[Chapter-delegates] ISOC approaches to privacy breach legislation?

Mon Jun 24 22:08:50 PDT 2013

Dear Babu,

In Mexico, as Alejandro has already said, we have a quite advanced law on the matter. We also have some examples in case law that might be helpful to you. Although these precedents are resolutions given by the higher courts, they, so far, constitute a guideline for lower courts but are non-binding resolutions at this stage.

These resolutions (extracts) are in spanish. If you like I could translate a couple of them so you can have a general idea of how the Courts are ruling on privacy matters and data protections matters in Mexico.

All the best,

León Felipe Sánchez Ambía
Fulton & Fulton SC
http://www.fulton.mx

**AVISO DE CONFIDENCIALIDAD: Este correo electrónico, incluyendo, en su caso, los archivos adjuntos al mismo, pueden contener información de carácter confidencial y privilegiado por lo que se envían en atención únicamente de la persona o entidad a la que van dirigidos. La copia, revisión, uso, revelación o distribución de dicha información sin la debida autorización por escrito, está prohibida. Si usted NO es el destinatario a quien se dirige el presente correo, favor de contactar de inmediato al remitente respondiendo al presente correo y eliminarlo, incluyendo los archivos adjuntos, así como cualquier copia del mismo.

** CONFIDENTIALITY NOTICE: This e-mail message, including its attachments, may contain legally privileged and confidential information exempt or prohibited from disclosure under applicable law. Copying, reviewing, use, disclosure or distribution of such information without the proper written permission is prohibited. If you are not the intended recipient of this e-mail, please notify this sender immediately and do not deliver, distribute or copy this e-mail or its attachments, and refrain from disclosing its contents or taking any action in reliance on the information it contains.

El 24/06/2013, a las 23:54, Baburam Aryal <babu at isoc.org.np> escribió:

> Dear Alejandro
> Thank you very much. Ministry of Science and Technology of Nepal has assigned me and my law firm to review of current IT related laws and draft a new Bill. Your suggestions are very helpful for the process. 
> 
> By the way, in couple of weeks, we have a court hearing where we filed a case against Government of Nepal and Nepal Police on unlawful collection of CDR and SMS details by the Police. We have sought specific guidelines for the data privacy and interception from the court until a proper legislation is adopted. 
> 
> I appreciate your sharing if you have any case laws on privacy on digital communications. 
> 
> 
> 
> 
> 
> On Mon, Jun 24, 2013 at 11:43 PM, Dr. Alejandro Pisanty Baruch <apisan at unam.mx> wrote:
> Babu,
> 
> to your question on privacy breach legislation:
> 
> In Mexico the Data Protection law is relatively recent and thus quite advanced.
> 
> I will ask for more details about an obligation for companies to inform publicly about data breaches. It is not in high visibility, to say the least.
> 
> BUT: the law does impose severe fines on companies who break the law. Recently there have been several high profile cases against a store (pharmacy) for having a non-compliant privacy policy; a bank for using data from a prospective client who did not become a client; a medical doctor for passing forward patient data.
> 
> And now there is what may become a landmark case. The CitizenLab at the University of Toronto, as you may know, has found evidence that the FinFisher software is hosted in two Mexican telcos/ISPs. A human-rights organization has gone to the institution in charge of data protection with a lawsuit based on a very expansive article in the law, which allows third parties to ask for evidence of privacy breaches such as this. 
> 
> We are supporting this motion. I understand that Article 19 Mexico and other organizations will do so too.
> 
> It is a great provision in the law so if you in Nepal begin to lobby for a privacy/data-protection law it would be of interest for you.
> 
> The lawsuit has just been filed so it's a long way to go to see if it's successful (shorter if it's dismissed after ten days, the first deadline.) 
> 
> I am not aware of a firm position from ISOC HQ in favor of privacy breach notification; to the best of my knowledge that is fine, considering the vast diversity of legal systems, though it seems many of us do support establishing this kind of pressure on companies handling personal data. Devil/details, Occam's razor, law of unintended consequences all over.
> 
> Yours,
> 
> Alejandro Pisanty
> 
>  
> - - - - - - - - - - - - - - - - - - - - - - - - - - - 
>      Dr. Alejandro Pisanty
> Facultad de Química UNAM
> Av. Universidad 3000, 04510 Mexico DF Mexico
>  
> +52-1-5541444475 FROM ABROAD
> 
> +525541444475 DESDE MÉXICO SMS +525541444475 
> Blog: http://pisanty.blogspot.com
> LinkedIn: http://www.linkedin.com/in/pisanty
> Unete al grupo UNAM en LinkedIn, http://www.linkedin.com/e/gis/22285/4A106C0C8614
> Twitter: http://twitter.com/apisanty
> ---->> Unete a ISOC Mexico, http://www.isoc.org
> .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  . 
> 
> Desde: chapter-delegates-bounces at elists.isoc.org [chapter-delegates-bounces at elists.isoc.org] en nombre de Baburam Aryal [babu at isoc.org.np]
> Enviado el: lunes, 24 de junio de 2013 11:57
> Hasta: Charles Oloo
> CC: Chapter Delegates
> Asunto: Re: [Chapter-delegates] ISOC approaches to privacy breach legislation?
> 
> Dear Narelle 
> Thank you for the sharing. We do not have specific privacy or data protection law in Nepal. I appreciate all the comments here that could be guiding for us. 
> 
> 
> 
> On Mon, Jun 24, 2013 at 7:14 PM, Charles Oloo <oloo6382 at gmail.com> wrote:
> Dear Narelle,
> 
> 
> This must be one topic that needs scrutiny it seems, having raised the same issue a while ago, pertaining to privacy. Yes we have a draft Kenya Data Protection Bill that we hope will wholesomely address some of these issues. However, there is still need for more strategy and awareness and to engage more stakeholders to address some of the emerging issues.
> 
> Charles
> 
> 
> On Wed, Jun 19, 2013 at 6:19 AM, Narelle Clark President ISOC-AU <President at isoc-au.org.au> wrote:
> Hi all
> 
> what approaches has your country taken to privacy breach notification
> legislation?
> 
> What is ISOC's position on whether this be mandatory or otherwise?
> 
> We have proposed legislation, see:
> http://www.aph.gov.au/Parliamentary_Business/Committees/Senate_Committees?url=legcon_ctte/privacy_alerts_2013/info.htm
> 
> thanks
> 
> 
> Narelle
> 
> 
> --
> 
> 
> Narelle Clark
> President
> Internet Society of Australia
> 
> president at isoc-au.org.au
> www.isoc-au.org.au
> 
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed
> to this list, which is regularly synchronized with the Internet Society
> Chapter Portal (AMS): https://portal.isoc.org
> 
> 
> 
> -- 
> Charles Oloo
> WEBMASTER
> Tel: +254 721 909757
>        
> 
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed
> to this list, which is regularly synchronized with the Internet Society
> Chapter Portal (AMS): https://portal.isoc.org
> 
> 
> 
> -- 
> Advocate Babu Ram Aryal
> President,
> Internet Society [ISOC] Nepal Chapter
> Anamnagar, Kathmandu
> Nepal 
> 
> Cell: +977-9851048401
> 
> 
> 
> -- 
> Advocate Babu Ram Aryal
> President,
> Internet Society [ISOC] Nepal Chapter
> Anamnagar, Kathmandu
> Nepal 
> 
> Cell: +977-9851048401
> _______________________________________________
> As an Internet Society Chapter Officer you are automatically subscribed
> to this list, which is regularly synchronized with the Internet Society
> Chapter Portal (AMS): https://portal.isoc.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://elists.isoc.org/mailman/private/chapter-delegates/attachments/20130625/7435c6d6/attachment.htm>