The UK Data Protection Authority issues a Code of practice on anonymization

In November 2012, the UK Information Commissioner’s Office (ICO) published a Code of Practice on managing data protection risks related to anonymization. This Code provides a framework for organisations considering using anonymization and explains what it expects from organisations using such processors.

One of the benefits of anonymization is that the onerous data protection obligations under EU data protection laws, including the UK’s Data Protection Act 1998, will not apply to data rendered anonymous such that individuals are no longer identifiable.

(more…)

, , , ,

Business Concern over Amendments to Proposed EU Data Protection Regulation

The European Parliament’s Civil Liberties Committee has published its draft report on the proposed EU Data Protection Regulation that is causing concern for many corporations. http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/pr/922/922387/922387en.pdf.

The report sets out amendments to the draft EU data protection regulation published by the European Commission last January (the “Regulation”)
http://ec.europa.eu/justice/data-protection/document/review2012/com_2012_11_en.pdf.

Despite being one of the most lobbied pieces of European legislation, many will be disappointed that as amended the draft Regulation still imposes very significant burdens on businesses that are in the EU, or which are outside the EU but offer goods or services to EU customers, with fines of up to 2% of annual worldwide turnover.

(more…)

, , , , , , , , , ,

European Shift to Concrete Cost Analysis of Data Protection

BNA’s Privacy & Security Law Report

Following meetings held Feb. 24-25, the Council of the European Union released its ‘‘Conclusions’’ in response to the EU Commission’s Nov. 4, 2010 ‘‘Communication’’ proposing ‘‘a comprehensive approach on personal data protection in the European Union.’’ The Council is the main decision-making body of the European Union, comprising the ministers of the Member States. Depending on the issue on the agenda, each country is represented by the minister responsible for that subject (foreign affairs, finance, social affairs, transport, agriculture, etc.).

View Article

, ,

Stringent Canadian Privacy Law to Take Effect January 1, 2004

United States companies that conduct business in Canada, as well as most other organizations that collect, use or disclose personal information in the course of a commercial activity within Canada, may be subject to a new law providing expansive privacy protections for Canadian citizens. Effective January 1, 2004, such companies will have to comply with Canada’s Personal Information Protection and Electronic Documents Act. The Canadian Privacy Law deserves particular attention because it entails more extensive privacy requirements than are generally applicable under United States law.

View Alert

, ,

The UK’s Data Protection Act of 1998

On 23 September 1980, the Organisation for Economic Cooperation and Development (“OECD”) adopted a set of guidelines concerning data protection and transborder dataflows. Following on from those guidelines, the EU enacted the Convention for the Protection of Individuals With Regard to Automatic Processing of Personal Data (the “Convention”) in 1981. The UK, in response to the OECD guidelines and the Convention, introduced The Data Protection Act 1984 (the “1984 Act”) which concentrated mainly on Personal Data which were stored and processed ‘automatically’ (i.e. computerised Personal Data). (more…)

, ,

EU Data Protection Directive

On 23 September 1980, the Organisation for Economic Co-Operation and Development adopted a set of guidelines concerning data protection and transborder data flows. Following on from those guidelines, the EU enacted the Convention for the Protection of Individuals With Regard to Automatic Processing of Personal Data (the “Convention”) in 1981. Within the EU, Member States had divergent laws on data protection and the EU took the view that it would be better to harmonise the laws of all Member States so that people could look to one standard when conducting Processing activity within the EU. At least, that was one of the aspirations. In 1995, after years of discussion the European Data Protection Directive 95/46 EC (the “Directive”) was eventually adopted.

(more…)

, ,

The Data Protection Act of 1998

The Data Protection Act 1998 (the “DPA”), which implements the European Data Protection Directive 95/46 EC (the “Directive”), came into force on 1 March 2000. The DPA allowed for two periods of transition, the first of which ended on 24 October 2001. The second transitional period ends on 23 October 2007, but only applies in limited circumstances to eligible manual data held immediately before 24 October 1998. Most businesses which are Processing data in the UK will now need to comply with the provisions of the DPA.   (more…)

, ,

Privacy Policies

Most organisations that conduct their business online will collect data relating to individuals at some stage during their operations, whether in relation to customers, target clients, or even their own employees. Personal data can be collected on websites by a variety of means: registration pages, requests for details when goods or services are ordered, competitions and surveys, or by the use of various tracking devices such as cookies. Whenever personal data is collected, the organisation responsible for the use of such data (known as the ‘data controller’) will need to comply with various legal requirements, and may be advised to follow certain good practice guidelines, all of which are designed to protect the privacy of the individual whose data is being collected.

(more…)

, , , ,

EU and UK Regulation of Privacy Policies

Most organisations that conduct their business online will collect data relating to individuals at some stage during their operations, whether in relation to customers, target clients, or even their own employees. Personal data can be collected on websites by a variety of means: registration pages, requests for details when goods or services are ordered, competitions and surveys, or by the use of various tracking devices such as cookies. Whenever personal data is collected, the organisation responsible for the use of such data (known as the ‘data controller’) will need to comply with various legal requirements, and may be advised to follow certain good practice guidelines, all of which are designed to protect the privacy of the individual whose data is being collected.  (more…)

, , ,