Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Notes from the IAPP President (November 1, 2011)
The scene outside the IAPP’s global headquarters resembles something out of Monet’s time in Argenteuil; the trees are ablaze with orange, yellow, red and brown. Autumn has enveloped those of us in the northern hemisphere, where the days are growing shorter yet brighter with the stunning fall foliage.
What makes a model privacy program? (November 1, 2011)
As data protection and privacy concerns continue to expand throughout the world, more and more organizations are finding they need to implement new or improve outdated privacy programs. Instead of “reinventing the wheel,” privacy professionals can look toward other model programs and learn key elements to ensure an effective program. The Privacy Advisor
recently caught up with several privacy experts to discover some important components that can help engender a successful program.
How will customer data be protected in the cloud? (November 1, 2011)
Cloud computing is the convergence of Internet technologies, virtualization and information technology (IT) standardization. The cloud offers flexible, affordable and scalable software, platforms, infrastructure and storage to all sizes of businesses in all sectors. For these reasons, it is not surprising that cloud services revenue will increase from $68.3 billion spent in 2010 to $150 billion by 2013 (Gartner, June 22, 2010). It is also not surprising that, as businesses move to this next generation of outsourced IT services, one of the key questions is: How will customer data be protected in the cloud?
New report identifies benefits for organisations of an “optimised” privacy impact assessment methodology (November 1, 2011)
The use of privacy impact assessments (PIAs) looks set to grow exponentially, especially in Europe. A PIA Framework for Radio Frequency Identification (RFID), developed by industry, was endorsed by the Article 29 Data Protection Working Party in February, and the European Commission is expected to make PIAs mandatory in some situations following the release of its proposals for a new data protection framework in early 2012.
Hungary's new data protection act detailed (November 1, 2011)
The Hungarian Parliament recently replaced its almost 10-year-old data protection legislation with a new act. The act was created to fill the need for a more compliant and liberalized legislation. In practice, however, the new act has received many objections from constitutional lawyers and civil organizations, as well as from businesses.
PERSPECTIVE: The historical imperative—Why we need to forget (November 1, 2011)
Jeremy Bentham originally described the Panopticon in 1787. The concept of the Panopticon was that, at any given moment, anonymous individuals could observe others without their knowledge or consent. Bentham predicted that this inspection principle would effect “morals reformed, health preserved, industry invigorated, instruction diffused and public burdens lightened.”
CANADA—Government reintroduces PIPEDA amendment bill (November 1, 2011)
On September 29, the government of Canada reintroduced a bill that will amend the federal Personal Information Protection and Electronic Documents Act (PIPEDA). The previous attempt to amend PIPEDA—Bill C-29—died when the last Parliamentary session ended. Bill C-12, titled the Safeguarding Canadians’ Personal Information Act, contains many of the same provisions found in Bill C-29.
FRANCE—Letting fitness prevail over IT security: A risky choice for employees (November 1, 2011)
A company’s sales manager asked a secretary to give him access to the client database, although he was not an authorized user for this category of clients. In violation of the company’s IT policy, she let her supervisor use her passwords, and she activated the functionality, giving him access to the database. As she was eager to get to the gym, she did not want to wait for the software to upload, so she left the supervisor alone for a short time in front of her computer.
FRANCE—Whistleblowing system suspended (November 1, 2011)
A recent decision of the Court of Appeal of Caen shows how complex it can be for a multinational group to implement a whistleblowing system globally in order to comply with SOX.
GERMANY—Further enforcement steps regarding Facebook “like” buttons (November 1, 2011)
The deadline set by the data protection authority in the northern German state of Schleswig-Holstein for the removal of social plug-ins such as the Facebook “like” button from external websites expired on 30 September, and the commissioner has already taken the first enforcement steps.
UK—ICO: Not encrypting portable devices is “inexcusable” (November 1, 2011)
The theft of unencrypted laptops and portable and mobile devices containing personal information continues to make headlines in the UK. Two organisations in the education sector—the Association of School and College Leaders and Holly Park School—have recently signed undertakings with the UK Information Commissioner’s Office (ICO) following breaches of the Data Protection Act 1998 that involved failures to encrypt sensitive and other personal information held on laptops that were later stolen.
UK—New ICO guidance on access to complaints files (November 1, 2011)
The UK Information Commissioner’s Office (ICO) recently issued guidance for organisations in the difficult area of responding to requests for access to information held in complaints files.
UK—ACAS “wake-up call” on use of social media in workplace (November 1, 2011)
UK newspapers have reported that Heathrow Airport is set to introduce privacy-friendly bodyscanners. Other systems that have been tested in UK airports produce an image in more bodily detail than many individuals feel comfortable with.
UK—ACAS “wake-up call” on use of social media in workplace (November 1, 2011)
The UK Advisory, Conciliation and Arbitration Service (ACAS) has issued practical tips for employers on how to manage the impact of social networking on performance, recruitment, discipline and grievances, bullying, defamation, data protection and privacy.
Recently on the Privacy List (November 1, 2011)
What should a company’s corporate policy for the use of personal mobile devices in the workplace include? It was this question that elicited a number of responses from privacy pros recently on the IAPP’s Privacy List.