Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: privacy impact assessment

Posted in International/EU Privacy

The Most Delicate Balance of Our Time

Public atrocities always attract some kind of political reaction. Generally, the more brutal the atrocity, the harsher the reaction. It is understandable from the perspective of political responsibility. So when defenceless people are mercilessly attacked by gunmen as punishment for their satirical views, a very visible reaction is to be expected. However, political reactions to grave situations need not only visibility but measured thinking and careful decision-making. The reaction to a violent and criminal act can often have more far-reaching implications than the act itself, leading to an escalation of violence. At the same time, doing nothing to protect citizens from harm is not a responsible option. As with many political decisions, securing public safety is a balancing exercise of robustness and restraint.

Posted in Consumer Privacy, Cybersecurity & Data Breaches, International/EU Privacy

Guidance on Establishing and Maintaining a Privacy Management Infrastructure

Privacy law compliance means not only ensuring that compliance gaps are identified and remediated, but also that there is a privacy management infrastructure to ensure that privacy issues are handled on an ongoing basis. Attending to the infrastructure task can be challenging.
To aid in this effort, on April 17th Canada’s privacy commissioner, along with the privacy commissioners of the provinces of Alberta and British, issued a guidance document entitled “Getting Accountability Right with a Privacy Management Program,” along with an “At a Glance” two-page summary. These materials are summarized in this entry.

Posted in International/EU Privacy

Details of EU Data Protection Reform Reveal Dramatic Proposed Changes

Although the European Commission was expected to release its overhaul of the 1995 Data Protection Directive (95/46/EC) next month, some of the details of those changes emerged earlier than expected this week. In this post, we summarize the many key changes between the Data Protection Directive and the Commission’s draft Data Protection Regulation.

Posted in International/EU Privacy

Europe’s Article 29 Working Party issues smart meter guidelines

Europe’s group of data protection authorities, the Article 29 Working Party, issued an opinion on smart meters, which goes into surprising detail on points such as the size of the display for the user interface, the need for a ‘push button’ consent module for consumers, the need to keep load graph data stored locally whenever possible. The Art 29 WP stresses the need for energy suppliers and third party energy service companies to develop detailed data retention policies to ensure smart meter data are deleted as soon as no longer needed.