News
ICO 'concerned' over plans to collect communications data
The UK Information Commissioner's Office has expressed concern over the collection of communications data proposed in the government's Interception Modernisation Programme. Communications Service Providers ('CSPs') are currently required to retain data that can be examined by authorities for a period of 12 months (under the Data Retention (EC Directive) Regulations 2009). The UK government is currently consulting on plans to force communications companies to collect and process further information on internet activity. The ICO told Privacy & Data Protection that it is "concerned about the distinction being made between traffic data and content data" and that "there may be gaps in the current regulatory regime that not only have the potential to affect the rights of individuals and their avenues of recourse, but also the clarity of roles and responsibility of CSPs." The ICO has also said that it is pleased that the government has rejected the idea of storing all of the proposed additional data in a single database.
FTC commits to taking on targeted ads
The Chairman of the US Federal Trade Commission, Jon Leibowitz, has indicated his intention to rein in companies' targeted advertising practices. Targeted advertising, or behavioural advertising, whereby web browsing history is used to tailor advertising messages, is increasingly common practice. The move by the FTC could have wide-ranging implications for companies that depend on web-based advertising, including Google, Facebook, and Microsoft. Mr Leibowitz, FTC Commissioner since 2004, has always been outspoken about the need for stronger protections for consumer privacy online, as shown by his aggressive stance on spyware and data-security cases, and public positions he's taken on mobile privacy and online ads.
UBS data sharing - update
The US government and UBS have reached 'an agreement in principle' to settle the case that sought to force the Swiss banking giant to turn over names of wealthy American clients suspected of tax evasion. Swiss newspapers closely following the case say that UBS will not have to pay a fine as part of the settlement, and that the data relating to the 5,000 biggest accounts would be released to the US authorities. It is said that the agreement will not violate Swiss law (because the US has "promised to act on the basis of current agreements and to ask for legal assistance"), but that the parties still have important points to even out to ensure that that position is maintained. If a final agreement is not reached by 7th August, then a court trial (scheduled for 10th August) will go ahead. One possible outcome of that trial is the US Justice Department's attempted seizure of the bank's American assets.
Internet criminals find new way of exploiting security software
Hackers are exploiting the popularity of Tor (the onion routing system which anonymises Internet access) in order to access people's credit card details. The new threat is the latest "man in the middle" attack by hackers against Secure Sockets Layer certificates (software designed to protect online fraud). SSL is rarely encountered directly on the internet; users browsing sites through other software, such as a standard http connection, encounter SSL when they are presented with links that say 'login' or 'my shopping cart.' Peter Wood, Director of First Base Technologies, has this advice: "Users who fail to notice that 'https' has become 'http,' or that the SSL certificate is from the wrong organisation, will have their credentials stolen. Users can rely on SSL [directly] if they browse directly to their bank or shopping site and don't use anonymising software or unprotected wireless connections."
Further detail on these and other news items will appear in the next edition of Privacy & Data Protection. |
_________________________________
PDP Training Courses
PDP's professional and practical training courses enable delegates to understand the legal requirements in key areas of compliance.
All PDP training courses are accredited by the Law Society and take place in high quality central city hotel venues.
Training Staff in Data Protection
How does your organisation train its staff? Do you have responsibility for that training? Does your organisation include data protection on its induction programme? Do you select staff for different levels of training? Have you received training in how to train staff in data protection?
Attend this unique Training Session to learn how to go about training your staff in what they need to know.
This invaluable session takes place on the following dates:
London Monday, 7th September 2009
Belfast Monday, 26th October 2009
Manchester Monday, 11th January 2010
Edinburgh Tuesday, 20th April 2010
For further information or to make a booking please call +44 (0)845-226 5723 or visit the website.
Records Management I and II
Good records management practice is essential to an effective data protection compliance regime.
Two training courses led by records management expert Philip Jones offer delegates the opportunity to learn everything needed to put in place an effective and compliant RM system.
Philip Jones has been involved with record and document standards for over ten years and is a co-editor of ISO 15489 International Records Management Standard. Philip is Chairman of the International Records Management Society and is an accomplished and professional RM trainer.
Records Management I
Manchester Tuesday, 22nd September 2009
London Monday, 5th October 2009
Edinburgh Monday, 18th January 2010
Records Management II
Manchester Wednesday, 23rd September 2009
London Tuesday, 6th October 2009
Edinburgh Tuesday, 19th January 2010
To book either of these courses, please telephone our training booking line on +44 (0)845-226 5723, or for further information visit the website.
Data Security
This session informs delegates of what they need to know to help prevent an investigation by the Commissioner, as well as the adverse publicity that may arise from a data breach.
 Training Course leader:
Phil Tompkins is a director at Dickinson Dees LLP, and advises private and public sector clients on data security and all aspects of data protection law.
This session is taking place on the following date:
London Thursday, 8th October 2009
To view more information about the course, or to make a booking please call +44 (0)845-226 5723 or visit the website.
| |
|
|
Cindy Frances
Tel: +44 (0)845-226 5723
Privacy & Data Protection / PDP
| |
|
|
|
8th Annual Data Protection Compliance Conference
8th & 9th October 2009
Central London, UK
Speaker highlight
How to deal with enforcement actions
Margaret Tofalides
Partner, Manches
Conference topic:
The Information Commissioner has new powers, and enforcement actions are on the rise. In this presentation, Margaret Tofalides gives practical advice on dealing with the ICO when your organisation is the subject of an investigation.
Biography:
Margaret Tofalides is a Partner with Manches in the Technology and Intellectual Property team. She is a nationally recognised expert in data protection and privacy law, advising leading companies in the information services, retail and financial sectors. She works closely with the Information Commissioner's Office and industry groups, advising several industry bodies and leading players in the offline and online electronic environment.
Conference programme
The Information Commissioner's Office: new powers, new funding and a new Commissioner
Christopher Graham - Information Commissioner
How to deal with enforcement actions
Margaret Tofalides - Partner, Manches
Privacy by design: building privacy into the project lifecycle
Andrew Dyson - Partner, DLA Piper
Data protection issues in employment during corporate reorganisation
Cindy Paul - Data Protection Manager, Deloitte LLP
Database issues: keeping personal data safe
Richard Hollis - Chief Executive Officer, Orthus
Managing data protection throughout the organisation
David Pickersgill - EMA Director of Commercial Compliance, Johnson & Johnson Vision Care
Cloud computing and data protection compliance
Hazel Grant - Partner, Bird & Bird
E-discovery: conflicts between EU Member States and the US in litigation
Renzo Marchini - Counsel, Dechert
Pan-European issues when creating a multi-national data protection compliance programme
Monika Kuschewsky - Partner, Van Bael & Bellis
Day 2:
Workshops + networking lunch. The topics for the Workshops are:
A: Data security and data breaches: being prepared
Dan Cooper - Special Counsel, Covington & Burling
B: E-marketing and behavioural targeting: the latest thinking
Eduardo Ustaran - Partner, Field Fisher Waterhouse
C: Using data protection policies to your advantage
Hazel Grant - Partner, Bird & Bird
D: Identifying personal data
Quentin Archer - Partner, Lovells
E: Data protection issues in the workplace
Ann Bevitt - Partner, Morrison & Foerster
Karin Retzer - Of Counsel, Morrison & Foerster
F: How to manage an international compliance programme
Rosemary Jay - Partner, Pinsent Masons
For further information and to book your place, visit website. |
|
|
Privacy & Data
Protection journal
| |
|
