(Oct 8, 2015) UK Information Commissioner Christopher Graham’s advice to those left anxious following the European Court of Justice’s Safe Harbor ruling? “Don’t panic,” he said at a Dentons' London “Fireside Chat.” The ICO will not be “knee-jerking into sudden enforcement of a new arrangement,” Graham continued. “We are coordinating our thinking very much with the other data protection authorities across the EU.” IAPP Publications Director Sam Pfeifle has all the details in this report for The Privacy Advisor. For now, Graham recommends, “Keep calm,” adding, “Safe Harbor is not the only route. There are standard contractual clauses; there are BCRs.” Read More

Daily Dashboard

Is Your Company Ready for FTC Oversight of Data Security?

(Oct 8, 2015) The Third Circuit recently issued its opinion in FTC v. Wyndham Worldwide Corp. While the Wyndham case is just “one example of the FTC's recent move to fill the vacuum left by Congressional inaction related to data security oversight and the perceived inability of traditional civil litigation to alter security behavior,” Seth Northrop writes in this exclusive for The Privacy Advisor, it is “widely considered the litmus test for whether the FTC's expansion into data security practices would hold.” The implication for business could be significant, Northrop notes, outlining key steps organizations can take to maintain compliance given likely increased FTC regulatory oversight. Read More

Daily Dashboard

DPAs To Announce Cooperative Agreement

(Oct 8, 2015) During their “Fireside Chat” at Dentons’ offices in London, UK Information Commissioner Christopher Graham and former interim Privacy Commissioner of Canada Chantal Bernier previewed details of a new cooperation agreement amongst global data protection authorities (DPAs) to be announced at the Data Protection and Privacy Commissioners Conference later this month. In this exclusive for The Privacy Advisor, Sam Pfeifle writes that the Arrangement, as it’s being called, was first discussed at the DPAs’ conference in Mexico in 2011 and creates a common understanding of DPAs’ obligations as they work together “so that separate memorandums of understanding don’t have to be negotiated and signed each time DPAs coordinate on a case.” Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

NSA and Snapchat CPOs on How To Decide Where To Start

(Oct 8, 2015) Sometimes it can be difficult for privacy pros to prioritize risks and which problems to mitigate first. The answers might vary depending on context. While sometimes a risk to the organization might also be a risk to the consumer, sometimes they differ, meaning one must be prioritized over another. In a session at Privacy. Security. Risk. 2015 last week, Rebecca Richards, CIPP/G, CIPP/US, chief privacy officer of the National Security Agency, and Megan Duffy, CIPP/US, chief privacy officer at Snapchat, discussed their process for evaluating risks across the organization and deciding what to tackle and with whom inside the organization. Angelique Carson, CIPP/US, reports in this feature for The Privacy Advisor. Read More

Daily Dashboard

Safe Harbor Ruling Continues To Ripple Through Business Community

(Oct 8, 2015) There’s no shortage of media coverage of this week’s invalidation of Safe Harbor by the European Court of Justice (ECJ). Though many large companies appear to be prepared for other workarounds, small- and medium-sized companies, including marketers and healthcare companies, are feeling the pressure and confusion stemming from the end of this major data transfer agreement. According to International Business Times, the decision could spur the U.S. Congress to update its privacy laws. Center for D... Read More

Daily Dashboard, Europe Data Protection Digest

Senators Criticize W3C Do-Not-Track Approach

(Oct 8, 2015) Sens. Ed Markey (D-MA), Al Franken (D-MN) and Joe Barton (R-TX) have sent a letter to the World Wide Web Consortium criticizing its approach to its do-not-track (DNT) standards, MediaPost reports. In the letter, the senators contend that the DNT definition will not protect users’ privacy and that “first-party” sites should not be able to collect data from users who opted out of web tracking. “We believe that both first and third parties should be held to high standards that respect privacy and p... Read More

Daily Dashboard

Discordant Encryption Attitudes Bring Policy-Making Woes

(Oct 8, 2015) “Strong encryption” means a different thing to government officials, privacy advocates and those in the tech community, and as such, stalls universal encryption policy efforts, The Washington Post reports. For example, if emails are “warrant proof,” it makes the government uneasy; if there’s a “backdoor,” privacy champions become concerned. “The definition debates are just part of the difficulty of coming up with a policy for encryption,” the report states. “A more deep-seated problem is that te... Read More

Daily Dashboard

Lawmakers Want Answers on Experian/T-Mobile Breach

(Oct 8, 2015) Three lawmakers want answers from Experian on the recent data breach affecting up to 15 million T-Mobile customers, The Hill reports. Last week, Experian, which processes T-Mobile’s credit applications, confirmed a breach affecting 15 million. Sens. Richard Blumenthal (D-CT), Bill Nelson (D-FL) and Brian Schatz (D-HI) wrote to both companies yesterday asking how they are handling the breach. KrebsonSecurity reports that a previous breach involving Experian and T-Mobile might provide insight into... Read More

Daily Dashboard

No-Tracking Search Engine Gets $9M from Investors

(Oct 8, 2015) Swiss-born search engine Hulbee, which has received $9 million from investors, aims to become a “pro-privacy alternative to mainstream search engines,” Tech Crunch reports. Unlike other search engines, “it does not track users,” the report states. “It’s competing with other search players in the pro-privacy space,” promising untracked ads as well. According to Hulbee CEO Andreas Wiebe, “Ads on Hulbee are targeted based on the search query, so there’s no geotargeting or cumulative tracking,” the report states. “Hulbee doesn’t fall back on surveillance, so there’s no geotargeting,” Wiebe said. “For Hulbee, the user is completely invisible … We recognize that most consumers do not want to be tracked.” The system has been available in the U.S. since August. Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

HHS Roadmap Paves Way for Privacy

(Oct 8, 2015) After months of feedback, the Department of Health and Human Services (HHS) has published its 10-year roadmap that illustrates “how healthcare facilities and patients should be able to share medical information” while protecting user privacy, Computerworld reports. “The roadmap includes a common clinical data set for every patient,” the report states. “In order for us to be able to understand the quality of care delivered for individuals and for populations, we need to have that data available,"... Read More

Daily Dashboard