Sparapani Calls FTC’s Nomi Settlement “A Cautionary Tale”

(May 27, 2015) Tim Sparapani writes for Forbes about the proposed Federal Trade Commission (FTC) consent decree with Nomi Technologies, calling it “a cautionary tale for businesses everywhere wrestling with data innovation and privacy and security protection.” The FTC brought an enforcement action against the retail tracking company because it failed to provide an opt out offered in its privacy policy, even though it is “not required to offer consumers an opt out of this data collection because Nomi does not c... Read More

EU and APEC Officials Agree To Streamline BCR/CBPR Application Process

(May 26, 2015) Winning approval for both binding corporate rules (BCRs) and cross-border privacy rules (CBPRs) takes significant work to achieve. But to demonstrate compliance, many of the administrative hurdles are the same. That's why, as companies increasingly turn to BCRs and CBPRs as data transfer mechanisms, an EU/APEC working group has approved a plan for increased interoperability by making it easier for companies to comply with both BCRs and CBPRs all at once. Read More

Australian Privacy Management Framework Launched

(May 26, 2015) On May 4, the Office of the Australian Information Commissioner released its previously announced Privacy Management Framework. The framework is intended to assist private and public sector organisations in meeting their Australian privacy compliance obligations. It follows previously released accountability/ privacy governance guides issued by the respective Canadian, Hong Kong and French privacy regulators. Read More

Facebook in Focus of EU Regulators

(May 26, 2015) Now that Belgium has teamed with French, Spanish, German and Dutch regulators to zero in on Facebook’s cookie use, and Facebook has responded by calling for a single point of regulation in the EU, The New York Times and other news organizations are noticing that the world of regulation in the EU is becoming quite complicated. “The debate,” the report states, “is whether individuals’ privacy should be protected primarily by their domestic regulators or by the watchdog in the country where a compa... Read More

Global News Roundup—May 18-26, 2015

(May 26, 2015) The latest proposed draft of Germany’s data retention legislation includes a provision for keeping the data in Germany, which some say may not sit well with U.S. tech firms. Meanwhile, Belgium has written a lengthy recommendation stating why it should be regulating Facebook, and EU ambassadors have agreed to a proposal that would create three levels of fines for violations of the data protection overhaul. Also in this week’s Privacy Tracker weekly legislative roundup, South Africa is taking steps to appoint an information regulator and newly proposed drone regulations may conflict with business uses, and read about updates on the 21st Century Cures bill, PCLOB and the USA PATRIOT Act as well as state actions in the U.S. Read More

How To Stay Out of the FCC's Way

(May 26, 2015) The U.S. Federal Communication Commission's (FCC's) Enforcement Bureau has said it sees "privacy in the broadband space as a trend in enforcement in the near future." Learning from privacy missteps in the telecom space will help ISPs avoid becoming part of that trend. Exactly how the FCC will use its new privacy authority is uncertain, but one thing is for sure: This "new cop" is not likely to hold back, report Stephen Ruckman and Pavitra Bacon. Read More

FRANCE—High Court Upholds CNIL Sanction for Unlawful Marketing

(May 26, 2015) The Conseil d'Etat, the highest court in France for administrative cases, has upheld a decision of the French Data Protection Authority pronouncing a 20,000-euro fine against a real estate company for unlawfully sending marketing messages to individuals by SMS without obtaining their prior consent at the time of collection of their mobile phone numbers, lack of prior information and the absence of an opt-out option in the messages that were sent. Read More

Company Must Pay $25K After Case-Not-Closed Data-Sharing

(May 21, 2015) Cable company Orcon’s decision to send a customer’s disputed debt to a debt collector before the matter was closed was a breach of the individual’s personal privacy, New Zealand’s Human Rights Review Tribunal ruled. Now the company owes the customer $25,000 in damages and must undergo privacy training in line with the country’s Privacy Act, reports. "In view of the seemingly complete failure by Orcon to evidence an understanding of its obligations under the information privacy princi... Read More

FTC: Companies That Self-Report Looked on More Favorably

(May 21, 2015) The Federal Trade Commission (FTC) advised companies in a blog post Wednesday that it looks positively on cooperation when conducting investigations into data security breaches, The Hill reports. A company that reported a breach on its own and cooperated with law enforcement would be looked on “more favorably” than one that had not, the agency said. “In our eyes, a company that has reported a breach to the appropriate law enforcers and cooperated with them has taken an important step to reduce t... Read More

Settlement Reached: RadioShack Must Destroy Customer Data

(May 21, 2015) A “coalition of 38 states” prevailed in ensuring that the newly bought-out RadioShack will not sell the greater part of its collection of customer data—including credit card information, Social Security numbers and phone numbers—but by mandate must destroy it, Your Houston News reports. Texas Attorney General Ken Paxton was pleased with the ruling. “This settlement is a victory for consumer privacy nationwide,” he said. “The fact that 38 states joined together in this case reflects a... Read More