Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Stakeholders Aim To Craft Smart Grid Privacy Code of Conduct (February 27, 2013)
The Federal Smart Grid Task Force, led by the U.S. Department of Energy, recently held its first stakeholder meeting on a voluntary code of conduct (VCC) for energy utilities and third parties. The voluntary code would indicate to consumers a company’s commitment to data protection and privacy when it comes to the smart grid.
The 2013 Privacy Forecast (February 1, 2013)
2013 promises to be a landmark year as it relates to the privacy and security of consumer information. Specifically, we will see increased complexity of breaches and elevated enforcement action but no meaningful federal privacy legislation. New technologies and business models will alter the risk posture for consumers as businesses seek to maximize big data revenue potential.
Kick-Starting a Privacy Program (February 1, 2013)
TV-Monitoring Patent Prompts Privacy Worries (February 1, 2013)
Could a television soon monitor your every move and conversation? FierceCable
recently reported on one patent application for using infrared cameras and microphones to analyze the conversations and body language of anyone located near a television. The patent application, "Methods and Systems for Presenting an Advertisement Associated with an Ambient Action of a User," which was subsequently denied, came to light after being automatically published—as all applications are, 18 months after being filed—by the U.S. Patent & Trademark Office.
Researchers Publish Study of Indian Privacy Perceptions (February 1, 2013)
In an effort to better understand privacy perceptions in India, two researchers have conducted the largest-ever survey on the topic. Prof. Ponnurangam PK (PK) and Niharika Sachdeva have published “Privacy in India: Attitudes and Awareness V 2.0,” which follows a smaller version of the study, published in 2005. The survey found that 76.63 percent of Indians surveyed felt that “consumers have lost control over how personal information about them is circulated and used by companies.” In 2004, only seven percent of consumers mistrusted businesses. India is “on a path” toward becoming privacy-aware and concerned, the authors state.
The SEC’s Cybersecurity Guidelines: A Potential Game-Changer for How Companies Disclose Risks of Cybersecurity Breaches (February 1, 2013)
A cybersecurity breach can create huge costs for a corporation by damaging the company’s reputation and consumer loyalty while also creating the risk of class-action litigation. The Securities and Exchange Commission (SEC) has recognized the risks that publicly traded companies face in dealing with cybersecurity incidents. In October 2011, the SEC promulgated guidelines that publicly traded companies should evaluate when determining what information should be disclosed concerning a cybersecurity incident or potential incident. These advisory guidelines provide a new paradigm for evaluating how cybersecurity risks should be disclosed by publicly traded companies.
FRANCE—A Tax on Personal Data? (February 1, 2013)
The French government has launched this summer a reflexion on taxation of the digital economy. The report of the Colin & Collin mission is soon due. Personal data is likely to be considered as a triggering taxation factor because of their economic value, and rumours are growing.
POLAND—Functions of Polish Data Protection Officer To Be Reformed (February 1, 2013)
In order to become more entrepreneur-friendly, the Polish government has initiated changes to reduce the administrative burdens in conducting business which also intend to amend Polish Data Protection Act of August 29, 1997. Alongside, the Association of Information Security Administrators together with the participation of the Polish Data Protection Authority holds a number of seminars relating to the planned transition of functions of the data protection officer, known in Poland as the information security administrator (DPO).
HHS Issues Final HIPAA Omnibus Rule (February 1, 2013)
The U.S. Department of Health and Human Services (HHS) has prepublished its highly anticipated modifications to the HIPAA Privacy and Security rules. HHS Secretary Kathleen Sebelius said, “The new rule will help protect patient privacy and safeguard patients’ health information in an ever-expanding digital age.”
Albrecht Report Released; Industry, EDPS Respond (February 1, 2013)
MEP Jan Philipp Albrecht has released a draft report on the European Commission’s proposed update to the 1995 Data Protection Directive supporting a robust framework and recommending more stringent measures, inciting mixed reactions from government and industry.
Online Social Media Conference Calls for Papers (February 1, 2013)
The Second International Workshop on Privacy and Security in Online Social Media is calling for papers. The workshop, to be held in Rio, Brazil, on May 14 and chaired by Prof. Ponnurangam Kumaraguru and Prof. Virgilo Almeida, aims to create a platform to “discuss latest and upcoming issues, trends and cutting-edge research approaching in security and privacy in online social media and complex networked systems,” as well as to bring together researchers working on such topics to find overlaps.