(May 28, 2015) The Office of the Australian Information Commissioner has released its Privacy Management Framework, which is intended to assist private- and public-sector organizations in meeting their Australian privacy compliance obligations. It follows previously released accountability/privacy governance guides issued by the respective Canadian, Hong Kong and French privacy regulators. In this exclusive for The Privacy Advisor, Anna von Dietze, CIPM, CIPP/E, examines the Australian and international context of the framework, its content and its practical implications. “This trend amongst privacy regulators to issue guides on privacy governance is no coincidence. Rather, it can be attributed to the global privacy principle of accountability, which is currently undergoing a significant evolution,” she writes. Read More

Asia-Pacific Dashboard Digest

Encryption Regulation: Walking a Fine Line

(May 28, 2015) While Australia’s data retention law permits law enforcement to track calls and online activities, encryption tools prohibit the content of communications from being analyzed—a potential problem both for police and for privacy, Australian Financial Review reports. As encryption is used appropriately on most websites, “99 percent of all encryption would have to be excepted” if a law against the measure were to be enacted, leading to proposed solutions of licenses or murky discussions of leg... Read More

Asia-Pacific Dashboard Digest

Law Enforcement Supports Facial-Recognition Database

(May 28, 2015) Attorneys-general and law enforcement officials from across Australia agreed recently to “plan on a plan” for a database that will utilize pictures from passports and licenses for identifying criminals as well as creating easier in-roads for police to share data, Biometric Update reports. The strategy moving forward is still hardly resolute, the report states, indicating that the document itself “includes vaguely worded planned resolutions to eliminating existing legislative and cultural barriers that prevent state and federal police forces from sharing important data.” Read More

Asia-Pacific Dashboard Digest

EU, APEC To Streamline BCR/CBPR Process

(May 27, 2015) Winning approval for both binding corporate rules (BCRs) and cross-border privacy rules (CBPRs) takes significant work. But to demonstrate compliance, many of the administrative hurdles are the same. That's why, as companies increasingly turn to BCRs and CBPRs as data transfer mechanisms, an EU/APEC working group has approved a plan for increased interoperability by making it easier for companies to comply with both BCRs and CBPRs all at once. “The idea is that organizations will be able to submit the single questionnaire to both EU DPAs, whose approval is needed for organizations to be granted BCRs, and to APEC Accountability Agents, whose approval is needed to be granted CBPRs,” Angelique Carson, CIPP/US, reports in this exclusive for The Privacy Advisor. Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

In Search of the 2015 Privacy Innovation Award Winners

(May 27, 2015) The call for nominees is now open for the 2015 HP-IAPP Privacy Innovation Awards, which recognize unique global privacy and data protection programs and services in both the private and public sectors, which got us thinking about our past winners. To gear up for this year’s selection, The Privacy Advisor is profiling some of the winners. In this feature, IAPP Publications Managing Editor Jennifer Saunders, CIPP/US, caught up with Vodafone Global Privacy Manager Amanda Chandler and Global Privacy Counsel Kasey Chappelle, CIPP/US, to talk about the 2012 Innovation Award-winning project, Vodafone Privacy Programme, where it is today and Vodafone’s future plans. Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Roundup: Germany, South Africa, Belgium, U.S. and More

(May 26, 2015) The latest proposed draft of Germany’s data retention legislation includes a provision for keeping the data in Germany, which some say may not sit well with U.S. tech firms. Meanwhile, Belgium has written a lengthy recommendation stating why it should be regulating Facebook, and EU ambassadors have agreed to a proposal that would create three levels of fines for violations of the data protection overhaul. Also in this week’s Privacy Tracker weekly legislative roundup, South Africa is taking steps to appoint an information regulator and newly proposed drone regulations may conflict with business uses, and you can read about updates on the 21st Century Cures bill, PCLOB and the USA PATRIOT Act as well as state actions in the U.S. (IAPP member login required.) Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Bad Guys Having a Field Day with Recent Breaches

(May 26, 2015) Brian Krebs reports on the underworld activity sparked by recent leaks of personal data from databases at Adult Friend Finder and mSpy. Rather than cash in via using stolen credentials, the play appears to be extortion and blackmail. With mSpy, a user’s iTunes username and password are necessary to load the program. Now, those who have access to the leaked credentials are remotely locking phones and “the only way to get their data back is to pay a ransom.” Similarly, while Adult Friend Finder di... Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

IoT-Connected Toy Patents Generate “Creepy” Tag

(May 26, 2015) A newly published patent detailing plans by Google for Internet-connected toys has generated concerns, CNBC reports. Such products would act as an “anthropomorphic device” in the form of a “doll or toy that resembles a human, an animal, a mythical creature or an inanimate object,” the patent states. One would be a teddy bear that could control Internet-of-Things devices within the home through voice command or gestures. A spokesperson for Big Brother Watch described “the creepiness of the produc... Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Researchers: “Leaky” Bluetooth Tech a Privacy Risk

(May 26, 2015) Many fitness trackers and smartphones use Bluetooth Low Energy technology (BLE) to communicate back and forth or with beacons in the environment. Some 90 percent of devices may use the tech by 2018. But, reports V3, researchers at security firm Context have found they can track specific devices using BLE within 100 meters. “The information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing people’s movements,” Context’s Scott Lester said. Context has even created an app that scans, detects and logs wearable devices using BLE to show how easy it is to track the signals. Read More

Asia-Pacific Dashboard Digest, Daily Dashboard, Europe Data Protection Digest

Google Legal Privacy Lead Enright Discusses Asia’s Privacy Opportunity

(May 22, 2015) At the IAPP Asia Privacy Forum in Singapore, Google Legal Privacy Director Keith Enright, CIPP/G, CIPP/US, gave a closing keynote address that spoke to the opportunity facing Asia as it develops its privacy regulations. How can the region fuel tech innovation? By embracing privacy and using it as the underpinning for rapid technological development to bring new tools and services to the world at large. It is incumbent on the region’s regulators, he argued, to work in concert with industry and consumers to finely tune the privacy dials so that companies can delight consumers with new and exciting products and consumers can feel confident in using them. Read More

Asia-Pacific Dashboard Digest, Daily Dashboard