Sent to subscribers in October 2012

I am pleased to announce that Supplement #9 to the two-volume treatise Global Privacy and Security Law is now available. This Supplement contains updates to twenty-four chapters. The chapter on Sweden now contains information on the private right of action, on sample cases and penalties, on employee information, children information, whistleblowing and other laws protecting personal data. The chapter on Finland has been updated in a similar manner. It has been updated to include new sections highlighting a data controller’s obligations when outsourcing the processing of personal data, when using surveillance cameras or collecting data in the workplace.

The most significant changes in this Supplement 9 are described below.

General

Chapter 1—Data Protection Challenges to Global Business. The chapter has been updated, and has been supplemented with a new section on Government Surveillance.

Americas

Chapter 15—Brazil. the chapter is supplemented with a new section on International Treaties and Agreements. It also provides the status of four bills, including Bill of Law 866/2007, which imposes restrictions on phone calls made by telemarketing companies without the consumers’ prior consent, Bill of Law 3272/2008 regarding breach of secrecy, the draft Data Protection Law, and the Bill of Law 2126/11.

Chapter 18—Chile. Chile passed the Dicom Law (Law Nº 20.575) in February. This law brings a major reform to Chile’s Directory of Credit Information, a debt disclosure system that has been in place since 1976.

Chapter 24—Dominican Republic. The section on the Law Against High Technology Crimes and Offenses has been supplemented to discuss the issuance of Resolution No. 086-11 by the Dominican Telecommunications Institute (INDOTEL). This Resolution approves the regulation for the obtention and preservation of data and information from service providers, in application of Article 56 of Law 53-07, which requires service providers to retain certain data for a minimum of 90 days. In addition, a new section on Health Information discusses the protection of personal information held by healthcare providers and professionals.

Chapter 65—United States of America. The USA chapter has been supplemented with information regarding the USA PATRIOT Act. It also comments on issues such as privacy in mobile applications, children and mobile applications, the Massachusetts Regulation, and several recent FTC cases. The updates also include comments on the FTC’s ID Theft Report and a summary of the March 2012 Report on Data Privacy.

Chapter 66—Uruguay. This chapter has been supplemented with additional details on the Principles set forth under the Data Protection Law and the rights of individuals with respect to access to, and correction of their personal data. The chapter also discusses the creation of E-Health, a new division of URCDP, the Uruguayan data Protection authority.

Asia
Chapter 48—The Philippines. On March 20, 2012, the Philippine Senate approved the Data Privacy Act of 2011, which is substantially similar to the prior bill with some slight modifications. The chapter provides an update on the provisions of the pending bill.
Europe

Chapter 22—Czech Republic. The entire chapter has been updated. It provides more details on the conditions to the transfer of personal data out of the EU. In addition, it describes the special sanctions for disclosing publicly any information gathered from court-ordered telephone interceptions without the consent of the person affected by the interception.

Chapter 26—Estonia. Three new sections, International Treaties and Agreements, Constitution, and Electronic Communications, have been added.

Chapter 27—Finland. The entire chapter has been updated. There are new sections on data controllers’ obligations when outsourcing the processing of personal data, using surveillance cameras or collecting personal data in the workplace. A new section on Credit Information has been added to the chapter, which discusses the use and disclosure of credit data, notification requirements, and supervision and enforcement of the Credit Information Act.

Chapter 28—France. The France chapter updates include new sections on the transfer of IT applications under an outsourcing operation and cloud computing. It briefly comments on the status of the CNIL consultation on cloud computing and on the CNIL’s recommendation for companies interested in cloud computing services.

Chapter 32—Hungary. The updates to the Hungary chapter include information on the terms in which the President of the Agency, which replaced the Data Protection Commissioner and its Office, may be removed from office in case of non-compliance with its obligations, among other minor changes.

Chapter 37—Italy. The Italy Chapter has been amended to reflect changes to the Italian Data Protection Code, which became effective in January 2012. The section on the restrictions on the use of cookies has also been amended to include information on the implementation of the 2009 Directive with regard to the use of cookies.

Chapter 39—Latvia. Three new sections were added to the chapter in order to touch on data privacy in international treaties and agreements, Latvia’s Constitution, and electronic communications privacy. The new section on Electronic Communications contains an update on the status of implementation of the 2009 Directive.

Chapter 41—Lithuania. The updates to the Lithuania chapter contain a new section on International Treaties and Agreements and an update on the status of implementation of the 2009 Directive.

Chapter 46—The Netherlands. This chapter has been updated with new information regarding the Senate approval of a bill that implements Section 5(3) of the 2009 Directive into its Telecommunications Act.

Chapter 50—Portugal. The Portugal chapter has been updated with the status of the implementation of the 2009 Directive with regard to security breach disclosures.

Chapter 55—Slovenia. The updates to the Slovenia chapter include a new section on International Treaties and Agreements and an update on the status of the implementation of the 2009 Directive.

Chapter 59—Sweden. The Sweden chapter has been amended extensively. It now contains information on individual’s private right of action, sample cases and penalties, employee information, children information, whistleblowing, and other laws protecting personal data.

Chapter 60—Switzerland. Some sections in the Switzerland chapter were supplemented with information regarding the Google Street View case.