Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
Notes from the IAPP President (April 1, 2012)
At the IAPP Global Privacy Summit in March, during a session featuring authors Cory Doctorow and Jeff Jarvis, an audience member asked, “Is privacy dead?” No, answered Jeff Jarvis, “privacy has more protectors than ever before in privacy history.”
People in Privacy: New privacy pros (April 1, 2012)
Rewind 11 years. If you worked on data privacy matters, you were probably a law firm partner, a consultant, privacy officer or one of a handful of people bearing the title “chief privacy officer.” In 2001, privacy and data protection professionals were barely a speck on the tech economy’s radar.
Czech Constitutional Court takes on data retention rules (April 1, 2012)
In less than a year, the Constitutional Court of the Czech Republic issued two decisions that repealed most of the data retention legislation. By its first judgment from 22 March 2011, the court repealed the obligation of telecoms operators and ISPs to retain traffic and location data for the minimum period of six months and maximum period of 12 months and to provide such data to authorized bodies upon request (First Judgment).
APEC’s cross-border privacy rules to facilitate data flows…soon (April 1, 2012)
The Asia-Pacific Economic Cooperation’s Cross-Border Privacy Rules (CBPRs)—endorsed by U.S. President Barack Obama and APEC member economies at an APEC leaders meeting in Hawaii late last year and scheduled to be released later this year—aim to provide a framework to facilitate cross-border data flows by allowing for interoperability through various jurisdictions’ privacy regimes.
IRS taxpayer authentication program combats identity theft: A Q&A with Rebecca Chiaramida (April 1, 2012)
As more Americans file their taxes online, protecting highly sensitive financial data from identity thieves is a major concern for taxpayers and the Internal Revenue Service (IRS) alike. The Privacy Advisor recently caught up with IRS Director of Privacy, Government Liaison and Disclosure Rebecca Chiaramida, CIPP/G, to explore a new authentication program recently initiated by the agency to combat a rise in refund fraud schemes and identity theft.
Location-based services: Why privacy "Dos and Don'ts" matter (April 1, 2012)
2012 is certain to reflect U.S. consumers' continued love affair with sophisticated smart phones and mobile tablets. For many consumers, one of the driving forces in the popularity of these devices is their ability to run software and mobile applications (mobile apps) using wireless location-based services (LBS). With LBS-enabled services, individuals can share real-time and historical location information online--whether to facilitate a social interaction or event, play games, house-hunt or engage in many other activities.
Getting to know a privacy pro (April 1, 2012)
On July 5, 2010, the Mexican Federal Law on Protection of Personal Data Held by Private Parties was officially published. This legislation establishes minimum standards that people who use others’ personal data are obliged to comply in order to protect privacy. Lina Ornelas is the General Director for Privacy Self-regulation at Mexico’s Federal Institute for Access to Information and Data Protection (IFAI). Ornelas works to understand the way private parties who process personal data think and act to find their incentives to protect personal data, she says. She also works to give such parties tools to enable compliance with the law and promote responsible data processing.
DoubleClick: The privacy profession's incubator (April 1, 2012)
Today, it would be remiss to say that the privacy profession is anything but flourishing. Companies are increasingly hiring privacy officers and even elevating them to C-suite positions; the European Commission has proposed a statute in its amended data protection framework that would require data protection officers at certain organizations, and, at the IAPP, membership recently hit 10,000 worldwide.
Privacy pro garners all five CIPP certifications (April 1, 2012)
Since its inception in 2004, the Certified Information Privacy Professional (CIPP) credential has served as the leading certification for privacy professionals. Like the IAPP’s membership, the CIPP credential has grown more diverse over the years. The IAPP’s flagship credential has developed into multiple credentials, including one focused on the U.S. government, Canada, Internet technology and now Europe.
FRANCE—The French Senate issues a resolution to express its position on the draft European regulation for the protection of personal data (April 1, 2012)
The Senate, in its European resolution of March 6, welcomes the objective of harmonization of data protection rules as well as additional guarantees, such as the right to be forgotten, data portability, limits to profiling activities and a mandatory data protection officer.
FRANCE—Disparaging one’s manager in a private e-mail does not justify termination (April 1, 2012)
An employee sent an e-mail to a colleague including a fictitious CV with denigrating comments about his manager. The “friendly” colleague transmitted the litigious CV to the concerned manager, who made a case out of it, leading to the termination of the author of the fictitious CV for serious misconduct.
ISRAEL—New guidelines for employees' placement services (April 1, 2012)
The Israeli Law Information and Technology Authority (ILITA) has published new guidelines on privacy principles for applying the provisions of the Protection of Privacy Act on jobs placement services.
UK—Data watchdog routinely reducing data breach fines (April 1, 2012)
Since April 2010, the Information Commissioner's Office (ICO) has had the power to impose fines of up to £500,000 for serious breaches of the DPA.
UK—Jail terms for private detectives convicted of blagging (April 1, 2012)
Four private detectives convicted under the Fraud Act of stealing confidential information for sale to clients have been sentenced to jail terms of between six and 12 months.
UK—CBI critical in response to MoJ consultation on EU data protection reforms (April 1, 2012)
On 7 February, the UK Ministry of Justice published a Call for Evidence to gather information from interested parties, including businesses and information policy experts, on the European Commission's draft General Data Protection Regulation.
UK—ICO issues police force with £70,000 fine (April 1, 2012)
Lancashire Constabulary has been fined £70,000 by the Information Commissioner's Office (ICO) following the discovery of papers containing sensitive information about a 15-year-old girl—together with information about 14 other individuals, including in relation to their criminal convictions—on a Blackpool street.
PCI-DSS Version 2.0 comment period coming to a close (April 1, 2012)
The Payment Card Industry (PCI) Security Standards Council will soon conclude its public comment period on version 2.0 of the PCI Data Security Standard and Payment Application Data Security Standard (PCI DSS).
Former DHS Deputy CPO John Kropf, CIPP/US, CIPP/G, joins Reed Elsevier (April 1, 2012)
Reed Elsevier Group has announced the addition of former Department of Homeland Security (DHS) Deputy Chief Privacy Officer John Kropf, CIPP/US, CIPP/G, to its privacy and information governance group.
Ellen Giblin, CIPP/C, CIPP/G, joins Ashcroft Law Firm (April 1, 2012)
Ashcroft Law Firm LLC has announced the addition of Ellen Giblin, CIPP/C, CIPP/G, as privacy counsel.