More details emerge on the future of EU data breaches

May 1, 2011
On April 5, 2011, the Article 29 Working Party adopted an opinion outlining its approach to data breaches (Opinion 13/2011 on the current EU personal data breach framework and recommendations for future policy developments). The Opinion examined the current status of the data breach framework within the European Union and highlighted points for cooperation and future policy developments on data breaches. These points include further action by the European Commission and the Working Party’s desire to extend the ePrivacy Directive’s data breach framework.

Perspective: The future of privacy in the public sector

May 1, 2011
The future of privacy is not privacy. It is larger than that. It is information. Let this brief note offer an introduction to one scenario about the future of privacy. Over the past several years, leading privacy professionals have taken a critical look at the future of their profession. Last year, on the occasion of its tenth anniversary, the IAPP published A Call for Agility: The Next Generation Privacy Professional, essentially asking whether we need to broaden the scope of profession. The definition of what is considered personal identifiable information (PII) has broadened over the past 40 years from simple identifiers such as name, date of birth and Social Security number to include additional types of data.

Deutsche Post sheds light on BCR approval process

May 1, 2011
Deutsche Post DHL, a postal and logistics group that employs 500,000 individuals in 220 countries, has become the first German company to have its privacy policy approved by the country’s data protection authority. The Office of the German Federal Commissioner for Data Protection and Freedom of Information’s approval of the company’s binding corporate rules (BCR) allows Deutsche Post to transfer personal data abroad without having to gain approval for each individual transfer.

A conversation with Mary Ellen Callahan

April 22, 2011
After two years as the chief privacy officer at the U.S. Department of Homeland Security (DHS), Mary Ellen Callahan discusses the importance of privacy and transparency at DHS with her public affairs representative, Steven Richards. At the U.S. Department of Homeland Security (DHS), privacy law and policy are implemented and enforced through the Privacy Office—the first statutorily mandated privacy office at any U.S. federal agency. The DHS Privacy Office is the largest office of its kind in the federal government, and it has been referred to by many as the leader in public-sector privacy policy.

Greetings

April 15, 2011
It seems that every month there are new enforcement actions to report in the privacy space. The past month has been a blockbuster, where varied enforcers have taken action against diverse players--with big results. This week we learned that social network Myspace is being sued for allegedly sharing its members' data with aggregators without first obtaining their consent. The complaint, filed in U.S. District Court on Wednesday, accuses Myspace of transmitting member data to aggregators who then package and sell it to advertisers.

Across jurisdictions and Web domains, questions of privacy and online anonymity persist

April 15, 2011
There is a tug-of-war going on right now on the Internet and in the courts between protecting online anonymity and the equally privacy-related question of accountability when one individual's postings defame or expose personal information about another. Add to this issues of truth in reporting for journalists and the questions of how private and anonymous what we post online--and apply the laws and mores that vary from jurisdiction to jurisdiction--and the result appears to be the onslaught of legal actions, pending cases and unanswered questions that surround the term "online anonymity."

Breach highlights need for privacy professionals’ elevated role

April 15, 2011
Data breaches should serve as a wake-up call to companies' top-level management. That's according to New York University Professors Arun Sundararajan and Vasant Dhar, who say companies that share data with third-party service providers must more seriously consider the risks of using such services and weigh them against the benefits. Dhar, director for the Center for Digital Economy Research at the NYU Stern School of Business, and Sundararajan, associate professor of information, operations and management sciences, say that the recent Epsilon breach is an example of failure in management--not security technology. They say the breach calls into question the management choices the affected companies made when they shared customer data for marketing purposes.

Notes from the IAPP President

April 1, 2011
Momentum might be the most-used word in this column. It seems to come up each month as I reflect on the activities of the previous weeks. The momentum in our field of data privacy and protection seems to be relentless. It was evident at our global privacy summit event in March, and it has been evident since then in the global privacy news.

A summary of comments filed on the recent FTC and Commerce Department data privacy frameworks

April 1, 2011
In last month’s edition of the Privacy Advisor, we compared the new policy frameworks for analyzing data privacy separately proposed by the Federal Trade Commission and the Department of Commerce. In this issue, we summarize the comments that were submitted in response to each of the frameworks and examine some of the common issues addressed in the submissions.

Perspective: Self-regulation’s credibility problem

April 1, 2011
Why do privacy advocates remain so opposed to self-regulation? Self-regulatory programs suffer from an enduring credibility problem, established by the short-lived IRSG and the languid NAI, and continued today in the form of business practices that express disregard for consumers' expressed preferences.

Simplifying data sanitization compliance: An analysis

April 1, 2011
In addition to better known federal legislation such as Sarbanes-Oxley, FACTA and HIPAA, there are now 46 state and territorial laws that regulate the management of private electronic data. In addition, two more major federal acts are making their way through the U.S. Congress—one in the house another in the senate. In spite of the shifting political landscape, they have a high probability of enactment.

Polish Data Protection Act amendment in detail

April 1, 2011
The amendment to Poland’s Data Protection Act of 29 August 1997 came into force this month. The amendment is intended to strengthen personal data protection by increasing its effectiveness. The Polish Data Protection Authority will be able to enforce its decisions more effectively.

The Changing Meaning of “Personal Data”

March 16, 2011

Greetings

March 10, 2011
I write these words from our annual Global Privacy Summit in Washington, DC, where privacy and data protection professionals have gathered to learn, teach and network about the issues we face each day. The volume of these issues—and their complexity—is increasing. This is reflected in the number of practitioners in attendance and in the conversations they are having in breakout sessions, in hallways, at networking events and over dinner at the end of the day.

Roundup on “do not track”

March 10, 2011
The U.S. Federal Trade Commission in December released a report on consumer privacy that called for a "do-not-track" mechanism by which Internet users could opt out of having their browsing activities monitored. The call provoked sensational response, with online privacy advocates and some politicians singing support and online advertising industry officials warning that such a mechanism could bring the Internet as we know it to its knees.

Page 30 of 45 pages ‹ First  < 28 29 30 31 32 >  Last ›