Having trouble receiving the Privacy Advisor in your inbox? Click here for troubleshooting tips.
Global Privacy Dispatches
ITALY—Garante Addresses Medical Research, Welfare Positions Issues
The Garante, Italy’s Data Protection Authority (IDPA), has released three decisions related to research and a register of welfare positions.
ITALY—Garante Releases Enforcement Activity Report
The Garante, the Italian Data Protection Authority (IDPA), has released information on enforcement activity in Italy in 2013 and its relevant plan of inspections for the first semester of 2014.
CANADA—Anti-Spam Legislation To Come Into Force
After much discussion and consultation on the accompanying Regulations, Canada’s anti-spam legislation is about to take full effect. While the CRTC had previously published its regulations on March 28, 2012, the Electronic Commerce Protection Regulation was finally published on December 4, 2013.
UK—Government Department Fined 185,000 GBPs After Terrorist Incident Data Sold at Auction
A government department has been fined after a filing cabinet containing personal information relating to victims of a terrorist incident was sold at auction.
NEW ZEALAND—Privacy Reflections/Predictions for 2014
The high-profile privacy breaches of 2012-13 have shed an unprecedented light on personal information in New Zealand. Outgoing Privacy Commissioner Marie Shroff is leaving the role at a time when protecting personal information, a cause she has actively championed over the past 10 years, is at the forefront of public awareness and is top-of-mind for policy analysts, legislators and businesses alike.
NEW ZEALAND—Will the Tide Turn in 2014?
Last year was not a good one for New Zealand privacy-wise. While Australia forged ahead enacting legislation covering issues such as cross-border controls for personal data and introducing measures to implement breach notification, the government in New Zealand, by contrast, has been dragging its feet and instead adopted a raft of measures diminishing existing privacy protections. This article briefly reviews developments in New Zealand in 2013 and ventures some predictions as to what may lie in store in 2014.
AUSTRALIA—Australia Legislates for Privacy by Design
In March, Australia will be overhauling its privacy laws. One of the key features of the new regime means Australia will become one of the first jurisdictions to effectively legislate for the concept of Privacy by Design.
Garante Defines Obligations for Telecoms and ISPs (May 30, 2013)
The Italian DPA (Garante) has issued, following a public consultation, a decision that defines in detail the obligations for telephone companies and Internet service providers regarding possible cases of data breach, according to the relevant provisions contained in the Italian privacy law and in the European Directive 2002/58/EC.
From Beavers to Smart Cars to Ivory Coast with Sandy Pentland (May 29, 2013)
“Finding beavers from outer space was my very first job,” said Alex “Sandy” Pentland, presenting at a recent Center for Geographic Analysis conference. The audience chuckled. “Yeah, isn’t that crazy?” Pentland now works at MIT and co-leads the World Economic Forum Big Data and Personal Data Initiatives and somewhere in between beavers and the WEF, he helped develop the car monitoring systems for the Nissan Leaf—so he “knows a little about cars, too.”
State Social Media Privacy Laws Top Legislative Roundup (May 24, 2013)
Over the past two weeks, several states have enacted or initiated privacy legislation. California has moved forward a security breach notification law, and Maine has considered a 911 privacy bill. Topping state legislative action, however, are social media privacy laws—from Utah to New Jersey, states are clamping down on the employer practice of requiring employees and applicants to disclose social media passwords.
When Shopping for Cyberinsurance, Semantics Matter (May 16, 2013)
At a May 16 IAPP KnowledgeNet on Pre-Breach Preparedness, Joe Burgoyne, corporate manager of security at Osram Sylvania, opened the “privacy panel” with a somewhat startling prompt: Raise your hand if you know where all of your company’s data is. Of the 100-plus attendees, maybe two hands went up—hesitantly.
PRIVACY IN POPULAR CULTURE: Going Gaga for Google Glass (May 14, 2013)
While it’s unquestionably true that the advent of Google Glass has created, and will continue to, all manner of interesting privacy discussions, Glass may end up being as much a boon to comedy writers as to privacy professionals.
This Week’s Data Breach Roundup (May 10, 2013)
Data breaches continue to affect private and public organizations across all sectors. Among this week's incidents, the biggest news may be that the state of Washington’s court system may have been hacked, potentially affecting millions of residents. Several healthcare organizations announced breaches this week, including a North Carolina-based clinic. The incident may have compromised the health records of more than 17,000 patients. A Pennsylvania-based senior-housing organization was also breached, exposing more than 7,300 records.
Will the White House Soon Have A Chief Privacy Officer or Not? (May 8, 2013)
While a report circulated that the White House was poised to announce a first-ever chief privacy officer (CPO), it appears that report may have jumped the gun. Is the White House about to get a new CPO? Will it be Twitter’s current legal director? We get you up-to-date on the latest news.
State Legislature Roundup (May 3, 2013)
A number of U.S. states have passed or are working on various types of privacy legislation—from employee privacy to breach notification. Most notably, California has pulled a bill that would have required businesses to disclose to consumers data they have collected on them. The Pennsylvania Senate has passed a law that would require state agencies to notify residents of a breach “as soon as possible.” And the Texas House has also “tentatively” approved similar social media legislation.
CANADA—Bill Would Allow for Warrantless Communication Interception (May 1, 2013)
Canada’s government introduced Bill C-55 in February in response to the Supreme Court’s decision in R. v. Tse
. The bill amends the Criminal Code relating to the authority to intercept private communications without prior judicial authorization. The bill, which received royal assent on March 27, comes into force six months from that date.
FRANCE—Article 29 Working Party Guidelines for Apps on Smart Devices (May 1, 2013)
On February 27, the Article 29 Data Protection Working Party adopted an opinion on smart devices. The opinion strives to clarify the European regime on the collection and use of personal information by means of smart devices and states that EU data privacy law kicks in as soon as mobile apps are targeted at users within the EU.
ITALY—M-Payment and Privacy by Design (May 1, 2013)
Mobile payment in 2012 was one of the sectors under the spotlight of the Italian Data Protection Authority (Garante), and the same will be for 2013. Although it is not deniable that the mobile ecosystem—as conspicuously outlined in the opinion issued by the European Data Protection Article 29 Working Party about apps on smart devices—involves for the privacy of the users critical issues, the focus of the Garante on these new means of payment, whose development in Italy is still in an embryonic phase, could seem surprising.
UK—ICO Blog Highlights Key Thoughts on EU Data Protection Reforms (May 1, 2013)
A recent blog published on the Information Commissioner's Office (ICO) website sets out the UK regulator's opinions on the current draft of the General Data Protection Regulation. The blog welcomes such aspects as the draft regulation's emphasis on the privacy rights of individuals and highlights some concerns, including the increased role expected of national data protection authorities in signing-off arrangements for protecting personal data in international data transfers.
UK—Company Fined 90,000 GBP For Nuisance Marketing Calls (May 1, 2013)
The ICO has served a 90,000 GBP penalty on Glasgow-based DM Design for carrying out unwanted marketing calls to the public. The company had been the subject of some 2,000 complaints to both the ICO and the UK's Telephone Preference Service (TPS).
Supreme Court Wiretap Ruling Upholds Stringent Standing-To-Sue Requirements (May 1, 2013)
The U.S. Supreme Court’s recent ruling in Clapper v. Amnesty International USA
could make it easier for companies to seek early dismissal of consumer data breach and privacy lawsuits. The Supreme Court has upheld stringent requirements for plaintiffs to have standing to sue in privacy cases, including a requirement to show that the threatened harm is “certainly impending” and not merely speculative.
In Praise of “Little Data” (May 1, 2013)
In this age of Big Data, there is much to be said for the value of “Little Data”—or data minimization. When Big Data includes personal information, it can result in big headaches as customer expectations and privacy laws obligate collectors of personal data to maintain its security and provide notice and choice regarding how it is obtained, used and shared. “Little Data” has its virtues as a practical and effective strategy for meeting privacy compliance obligations.
ZIP Codes: Are Courts Set To Protect Consumers from Marketing? (May 1, 2013)
If California, Massachusetts and about a dozen other states are indicators, courts are ready and willing to regulate the type of data retailers can collect from consumers during transactions as well as what kinds of data constitute personally identifiable information (PII). What does all this mean for retailers? As those in Massachusetts and California change their practices, should others proactively make similar changes?
IN FOCUS: The Directive (May 1, 2013)
Beginning with this edition of The Privacy Advisor
, the IAPP will ask one expert to zoom in on a topic of interest. If you have a subject you’d like to discuss in-depth for a future edition, contact us. In this Q&A, Timothy Toohey, CIPP/US, CIPP/E, of Snell & Wilmer, discusses the tensions and controversies within the proposed EU data protection regulation.
Clarifying Privacy in the Cloud (May 1, 2013)
The “cloud” is maybe the most buzzed-about Internet sensation of the past five years, but how does working in the cloud change your privacy thinking? Maybe not as much as you think, John Wunderlich, CIPP/C, head of privacy consultancy Wunderlich & Associates told The Privacy Advisor
. “What’s old is new again…you’re outsourcing to a provider who has expertise that you don’t have.”
Insights from Women in Privacy (May 1, 2013)
In the field’s infancy, privacy positions were almost equally shared by men and women. In the late 1970s and early 1980s, the term and the position of chief privacy officer was nonexistent, largely because personal privacy issues were not yet an epidemic. When the digital revolution moved from the Halon-haloed computer rooms to the desktop--then laptop, notebook, tablet, smartphone--environment, the world of privacy redefined itself and swiftly became an entirely different game.
A Look at the Privacy Consultants of Acxiom (May 1, 2013)
Companies are regularly faced with the tall task of using data to contribute to a robust bottom line while executing strong privacy practices and maintaining positive brand recognition. But what if data IS your business? Regulators, including the FTC, are keying into the data collection and use practices of so-called “data brokers” and consumers are growing more knowledgeable of how their personal information is used, bought and sold. One such company is Acxiom, whose CPO shares her insights in this report.