2 5 May 2005

News:

Online merchants will have to comply with the New Payment Card Industry (PCI) Data Security Standard or risk fines of up to $500,000. The deadline for compliance with the Standard, which is designed to protect credit card information held online, is June 30 2005.

The Article 29 Working Party has given added impetus to the use of Binding Corporate Rules (BCRs) as a workable compliance solution for data transfer from the European Union.

New York Attorney General Eliot Spitzer sued on April 25, what the Attorney General’s Office described, as ‘one of the nation’s leading internet marketing companies’, alleging that the firm was the source of “spyware” and “adware” that has been secretly installed on millions of home computers.

Features:

It must have been in 1990 or thereabouts when someone first came up with the idea of placing a ban on unsafe transfers of personal data in what was going to become the 1995 data protection directive. The rest is now history - well, for most of us, living history. The reason for that ban was pretty straightforward and well intentioned: let’s not screw up the great regime we are establishing to protect people’s data within Europe by allowing that data to be smuggled out of the EU and misused in foreign jurisdictions. A bit protectionist from a policy point of view if you want, but sensible if you bear in mind what the 1995 directive was about. Something that was probably difficult to predict at the time was the practical impact that such a ban was going to have on many European businesses.

The Article 29 Working Party has given added impetus to the use of Binding Corporate Rules (BCRs) as a workable compliance solution for data transfers from the European Union. Christopher Millard, Partner and head of Linklaters’ global information technology & communications practice and Peter Church, professional support lawyer, examine the prospects for BCRs

The proposed NHS database system, designed to herald a new era in patient care, has also raised concerns over patient privacy. Nadia Sirc of Harper MacLeod, considers its impact under the Data Protection Act.

Concerns over data protection in business has led to Japan passing its first piece of legislation governing the use of personal data. Bridget Treacy, partner, and Marisa Baker, associate, both of Barlow, Lyde & Gilbert consider its implications and compliance issues for UK businesses.

The community of privacy and data protection regulators is beginning to recognise the importance of developing common measures of their performance and publishing measurements against those measures. Some of the issues were discussed last year at the 26 International Conference on Privacy and Personal Data Protection, in a session titled “Economic Approach to Privacy Protection - Balancing Costs and Profits”. Malcolm Crompton, Managing Director of Information Integrity Solutions PTY Ltd, and former Privacy Commissioner of Australia considers the issues involved.

Canada has one of the strictest data protection regimes in the world, outside of Europe. In this article, Danielle M. Hough and Anita M. Huntley, both of Fasken Martineau LLP, analyse Canada’s data protection policies.