I find a certain irony in the current ubiquity of privacy-related topics when the concept was once defined (and not by current European thinking, but more than 120 years ago), as the “right to be let alone,” in “The Right to Privacy,” by Warren and Brandeis, 4 Harvard L.R. 193 (Dec. 15, 1890). Nonetheless, I could not wait to attend the IAPP Global Privacy Summit in Washington, D.C., for the first time this year.
The days were filled with snow chaos, certification training and CIPP testing (on Friday afternoon at 2pm-5pm!), an exciting reception and other great networking opportunities — including a group of about 15 brave individuals meeting up at 6:30am on Friday morning to go for a run. In between all these activities were plenty of good programs to attend, and there can be no doubt that privacy in M&A transactions, cloud computing, HIPAA and international data transfers, to name just a few, will all feature prominently in the privacy discussions of 2013. But my personal Top Three privacy trends are:
1. BYOD Is Here to Stay
It is no longer a question of whether companies will permit their employees to use their personal devices for work purposes, the remaining issue is how to implement a BYOD (bring your own device) policy to strike the right balance between convenience for the employees and data security for the company. Employee education, beta testing, accurate recording of work time for non-exempt employees, company access to employees’ personal information …
Continue Reading →
On Jan. 25, 2012, the European Commission first published a proposed draft General Data Protection Regulation (the “Proposed Regulation”). Almost one year later, the Civil Liberties, Justice and Home Affairs (LIBE) Committee (the European Parliament’s lead committee considering the Proposed Regulation) issued suggested amendments to the original proposal (the "Draft Report") and reignited discussion and controversy both within the European Union and on a global scale.
What is the difference between the Proposed Regulation and the Draft Report and how are both related to each other? In what is called the "ordinary legislative procedure," the Commission, one of the three legislative bodies of the Union and surely its most influential institution, publishes a first draft (i.e., the Proposed Regulation). This proposal is open to input and review (i.e., the Draft Report) by various Parliamentary committees and will — after two readings — be voted on by both the Parliament and the Council, the Union’s other legislative bodies. If the two readings are insufficient for the Parliament and the Council to come to an agreement, a conciliatory process will be conducted and result in a third reading. Ultimately, both Parliament and Council must agree before the text is signed into law and published. Other than a directive, which requires transposition by the individual member states, a regulation will be effective as of the date it comes into force.…
Continue Reading →
If you are sending emails or other electronic communications to Canadian residents, you need to be aware that Canada is moving closer to finalizing the last set of highly anticipated regulations implementing Canada’s Anti-spam Legislation (CASL) . On Jan. 5, 2013, Industry Canada published regulations for a 30-day comment period, closing Feb. 4, 2013.
CASL is similar in concept to the U.S. CAN-SPAM law, but it is considered one of the strictest pieces of anti-spam legislation in the world. The Canadian Parliament passed the anti-spam legislation in December 2010, but the law and all accompanying regulations will not take effect until specified by an order of the federal cabinet (anticipated to occur later in 2013). CASL regulates the sending of commercial electronic messages (CEM), defined to include text, sound, voice and image messages, sent to an electronic mail account, an instant messaging account, a telephone account or any similar account. CASL also governs the installation of computer programs on another’s computer system (such as cookies). CASL applies to Canadian and non-Canadian companies or persons who transmit to Canadians. The law (i) prohibits sending CEM unless the person to whom the message is sent has consented to receiving it (unless it is an exempt communication), with consent being either express or implied under the law, and (ii) requires specific form and content for the message (the latter being similar to the U.S. CAN-SPAM law).…
Continue Reading →