Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
UK—Private sector leads on data protection compliance (November 1, 2012)
A series of reports published by the ICO have highlighted the overall positive compliance approaches being adopted by private-sector organisations; however, concerns remain over the approaches of local government and the National Health Service (NHS) sectors.
Elections could impact U.S. and European privacy rights (November 1, 2012)
What happens to consumer privacy protections when there's a new administration in town? That's one question on the minds of privacy advocates as three upcoming events have the potential to reshape privacy rights around the world.
Assessing risk: Data breach litigation in U.S. courts (November 1, 2012)
In an era of international commerce, companies collect and aggregate vast amounts of consumers’ personal information that may be communicated around the globe. Along with the growth of electronic consumer databases, there has been an increase in the numbers of data breaches, some of them perpetrated by overseas actors. A June 2011 Ponemon Institute study revealed that 90 percent of surveyed companies had experienced a data breach within the past year.
The healthcare privacy balance (November 1, 2012)
Editor’s Note: In the following articles, experts share perspectives on the questions and challenges surrounding healthcare IT and privacy. John Christiansen examines the tension surrounding efforts to strike the balance between privacy and other values, while Rick Kam, CIPP/US, and Doug Pollack, CIPP/US, write about patient privacy concerns.
European Parliament’s study highlights shortcomings of reform proposal (November 1, 2012)
In September, a study entitled “Reforming the Data Protection Package” was published by the European Parliament’s Directorate-General for Internal Policies, analysing the proposed General Data Protection Regulation (GDPR). The study was requested by the European Parliament’s Committee on Internal Market and Consumer Protection and aims to provide background information and advice on priority measures and actions to be undertaken in the reform of the European data protection legal framework.
Businesses nationwide continue to grapple with Massachusetts data privacy laws (November 1, 2012)
There were over 1,800 data security breaches affecting more than 3.2 million Massachusetts residents between November 2007 and September 2011, according to a recent report from the Massachusetts Office of Consumer Affairs and Business Regulation. The Massachusetts data privacy regulations became effective in March 2010 and were enacted to combat the increased threat of data security breaches following several high-profile incidents. The regulations apply to every “person” or entity—including businesses both inside and outside of Massachusetts—holding, processing or otherwise accessing personal information of Massachusetts residents.
Cloud Computing: CNIL’s 7 recommendations are necessary but not sufficient (November 1, 2012)
The Commission nationale de l’informatique et des libertés (CNIL) has issued recommendations following the close of its call for contributions from cloud computing stakeholders, including customers and providers. The CNIL’s seven recommendations are based mainly on a risk analysis carried out beforehand by customers and undertakings of transparency on the part of service providers towards their customers which must be formalised in the service contracts.
Should I Get Involved with the IAPP? (November 1, 2012)
As the IAPP accepts nominations for its various IAPP leadership boards, The Privacy Advisor recently caught up with one of its Education Advisory Board members about her experiences as a volunteer and its impact on her career as a privacy professional.
Lisa Sotto, CIPP/US, named among “Attorneys Who Matter” (November 1, 2012)
Hunton & Williams LLP Partner Lisa J. Sotto, CIPP/US, has been named among Ethisphere Institute's "Attorneys Who Matter" for 2012. Sotto is head of the firm's global privacy and data security practice and managing partner of the New York office and is a member of the IAPP Board of Directors.
Peters appointed IBM’s CPO (November 1, 2012)
Christina Peters has been appointed IBM’s chief privacy officer. In her role as IBM’s CPO, Peters will guide and oversee IBM's global information policy and practices affecting more than 400,000 employees and thousands of clients. Peters also is responsible for a worldwide team of legal, data protection and technical professionals at IBM who address privacy and data security in the leadership manner expected of the company's global brand.
Grants will support online privacy projects (November 1, 2012)
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has announced more than $9 million in grant awards to support the National Strategy for Trusted Identities in Cyberspace (NSTIC). Five U.S. organizations will pilot identity solutions that increase confidence in online transactions, prevent identity theft and provide individuals with more control over how they share their personal information.
CANADA—Impact and considerations of EO investigation (November 1, 2012)
In early October 2012, the Ontario Court of Appeal released two decisions, R. v. Ward, 2012 ONCA 660, and R. v. Cuttell, 2012 ONCA 661, which dealt with the admittance of evidence obtained by means of a search warrant based on information obtained from plaintiffs’ Internet Service Provider (ISP). The Court of Appeal noted that the practice of the police “seeking and obtaining customer information from ISPs and using that information to obtain search warrants has been constitutionally challenged as an unreasonable search and seizure in several cases” and that this was the first time this court was addressing the constitutionality of this practice.
SPAIN—The dissemination of private videos without the consent of the person involved may be punished with a prison sentence. (November 1, 2012)
The Spanish government recently resolved, on 11 October, to submit to Congress a bill on the reform of the Criminal Code which, among other things, includes the possibility of sentencing to prison people who disseminate private videos without the consent of the persons involved, even if they were recorded with the victim’s consent and that person made them available to somebody else. The Criminal Code in force only punishes the seizure or interception of private messages of the victim, but it does not establish what should happen if that person provides them to a person who later disseminates them.
UK—ICO releases practical cloud guidance (November 1, 2012)
Following the recent Article 29 Working Party cloud computing opinion, it was the turn of the UK Information Commissioner's Office (ICO) to release “Guidance on the use of cloud computing” on 27 September. The guidance provides a helpful introduction to the key cloud definitions and different deployment and service models before providing guidance on cloud customers' and service providers' data protection obligations.
UK—ICO to issue six-figure penalties for spam-texting (November 1, 2012)
The ICO confirmed on 1 October that is set to issue two fines totalling over 250,000 pounds to two illegal marketers responsible for distributing millions of spam texts. The action is the culmination of a six-month initiative where the ICO has been asking members of the public to report calls or texts received from unknown senders via an online survey. The ICO has reported that it has received almost 30,000 responses and is working to link this information to companies with a view to possible enforcement action.