Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
DPC Billy Hawkes on the right to be forgotten (July 1, 2012)
The provision within the European Commission’s draft data protection framework outlining “the right to be forgotten and to erasure” has both regulators and stakeholders asking whether it is viable. The draft framework states it would grant data subjects the right to withdraw their consent for their personal data to be collected or processed, except for in cases where the collection and processing is necessary for “historical, statistical and scientific research purposes, for reasons of public interest in the area of public health, for exercising the right of freedom of expression, when required by law, or where there is a reason to restrict the processing of the data instead of erasing them.” The Privacy Advisor
recently chatted with Irish Data Protection Commissioner Billy Hawkes, a member of the Article 29 Working Party, to ask for his perspective on the draft regulation’s provision.
A Q&A with Hong Kong Privacy Commissioner for Personal Data Allan Chiang (July 1, 2012)
In the past year alone, Hong Kong Privacy Commissioner for Personal Data Allan Chiang’s office has received nearly 1,500 complaint cases. In this exclusive for The Privacy Advisor
, Chiang offers insight into the work of his office, the types of complaints received and the importance of enforcers having the ability to impose sanctions in the event of a breach.
Think locally, act globally (July 1, 2012)
Data protection authorities from around the globe meet in Montreal to discuss enforcement co-operation
Smart grid technology: Privacy and data security issues (July 1, 2012)
The adoption of smart grid technology into sustainable building property management strategy requires meaningful planning for the secure treatment of captured enriched data. Captured enriched data is consumer electricity use information that may also include proprietary business information related to a business’s energy consumption. The problem is that this data could be a target for unauthorized exploitation by marketers and other third parties and for data breaches by criminals.
Right to privacy: Risks to children on the Internet (July 1, 2012)
If there is any one area of privacy that all members of the IAPP can agree is important, it must be the privacy of our children. As use of the Internet has become widespread and ubiquitous even to the youngest, the privacy of children has greatly diminished. Their information, images, actions, friendships and very lives have gone online, with little regard for the risks involved.
Everything Old Is New Again (July 1, 2012)
Over the last several years, there has been ever-increasing interest in finding an all-encompassing solution to the pervasive issue of managing online privacy. Concepts including "Privacy by Design" and prescriptions like the NAI's "Opt Out of Behavioral Advertising" are the latest attempts to address concerns about online privacy and thereby forestall the implementation of new regulatory regimes that could preclude information collection and the use of such advertising to address consumers' interests and needs more effectively and efficiently.
Vermont updates data breach notification law (July 1, 2012)
Effective as of May 8, Vermont’s updated data breach law (Act 109) brings along several changes. The biggest change is in the notification requirements. Notification to consumers must now occur no later than 45 days after discovery of the incident and must include the approximate date of the security breach, if known.
How to save $10 million (July 1, 2012)
Express consent campaigns have been touted as the silver bullet for the consent framework under Canada’s Anti-Spam Law. However, gaining express consent has its own set of challenges. What are the questions organizations need to ask before seeking consent?
People in privacy: New privacy pros (July 1, 2012)
In the April edition of The Privacy Advisor
, we introduced “People in privacy: The new privacy pros.” This series-in-the-making looks at the privacy profession’s evolution and its resulting generation of privacy professionals. This month we feature K Royal and Chris Brannigan, CIPP/G, CIPP/US.
AUSTRALIA & EU—Australian privacy law reform: A step closer to EU adequacy (July 1, 2012)
Australia’s Privacy Act 1988 governs the federal privacy regime in Australia, along with other legislation relating to telecommunications, healthcare, government data-matching and criminal records. Each state and territory in Australia also regulates its government agencies by way of separate legislation—apart from the Australian Capital Territory, which is covered by the federal laws. The Privacy Act is overseen by the Office of the Australian Information Commissioner, which is also responsible for freedom of information and information policy issues.
CANADA—Court of Appeal issues decision (July 1, 2012)
In a highly anticipated case, the Court of Appeal of Alberta issued its decision in United Food and Commercial Workers, Local 401 v Alberta (Attorney General) on April 30. This case involved videotaping and the taking of photographs by the United Food and Commercial Workers Union at a picket line during a strike.
CZECH REPUBLIC—Czech data retention law legislative process moving forward (July 1, 2012)
The legislative process that should reintroduce the Data Retention Directive to Czech law to replace the old law that was struck down by the Constitutional Court is ongoing. On 27 February, the government proposed an act amending the Act No. 127/2005 Coll., the Electronic Communications Act and some other acts. The proposal has already passed two readings in the Chamber of Deputies.
ITALY—Garante approves authorization request (July 1, 2012)
The Italian Data Protection Authority (Garante) has recently approved a request of authorization, by means of a prior checking procedure, filed by a phone company having asked to be allowed to enrich its database containing personal data of its costumers without the prior consent of the interested persons.
ITALY—Government approves decree, Garante publishes guide (July 1, 2012)
The government has approved a legislative decree by means of which the EU Cookies and Data Breach Notification Directive has been finally implemented. The opt-in regime has been introduced as mandatory rule. The data breach notification obligation is for now mandatory in the telecom and Internet service provider market only.
POLAND—New proposal on implementation of a “cookie” rule in Poland (July 1, 2012)
The Ministry of Administration and Digitalization published a draft law of 5 June 2 amending the Telecommunications Act and other acts, which, in Article 173, proposes a new wording for implementation of Article 5(3) of the so-called amended e-Privacy Directive in Poland.
UK—ICO invites responses on draft Anonymisation Code of Practice (July 1, 2012)
The Information Commissioner’s Office (ICO) has published a draft Anonymisation Code of Practice for consultation. The consultation period runs until 23 August, and the aim is to publish the final code in September. The consultation document sets out the questions that organisations and members of the public are invited to respond to.
UK—ICO issues updated guidance on cookie consent (July 1, 2012)
UK—ICO writes to Google Street View (July 1, 2012)
Following a review of the findings of a report published by the U.S. Federal Communications Commission in April, the ICO has concluded that it seems likely that Google deliberately captured a wide range of personal data and some sensitive personal data during the Google Street View operations conducted in the UK.
Becky Burr, CIPP/US, named Neustar CPO (July 1, 2012)
Neustar has announced the selection of J. Beckwith “Becky” Burr, CIPP/US, as its chief privacy officer and deputy general counsel, ensuring that the company maintains state-of-the-art privacy practices to protect customer and consumer information.
Researcher to study privacy as a collective good (July 1, 2012)
Washington and Lee University School of Law Prof. Josh Fairfield has received a Fulbright Grant to explore the American and European models of privacy, which Fairfield says are fundamentally different, and whether privacy may be looked at as more of a collective good--like the environment, for example.
ID Experts RADAR wins Health Privacy Summit award (July 1, 2012)
ID Experts’ RADAR—Risk Assessment Documentation and Reporting—has been named one of "The Best Privacy Technologies of 2012." The award was presented at the Second Annual International Summit on the Future of Health Privacy, held recently in Washington, DC, where leading health privacy experts gathered to discuss issues facing the industry and affecting patients.
Allen & Overy launches app to assist with access requests (July 1, 2012)
Allen & Overy recently launched its new app, Access Assist, to help businesses deal with requests for access to personal data held on employees, customers and others. Access Assist is a free Q&A-based tool for the iPad that is supported by targeted summaries of applicable law, legislation case law and guidance.