2 2 February 2005

News:

A flurry of information as well as accusations of foul play have surrounded the coming into force of The Freedom of Information Act on January 1. The headline news has surrounded revelations such as the Treasury’s secret archive tracing the UK’s withdrawal from the European Exchange Rate Mechanism on Black Wednesday, September 16 1992, at an apparent cost of £3.2billion.

The EU Article 29 Data Protection Working Party has been criticised for ‘adding weight to the foolish scaremongering going around’ with its report on Redio Frequency Identification (RFID) technology.

‘Anti-spam’ enforcement authorities in 13 European countries have agreed to share information and pursue complaints across borders in a pan-European drive to combat “spam” electronic mail. They will cooperate in investigating complaints about cross-border spam from anywhere within the EU, so as to make it easier to identify and prosecute spammers anywhere in Europe.

Features:

As was the case with the Internet in its early days as a means of communication, most of what you read about RFID these days is negative. In fact, not a single day goes by without a new horror story about the dangers of RFID emerging - from thieves scanning for car owners’ RFID-enabled keys while standing next to them in the lift, to dodgy officials reading passports from many feet away. In short, RFID is being portrayed as the biggest threat to our privacy and data protection rights since the invention of credit checks. As most of this stuff makes entertaining reading, these 1984-type horror stories get a fair amount of coverage in the media and as a result, now politicians are getting involved.

The Article 29 Working Party has publicly criticised long periods of data retention for communications data. Victoria Hordern, a solicitor with Field Fisher Waterhouse, explores the privacy implications of allowing law enforcement agencies to access data in order to combat crime and terrorism.

Although the legal regimes in the member states of the EU are based on the same Privacy in Electronic Communications Directive1, there are divergences between the legal provisions. Hester de Vries and Nicole Wolters Ruckert form Dutch law firm Kennedy Van der Laan look at the regulating of e-marketing in Holland.

Advising an international, data-rich organisation such as AstraZeneca on the requirements of data protection law is one of the most challenging aspects of my role as AstraZeneca’s lead IS/IT lawyer, writes Lucy Inger. Data protection is a minefield at the best of times, but when you are faced with applying data protection law and principles internationally, then the fun really starts. This article looks at some of the data protection issues which international organisations may face. It is not a definitive guide by any means, but rather a quick tour of one lawyer’s experiences in this area. The tour covers a few of the areas where data protection compliance can be most challenging and suggests some ways in which those challenges can be addressed.

Privacy certification is an essential way to validate your knowledge base as well as demonstrate your value to your organization and the marketplace as a whole. Peter Kosmala, Assistant Director for the International Association of Privacy Professionals (IAPP) explains the development and role of the Certified Information Privacy Professional (CIPP) program.

The EU Commission Report on the Status of Safe Harbor in the US, published in October 2004, generated concern in the data protection profession. David Naylor, a partner, and Reinhard Schu, an associate, with Morrison & Foerster in London, provide an overview of the Safe Harbor Principles and then examine the findings in the Commission Report.