)
Harry Valetk, corporate privacy director for Metlife’s Global Privacy Office, was selected for a Fulbright Senior Specialist grant in February to represent the United States at the University of Oxford, United Kingdom. The grant lets working professionals engage in research and teaching opportunities typically reserved for traditional Fulbright scholars. Valetk spent two weeks at the university conducting research, teaching a seminar and attending a conference on free speech.
CSA to help develop cloud standards (June 1, 2011)
The Cloud Security Alliance has announced it will collaborate with the International Organization for Standardization/International Electrotechnical Commission on the development of cloud security and privacy standards.
Finding best practices through research (June 1, 2011)
Information is a valuable asset, and keeping that information safe and secure is essential. Yet, how does an organization know if it has the appropriate security standards and procedures in place? How does an organization’s data security practices compare to other organizations? And after a security incident, how does a company determine loss? The answers to these questions are not easy ones. To help deal with them, two privacy experts have teamed up to research current information governance practices.
EASA releases OBA recommendations (June 1, 2011)
The European Advertising Standards Alliance has released its Best Practice Recommendation on Online Behavioural Advertising. The guidance intends to promote an industry-wide self-regulatory standard for the practice.
This month on the Privacy List (June 1, 2011)
Privacy pros continue to use the Privacy List as a forum to query their peers on a host of issues, both large and small. Participants put forth a variety of questions through which resources and practical advice are sought and discovered. In recent weeks, the privacy community has employed the list to share information on the potential impact of breaking news. For example, when news of Epsilon’s data breach came in early April, privacy pros turned to the list to share their knowledge of which businesses were affected, posting running tallies as they became known.