4 3 March 2007

News:

Thieves hacked into computers and stole account information from more than 45.7 million customers of The TJX Companies, Inc., in a data security breach which APACS, the UK Payments Association, believes to be the biggest ever in terms of people affected.

Phil Jones, Assistant Commissioner at the UK's Information Commissioner's Office (ICO), will explain the ICO's approach to developments in data protection and privacy at Data Protection Law & Policy's third Data Protection Intensive.

UK Information Commissioner, Richard Thomas, called for greater global consensus on privacy at the International Association of Privacy Professionals Summit, 7-9 March, Washington.

Features:

Are you a leader who understands the technical, legal and operational aspects of gathering, handling and securing personal data, and who can establish and maintain a comprehensive strategic vision for handling all personal data of employees, customers and suppliers of an organization in a manner that is legal, secure and ethical, from the point of acquisition through to the point of disposition, thereby gaining public trust in the organization's role as custodian of such data?

At a time when member states are seeking to centralise electronic health record systems, the Article 29 Working Party recently issued a Working Document addressing the key issues to be considered by states when processing electronic health records. Karin Retzer, Of Counsel, at the Brussels office of Morrison & Foerster LLP examines the Document.

Recent high-profile US-state security breaches have ensured state legislators continue to formulate laws to address the problem. A Massachusetts proposal would, if introduced, have the most far-reaching security breach regulatory impact to date, requiring commercial entities to reimburse banks, on behalf of affected consumers, for costs incurred in connection with a breach. Agnes Bundy Scanlan, Laurie Burlingame and Jacqueline Klosek, of Goodwin Procter LLP, examine the proposal.

The recent Transcom case, where for the first time a UK court awarded damages against a company for the sending of junk email, highlights the inadequacies of current UK penalties in curbing the sending of spam. Valerie Surgenor, an associate at MacRoberts, examines the case and the lessons to be learned in curbing this global problem.

The Spanish Data Protection Authority (AEPD) recently issued guidance for organisations on their data protection obligations when using CCTV or video camera systems. Rafael Garcia del Poyo, Abogado at the Madrid office of Garrigues Abogados, examines the guidance.

In 2002, an agreement between the Danish government and local authorities established the Danish 'Public Information Server', a government sponsored web portal offering citizens, public and private sector organisations access to details of properties and buildings in Denmark. Ulrik Røhl, head of section at the National Agency for Enterprise and Construction, which administers the database, explains the background to the service and how its regulation addresses the data protection challenges.