Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
UK—ICO Publishes Updated PIA Guidance
The UK Information Commissioner's Office has published its updated Privacy Impact Assessment (PIA) Code of Practice to help organisations comply with their data protection law obligations when they change the way that they use personal data. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.

Read More
ITALY—Garante’s Provision on Mobile Payment Services
On December 12, 2013, the Italian Data Protection Authority (Garante) issued a draft general provision on the processing of personal data in the context of mobile remote payment services. This new provision sets the rules for the processing of information about users who purchase digital services and products and pay for them remotely via their phone bills. Read More
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions. Read More
UK—Private sector leads on data protection compliance (November 1, 2012)
A series of reports published by the ICO have highlighted the overall positive compliance approaches being adopted by private-sector organisations; however, concerns remain over the approaches of local government and the National Health Service (NHS) sectors.
Elections could impact U.S. and European privacy rights (November 1, 2012)
What happens to consumer privacy protections when there's a new administration in town? That's one question on the minds of privacy advocates as three upcoming events have the potential to reshape privacy rights around the world.
Assessing risk: Data breach litigation in U.S. courts (November 1, 2012)
In an era of international commerce, companies collect and aggregate vast amounts of consumers’ personal information that may be communicated around the globe. Along with the growth of electronic consumer databases, there has been an increase in the numbers of data breaches, some of them perpetrated by overseas actors. A June 2011 Ponemon Institute study revealed that 90 percent of surveyed companies had experienced a data breach within the past year.
The healthcare privacy balance (November 1, 2012)
Editor’s Note: In the following articles, experts share perspectives on the questions and challenges surrounding healthcare IT and privacy. John Christiansen examines the tension surrounding efforts to strike the balance between privacy and other values, while Rick Kam, CIPP/US, and Doug Pollack, CIPP/US, write about patient privacy concerns.
European Parliament’s study highlights shortcomings of reform proposal (November 1, 2012)
In September, a study entitled “Reforming the Data Protection Package” was published by the European Parliament’s Directorate-General for Internal Policies, analysing the proposed General Data Protection Regulation (GDPR). The study was requested by the European Parliament’s Committee on Internal Market and Consumer Protection and aims to provide background information and advice on priority measures and actions to be undertaken in the reform of the European data protection legal framework.
Businesses nationwide continue to grapple with Massachusetts data privacy laws (November 1, 2012)
There were over 1,800 data security breaches affecting more than 3.2 million Massachusetts residents between November 2007 and September 2011, according to a recent report from the Massachusetts Office of Consumer Affairs and Business Regulation. The Massachusetts data privacy regulations became effective in March 2010 and were enacted to combat the increased threat of data security breaches following several high-profile incidents. The regulations apply to every “person” or entity—including businesses both inside and outside of Massachusetts—holding, processing or otherwise accessing personal information of Massachusetts residents.
Cloud Computing: CNIL’s 7 recommendations are necessary but not sufficient (November 1, 2012)
The Commission nationale de l’informatique et des libertés (CNIL) has issued recommendations following the close of its call for contributions from cloud computing stakeholders, including customers and providers. The CNIL’s seven recommendations are based mainly on a risk analysis carried out beforehand by customers and undertakings of transparency on the part of service providers towards their customers which must be formalised in the service contracts.
Hunters, hackers and safety crackers: One dozen privacy innovations (November 1, 2012)
Editor’s Note: In this final installment of our People in Privacy series, we look at a few of “The Innovators” currently at work in the privacy sphere and some of the products and initiatives they are developing.
Should I Get Involved with the IAPP? (November 1, 2012)
As the IAPP accepts nominations for its various IAPP leadership boards, The Privacy Advisor recently caught up with one of its Education Advisory Board members about her experiences as a volunteer and its impact on her career as a privacy professional.
Security Spotlight: Multifunction devices and the forgotten enterprise security risk (November 1, 2012)
In today’s wired workplace, the traditional office copier has evolved into a highly intelligent, multifunction device containing powerful software and storage capabilities where information is written, stored and accessed. However, this technology has also opened a potentially dangerous hole in IT security.
2012 HP-IAPP Privacy Innovation Awards and 2012 IAPP Privacy Vanguard Award winners honored (November 1, 2012)
The recipients of the 2012 IAPP Privacy Vanguard Award and HP-IAPP Privacy Innovation Awards were honored at the Privacy Dinner, held in conjunction with the Privacy Academy in San Jose, CA, on October 11.
Lisa Sotto, CIPP/US, named among “Attorneys Who Matter” (November 1, 2012)
Hunton & Williams LLP Partner Lisa J. Sotto, CIPP/US, has been named among Ethisphere Institute's "Attorneys Who Matter" for 2012. Sotto is head of the firm's global privacy and data security practice and managing partner of the New York office and is a member of the IAPP Board of Directors.
Peters appointed IBM’s CPO (November 1, 2012)
Christina Peters has been appointed IBM’s chief privacy officer. In her role as IBM’s CPO, Peters will guide and oversee IBM's global information policy and practices affecting more than 400,000 employees and thousands of clients. Peters also is responsible for a worldwide team of legal, data protection and technical professionals at IBM who address privacy and data security in the leadership manner expected of the company's global brand.
Evidon reaches two billion daily “AdChoices” icons worldwide (November 1, 2012)
Evidon has announced it is now serving more than two billion “AdChoices” privacy notices a day around the world.
Grants will support online privacy projects (November 1, 2012)
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has announced more than $9 million in grant awards to support the National Strategy for Trusted Identities in Cyberspace (NSTIC). Five U.S. organizations will pilot identity solutions that increase confidence in online transactions, prevent identity theft and provide individuals with more control over how they share their personal information.
CANADA—Impact and considerations of EO investigation (November 1, 2012)
In early October 2012, the Ontario Court of Appeal released two decisions, R. v. Ward, 2012 ONCA 660, and R. v. Cuttell, 2012 ONCA 661, which dealt with the admittance of evidence obtained by means of a search warrant based on information obtained from plaintiffs’ Internet Service Provider (ISP). The Court of Appeal noted that the practice of the police “seeking and obtaining customer information from ISPs and using that information to obtain search warrants has been constitutionally challenged as an unreasonable search and seizure in several cases” and that this was the first time this court was addressing the constitutionality of this practice.
SPAIN—The dissemination of private videos without the consent of the person involved may be punished with a prison sentence. (November 1, 2012)
The Spanish government recently resolved, on 11 October, to submit to Congress a bill on the reform of the Criminal Code which, among other things, includes the possibility of sentencing to prison people who disseminate private videos without the consent of the persons involved, even if they were recorded with the victim’s consent and that person made them available to somebody else. The Criminal Code in force only punishes the seizure or interception of private messages of the victim, but it does not establish what should happen if that person provides them to a person who later disseminates them.
UK—ICO releases practical cloud guidance (November 1, 2012)
Following the recent Article 29 Working Party cloud computing opinion, it was the turn of the UK Information Commissioner's Office (ICO) to release “Guidance on the use of cloud computing” on 27 September. The guidance provides a helpful introduction to the key cloud definitions and different deployment and service models before providing guidance on cloud customers' and service providers' data protection obligations.
UK—ICO to issue six-figure penalties for spam-texting (November 1, 2012)
The ICO confirmed on 1 October that is set to issue two fines totalling over 250,000 pounds to two illegal marketers responsible for distributing millions of spam texts. The action is the culmination of a six-month initiative where the ICO has been asking members of the public to report calls or texts received from unknown senders via an online survey. The ICO has reported that it has received almost 30,000 responses and is working to link this information to companies with a view to possible enforcement action.