By Tess Waldron

As has been widely reported, on 6 November 2012 the ICO fined Prudential £50,000 for what was described by the ICO’s head of enforcement, Stephen Eckersley, as a case that “would be considered farcical were it not for the serious sums of money involved”.

The breach originally occurred in 2007, when the records of two individuals with the same first name, surname and date of birth were erroneously merged, causing thousands of pounds meant for

The pressure on companies to adapt to stronger privacy regulation and enforcement in the EU increased this week, following the release of a letter to Google on behalf of 30 European data-protection commissioners.

On October 16, 2012, the Article 29 Data Protection Working Party publicly disclosed the correspondence it sent simultaneously to Google following the investigation into Google’s new privacy policy that started in February this year. In the correspondence (letter and appendix), the European data protection

By Simon Berry and Daisy Shen

The Personal Data (Privacy) (Amendment) Ordinance (Amendment Ordinance) came into operation on 1 October 2012, with the exception of those provisions relating to direct marketing and legal assistance which will take effect on a further date to be announced.

The Amendment Ordinance introduces various amendments to the Personal Data (Privacy) Ordinance, which was enacted in 1995 (Ordinance), and tightens the regulatory framework to improve the protection of personal data

By Linda Inscoe and Joseph Farrell

On September 27, 2012, California became the third state to enact legislation protecting employees, job applicants, university students and prospective students against coerced disclosure of usernames, passwords and other information related to personal social media accounts, such as Facebook, MySpace and Twitter accounts, text messages, private email accounts, blogs and podcasts. Governor Edmund G. “Jerry” Brown signed Assembly Bill 1844 (AB 1844) and Senate Bill 1349 (SB 1349), increasing privacy

Do we need to regulate generally accepted, low risk forms of data processing that individuals are now comfortable with as part of daily life (e.g. on-line orders, payroll processing and employment contract administration) to the same standard as types of processing that intrude more clearly on an individual’s privacy (e.g. tracking user preferences, monitoring communications etc.)? Should the draft European Data Protection Regulation impose differing standards depending on the risk to the individual from the processing in question, rather than

The Office of Hong Kong’s Privacy Commissioner for Personal Data (PCPD) recently announced the results of compliance checks on the collection of “cookies” by local banks in response to earlier media reports and a survey by the Hong Kong Monetary Authority (HKMA).

According to media reports from September 2010, some local banks in Hong Kong required their customers to accept cookies for use of Internet banking services without informing customers of the type of data to

An August 2 webcast on Compliance and Enforcement in the Hospitality Industry  looked at the FTC proceedings in the Wyndham Hotels matter and identified some key takeaways, while considering how similar issues might play out in the European Union. (For those unable to follow the live webcast, the full presentation is now available online.)

Some of the key points covered in the discussion include:

  • While attackers can be persistent and use sophisticated tools, most breaches result from the failure

On Thursday, the U.S. Senate failed to pass a motion to end debate on the Cybersecurity Act of 2012 by a vote of 52-46. Sponsors were unable to muster the 60 votes required to move forward with the legislation, following heavy lobbying against the bill by the U.S. Chamber of Commerce, the financial industry, and other interested constituencies, and despite an aggressive, coordinated push from the White House. The vote was principally along party lines, with several notable exceptions. The

August 2 Webcast to Consider Risks and Responses

A recent high-profile enforcement action by the Federal Trade Commission (FTC) provides meaningful context and occasion for examining data security risks in the hospitality industry.

In late June, the FTC filed suit against global hospitality company Wyndham Worldwide Corp. and three of its subsidiaries for alleged data security failures that led to three data breaches at 45 Wyndham properties in less than two years. The action followed an expansive and expensive civil

By Jennifer Archie and Kevin Boyle

The Cybersecurity Act of 2012 (S. 3414) moved one step closer to possible passage on Thursday when the United States Senate voted 84 to 11 to allow an open amendment process when the bill is taken up for floor debate, as early as next week. The bill still faces an uphill battle to passage in its present form, in the face of opposition to government regulatory intrusion from business groups and key technology companies