Privacy Advisor

Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.

Global Privacy Dispatches

POLAND—DPA vs. Google on the Information Security Administrator
The Supreme Administrative Court, in its judgment of 21 February, supported the position adopted by the Polish Data Protection Authority (DPA) in its decision issued towards Google, Inc. Read More
UK—ICO Issues 50,000 GBP Fine for Unsolicited Calls
The Information Commissioner’s Office has fined home improvement company Amber Windows 50,000 GBP after an investigation discovered they had made unsolicited marketing calls to individuals who had registered with the Telephone Preference Service. Read More
UK—ICO Publishes Plans for 2014-17
The UK Information Commissioner’s Office has published its three-year corporate plan, setting out how it intends to address and tackle the challenges it faces in information regulation. Read More
UK—Disclosure and Barring Service Warned After Collecting Unnecessary Sensitive Data
The UK Information Commissioner’s Office has ruled that the Disclosure and Barring Service breached the Data Protection Act after failing to stop the collection of information about convictions that were no longer required for employment checks. Read More
FRANCE—Expansion of CNIL Investigation Powers Confirmed
In the past few years, the French data protection authority (CNIL) has made itself known for its on-site investigation powers by coming unannounced to the premises of businesses to perform interviews and searches in order to assess compliance with the French Data Protection Act. Read More
FRANCE—The End of Aggressive Cold-Calling?
The new consumer act of March 17 is now in force. Among its key measures, it plans the creation of a centralized do-not call list. Read More
HUNGARY—Hungarian DPA Suggests Refinements in IT Policies
In a recent case, the Hungarian Authority for Data Protection and Freedom of Information (Nemzeti Adatvédelmi és Információszabadság Hatóság or NAIH) investigated a case where a company had to access its employee’s laptop for compliance reasons and imposed a fine of HUF 1,500,000 (approximately 5,000 euros) for unlawful data processing. Read More
UK—Marketing Companies Punished for Hiding Identity While Making Nuisance Calls
The Information Commissioner's Office (ICO) has ordered two telephone marketing companies to change their practices after more than 100 complaints were made to the ICO that the companies were making nuisance marketing calls. Read More
UK—British Pregnancy Advice Service Fined for Serious Data Breach
The British Pregnancy Advice Service (BPAS) has been fined 200,000 GBPs after a serious breach of the Data Protection Act (DPA) revealed thousands of people's personal details to a malicious hacker. Read More
Former ICO Richard Thomas Wants a Rewrite of Chapter IV (April 25, 2013)
Noting the prescriptive and inflexible nature of the EU’s draft data protection regulation, Former UK Information Commissioner Richard Thomas used his keynote address here at the IAPP Data Protection Intensive in London on Thursday to outline an alternative framework that would focus more simplistically on outcomes, provide incentives for regulatory requirements and allow for as much self-enforcement as possible.
Hustinx Emphasizes Accountability in Outlining Road Ahead for EU Regulation (April 24, 2013)
As the opening speaker at the IAPP Europe Data Protection Intensive in London, European Data Protection Supervisor Peter Hustinx laid out his predictions for what the much-anticipated EU privacy regulation would finally look like when adopted. Confident that it would meet deadline and be in place by the spring of 2014, Hustinx said, “my impression is that there is a basic consensus that the current architecture of the regulation is the right one…Now the focus is on getting it right, and the key word there is balance.”
Vodafone’s Deadman to Regulators: Show Us the Carrots (April 24, 2013)
If privacy regulators and consumers want transparency and accountability from corporations, companies need more than a stick: They need a carrot, too. That’s according to Stephen Deadman, group privacy officer and head of legal for privacy, security and content standards at Vodafone Group.
New FTC Chair Ramirez Points to COPPA, Mobile Space, BCR-APEC Alignment as Priorities (April 1, 2013)
Addressing the IAPP Global Privacy Summit, recently appointed Federal Trade Commission (FTC) Chair Edith Ramirez indicated a focus on enforcement of COPPA and other directives, regulating the mobile space and an exploration of the impact of the “Internet of Things” on privacy would be priorities for the FTC going forward under her watch. She also mentioned optimism on aligning the EU’s Binding Corporate Rules with APEC Cross-Border Privacy Rules.
Exploring Federal Privacy Breach Notification in Canada (April 1, 2013)
Canada’s lack of federal regulation to address breaches of personal information is unexpected, given the overall maturity of its national data protection regime. Individual provinces have tackled breach notification in various forms, and the legal landscape for notifying individuals following breaches of personal information is a patchwork at best. However, change is imminent.
The Risks Associated with Financial Institutions’ Use of Social Media (April 1, 2013)
The Federal Financial Institutions Examination Council has released its “Social Media: Consumer Compliance Risk Management Guidance” to address how consumer protection laws apply to social media activities conducted by banks, saving associations, credit unions and nonbank entities supervised by the Consumer Financial Protection Bureau. The guidance highlights the fact that the use of social media by a financial institution can impact the risk profile of the institution as a result of poor oversight, inadequate due diligence and lack of proper risk management.
Recent Ruling Could Prove Costly for Hacked Businesses (April 1, 2013)
A recent U. S. Court of Appeals ruling may make it easier for class-action plaintiffs to survive early motions to dismiss their data breach claims, thereby substantially expanding the costs of litigation and the risk of sizeable judgments against businesses. The Eleventh Circuit’s decision in Resnick v. AvMed, Inc. is a departure from most other court rulings in data breach lawsuits where the trend has been to dismiss such suits unless the breach led to identity theft and plaintiff injury.
Commerce’s Kerry: Privacy Regulation Should Not Be Barrier to Trade (April 1, 2013)
General Counsel for the U.S. Department of Commerce Cameron Kerry keynoted a well-attended data privacy seminar in his home state of Massachusetts yesterday. Kerry advocated for the fundamental underpinnings of U.S. President Barack Obama’s Consumer Privacy Bill of Rights and the general privacy blueprint he’s helped craft as co-chair of the Internet Policy Task Force and the National Science and Technology Council’s Subcommittee on Commercial Data Privacy but also expressed concerns about ways that EU privacy legislation may hinder efforts at interoperability by proposing things that are not technologically or commercially feasible.
Book Review: Guide to U.S. Government Practice of Global Sharing of Personal Information (April 1, 2013)
John W. Kropf, CIPP/US, CIPP/G, has brought together a considerable amount of information regarding these principles, standards and agreements and written about them in the Guide to US Government Practice on Global Sharing of Personal Information, reviewed here by Janet Steinman, CIPP/US.
Big Data=Big Oil? (April 1, 2013)
Andreas Weigend knows Big Data. As former chief scientist at Amazon and now consultant on social and mobile technologies to global firms like Best Buy and Nokia, he’s working daily with firms to help them navigate what he calls the Social Data Revolution.
ICO Fine “Confirms” Emergence of Private-Sector Enforcement Trend (April 1, 2013)
News that the UK Information Commissioner’s Office (ICO) has fined a private-sector business 90,000 GBP for violating the Privacy and Electronic Communications Regulations (PECR) in relation to live marketing calls is a significant development, according to one expert.
AUSTRALIA–Ahead of Law’s Implementation, Commissioner Releases Guidelines (April 1, 2013)
Wednesday 13 March was an important milestone for privacy law reform: It marked exactly 12 months until the Privacy Amendment (Enhancing Privacy Protection) Act 2012 becomes law. This law introduces major reforms to the Privacy Act 1988.
CANADA—Cases Underscore Importance of Structured Privacy Program (April 1, 2013)
When it comes to class-action litigation, the Canadian landscape may be changing. The loss of personal information of 2.4 million voters on memory sticks by Elections Ontario resulted in a province-wide class-action, and another such proceeding was launched against the federal government in a separate incident earlier this year.
UK—ICO Issues ‘BYOD’ Guidance (April 1, 2013)
The Information Commissioner’s Office has published guidance on “Bring Your Own Device.” The main focus of the guidance is on employers taking appropriate technical and organizational measures to protect personal data held on such devices.
UK—Damages Awarded for Inaccurate Credit Data Overturned (April 1, 2013)
The UK Court of Appeal has overturned an earlier High Court decision awarding damages to an individual for inaccurate credit data processed about him by a major credit-reference agency.
UK—Receptionist Prosecuted for Unlawfully Accessing PHI (April 1, 2013)
The ICO has prosecuted a former receptionist under section 55 of the Data Protection Act for unlawfully obtaining sensitive medical information relating to her ex-husband’s new partner, resulting in fines and costs totaling almost 1,200 GBP.
Weitzner Takes Home Privacy Leadership Award from Summit (April 1, 2013)
At the 2013 IAPP Global Privacy Summit, Hewlett-Packard VP and CPO Scott Taylor, CIPP/US, announced MIT’s Daniel Weitzner as the recipient of the 2013 IAPP Privacy Leadership Award.
IAPP Launches Westin Fellowship with Omer Tene as Head (April 1, 2013)
The International Association of Privacy Professionals (IAPP) has unveiled the Westin Fellowship, named for privacy pioneer Alan Westin, and intended to “encourage and enable research and scholarship in the field of privacy.”
Barnett Joins Venable (April 1, 2013)
Venable has announced the addition of Ret. Rear Admiral and Former Chief of the Public Safety and Homeland Security Bureau for the Federal Communications Commission (FCC) James Arden Barnett as a partner in its Washington, DC, office.
Four Themes To Focus on at the Data Protection Intensive this April (April 1, 2013)
With three full days of programming, the IAPP’s Data Protection Intensive—April 23 through 25 in London—can look nigh-on-impenetrable. The IAPP publications team will be on site gathering the news of what happens while you’re in other sessions, and has compiled a handy guide to focus your energies while there, depending on your interests.
Data Protectors Address Myths, Challenges Around Privacy Protection at Book Launch (April 1, 2013)
In honor of this year’s European Data Protection Day in January, Hunton & Williams hosted an event featuring insights from the UK’s past and present data protection commissioners, Eric Howe, Elizabeth France, Richard Thomas and Christopher Graham.