3 6 June 2006

News:

The European Court of Justice's decision to annul an agreement permitting the transfer of airline passenger data from the EU to the US and the row over the transfer of financial data from Belgium to US security agencies illustrate the importance of the `third pillar' in EU data transfers.

Francis Aldhouse, former UK Deputy IC and now a consultant with global law firm Bird & Bird, is to chair the full-day Autumn Data Protection Intensive organised by Data Protection Law & Policy in London in September.

Forty-four percent of the UK's `senior IT decision makers' are using live customer data to test applications in breach of the Data Protection Act, according to a survey of 100 IT directors for Compuware.

Features:

The constant conflict between data retention and data deletion obligations is something that all data protection managers have learnt to live with. Whilst the generic requirement to destroy obsolete data is always testing the managerial skills of those responsible for data protection compliance, the myriad of requirements to store and retain specific bits of information for all sorts of legal and operational reasons is what really complicates things. The result of this difficult balance is a pervasive item on the `To Do' list of most data protection professionals ­ the data retention policy.

The UK Information Commissioner recently published a report to Parliament, exposing the extent of unlawful trading of personal data in the UK. Helen Padley, a lawyer at Denton Wilde Sapte, examines the report's findings and the Commissioner's plans to implement criminal sanctions for these activities.

The Information Commissioner has said that the term `direct marketing' by telephone applies equally to political parties as it does to companies offering goods for sale to customers. Bridget Treacy, a partner at Barlow Lyde & Gilbert, examines a recent Information Tribunal decision on a breach of the UK Privacy Regulations by the SNP.

Employers often have to process data relating to the health of their employees and should be aware that in all cases, they need to comply with various legal obligations at UK and European level. Paula Williamson of the Information Law Practice considers the issues involved.

The online gaming industry faces a wide range of threats due to the potential value that access to the data involved can provide. John Lyons, group security advisor of the UC Group, highlights how these threats could apply to any online database, and offers advice on what companies can do to counter them.

A recent Court of Appeal decision involving a database held on a card index provides important guidance on valuing confidential information. Anthony Riem and Vasco de Oliveira, of Philippsohn Crawfords Berwald, examines the Court's findings.

The European Court of Justice decision of 30 May 2006 has promoted discussion of the balance between public security and privacy protection. Catherine Erkelens, a partner at Bird & Bird, Brussels, explains how the judgment affects the transfer of PNR data between the US and countries within the EU.