September

German data protection commissioners have sent a letter to the German Chancellor Angela Merkel, asking her to urge the European Union to suspend the US - EU Safe Harbor regime because of the recently disclosed NSA activities. The letter is signed by the Federal Commissioner for Data Protection and Information Freedom and the State data protection commissioners.

The officials argue that the European Union should suspend the Safe Harbor regime until the facts about NSA surveillance of European citizens are cleared. The official press release of the data protection commissioners expects "the Federal Government to do everything to protect the people in Germany against access to their data by third parties" and asks the Government "to negotiate a high level of data protection and regulation in Brussels which will prevent comprehensive and causeless surveillance by European and non-European authorities".

The new move could have a significant impact if it is successful: all companies relying on Safe Harbor for the transfer of personal data from the EU to the US could suddenly face a situation where either such data transfers must be suspended or face fines by data protection authorities for unlawful processing of data.

USCIS has been busy with enhancements to the E-Verify system. Beginning September 8, 2013, the Records and Information from Dives for E-Verify (RIDE) Program will be adding Iowa to the program. This means that data from ID and driver's licenses issued by the Iowa Department of Transportation's Motor Vehicle Division (MVD) can now be inputted into the E-Verify system to be checked against the records of the MVD database for accuracy.

The addition of Iowa as the fourth state to join the RIDE program (in addition to Mississippi, Florida and Idaho) is another step towards combating document fraud, a challenge that has plagued USCIS ever since the rollout of the E-Verify system. Employers are affected by the RIDE program only when workers present documents issued from any of the four states who participate in the program, regardless of where the employer’s place of employment is. For example, an employer participating in E-Verify may be located in Oregon.

The employer’s newly hired worker has presented an Iowa driver’s license along with a social security card during the I-9 process. The employer would be prompted to enter the driver’s license data during the E-Verify case process, where the system will automatically check Iowa MVD’s records for a match.

The South African Parliament has passed the Protection of Personal Information (POPI) Bill. POPI represents South Africa's first comprehensive data protection legislation and is expected to come into force before the end of the year. "POPI will, upon promulgation, impose a number of stringent obligations on all persons which in any manner process personal information", said Simone Gill, Director of the Technology Media and Telecommunications Practice at Cliffe Dekker Hofmeyr. "It is expected to have a significant impact on the manner in which private and public bodies process personal information."

POPI was drafted on the basis of the EU Data Protection Directive and establishes eight data protection principles, which reflect EU, Canadian and Australian data protection models. Of particular note, POPI restricts cross-border data transfers unless the country to which the data is transferred provides a similar level protection of personal data. Under POPI, companies may adopt contractual clauses and binding corporate codes of conduct. It will also introduce a mandatory data breach notification requirement and establish the Information Protection Regulator (IPR) with investigatory and enforcement powers, including the power to impose fines of up to ZAR 10 million (approx. €740,200).