Google bosses
convicted of privacy
violations
An Italian court has convicted three
Google executives of privacy violations over its
broadcast of an autistic teenager being bullied. The
three employees, Peter Fleischer, David Drummond and
George De Los Reyes, have received suspended six month
sentences, while a fourth defendant, product manager,
Arvind Desikan, was acquitted. The UK's former
Information Commissioner, Richard Thomas, said the case
gave privacy laws a "bad name". Google says it has no
plans to pull out of Italy, and that it will vigorously
appeal the case. Rob Corbet, Partner at Arthur Cox, said
that the case should not be a reason for complacency
amongst potential applicants: "data protection
legislation can usefully form part of a broader legal
case, but it can be dangerous to rely on them
exclusively when seeking legal
redress".
Mortgage
company discloses over 15,000 account
details
The UK
Information Commissioner's Office has found Redstone
Mortgages Ltd in breach of the Data Protection Act after
personal data on over 15,000 mortgage accounts were
emailed to a member of public in error. The information
was neither encrypted nor password protected. As part of
the company's Undertaking
with the ICO, it agreed to immediately ensure that all
reports containing personal data are protected by a
password consisting of at least eight characters. The
company also agreed to ensure that emails are either
given the same degree of protection as reports, or else
are suitably redacted, and that all contracts between
the company and any data processor acting on its behalf
are adequately protected.
Privacy Committee calls
for reform, but no law change
The Culture
Media and Sport Committee has released a report on press
standards, making various recommendations but
ultimately concluding that a new privacy law is not
necessary. According to the report, the Committee "does
not consider that it would be right, at this time, to
legislate on privacy". The Committee has recommended the
introduction of a requirement that journalists notify
the subject of their articles prior to publication. The
requirement would not be mandatory, but rather an
aggravating factor in assessing damages. See the article
in the next edition of Privacy &
Data Protection, Volume 10, Issue 4, for an update
on privacy law, including discussion of the recent Terry
case.
New Opinion on
'controller' and
'processor'
The Article 29 Working
Party has adopted a new Opinion on the
concepts of 'controller' and 'processor'. In the
Opinion, the Working Party acknowledges that data
protection obligations on entities either arise clearly
from the law, or from established circumstances in which
the capacity of the parties is clear. However, it said
that outside of these examples, the assessment must be
based on the facts. Bridget Treacy, Partner at Hunton
& Williams, said "it is precisely in this third area
that commercial enterprises increasingly struggle to
determine the relevant capacities of the parties. It is
clear that the controller versus processor dilemma is
here to stay."
Google Street View may breach EU
Law
The
Article 29 Working Party has written to Google urging it
to cut the period that it retains images from twelve to
six months, saying the current retention period was
"disproportionate." Peter Fleischer, Google Executive,
said the retention was justified "to ensure the quality
and accuracy of our maps, to improve our ability to
rectify mistakes in blurring, as well as to use the data
we have collected to build better maps products for our
users." Google said it is working with Article 29 to
explain why it needs to keep unblurred images for a
year. An outcome of the discussions is
awaited.
|
3rd Annual Data Protection in the Public Sector
Conference
The conference will take place in Central
London on 16th & 17th June, 2010.
Keynote speaker is
Jonathan Bamford, Head of Strategic
Liaison at the ICO.
This 2-day Data
Protection Conference is specifically designed to cover
the latest data protection issues, with a spotlight on
the needs of the Information Professionals in the Public
Sector. Delegates will hear from a variety of data
protection experts as well as attend Workshops that
focus on the issues most important to their
organisation. For further information and to book your
place, visit the Conference website
|
PDP's professional and
practical Training Courses enable delegates to
understand the legal requirements in key areas of
compliance.
All PDP Training Courses are accredited
by the Law Society and take place in high quality
central city hotel
venues.
Data Sharing in the Public
Sector
The UK government sees data sharing as an
important tool to improve and personalise public
services, fight crime, and tackle benefit fraud.
But public bodies face regular dilemmas over
whether to share data, to what extent, with whom, in
what circumstances, and subject to what safeguards.
Training Session Leader:
Damien Welfare is a barrister
at 2-3 Gray's Inn Square . He came to the Bar in 2001
after a career in Local Government. He specialises
in Freedom of Information, Data Protection and the
Environmental Information Regulations.
This
session clarifies the law and gives practical advice on
the Commissioner's guidance.
This Training
Session takes place on the following
date:
London Monday, 8th March
2010
Manchester Wednesday, 23rd
June 2010
For further details, please
telephone the training booking line: +44 (0)845-226 5723
or visit the website
Training Staff in Data
Protection
How does
your organisation train its staff? Do you have
responsibility for that training? Does your
organisation include data protection on its induction
programme? Do you select staff for different
levels of training? Have you received training in
how to train staff in data protection?
Attend this unique Training Session to
learn how to go about training your staff in what they
need to know so that the organisation does not breach
data protection law. This invaluable session takes place
on the following dates:
London Monday,
8th March 2010
Edinburgh Tuesday,
20th April 2010
London Monday,
14th June 2010
For further information or
to make a booking please call +44 (0)845-226 5723 or
visit the website
Data Protection in Financial
Services
Banks, insurance companies, brokers and other
financial institutions face a unique set of business,
risk-management and regulatory requirements alongside
(and sometimes in tension with) data protection rules.
They also frequently operate as cross jurisdictional and
multi-functional businesses, which poses enormous data
protection challenges. The Training Course,
led by Director of Data Privacy at global law firm
Clifford Chance, Richard Jones, addresses all the main
practical questions affecting a financial services
business. The next date for this course
is: London Tuesday, 9th March
2010 Edinburgh Monday, 7th June
2010 For further details, please telephone
the training booking line: +44 (0)845-226 5723 or visit
the website
|
Regards,
Rezzan Huseyin
PDP
Tel: +44 (0) 845 226
5723
| |
| |
|
PDP Training - New
Catalogue
The 2010 training catalogue
is now available for download.
PDP Training is the UK's leading
provider of practical compliance training courses.
Privacy & Data
Privacy
& Data Protection journal is an invaluable
source of news, practical articles and expert guidance
for all those working in the fields of data protection,
privacy and information
security.
The Editorial Board
comprises the world's leading experts in fields of
data protection and privacy.
The latest version
of Privacy & Data Protection, (Volume 10,
Issue 3), features the following articles:
Fines for data
protection breaches - the new
regime, by Richard Jones, Clifford
Chance LLP
Data protection:
back to basics - Part 3, by Peter Carey, Data
Protection Consultant
Use of violent
warning markers... under attack?, by Mark Watts,
Bristows
New EU cookie
rule - a practical way forward, by Eduardo Ustaran,
Field Fisher Waterhouse
Under the spotlight: police retention
of conviction data, by
Bridget Treacy and Anthea Terlegas, Hunton &
Williams
Data security Part 2 - ten
ways to promote data security best practices, by
Richard Hollis,
Orthus
Recent articles &
headlines:
Mortgage company signs
Undertaking
Working Party issues 'Future of
Privacy' roadmap
Giant database goes live
Secure the pearly gates, not the
cloud - Alf Pilgrim, Clearswift
ICO's new Code on Privacy Notices
- Nick Graham and Simon Elliot, Denton Wilde Sapte
RAND - a report worth reading to the
end! - Bridget Treacy, Hunton & Williams
A new Information Commissioner ... but
still no fines - Grant Campbell, Brodies
Data protection law in Russia -
Dan Guildford and Ekaterina
Bekker, Dewey & LeBoeuf
| | |
