Wednesday Privacy Roundup

Privacy in the EU has been hugely in the news in the last week. Check these out:
European Union justice ministers Friday agreed on a minimum set of rules protecting the cross-border exchange of personal data by law-enforcement agencies in the 27 member states. There’s were lots of other proposals discussed, including ones that mimic US Visit and datasharing of flight passenger information.
Data Protection Act doesn’t ban parents filming the school play.
Europe’s top privacy regulator has said that European privacy laws will need to be overhauled in just five years’ time.

I would expect that some five years down the road, we need to see some changes in the existing framework,” said Hustinx, the European Data Protection Supervisor (EDPS). “Where? Not in the principles, although some parts perhaps need to be revisited, my emphasis would be we need more flexible arrangements to make it work better, to make it more effective.

The European Commission has published a plan to compel EU members to gather more information on air passengers travelling in and out of the EU in what it says is an attempt to combat terrorism. Of course, it’s never that simple:

Statewatch editor Tony Bunyan said that the increased monitoring was unwarranted. “This is yet another measure that places everyone under surveillance and makes everyone a suspect without any meaningful right to know how the data is used, how it is further processed and by whom,” he said. “Moreover, the profiling of all airline passengers has no place in a democracy.”

Back on August 1st, the Office of the Privacy Commissioner of Canada, released guidelines for handling breach disclosures. Key Steps for Organizations in Responding to Privacy Breaches lays out the definition of a breach and a high level process for dealing with breaches, starting with containment, moving through assessment to notification and finally prevention of future breaches.
To assist with the process, the Commissioner also released the Privacy Breach Checklist which takes the guidance from the first document and reproduces it in an easier to follow format at the time of an incident occurring. This checklist in particular would be a great starting point for any incident response team dealing with privacy breaches.