ICO Annual Report Discusses Increased Powers

(Jul 2, 2015) The Information Commissioner’s Office has released its annual report, and Information Commissioner Christopher Graham is reflecting on “the strengthening of his regulatory powers to show how the legislation continues to develop” toward greater data security as well as the impact of the now 10-year-old Freedom of Information Act. The Register reports that the total of fines issued by the ICO “has halved compared with last year—despite the watchdog receiving roughly the same number of compla... Read More

ACMA Gives Phone Company Stern Warning; Pilgrim Investigating iiNet Breach

(Jul 2, 2015) The Southern Phone Company has drawn a “stern warning” from the Australian Communications and Media Authority (ACMA) over a privacy breach involving more than 3,800 of its customers, ITWire reports. In a finding released this week, the ACMA said Southern Phone Company “inadvertently removed the silent number classification from the records of 3.854 of its silent line customers when uploading data to the Integrated Public Number Database,” the report states. And in another incident, Australian Pr... Read More

Selling User Data? Make Sure You Have Consent

(Jul 1, 2015) The New York Times reported earlier this week on the wholesale transfers of consumer data in the context of corporate mergers, acquisitions and bankruptcy transactions. In this report for Privacy Tracker, IAPP Westin Research Fellow Arielle Brown, CIPP/US, looks at the report and the “all-encompassing privacy policy” in the context of Section 5 of the FTC Act. “Through its enforcement actions, the FTC has made clear that altering a privacy policy in a way that is inconsistent with promises made ... Read More

Keeping Promises: Corporate Control Transactions Do Not Nullify Data Obligations

(Jul 1, 2015) The New York Times (NYT) sounded an alarm this week with respect to wholesale transfers of consumer data in the context of corporate mergers, acquisitions and bankruptcy transactions. The NYT's research demonstrates that regardless of the promises in a company’s privacy policy, when the company is up for sale all bets are off. The article looks at 100 of the most popular websites, finding that “of the 99 sites with English-language terms of service or privacy policies, 85 said they might transfe... Read More

IAPP Announces PLSC Winners

(Jun 30, 2015) This year’s Privacy Law Scholars Conference featured some of the leading thinking in the field, and the IAPP was proud to award $2,500 and a speaking role to the authors of the two papers voted as the best of the best. After a couple of years featuring co-written papers, this year we’ve awarded two single authors for work that, on the one hand, looks back at the history of the Social Security number and, on the other, offers a path toward a new and better form of consumer-protection regulation. Read More

FCC Rule-Making To Start This Fall

(Jun 29, 2015) The Federal Communications Commission (FCC) marks fall 2015 to hash out what jurisdiction over Internet privacy looks like specifically, The Hill reports. FCC Chairman Tom Wheeler specified that the FCC “would initially judge Internet providers, like AT&T or Comcast, on whether they are ‘taking reasonable, good-faith steps’ to comply with the general privacy provision, until tailored rules can be developed. Wheeler also indicated privacy was "integral to the growth of broadband” and to consu... Read More

Web Conference: Canada’s Mandatory Breach Notification and More

(Jun 26, 2015) The Digital Privacy Act, or Bill S-4, makes a number of important amendments to the Personal Information Protection and Electronic Documents Act, most of which are now in force. In this web conference, hear from Fasken Martineau DuMoulin Partner Alex Cameron, who has written on the changes to the law, and from Peggy Byrne, managing counsel and privacy for CIBC Legal Department, about the key changes and their potential impacts for all organizations handling personal information about Canadians. ... Read More

Saskatchewan Commissioner’s Annual Report Includes Concern About “Non-Responses”

(Jun 26, 2015) A report released Monday indicates Saskatchewan Privacy Commissioner Ron Kruzeniski’s 35 amendments for provincial privacy laws, including “mandatory reporting of privacy breaches, the duty to protect private information collected and including municipal police in the legislation,” have been met with 25-percent unresponsiveness from public bodies, The Star Phoenix reports. “Kruzeniski said the non-responses could involve a misunderstanding or confusion over changes in his office's procedures,” t... Read More

Dixon Says Ireland “Will Be the Lead" Regulator of U.S. Tech Firms

(Jun 25, 2015) The New York Times reports on comments by Irish Data Protection Commissioner Helen Dixon on the role her office will play in regulating U.S. technology companies. "Ireland will be the leading regulator when dealing with U.S. tech companies," she said. "We want to work actively with other regulators. But we will be the lead." Dixon's comments came on the same day the Office of the Data Protection Commissioner released its annual report detailing its activities in 2014, which included warnings to ... Read More

EPIC Files Complaint with FTC Over Uber’s Privacy Policy

(Jun 22, 2015) The Electronic Privacy Information Center (EPIC) has filed a complaint with the Federal Trade Commission (FTC) regarding Uber’s new privacy policy, which permits the company to use cell phones to track users even if they’re not currently employing Uber’s services. “The complaint asks the FTC to investigate Uber's business practices, stop the company from collecting user location data ‘when it is unnecessary for the provision of the service,’ halt Uber's collection of user contact list informatio... Read More