Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Notes from the IAPP President (September 1, 2011)
In this month’s Privacy Advisor
, our legislative issue, we take a look at past, present and potential privacy legislation, with articles about the Article 29 Working Party’s opinion on “consent,” the current legislative landscape in the U.S. and a potential amendment to the EU Data Protection Directive that would require data-handling organizations to appoint data protection officers.
How 9/11 changed privacy (September 1, 2011)
How did the events of September 11, 2001, change privacy? To answer that question, it helps to identify just how much privacy has evolved over the past decade. In that timeframe, “you have the growth globally of an interest in privacy—including consumer privacy—and that’s reflected in many ways,” said Jim Dempsey, vice president for public policy at the Center for Democracy & Technology (CDT), a civil liberties group based in Washington.
Anniversary of a bill (September 1, 2011)
The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996. On the occasion of its fifteenth anniversary, The Privacy Advisor
takes a closer look.
EU Article 29 Working Party issues opinion on “consent” (September 1, 2011)
On 13 July 2011, the Article 29 Working Party adopted an opinion on the definition of consent (WP 187). The opinion—which makes to a large extent reference to previous opinions and contains a number of examples—basically reconfirms the Working Party’s rather strict and narrow interpretation of the notion of consent.
Inching toward consensus: A roundup of U.S. privacy legislation (September 1, 2011)
The prospects for major new privacy regulation emerging from the U.S. Congress during the remainder of the current session continue to be elusive. In spite of privacy’s status as the rare bipartisan issue, its span across multiple committee jurisdictions and agencies; lack of any national emergency, and absence of a concerted interest group pose significant obstacles to any broad-based privacy bill.
Will the European Commission require DPOs at all organizations? (September 1, 2011)
As the European Commission reviews its legal framework on data protection, European Directive 95/46/EC, it considers implementing a mandatory requirement that all data processing organizations employ a data protection officer. A two-month public consultation period—which concluded earlier this year—generated submissions from 288 organizations and individuals. While stakeholders have been vocal, the commission itself has remained tight-lipped about the potential mandate’s likelihood, leaving stakeholders and others to speculate about the potential implications.
CANADA—Proposed electronic commerce protection regulations (September 1, 2011)
In late June and early July 2011, the federal Department of Industry and the Canadian Radio-television and Telecommunications Commission (CRTC) called for comments on draft regulations for what is commonly referred to as Canada’s Anti-Spam Legislation. Comments to the CRTC are due August 29, 2011, while comments to Industry Canada are due September 9, 2011.
GERMANY—New data privacy law provisions for smart metering (September 1, 2011)
On 4 August 2011, an Amendment to the German Energy Industry Act (EnWG) has come into force, which includes new data privacy provisions relating to the use of so-called smart meters. By virtue of the amendment, the German lawmaker has implemented EU Directives 2009/72/EC and 2009/73/EC on the introduction of smart metering techniques relating to energy and gas supplies to consumers. When certain requirements are met, it is an obligation of the measuring point operators to use smart meters.
HUNGARY—Parliament accepts privacy bills (September 1, 2011)
Two significant privacy-related bills were accepted by the Hungarian Parliament on 11 July 2011. Both bills are currently awaiting the signature of the president and subsequent publication in order to become law.
POLAND—Poland recognizes stalking as a criminal offence (September 1, 2011)
On 6 June 2011, Poland introduced into its legal system provisions penalizing stalking. The implementation of such provisions into the Polish penal code was preceded by an analysis initiated in 2009 by the Ministry of Justice, which indicated that almost every 10th person was a victim of persistent harassment.
UK—Anti-bribery laws raise privacy issues (September 1, 2011)
The new UK Bribery Act 2010 came into force on 1 July 2011, raising a number of data protection compliance considerations for organisations carrying out business in the UK.
UK— ICO calls for more private-sector audits (September 1, 2011)
The information commissioner published his Annual Report on 6 July 2011, which identified that only 19 percent of private-sector companies approached by the Information Commissioner’s Office (ICO) agreed to a voluntary audit in 2010, compared to 71 percent of public-sector organisations.
UK—Security breaches lead to undertakings (September 1, 2011)
Undertakings have been signed by Lewisham Homes and Wandle Housing Association to comply with the Data Protection Act 1998 after details relating to thousands of their tenants were discovered on an unencrypted memory stick that had been copied and left in a pub by a contractor. There was no suggestion of misuse of the personal data, but the Information Commissioner’s Office commented that “Saving personal information onto an unencrypted memory stick is as risky as taking hard copy papers out of the office.”
UK— ICO reiterates call to impose jail terms on blaggers (September 1, 2011)
The information commissioner has reiterated his request for custodial sentences for those who unlawfully trade in personal information. This was first called for in the “What Price Privacy?” and “What Price Privacy Now?”—special reports made to Parliament in 2006 by the previous commissioner.
Three senior staff join IAPP (September 1, 2011)
As it plans for the continued global growth of the privacy profession, the IAPP has hired three senior staff members to help anchor its success in bringing data privacy education, certification and resources to professionals worldwide.
Privacy Law Scholars Award recognizes outstanding privacy scholarship (September 1, 2011)
The IAPP will recognize the winners of the IAPP Privacy Law Scholars Award at its annual Privacy Dinner on September 15 in Dallas, TX. The awards recognize outstanding privacy scholarship. Winning papers were selected from among 40 submitted for the fourth annual Privacy Law Scholars Conference in June. Two teams of authors will receive the first-ever awards.
This month on the Privacy List (September 1, 2011)
Among the many topics hashed out among IAPP Privacy List subscribers in the past month, two of the most robust issues involved data breach notification and organization-wide privacy and security training.