Privacy & Information Security Law Blog

On April 19, 2010, the Privacy Commissioner of Canada, Jennifer Stoddart, and the heads of nine other international data protection authorities took part in an unprecedented collaboration by issuing a strongly worded letter of reproach to Google’s Chief Executive Officer, Eric Schmidt.  The joint letter, which was also signed by data protection officials from France, Germany, Ireland, Israel, Italy, the Netherlands, New Zealand, Spain and the United Kingdom, highlighted growing international concern that “the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications.”

On April 8, 2010, the Digital Economy Act (the “Act”), containing provisions relating to online copyright infringement, network infrastructure and digital safety, became law in the UK.  The Act’s main provisions include:

• new duties for the Office of Communications (the UK’s communications regulator), to report every three years on issues such as the UK’s communications infrastructure and Internet domain name registration;
• additional obligations on Internet Service Providers (“ISPs”) that seek to reduce online copyright infringement;
• increased penalties for online copyright infringement; and
• intervention powers with respect to Internet domain registries.

The Department of Commerce (“DOC”) will be holding a public meeting on May 7, 2010, in Washington, D.C., to listen to stakeholders’ views on privacy policies in the United States.  This session is part of a broader inquiry by the DOC’s newly created Internet Policy Task Force “whose mission is to identify leading public policy and operational challenges in the Internet environment.”  The DOC’s National Telecommunications and Information Administration and the International Trade Administration will issue a notice of inquiry to look at the nexus between innovation ...

Join us next week at the International Association of Privacy Professionals (“IAPP”) Global Privacy Summit in Washington, D.C., April 19 – 21, 2010.  This year’s summit features three days of intensive programs and networking with more 1,500 privacy professionals.  We also hope you will visit our privacy professionals who are speaking on the following panels:

Following up on our previous post on the sentencing of three Google executives by an Italian court, the New York Times reports that an 111-page explanation of the verdict has been released.  Judge Oscar Magi found that Google had an obligation to make users more aware of its EU privacy policies, and cited Google’s active marketing of its Google Video site as indicative of the company’s profit motive for not removing the video sooner.

According to Mr. M. Jorge Yanez V., a partner at the law firm of Barrera, Siqueiros y Torres Landa, S.C. in Mexico City, on April 13, 2010, the Mexican Chamber of Deputies passed a bill that, when ratified by the Senate, will become the country’s new Federal Law of Protection of Personal Information.  The Senate is expected to pass the bill shortly and without revisions.  When the bill is enacted into law, Mexico’s Federal Institute of Access to Information, the agency that currently oversees the disclosure of and access to government information, will be renamed the Federal ...

On April 12, 2010, the Financial Industry Regulatory Authority (“FINRA”) announced that it had fined D.A. Davidson & Co. $375,000 for failing to protect its customers’ confidential information.  In late 2007, the firm’s system was compromised when hackers employed a SQL injection attack to download the confidential customer information of approximately 192,000 individuals.  The security breach came to light when one of the persons responsible for the intrusion attempted to blackmail D.A. Davidson via email on January 16, 2008.  The firm responded quickly by notifying ...

The Madrid Resolution on global standards provided new momentum behind the concept of one world, one standard for privacy in international commerce.  New Zealand Privacy Commissioner Marie Shroff is one of the thoughtful officials who has joined in the call for a global framework.  Commissioner Shroff discussed her views on global standards in an interview with Marty Abrams during the Centre for Information Policy Leadership’s First Friday Call on April 9, 2010.

In the wake of recent amendments to the German Federal Data Protection Act, the German Federal Ministry of the Interior (the Bundesinnenministerium des Innern) is working on a draft law on special rules for employee data protection.  The draft law is intended to provide clarification on some issues that were not addressed fully in the amendments that entered into force on September 1, 2009.  The Ministry’s overarching considerations are set forth in a key issues paper that was published April 1, 2010.

On April 7, 2010, Mississippi became the 46th state to enact a data security breach notification law.  The law, which will take effect July 1, 2011, applies to the unauthorized acquisition of unencrypted electronic files, media, databases or computerized data containing personal information of any Mississippi resident.  The law contains a harm threshold specifying that notification is not required if it can be reasonably determined that the breach will not likely result in harm to affected individuals.  The enactment of this law leaves Alabama, Kentucky, New Mexico and South Dakota ...