This site would like to set some non-essential temporary cookies. Some cookies we use are essential to make our site work.
Others such as Google Analytics help us to improve the site or provide additional but non-essential features to you.
No behavioural or tracking cookies are used.
To change your consent settings, read about the cookies we set and your privacy, please see our Privacy Policy

Data Protection Leader

Volume: 6 Issue: 9
(September 2009)


The Federal Trade Commission (FTC) issued its first public enforcement action, on 7 August, against a US company for making deceptive claims about its participation in the US/EU Safe Harbor certification program. The company, Balls of Kryptonite, reportedly copied's privacy policy and posted it on its own website, according to the FTC. The privacy policy included provisions that listed Amazon's Luxembourg address as the company's corporate headquarters, and assured customers that it safeguarded their personal information under the program. / read more

The South African Cabinet passed the 'Protection of Personal Information Bill, 2009' on 2 August. The Bill will now make its way to the South African National Assembly to be voted upon. / read more

Disclosure of personal data must be made on a balance of interests between parties to avoid the international transfer of irrelevant data for litigation and discovery procedures, according to the French Data Protection Authority's (CNIL) guidelines published on 18 August. / read more


Delegating is great - it frees up time whilst things get done by someone capable. The only drawback is that if the delegated task is not properly performed, the buck goes back to whoever delegated that task. Complex data processing outsourcing arrangements face exactly the same challenge if anyone down the chain of processors gets it wrong and the data is lost or misused. That is a tricky risk to calculate so in many cases customers and suppliers opt for closing their eyes and hoping for the best. Hardly a sensible way to operate. Is there a realistic way of managing that risk? How can companies simplify their global data handling arrangements without weakening the level of protection afforded to that information? / read more

An increasing number of data breaches have been notified to individual Member States recently, which has led to extensive debate as to whether the EU should adopt a breach notification law. With a particular focus on the UK, France and Germany, Bridget Treacy, a Partner at Hunton & Williams, examines how individual Member States are devising local solutions to the data breach issue and how the recent debate surrounding the e-Privacy Directive contributed to the data breach debate. / read more

The Information Commissioner's Office recently published an updated handbook for Privacy Impact Assessments (PIAs) - which are designed to help organisations address the risks to personal privacy before implementing new initiatives and technologies. Dominic Hodgkinson, a Solicitor correspondent, uses Phorm as a case study to examine PIAs. / read more

The England and Wales High Court rejects an argument that a blogger's identity should remain private under Article 8 of the European Convention for the Protection of Human Rights, stating that 'blogging is essentially a public rather than private activity'. Brian Davidson, Privacy and Information Practice Coordinator at Field Fisher Waterhouse LLP, examines the findings of the court and the implications of its decision. / read more

A US district court recently dismissed state law claims - under the preemption provision of the Fair Credit Reporting Act - resulting from JP Morgan Chase's loss of its customers' credit card information. Jamillia Ferris, an Associate at Covington & Burling LLP, discusses the case and examines the implications that the court's ruling could have on plaintiffs already facing difficulties obtaining damages for data loss. / read more

California has implemented new rules designed to provide guidance on the collection, preservation and production of electronic documents, which must be produced by both parties to a lawsuit on pain of sanctions. Melinda F. Levitt and Leeann Habte, of Foley & Lardner LLP, examine the impact that the rules will have in both the US and abroad, as case law suggests that EU data protection legislation does not necessarily protect European companies from requests for electronic documents. / read more

About Data Protection Leader:

The monthly law publication which covers all aspects of data protection and data privacy. Topics covered include data transfers and outsourcing, data localisation and retention, the EU General Data Protection Regulation (GDPR), the e-Privacy Directive, data security, marketing and behavioural advertising, consent, employee monitoring, privacy compliance, risk management, DPO responsibilities, accountability, Privacy by Design, acquisition and mergers, the Internet of Things, cloud computing and Big Data / read more

Search Publication Archives

Our publication archives contain all of our articles, dating back to 2004.
Canít find what you are looking for?
Try an Advanced Search

Log in to data protection leader
Subscribe to data protection leader
Register for a Free Trial to data protection leader
data protection leader Pricing

Social Media

Follow data protection leader on TwitterView data protection leader LinkedIn Profiledata protection leader RSS Feed