PL&B International E-news, Issue 76

1. US Safe Harbor found to present privacy risks to consumers

A study of the US Safe Harbor Framework by Galexia, a non-governmental consultancy in Australia, assessed the 1,597 organisations on the Safe Harbor List against a small subset of key criteria in the Safe Harbor Framework Principles. It found that only 348 organisations met the most basic requirements of the Safe Harbor Framework. Many did not have a public privacy policy, or the policy failed even to mention the Safe Harbor. Many claim on their public websites to be members of the Safe Harbor when they are not current members. Overall the study found that the problems identified in previous reviews of the Safe Harbor have not been rectified, and that the number of false claims made by organisations represents a significant privacy risk to consumers.

2. Society for Worldwide Interbank Transfers (SWIFT) approved by Belgian DPA

Belgium’s DP Commission, after a two year investigation into the Society for Worldwide Interbank Transfers (SWIFT), decided, on 9 December, that SWIFT’s co-operation with the US government in monitoring international financial transactions complies with Belgian data protection law.

In September 2006 the Belgian Privacy Commission ruled that SWIFT violated Belgian data protection law by communicating personal data to the US Treasury, which had issued secret administrative subpoenas to SWIFT after the 11 September 2001 New York attacks. Now the Belgian authority concludes that SWIFT is in compliance with data protection law.

3. EU DP Superivisor says IP addresses are protected

The European Data Protection Supervisor, Peter Hustinx, said in a video in November that IP addresses are proteced under data protection laws. Speaking to ZDNet at an RSA information security conference in London, he said that a person does not have to be identifiable by name for details of computer usage to be protected. Companies that gather addresses that might or might not be personal data should just treat them all as personal. Companies unsure whether information such as activity or server logs or a record of internet protocol (IP) addresses are personal data or not, should treat it all as personal data.

4. Israel’s new anti-spam law now in force

Effective 1 December 2008, Israel’s new anti-spam law is set to stir change in the way companies communicate with existing and potential clients. The new law, enacted last May as the Telecommunications Act is modelled after the European Electronic Communications Privacy Directive (2002/58/EC). It applies to businesses sending direct marketing messages by electronic means, such as by automated calling systems, fax, email, and text messages (SMS and MMS). It imposes stiff civil and criminal penalties on infringing companies and therefore warrants technical, organizational and commercial readiness.

Click here for further information about subscribing to the international newsletter.

Copyright Privacy Laws & Business 2008