Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

POLAND—DPA vs. Google on the Information Security Administrator
The Supreme Administrative Court, in its judgment of 21 February, supported the position adopted by the Polish Data Protection Authority (DPA) in its decision issued towards Google, Inc. Read More
UK—ICO Issues 50,000 GBP Fine for Unsolicited Calls
The Information Commissioner’s Office has fined home improvement company Amber Windows 50,000 GBP after an investigation discovered they had made unsolicited marketing calls to individuals who had registered with the Telephone Preference Service. Read More
UK—ICO Publishes Plans for 2014-17
The UK Information Commissioner’s Office has published its three-year corporate plan, setting out how it intends to address and tackle the challenges it faces in information regulation. Read More
UK—Disclosure and Barring Service Warned After Collecting Unnecessary Sensitive Data
The UK Information Commissioner’s Office has ruled that the Disclosure and Barring Service breached the Data Protection Act after failing to stop the collection of information about convictions that were no longer required for employment checks. Read More
FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
Israeli privacy update: Landmark case establishes guidelines for monitoring employee online activity (December 5, 2011)
Employee e-mail use policies usually grant employers wide-ranging powers to monitor and review employees' Internet usage and e-mail correspondence. According to a recent major decision by the Israeli National Labor Court, however, this situation is likely to dramatically change, and generic, sweeping or vague Internet use policies of employers will no longer be allowed. In this privacy update, we review the court's decision and the new guidelines for monitoring and examining the content of employee e-mail and online activity.
Notes from the IAPP President (December 1, 2011)
The year 2011 wanes, but data privacy developments do not. In the coming weeks, we expect to see a final draft of the U.S. Department of Commerce green paper on the topic; a final draft of the U.S. Federal Trade Commission whitepaper on the topic, and the final draft of the revised EU Data Protection Directive. The release of each of these documents is highly anticipated and bound to spark great discussion and debate among those in the field.
HIPAA/HITECH update: The waiting is the hardest part (December 1, 2011)
As we approach the three-year mark since the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH) and still do not have most of the regulations implementing the privacy and security provisions of this law, the simple passage of time by itself is creating confusion and ambiguity in the healthcare industry. What are the important issues on the horizon, and what should companies be doing now?
Consumer data privacy concerns persist in smart grid plans (December 1, 2011)
Utilities around the world are increasingly deploying smart meters to customer households as regions prepare to shift their energy infrastructure to digital smart grids, a move that will revolutionize the way utilities and consumers measure and monitor electricity usage. But the shift creates space for potential dangers as well as opportunities when it comes to privacy and security, and though much progress has been made in the last year or so, questions remain—especially when it comes to the granular customer data that smart meters will provide and what may or may not be done with that data.
Singapore’s do-not-call registry consultation paper (December 1, 2011)
On 13 September, the Ministry of Information, Communications and The Arts (MICA) released a public consultation paper on the proposed consumer data protection regime. The paper included the question of whether Singapore should also set up a do-not-call registry (DNC), and the overwhelming indication was that Singapore needs such a registry.
Perspective: Should lawyers restrict controversial social media postings? (December 1, 2011)
Recently, Jill Filipovic, a litigation associate at a major New York law firm, caused a minor media sensation with a post to Twitter—@JillFilipovic, October 24. On arrival in Dublin, Ireland, on a flight from the United States, she discovered in her bag a note from the Transportation Security Administration (TSA) that read, “get your freak on girl,” apparently referring to a sex toy in her luggage.
The California Office of Privacy Protection: 10 years on the frontlines of privacy (December 1, 2011)
A quick glance at the world 10 years ago reveals a landscape drastically different from that of today. Not only was 2001 a year that saw the seismic events of 9/11, it was a time preceding social networking sites, smartphones and electronic health records--and with that, a time preceding issues like cyberbullying, online behavioral advertising and facial recognition technology.
FRANCE—Another geolocation system implemented in violation of data protection rules (December 1, 2011)
This story is about a sales employee performing his work in a vast territory who could freely organize his work planning as long as he provided his employer with detailed reports, in compliance with his employment contract.
GERMANY—New Telecommunications Act passed with amended data privacy rules (December 1, 2011)
On 27 October, the German Parliament (Bundestag) adopted an amendment to the Federal Telecommunications Act (Telekommunikationsgesetz—TKG). By virtue of this amendment, several EU directives are implemented into German telecommunications law. The amendments include some remarkable changes to the data privacy rules for telecommunication service providers.
UK—ICO releases new form for organisations to report data breaches (December 1, 2011)
The UK Information Commissioner’s Office (ICO) has produced a new form for organisations to report data breaches. While public electronic communications service providers are required to notify the ICO of personal data security breaches, currently there is no obligation on other businesses to do so under UK law.
UK—ICO calls for compulsory audit power to be extended (December 1, 2011)
At the 10th annual data protection compliance conference held in London, the information commissioner made clear that compulsory audits are needed in local government, the health service and the private sector.
UK—Justice Select Committee backs information commissioner’s calls for custodial sentences (December 1, 2011)
Back in September, UK Information Commissioner Christopher Graham appeared before the Justice Committee and called for custodial sentences to be made available in respect of the unlawful trade in—and access to—personal information.
Ibero-American Data Protection Network annual meeting summary (December 1, 2011)
On October 31, 2011, the Ibero-American Data Protection Network (RIPD) held its annual meeting in Mexico City to coincide with the 33rd International Conference of Data Protection and Privacy Commissioners.