To follow-up on French Data Protection Authority Blocks SOX Whistleblower Programs and Whistleblowers in France, here is CNiL‘s FAQ on whistleblowing systems and guideline document for whistleblower systems. CNiL defined a set of rules to be followed for whistleblower systems to be compatible with French data protection laws: Unique Authorisation dated December 8, 2005 (in French, without … Read more »
Category: Privacy
French Data Protection Authority Blocks SOX Whistleblower Programs
As a follow-up to the Whistleblowers in France, John B. Reynolds, III and Amy E. Worlton of Wiley Rein LLP offer more insight to the programs and decisions. CNIL found that employees’ ability to lodge anonymous complaints would increase the likelihood of malicious false reports. CNIL also found that the two companies’ plans would not … Read more »
Whistleblowers in France
French privacy law limits the ability to use anonymous hotlines. In France, the French Data Protection Authority (La Commission Nationale de l’Informatique et des Libertés (CNIL)), an administrative agency, oversees processes involving the collection or compilation of personal data. In 2005 they decided that two reporting procedures were in violation of French privacy law. McDonald’s … Read more »
Nevada Law on Privacy of Personal Information
A Nevada law requiring encryption of customer personal information went into effect on October 1, 2008. See Nev. Rev. Stat. § 597.970. The legislation is short but potentially wide-ranging in scope. NRS 597.970 Restrictions on transfer of personal information through electronic transmission. [Effective October 1, 2008.] 1. A business in this State shall not transfer … Read more »
Additional Guidance on the Massachusetts Privacy Regulations
The Massachusetts Office of Consumer Affairs and Business Regulation has provided guidance regarding its new regulations requiring all entities that own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts to develop, implement and maintain a comprehensive written information security program and make specific computer information security requirements. I mentioned … Read more »
Certification Mark for EU Safe Harbor Framework
The Commerce Department’s International Trade Administration (ITA) has developed a certification mark for the U.S.-European Union Safe Harbor Framework. The mark may be used by companies on their websites to signify that they have self-certified compliance with the provisions of the Safe Harbor Framework. To display the certification mark, you must follow the Safe Harbor … Read more »
FTC Will Grant Six-Month Delay of Enforcement of ‘Red Flags’ Rule
The FTC announced that they will suspend enforcement of the new “Red Flags Rule” until May 1, 2009, to give creditors and financial institutions additional time in which to develop and implement written identity theft prevention programs. The Identity Theft Rules are found at 16 C.F.R. Part 681.2. The FTC published a FTC Business Alert … Read more »
New Massachusetts Regulations to Mandate Comprehensive Information Security Requirements
Goodwin Procter LLP published a summary of the New Massachusetts Regulations to Mandate Comprehensive Information Security Requirements. The regulations have broad coverage, applying to all entities that own, license, store or maintain personal information about residents of the Commonwealth of Massachusetts, regardless of whether or not the entity has operations in the Commonwealth. Federally regulated … Read more »
Privacy and Security Alert: Massachusetts Has New Data Security Regulations
Cynthia Larose, Elissa Flynn-Poppey and Julia M. Siripurapu of Mintz Levin Put together an alert with a a summary of the new Massachusetts Data Security Regulations: Privacy and Security Alert: Massachusetts New Data Security Regulations Effective January 1, 2009. The alert has a summary of some of the changes to the changes to the regulations … Read more »
Protecting Individual Privacy in the Struggle Against Terrorists
The National Research Council has published a new report finding that all U.S. agencies with counterterrorism programs that collect personal data should be required to evaluate the programs’ effectiveness, lawfulness, and impacts on privacy. In its press release, they summarize that “Collecting and examining data to try to identify terrorists inevitably involves privacy violations, since … Read more »