ICDPPC newsletter talks to DPAs from around the globe

(Feb 24, 2017) The February edition of the International Conference of Data Protection & Privacy Commissioners Secretariat Communique focuses on the important developments in the privacy world, as well as forthcoming events, awards and projects. Another particular theme is global teamwork. "As we have discussed many times, one of the best ways we can succeed as an international body is to share information about what works," said New Zealand Privacy Commissioner John Edwards. "The aphorism 'a rising tide r... Read More

The Privacy Advisor Podcast: Chris Zoladz

(Feb 24, 2017) In this episode of The Privacy Advisor Podcast, Chris Zoladz, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, of Navigate talks about what he’s seeing on the ground as he advises clients who’re aiming to comply with the GDPR as its effective date rapidly approaches. Zoladz says based on his experience, organizations are largely not going to be completely compliant by May 2018, in part due to budget cycles. He’ll explain. He also describes how to be strategic about big data and the GDPR’s new consent requir... Read More

ICO investigates London home as part of illegal customer data access probe

(Feb 23, 2017) The U.K. Information Commissioner’s Office searched a London home as part of an investigation into the illegal access of customer information. The Nationwide Accident Repairs Services told the ICO one of its computer systems had been illicitly accessed to view car repair estimates, which contain personal data. The ICO believes this breach resulted in the unlawful trading of citizens’ data and could be linked to a string of nuisance calls. “Our experience shows that unscrupulous people access per... Read More

FTC settles with companies falsely touting APEC CBPR participation

(Feb 22, 2017) The Federal Trade Commission announced it has reached settlements in three different cases involving companies deceiving consumers about their participation in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system. The FTC alleged Sentinel Labs, Inc., SpyChatter, Inc., and Vir2us Inc., all falsely claimed in their privacy policies that they participated in the framework. The complaints state the companies never received APEC CBPR certification and never underwent a review with ... Read More

What makes a great DPA?

(Feb 22, 2017) The global population of privacy and data protection regulators is understandably diverse. Some data protection agencies are still in their infancy, established by brand-new laws. Others have robust histories of enforcement and deep, experienced staffs. But what makes a regulatory agency effective? Is it experience, approach, philosophy, the law that creates it? Such are the questions explored in a new report authored by the U.S. Chamber of Commerce and Hunton & Williams, "Seeking Solutions:... Read More

Op-ed: Ohlhausen is the best choice to lead the FTC

(Feb 22, 2017) In an op-ed for The Hill, former commissioner of the Federal Trade Commission, Orson Swindle argues why Maureen Ohlhausen is the proper choice to lead the agency. Swindle cites Ohlhausen’s focus on concrete harm as one of her strengths, specifically as it pertains to privacy. “Acting Chairman Ohlhausen’s ability to separate real from imagined problems is clearly seen in her record on privacy and data security,” Swindle writes. “She is always striving to better understand new technologies and bus... Read More

WP29 releases Privacy Shield rules of procedure and complaint form

(Feb 21, 2017) The Article 29 Working Party has released two forms related to the EU-U.S. Privacy Shield agreement. The rules of procedure for the "Informal Panel of EU DPAs" provides a road map for handling complaints under Shield. "The panel is competent for providing binding advice to the US organisations following unresolved complaints from individuals about the handling of personal information that has been transferred from" the EU under Shield. According to the document, the panel will attempt to provide... Read More

US State Data Breach Notification Law Matrix

(Feb 21, 2017) Created by Mintz Levin, this chart lays out state laws regarding data breach notification as of September 2012, including data and consumers protected; entities covered; notice procedures, timing and exemptions; penalties, and the possibility for a private right of action. Read More

$5.5M HIPAA fine shows importance of audit

(Feb 17, 2017) Memorial Healthcare System, of Hollywood, Florida, has settled with the U.S. Department of Health and Human Services for $5.5 million following a HIPAA violation. It must also institute "a robust corrective action plan." While Memorial did have access control policies in place, a former employee of an affiliated physician's office was still able to access protected health information repeatedly, without detection, for a year, affecting 80,000 individuals. Acting HHS Office for Civil Rights Direc... Read More

WP29 still concerned about Trump immigration order

(Feb 17, 2017) While analysis of U.S. President Donald Trump's executive order on immigration appears to show it does not threaten the underpinnings of the Privacy Shield framework, the Article 29 Working Party would like to be sure, Reuters reports. As part of their February plenary session, the EU DPAs decided to write to U.S. authorities directly to point out concerns and seek clarifications. Reached by Reuters, the U.S. Mission to the EU attempted to quickly allay fears: "The executive order also does not ... Read More