Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
POLAND—DPA vs. Google on the Information Security Administrator
The Supreme Administrative Court, in its judgment of 21 February, supported the position adopted by the Polish Data Protection Authority (DPA) in its decision issued towards Google, Inc.
UK—ICO Issues 50,000 GBP Fine for Unsolicited Calls
The Information Commissioner’s Office has fined home improvement company Amber Windows 50,000 GBP after an investigation discovered they had made unsolicited marketing calls to individuals who had registered with the Telephone Preference Service.
UK—ICO Publishes Plans for 2014-17
The UK Information Commissioner’s Office has published its three-year corporate plan, setting out how it intends to address and tackle the challenges it faces in information regulation.
UK—Disclosure and Barring Service Warned After Collecting Unnecessary Sensitive Data
The UK Information Commissioner’s Office has ruled that the Disclosure and Barring Service breached the Data Protection Act after failing to stop the collection of information about convictions that were no longer required for employment checks.
FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act.
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list.
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing.
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls.
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker.
Stakeholders Aim To Craft Smart Grid Privacy Code of Conduct (February 27, 2013)
The Federal Smart Grid Task Force, led by the U.S. Department of Energy, recently held its first stakeholder meeting on a voluntary code of conduct (VCC) for energy utilities and third parties. The voluntary code would indicate to consumers a company’s commitment to data protection and privacy when it comes to the smart grid.
The 2013 Privacy Forecast (February 1, 2013)
2013 promises to be a landmark year as it relates to the privacy and security of consumer information. Specifically, we will see increased complexity of breaches and elevated enforcement action but no meaningful federal privacy legislation. New technologies and business models will alter the risk posture for consumers as businesses seek to maximize big data revenue potential.
Kick-Starting a Privacy Program (February 1, 2013)
TV-Monitoring Patent Prompts Privacy Worries (February 1, 2013)
Could a television soon monitor your every move and conversation? FierceCable
recently reported on one patent application for using infrared cameras and microphones to analyze the conversations and body language of anyone located near a television. The patent application, "Methods and Systems for Presenting an Advertisement Associated with an Ambient Action of a User," which was subsequently denied, came to light after being automatically published—as all applications are, 18 months after being filed—by the U.S. Patent & Trademark Office.
Researchers Publish Study of Indian Privacy Perceptions (February 1, 2013)
In an effort to better understand privacy perceptions in India, two researchers have conducted the largest-ever survey on the topic. Prof. Ponnurangam PK (PK) and Niharika Sachdeva have published “Privacy in India: Attitudes and Awareness V 2.0,” which follows a smaller version of the study, published in 2005. The survey found that 76.63 percent of Indians surveyed felt that “consumers have lost control over how personal information about them is circulated and used by companies.” In 2004, only seven percent of consumers mistrusted businesses. India is “on a path” toward becoming privacy-aware and concerned, the authors state.
The SEC’s Cybersecurity Guidelines: A Potential Game-Changer for How Companies Disclose Risks of Cybersecurity Breaches (February 1, 2013)
A cybersecurity breach can create huge costs for a corporation by damaging the company’s reputation and consumer loyalty while also creating the risk of class-action litigation. The Securities and Exchange Commission (SEC) has recognized the risks that publicly traded companies face in dealing with cybersecurity incidents. In October 2011, the SEC promulgated guidelines that publicly traded companies should evaluate when determining what information should be disclosed concerning a cybersecurity incident or potential incident. These advisory guidelines provide a new paradigm for evaluating how cybersecurity risks should be disclosed by publicly traded companies.
FRANCE—A Tax on Personal Data? (February 1, 2013)
The French government has launched this summer a reflexion on taxation of the digital economy. The report of the Colin & Collin mission is soon due. Personal data is likely to be considered as a triggering taxation factor because of their economic value, and rumours are growing.
POLAND—Functions of Polish Data Protection Officer To Be Reformed (February 1, 2013)
In order to become more entrepreneur-friendly, the Polish government has initiated changes to reduce the administrative burdens in conducting business which also intend to amend Polish Data Protection Act of August 29, 1997. Alongside, the Association of Information Security Administrators together with the participation of the Polish Data Protection Authority holds a number of seminars relating to the planned transition of functions of the data protection officer, known in Poland as the information security administrator (DPO).
HHS Issues Final HIPAA Omnibus Rule (February 1, 2013)
The U.S. Department of Health and Human Services (HHS) has prepublished its highly anticipated modifications to the HIPAA Privacy and Security rules. HHS Secretary Kathleen Sebelius said, “The new rule will help protect patient privacy and safeguard patients’ health information in an ever-expanding digital age.”
Albrecht Report Released; Industry, EDPS Respond (February 1, 2013)
MEP Jan Philipp Albrecht has released a draft report on the European Commission’s proposed update to the 1995 Data Protection Directive supporting a robust framework and recommending more stringent measures, inciting mixed reactions from government and industry.
Online Social Media Conference Calls for Papers (February 1, 2013)
The Second International Workshop on Privacy and Security in Online Social Media is calling for papers. The workshop, to be held in Rio, Brazil, on May 14 and chaired by Prof. Ponnurangam Kumaraguru and Prof. Virgilo Almeida, aims to create a platform to “discuss latest and upcoming issues, trends and cutting-edge research approaching in security and privacy in online social media and complex networked systems,” as well as to bring together researchers working on such topics to find overlaps.