(Oct 6, 2015) "Uncertainty" is the word of the day in privacy circles Max Schrems has won. In a closely watched case, the European Court of Justice (ECJ) released a judgment this morning agreeing with his argument that the PRISM mass surveillance program unveiled by Edward Snowden makes the European Commission’s finding of U.S. adequacy for personal data transfer with the Safe Harbor mechanism “invalid.”  Truly, the ECJ could not have been more clear: “Decision 2000/520 is invalid.” Yet many are uncertain w... Read More

The Privacy Advisor

Swire: Advocate General’s Views About U.S. Intel Laws Are Inaccurate

(Oct 5, 2015) With a highly anticipated decision from the Court of Justice of the EU expected tomorrow, the fate of Safe Harbor is in question. But was Advocate General (AG) Yves Bot’s opinion based on an accurate review of U.S. intelligence laws? No, writes Georgia Institute of Technology Prof. Peter Swire, CIPP/US, adding, “In my experience as a scholar and practitioner in the field, the U.S. has far more extensive legal rules, oversight and other checks and balances on intelligence agencies than is generally true in the EU member states.” In this post for Privacy Perspectives, Swire shares his analysis of the AG’s opinion in relation to U.S. law and his own first-hand experience while serving on the president’s Review Group on Intelligence and Communications Technology. Read More

Daily Dashboard

Web Conference: The Implications of Tomorrow’s Safe Harbor Decision

(Oct 5, 2015) Tomorrow, October 6, the Court of Justice of the EU is expected to deliver one of the most significant rulings in the history of data protection, one that could affect data flows between the EU and U.S. and have resounding implications for your organization. To help sift through the decision, we’ve compiled an all-star cast of privacy thinkers, including Baker & McKenzie Partner Brian Hengesbaugh, CIPP/US, Wilson Sonsini Senior Privacy Counsel Christopher Kuner, Center for Democracy & Technology President and CEO Nuala O’Connor, CIPP/G, CIPP/US, and Hogan Lovells Partner Eduardo Ustaran, CIPP/E, with the IAPP’s Omer Tene moderating. This free web conference will run tomorrow from 2 to 3 p.m. EDT and is open to the public. Read More

Daily Dashboard

Cultivating the Right Approach to Risk

(Oct 5, 2015) Privacy teams need to consider an approach parallel to landscaping a yard, Brad Reimer, CIPP/US, writes in this post for Privacy Perspectives. To address the pitfalls of, and solutions to, privacy risk assessment in change management, privacy teams should “assess an initiative when beginning to plant in the privacy landscape and continue to assess how change impacts the entire privacy landscape,” he writes, adding, "Assessing privacy risk associated with change challenges privacy teams, but they can take steps to cultivate an appropriate risk landscape.” Reimer highlights the areas privacy pros need to synthesize to assess change-related privacy risk and includes questions-and-answers on the “Who-What-Where-When-Why-How.” Read More

Daily Dashboard

Roundup: EU, U.S., Canada, Hong Kong and More

(Oct 5, 2015) In this week’s Privacy Tracker legislative roundup, read about the “patchwork of state laws” on accessing employee social media accounts in the U.S. and one state’s new law, set to go into effect this month. California’s governor has vetoed bills addressing drone use, while an Oregon House committee has received a report on drones and an EU group is asking regulators to update drone rules. In Canada, there are questions over whether political parties are violating CASL, while a report from Hong Kong looks at the first two organizations found guilty of breaching direct-marketing provisions in the Personal Data (Privacy) Ordinance. And in case you missed it, read some of the latest reactions and predictions on the Schrems case in the EU. (IAPP member login required.) Read More

Daily Dashboard

AG Adds CPO Hire to Settlement

(Oct 5, 2015) After failing to inform customers that their phone conversations were being recorded for training purposes, décor company Houzz Inc. finds itself required to hire the equivalent of a CPO, Los Angeles Times reports. The proposed settlement from the office of California Attorney General Kamala Harris marks “the first time the office has imposed such a provision,” the report states. The hire “must understand and oversee compliance with privacy laws and have the authority to report significant privacy concerns to fellow executives,” and while “akin to a ‘chief privacy officer’ … it doesn’t have to be called that,” the report continues. Houzz has said it “values the privacy of its employees and its community and we have since enhanced our compliance efforts to meet all applicable legal requirements.” Read More

Daily Dashboard

Millions of Customer Records Breached

(Oct 5, 2015) Scottrade has confirmed that 4.6 million contact records were breached from 2013 through 2014, ZDNet reports. "Although Social Security numbers, email addresses and other sensitive data were contained in the system,” the company said, “it appears that contact information was the focus of the incident.” The American Bankers Association has also discovered that “thousands of members’ personal information had been compromised,” Fortune reports. Meanwhile, hackers may have accessed the financial inf... Read More

Daily Dashboard