Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Notes from the IAPP President (July 1, 2011)
At the recent e-G8 Forum in Paris, French President Nicolas Sarkozy renewed his call for a more “civilized Internet.” It’s a term he has used before in calls to stamp out the practice of online copyright infringement. I think it also offers a unique way for us to think about privacy and data protection. When it comes to privacy, what does a civilized Internet look like?
India: Implications of the new information technology rules (July 1, 2011)
India has recently extended its information technology laws to embrace wider data privacy issues. These new regulations will have some impact on those outsourcing to India, but will be more significant for those conducting business in India. Set out here is a summary of the key changes brought about by these laws along with some of the issues that they raise.
Privacy software to protect patient records (July 1, 2011)
What’s the best way to protect people’s personal health information (PHI) while using the data to benefit society? That’s a crucial question for physicians and their patients, as well as for the epidemiologists, health researchers and public officials who rely on high-quality data to improve the delivery of healthcare, cure diseases and stop pandemics.
New theory of harm in data breach cases (July 1, 2011)
In the United States, 515 million records have been lost in data breaches since 2005. Customers seeking recovery after the loss of their personal information in data breaches have not been successful in recovering damages if they are not victims of identity theft. This lack of success can be attributed to an inability to articulate a concrete or particularized harm. Despite past setbacks, customers continue to search for legal theories to hold companies accountable.
Forging a path into the privacy profession—one expert’s journey (July 1, 2011)
CANADA—Federal commissioner releases findings (July 1, 2011)
In October 2010, the federal privacy commissioner of Canada published a Preliminary Letter of Findings after the Office of the Privacy Commissioner (OPC) conducted an investigation into Google’s collection of payload data from unencrypted WiFi using its Street View cars. The Letter of Findings included a number of recommendations and a requirement that Google respond to the OPC concerning the implementation of those recommendations on or before February 1, 2011.
FRANCE—Security breach impacting HADOPI (July 1, 2011)
Five months after having begun sending hundreds of thousands of warning letters to online infringers with high media coverage, HADOPI—the authority in charge of digital copyright enforcement—became the victim of a security breach.
UK—No cookie consent enforcement for 12 months (July 1, 2011)
The UK Information Commissioner’s Office (ICO) has confirmed that it will not enforce new cookie “consent” requirements introduced under the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (PECR) for a period of 12 months.
UK—£120,000 fine for misdirected e-mails (July 1, 2011)
The ICO has imposed a £120,000 fine on Surrey County Council for a serious breach of the Data Protection Act 1998, after staff sent a series of misdirected e-mails containing sensitive personal information to the wrong recipients.
UK—Data thieves prosecuted (July 1, 2011)
Two former employees of UK mobile operator T-Mobile who stole and sold customer data from the company in 2008 have been successfully prosecuted and ordered to pay a total of £73,700 in fines or face prison.
UK—ICO’s data sharing code (July 1, 2011)
In May, the Information Commissioner’s Office issued a code of practice on lawful data sharing arrangements by both public- and private-sector organisations. The code recommends that organisations put in place standard procedures to record what data is shared, with whom and for what purposes, and to ensure that any such sharing is done securely.
Protecting privacy in the education landscape (July 1, 2011)
While recent large-scale data breaches have garnered much attention worldwide, smaller breaches at colleges and universities have also had a significant impact, prompting scrutiny, criticism and, in some cases, new legislation. The Privacy Advisor caught up with Foley & Lardner senior counsel Peter McLaughlin at the recent Practical Privacy Series event in Boston, Mass. McLaughlin, who recently published a book about protecting personally identifiable information in higher education, shared his perspective on the current landscape.
This month on the Privacy List (July 1, 2011)
Where does an emerging privacy office belong within a company? In the legal department? IT? Internal compliance?
Summer Reads: Privacy pros turn the pages (July 1, 2011)The Privacy Advisor
asked privacy pros about their personal and professional reading preferences. Responses covered a disparate and diverse span of text, including fiction, privacy textbooks, philosophy and even an early hacker article.