Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Former ICO Richard Thomas Wants a Rewrite of Chapter IV (April 25, 2013)
Noting the prescriptive and inflexible nature of the EU’s draft data protection regulation, Former UK Information Commissioner Richard Thomas used his keynote address here at the IAPP Data Protection Intensive in London on Thursday to outline an alternative framework that would focus more simplistically on outcomes, provide incentives for regulatory requirements and allow for as much self-enforcement as possible.
Hustinx Emphasizes Accountability in Outlining Road Ahead for EU Regulation (April 24, 2013)
As the opening speaker at the IAPP Europe Data Protection Intensive in London, European Data Protection Supervisor Peter Hustinx laid out his predictions for what the much-anticipated EU privacy regulation would finally look like when adopted. Confident that it would meet deadline and be in place by the spring of 2014, Hustinx said, “my impression is that there is a basic consensus that the current architecture of the regulation is the right one…Now the focus is on getting it right, and the key word there is balance.”
Vodafone’s Deadman to Regulators: Show Us the Carrots (April 24, 2013)
If privacy regulators and consumers want transparency and accountability from corporations, companies need more than a stick: They need a carrot, too. That’s according to Stephen Deadman, group privacy officer and head of legal for privacy, security and content standards at Vodafone Group.
New FTC Chair Ramirez Points to COPPA, Mobile Space, BCR-APEC Alignment as Priorities (April 1, 2013)
Addressing the IAPP Global Privacy Summit, recently appointed Federal Trade Commission (FTC) Chair Edith Ramirez indicated a focus on enforcement of COPPA and other directives, regulating the mobile space and an exploration of the impact of the “Internet of Things” on privacy would be priorities for the FTC going forward under her watch. She also mentioned optimism on aligning the EU’s Binding Corporate Rules with APEC Cross-Border Privacy Rules.
Exploring Federal Privacy Breach Notification in Canada (April 1, 2013)
Canada’s lack of federal regulation to address breaches of personal information is unexpected, given the overall maturity of its national data protection regime. Individual provinces have tackled breach notification in various forms, and the legal landscape for notifying individuals following breaches of personal information is a patchwork at best. However, change is imminent.
The Risks Associated with Financial Institutions’ Use of Social Media (April 1, 2013)
The Federal Financial Institutions Examination Council has released its “Social Media: Consumer Compliance Risk Management Guidance” to address how consumer protection laws apply to social media activities conducted by banks, saving associations, credit unions and nonbank entities supervised by the Consumer Financial Protection Bureau. The guidance highlights the fact that the use of social media by a financial institution can impact the risk profile of the institution as a result of poor oversight, inadequate due diligence and lack of proper risk management.
Recent Ruling Could Prove Costly for Hacked Businesses (April 1, 2013)
A recent U. S. Court of Appeals ruling may make it easier for class-action plaintiffs to survive early motions to dismiss their data breach claims, thereby substantially expanding the costs of litigation and the risk of sizeable judgments against businesses. The Eleventh Circuit’s decision in Resnick v. AvMed,
Inc. is a departure from most other court rulings in data breach lawsuits where the trend has been to dismiss such suits unless the breach led to identity theft and plaintiff injury.
Commerce’s Kerry: Privacy Regulation Should Not Be Barrier to Trade (April 1, 2013)
General Counsel for the U.S. Department of Commerce Cameron Kerry keynoted a well-attended data privacy seminar in his home state of Massachusetts yesterday. Kerry advocated for the fundamental underpinnings of U.S. President Barack Obama’s Consumer Privacy Bill of Rights and the general privacy blueprint he’s helped craft as co-chair of the Internet Policy Task Force and the National Science and Technology Council’s Subcommittee on Commercial Data Privacy but also expressed concerns about ways that EU privacy legislation may hinder efforts at interoperability by proposing things that are not technologically or commercially feasible.
Big Data=Big Oil? (April 1, 2013)
Andreas Weigend knows Big Data. As former chief scientist at Amazon and now consultant on social and mobile technologies to global firms like Best Buy and Nokia, he’s working daily with firms to help them navigate what he calls the Social Data Revolution.
ICO Fine “Confirms” Emergence of Private-Sector Enforcement Trend (April 1, 2013)
News that the UK Information Commissioner’s Office (ICO) has fined a private-sector business 90,000 GBP for violating the Privacy and Electronic Communications Regulations (PECR) in relation to live marketing calls is a significant development, according to one expert.
CANADA—Cases Underscore Importance of Structured Privacy Program (April 1, 2013)
When it comes to class-action litigation, the Canadian landscape may be changing. The loss of personal information of 2.4 million voters on memory sticks by Elections Ontario resulted in a province-wide class-action, and another such proceeding was launched against the federal government in a separate incident earlier this year.
UK—ICO Issues ‘BYOD’ Guidance (April 1, 2013)
The Information Commissioner’s Office has published guidance on “Bring Your Own Device.” The main focus of the guidance is on employers taking appropriate technical and organizational measures to protect personal data held on such devices.
UK—Receptionist Prosecuted for Unlawfully Accessing PHI (April 1, 2013)
The ICO has prosecuted a former receptionist under section 55 of the Data Protection Act for unlawfully obtaining sensitive medical information relating to her ex-husband’s new partner, resulting in fines and costs totaling almost 1,200 GBP.
IAPP Launches Westin Fellowship with Omer Tene as Head (April 1, 2013)
The International Association of Privacy Professionals (IAPP) has unveiled the Westin Fellowship, named for privacy pioneer Alan Westin, and intended to “encourage and enable research and scholarship in the field of privacy.”
Barnett Joins Venable (April 1, 2013)
Venable has announced the addition of Ret. Rear Admiral and Former Chief of the Public Safety and Homeland Security Bureau for the Federal Communications Commission (FCC) James Arden Barnett as a partner in its Washington, DC, office.
Four Themes To Focus on at the Data Protection Intensive this April (April 1, 2013)
With three full days of programming, the IAPP’s Data Protection Intensive—April 23 through 25 in London—can look nigh-on-impenetrable. The IAPP publications team will be on site gathering the news of what happens while you’re in other sessions, and has compiled a handy guide to focus your energies while there, depending on your interests.