7 8 August 2010

News:

The Data Protection Authority (DPA) of Schleswig-Holstein called for the EU/US Safe Harbor Framework to be terminated immediately, in a 23 July statement it issued on the 10th Anniversary of the Safe Harbor Framework. "Due to close economic relations, nobody in the EU seems to have the courage to do it", said Thilo Weilchert, the Schleswig-Holstein Data Protection Commissioner.

The Patient Privacy Rights Foundation welcomed a 28 July announcement by the US Department of Health and Human Services (HHS) to withdraw its health data breach notification rule (74 FR 42740) for further consultation.

The Computer-Processed The Personal Data Protection Act will become applicable to all individuals, legal entities and enterprises which collect personal data, under an amendment approved by the Taiwan Legislature on 27 April 2010.

Features:

The review of the Data Protection Directive is finally gaining momentum. In the UK, the Ministry of Justice is working hard to put together a sensible package of suggestions, Commissioner Reding is aiming for an overhaul of the whole regime and the Article 29 Working Party has made its second formal submission to the Commission. The recent Working Party's Opinion on the principle of accountability is the boldest move yet by the EU regulators to have a go at changing Europe's data protection law. Their aim is to move ­ as they put it - from theory to practice.

The Safe Harbor Framework is once again in the limelight after German regulators recently imposed new due diligence requirements for German companies transferring data under the Framework. Charlene Brownlee, Partner at US law firm Davis Wright Tremaine LLP, analyses the implications of this decision, and whether the Framework has been efficient in the ten years it has been operational.

The Information Commissioner's Office has recently issued a code of practice, which regulates, amongst other things, the online collection of children's personal data. With no clear-cut provisions in the UK Data Protection Act on how to protect children's data online, does the code provide an answer to online companies on how to resolve the challenges they face in such an area? Vinod Bange and Samatha King, from Speechly Bircham LLP, examine the code and round up the solutions for companies.

The use of virtual servers and cloud computing amongst organisations is on the rise, posing new concerns over data retention matters. Rocco Panetta, Partner at Panetta & Associati, explores the practicalities of these issues, and puts forward a number of recommendations for more consistent and effective data retention policies under the European Data Retention Directive.

The US Supreme Court has recently upheld the search of employee pager communications by a government employer, stating the search was 'not excessively intrusive' and justified by work considerations. Michael Vatis, Partner at Steptoe & Johnson LLP, examines how this decision is likely to affect government and private sector employers who wish to monitor their employees' behaviour on workplace equipment.

The Indian IT Amendment Act - which came into effect in October 2009 - introduced Section 43A which defines the liability of companies that mishandle personal data - and Section 72A - which criminalises disclosure of information in breach of a lawful contract. Vakul Sharma, Advocate at the Supreme Court, analyses how enforcement of these provisions takes place.

The Information Commissioner's Office (ICO) and the Financial Services Authority (FSA) share several overlapping objectives, yet their regulatory roles remain distinct. Simon McDougall, Director at Promontory, explores the ICO and FSA's similarities and differences, in order to help firms manage their regulatory obligations.