PL&B International E-news, Issue 37
- France’s CNIL refuses to authorize whistle-blowing to US HQs
- Sweden responds to the changing interface of DP and IT
- Dutch libraries weigh RFID benefits against privacy threats
- 40 million credit cards vulnerable to fraud
1. France's CNIL refuses to authorize whistle-blowing to US HQs
France’s Data Protection Authority, the CNIL, has refused to authorize plans by the French subsidiaries of McDonald’s and Exide Technologies to provide a means of reporting unethical or illegal behaviour to the USA.
The CNIL has informed the US Securities and Exchange Commission (SEC) and the European Commission of its position. Letters were sent out on June 29th. The French government is considering the issue.
This comes at a time when more and more companies are putting in place such processes in order to comply with the US Sarbanes-Oxley Act.
It was decided that such processing must be subject to prior authorization by the CNIL because its implementation may result in the termination of an employment contract. Moreover, suspected employees may not be aware of the collection and processing of their personal data.
The CNIL maintained that the risks such schemes proposed were disproportionate, when balanced against their final objectives, and that various other means of upholding business values, such as training and inspections, already existed.
2. Sweden responds to the changing interface of DP and IT
The Swedish Government is currently considering proposals for a new, simplified approach to routine data processing transactions.
These developments recognise that the nature of personal data processing has changed beyond all recognition, as a result of the increased sophistication and extent of information technology
The basic idea is to exempt from the main data protection rules in Swedish law routine processing. Routine processing would refer to situations where the inclusion of personal data is not the main focus of a structured activity, and where the processing does not constitute a misuse of the data.
The new provisions, intended to be compatible with the EU Data Protection Directive, would be supervised and enforced by the Swedish Data Inspection Board.
3. Dutch libraries weigh RFID benefits against privacy threats
There is a new bill before the Dutch parliament that would extend the powers of investigating authorities to access confidential data.
If passed, the Bevoegdheden Vorderen Gegevens bill before the Dutch Upper House would strengthen and widen the powers of Dutch law enforcement and intelligence authorities.
Already, Dutch public librarians have been approached in recent years by the police seeking confidential information. How will Dutch libraries in the future reconcile the benefits of RFID with the privacy threats this technology poses?
4. 40 million credit cards vulnerable to fraud
MasterCard International Inc. has said that the names, banks and account numbers of up to 40 million credit card holders may have been accessed fraudulently.
The source of the breach was found to be Atlanta-based CardSystems Solutions Inc., which processes credit card and other payments for various banks and merchants such as Standard Chartered Bank, HSBC, and the Bank of China.
MasterCard said that about 14 million of its own cards had been exposed to fraudulent use, and that it was notifying its card-issuing banks of the breach.
The FBI is investigating.
Copyright Privacy Laws & Business 2005