Skip to main content
You are here: News


The following news feed provides an overview of the current activities and news from APPA members.

The articles on this page are updated regularly from members’ news and media pages. If you have any questions or concerns about the content contained in the articles, please contact the respective member. You can locate members’ details underneath each article or on our Contact us page.


Utah Operation Responsible for Making More Than 117 Million Illegal Telemarketing Calls to Consumers Settles Federal Trade Commission Charges

Defendants barred from violating the Telemarketing Sales Rule, calling phone numbers on the FTC’s National Do Not Call Registry

Three Utah-based firms and their owner, which a federal court jury in 2016 found deceptively and illegally called more than 117 million consumers pitching their movies, have agreed to a proposed court order settling the Federal Trade Commission’s charges against them. The U.S. Department of Justice (DOJ) secured the defendants’ agreement to the proposed order imposing civil penalties and prohibiting telemarketing abuses, and filed it with the court on the behalf of the FTC.

The 2016 jury verdict covered six different Telemarketing Sales Rule (TSR) violations, including violations of the FTC’s regulations requiring telemarketers to use caller identification names that tell consumers what seller is calling and restrictions on telemarketers making calls to consumers without connecting the call to a sales representative within two seconds of the consumer’s greeting.

The proposed court order announced today bars the defendants from the misconduct alleged in the complaint, including illegally calling phone numbers on the Do Not Call (DNC) Registry, and imposes a $45.5 million civil penalty judgment, of which all but $487,735 is conditionally suspended. The suspended portion of the penalty amount will become due if the court later finds that defendants misrepresented their financial condition.

Case History

According to a 2011 complaint filed by the DOJ on behalf of the FTC, Forrest S. Baker III and three Utah firms that he controls violated the TSR and the FTC Act multiple times and deceived customers they called about where the proceeds from their movie purchases would go. The three firms named with Forrest S. Baker III as co-defendants are Feature Films for Families, Inc.; Corporations for Character, L.C.; and Family Films of Utah.

After the court resolved several issues in the case, DOJ attorneys and FTC witnesses presented evidence to a jury about violations by defendants during multiple telemarketing campaigns. In one nationwide campaign, Corporations for Character called consumers under the name “Kids First,” offered to send two free DVDs and requested feedback on whether the movies should be included on a list of recommended movies. This telemarketing campaign resulted in millions of calls to consumers on the DNC Registry in which defendants urged consumers to buy additional DVDs by telling them that “all of the proceeds” from sales would be used to complete a recommended viewing list of the nonprofit Coalition for Quality Children’s Media. In reality, Feature Films had contracted to receive 93 percent of all money collected from consumers.

The evidence also showed that in 2009 Feature Films called consumers to urge them to buy tickets to see “The Velveteen Rabbit,” a film produced by Baker and released in theaters before going to DVD. Feature Films’ telemarketers made more than 2.5 million calls to numbers on the DNC Registry during this campaign. In additional marketing campaigns, the defendants routinely called consumers on the DNC Registry to sell DVDs, and even continued to call consumers who had asked the defendants to stop calling, resulting in tens of millions of illegal calls.

In all, the jury found the defendants collectively responsible for 117 million TSR violations, including 99 million illegal calls to telephone numbers listed on the DNC Registry, as well as more than four million additional calls in which the defendants’ telemarketers made misleading statements to induce DVD sales.

The jury also found the defendants had actual or implied knowledge of the TSR violations, allowing the court to assess civil penalties under the FTC Act. The case was the first-ever jury verdict in an action to enforce the TSR and DNC Registry rules.

The Commission vote approving the proposed order was 2-0. It was filed in the U.S. District Court for the District of Utah, Central Division. The proposed order is subject to court approval.

NOTE: Stipulated final injunctions/orders have the force of law when approved and signed by the District Court judge.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
16 Mar 2018, 11:00pm AEDT

FTC Shuts Down Promoters of Deceptive Cryptocurrency Schemes

At the request of the Federal Trade Commission, a federal court has halted the activities of four individuals who allegedly promoted deceptive money-making schemes involving cryptocurrencies. These schemes falsely promised that participants could earn large returns by paying cryptocurrency such as bitcoin or Litecoin to enroll in the schemes.

In a complaint, the FTC alleges that three defendants – Thomas Dluca, Louis Gatto, and Eric Pinkston – promoted chain referral schemes known as Bitcoin Funding Team and My7Network. Using websites, YouTube videos, social media and conference calls, the defendants promised big rewards for a small payment of bitcoin or Litecoin.

The defendants claimed that Bitcoin Funding Team could turn a payment of the equivalent of just over $100 into $80,000 in monthly income. The FTC alleges, however, that the structure of the schemes ensured that few would benefit. In fact, the majority of participants would fail to recoup their initial investments.

According to the FTC, Bitcoin Funding Team and My7Network participants could only generate revenue by recruiting new participants and convincing them to also pay cryptocurrency. For example, Bitcoin Funding Team participants were required to make an initial bitcoin payment to an earlier participant and pay a fee to Bitcoin Funding Team. With these payments, participants were eligible to recruit new members and receive payments from them. Promoters claimed participants could earn bigger rewards if they paid additional bitcoins.

“This case shows that scammers always find new ways to market old schemes, which is why the FTC will remain vigilant regardless of the platform – or currency used,” said Tom Pahl, Acting Director of the FTC’s Bureau of Consumer Protection. “The schemes the defendants promoted were designed to enrich those at the top at the expense of everyone else.”

The FTC alleges that a fourth defendant, Scott Chandler, promoted Bitcoin Funding Team and another deceptive cryptocurrency scheme, Jetcoin. Jetcoin also promoted a recruitment scheme and additionally promised investors a fixed rate of return on their initial bitcoin investments as a result of bitcoin trading. In a series of promotional calls, Chandler claimed Jetcoin participants could double their investment in 50 days. In reality, the FTC complaint alleges, the scheme failed to deliver on these claims and ceased operation within two months of launching.

In its complaint, the FTC charged that the defendants violated the FTC Act’s prohibition against deceptive acts by misrepresenting the chain referral schemes as bona fide money-making opportunities and by falsely claiming that participants could earn substantial income by participating in the three schemes.

As requested by the FTC, the court has issued a temporary restraining order and frozen the defendants’ assets pending trial.

The Commission vote authorizing the staff to file the complaint was 2-0. The complaint was filed in the U.S. District Court for the Southern District of Florida.

NOTE: The Commission files a complaint when it has “reason to believe” that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. The case will be decided by the court.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
16 Mar 2018, 11:00pm AEDT

FTC Adds Requirements to 2014 Order to Remedy CoreLogic Inc.’s Compliance Deficiencies

The Federal Trade Commission today announced that it will modify an order entered in 2014 against CoreLogic, Inc., a California-based company that provides real estate data and analytics, including national assessor and recorder data, known as bulk data.

CoreLogic agreed to the 2014 order to resolve Commission concerns about CoreLogic’s acquisition of DataQuick Information Systems, Inc. The Commission alleged that the proposed acquisition would significantly reduce competition in the market for national bulk data in violation of the federal antitrust laws. To resolve that concern, CoreLogic agreed to divest bulk data and information used by DataQuick to Renwood RealtyTrac LLC and provide other support so that RealtyTrac could replace DataQuick as a competitor in the national bulk data market.

The Commission explains in its Agreement Containing Order to Show Cause and Order Modifying Order that its modifications and additions to the 2014 order are necessary for CoreLogic to address deficiencies in its compliance with the order. The Commission alleges that CoreLogic did not provide all of the required data and information by the deadlines in the order. CoreLogic also did not adequately identify and provide to RealtyTrac the full scope of bulk data and information DataQuick used in the bulk data market. CoreLogic disputes the allegations but has entered into the consent with the Commission under which the Commission is issuing an Order Modifying Order amending the 2014 order and adding two detailed addendum: a Service Level Addendum and Technical Transfer Plan.

Under the modified order the Commission is requiring CoreLogic to provide bulk data to RealtyTrac for an additional three years beyond the term of the 2014 order; thus until at least 2022. The added Service Level Addendum and Technical Transfer Plan make clear and particularize CoreLogic’s obligations to RealtyTrac. The Service Level Addendum adds quality metrics and service requirements. The Technical Transfer Plan adds requirements for transferring data and information to RealtyTrac.

Further details about the modified order are set forth in the analysis to aid public comment for this matter.

The Commission vote to accept the Agreement Containing Order to Show Cause and Order Modifying Order for public comment was 1-0-1, with Commissioner McSweeny not participating by reason of recusal. The FTC will publish the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through April 16, 2018, after which the Commission will determine whether it should withdraw, modify, or make the Consent Agreement final. Comments can be filed electronically or in paper form by following the instructions in the “Supplementary Information” section of the Federal Register notice.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about how competition benefits consumers or file an antitrust complaint. Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
15 Mar 2018, 11:00pm AEDT

Special Committee announces the appointment of Michael McEvoy as Information and Privacy Commissioner for BC

Special Committee Chair Doug Routley has announced the appointment of Michael McEvoy as Information and Privacy Commissioner for BC.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
6 Mar 2018, 7:00am AEDT

Handling health information of intersex individuals

The Intersex Trust Aotearoa New Zealand (ITANZ) recently approached our office for advice on an issue faced by many intersex people in New Zealand. ITANZ is part of an intersex advocacy movement and works to improve awareness, information, education and training about intersex people.

ITANZ raised the issue that some intersex people struggle to access their medical records. In some cases, this might be because the records had been destroyed or were no longer available. Retention of and access to medical records is a legal requirement - not just for intersex individuals but for everyone, no matter their medical history.

Intersex people are defined as people with variations in sex characteristics, who are born with one of many conditions where their sexual anatomy or their chromosomes or hormones are not the standard male or female.

The recommended medical approach in the latter half of the twentieth century was to treat patients with ‘normalisation’ procedures, including surgery, and to raise the individual according to their normalised sex, often without providing full information to the patient as they grew up.

Over the past 15-20 years, leading health professionals internationally have advocated for talking with children and young people in age-appropriate ways about their diagnosis and any treatment they might have had. The extent to which this more open practice has been taken up in New Zealand seems to be variable, so some people will have grown up knowing about their diagnosis and treatment, while others will not.

Access to health information

In general, patients have a right to access their own personal information. This is no different for intersex people. Rule 6 of the Health Information Privacy Code (HIPC) requires that where a health agency holds health information in such a way that it can readily be retrieved, the individual concerned is entitled to have access to that information. Information can be withheld for a limited number of reasons such as when disclosure would likely prejudice that person’s physical or mental wellbeing.

Internationally-agreed ethical principles of practice for management of intersex disorders confirm that open communication with patients and families is essential, and the process of disclosure should be planned with parents from the time of diagnosis. However, a significant hurdle some intersex people have experienced is that the health professions have not retained the medical records of those early life procedures.  

Retention of health information

The HIPC governs storage and security, access, and retention of health information. Rule 9 requires that a health agency must not keep that information for longer than is required for the purposes for which the information is used, but it also specifies that an agency can retain information if it is necessary or desirable for the purposes of providing health services to the individual concerned.

The HIPC must be read together with other legislation governing health records and medical ethical recommendations:

  • The Health (Retention of Health Information) Regulations require all health records to be kept for at least ten years from the last date of treatment or care.
  • The General Disposal Authority established by Archives New Zealand under the Public Records Act 2005 applies to public health records and requires DHBs to retain paediatric health care records for a minimum of 20 years from the date of care, or until the child has reached 25 years old.
  • The Medical Council of New Zealand also recommends that “retention of records for longer than the minimum of 10 years is recommended for children with significant problems or patients with conditions in paediatrics, psychiatry, obstetrics, and gynaecology, orthopaedics or other problems likely to persist in the long-term”.

Any retention policy should take into account the importance of not disposing of information before the individual has had opportunity to understand their situation and seek their records. We would also suggest that other treatment records, including non-surgical intervention, should as best practice be kept for an extended period of time at least until the patient is able to request access to their own records as an adult. Intersex patients may face issues related to their condition well into adulthood, which can only be understood and properly treated with access to and understanding of their full health information.

Difficulties in access

If intersex people face difficulty accessing their medical information or health records, they can complain to the agency’s privacy officer or can bring their complaint to our office for resolution.

Image credit: Chromosomes 1 by Zappys Technology Solutions.

Office of the Privacy Commissioner, New Zealand
Source: Blog
2 Mar 2018, 8:02am AEDT

The Notifiable Data Breaches scheme commences today

Australian Government agencies and the various organisations required to secure personal information under the Privacy Act 1988 (Privacy Act) now have data breach notification and assessment obligations under the Notifiable Data Breaches (NDB) scheme.

Office of the Australian Information Commissioner
Source: News - OAIC
22 Feb 2018, 4:49am AEDT

Data breach preparation and response guide released

Office of the Australian Information Commissioner
Source: News - OAIC
19 Feb 2018, 10:58pm AEDT

Information Management, Technology and the Future of Democratic Accountability

My work as a historian would not have been possible without the archivists who preserved, conserved, catalogued, stored and retrieved the documents that were my source material. I am delighted to have another opportunity share some of my experience as a historian to put into perspective the importance of information management and democratic accountability.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
17 Feb 2018, 7:00am AEDT

Privacy Act turns 25

This year we mark a milestone in privacy law in New Zealand. On 5 May 1993, the Privacy Act was passed in Parliament with the complete support of the country’s political parties.

At the time, it was the first national information privacy law outside Europe to apply to both the public and private sectors. It did not, as some had predicted, paralyse business. It did not, as others had predicted, curtail the news media in reporting news.

Five years after its enactment, Assistant Privacy Commissioner Blair Stewart described the new statute in Necessary and Desirable: Privacy Act 1993 Review as a privacy law more comprehensive than any outside Europe and a ground-breaking piece of legislation. It had a set of information privacy principles (based on the privacy framework adopted by the OECD in 1980) and it established a national privacy commissioner.

Within a few short years, the Act notably advanced the privacy rights of individuals in New Zealand.

The new law gave New Zealanders the right to access their own medical records outside the public health system* which, at the time, was not a right individuals had in most parts of Australia and North America. It enabled New Zealanders to seek the correction of information held on credit reporting agencies’ files, if it happened to be inaccurate or wrong. Prior to the Privacy Act coming into law, there was no right even to see that information.

New Zealanders were also given the right to access information about them on their employer’s personnel files. While this had been a right public sector employees had since the 1980s, the Privacy Act extended it to include all employees.

The Act gave people a clear avenue for a privacy complaint. The Privacy Commissioner provided a simple mechanism with an ombudsman-like investigation into complaints and a non-adversarial approach.

Now, a quarter of a century later, we might view the Privacy Act with a degree of routine complacency, as a piece of legislation that has been around long enough not to be curious about its origins. But given the Privacy Act’s ‘silver jubilee’ year, we think it is time to mark the important role it plays in human rights protections in New Zealand.


During the 1960s and 1970s, people became increasingly concerned about privacy against a backdrop of the anti-Vietnam war protests, Cold War paranoia, and the perceived threat of larger computer databanks.

The concern continued on into the 1980s where significant efforts were made at international privacy standard setting and legislative developments to provide adequate protection to privacy. The approach of 1984 prompted a surge of interest in George Orwell’s dystopian novel of the same name and prompted many commentators and pundits to reflect on the technological challenges to individual privacy.

As a forerunner to the Privacy Act and as a response by lawmakers to concerns about the centralised collection of citizen data, New Zealand enacted the Wanganui Computer Centre Act 1976. This pioneering law was notable for being both New Zealand’s first data protection law and the nation’s first freedom of information law. Through it, individuals had the right to access to information held about them on the Wanganui computer – a database accessible by the justice sector and law enforcement agencies.

The 1990s arrived and we saw technological advances undreamed of by Orwell with the worldwide linking of computers, the electronic tracking of consumers and citizens through to global surveillance from orbiting satellites.

It was in this advanced technological age New Zealand’s Privacy Act was enacted. The Privacy Commissioner is an independent official. The information privacy principles apply to all agencies in the public and private sectors and govern the collection, holding, use and disclosure of personal information. Individuals have certain rights under the Act, including a way to seek redress for an interference with privacy.

Present and future

Up to now, the Privacy Act has provided a workable framework for addressing a range of privacy issues. But technology will not stand still. Nor will the demands and expectations of New Zealanders. Internationally, the European Union’s General Data Protection Regulation (GDPR) takes effect in May 2018 and this will have widespread implications on the rules that govern global data flows.

The government in New Zealand has moved to update New Zealand’s 25 year old Privacy Act. These changes can be traced back to the Law Commission’s review of the Privacy Act in 2011.

The Ministry of Justice, which is responsible for the proposed legislation, has indicated that a Bill amending the current Act is currently being drafted. The Ministry says reforms to the Act will better protect people’s personal information and help ensure businesses and organisations that hold such data safeguard and handle it appropriately. The proposals include stronger powers for the Privacy Commissioner, mandatory reporting of privacy breaches, new offences and increased fines. In particular, the reforms aim to encourage private and public sector agencies to identify risks and prevent incidents that could cause harm.

The law reform process is the culmination of many years of preparatory work by the Law Commission and the Office of the Privacy Commissioner.

In the meantime, it’s a cause for celebration that our privacy law, in its current form, has helped thousands of New Zealanders get access to their information, resolve their privacy issues and raised privacy bar among hundreds of businesses and organisations.

*The right to access records held by public hospitals had been in place since 1987.


Office of the Privacy Commissioner, New Zealand
Source: Blog
16 Feb 2018, 2:04pm AEDT

Next week — government agencies and businesses must notify you of serious data breaches

In one week, the Notifiable Data Breaches (NDB) scheme comes into force. The scheme mandates that Australian Government agencies and businesses with obligations under the Privacy Act 1988 (Privacy Act) must notify you if you are likely to be at risk of serious harm because of a data breach.

Office of the Australian Information Commissioner
Source: News - OAIC
15 Feb 2018, 3:33am AEDT

Advice for doctors when there’s a complaint

If you work in a small practice or medical centre, there’s every chance you may not have received many requests for personal information from patients. The starting point is to know that the Privacy Act gives people the right to make a request for information that is about them.

Under the Privacy Act, your practice is legally obligated to respond to that request within 20 working days and to provide the information requested, although the law does allow reasons for withholding the information.

Giving access to information can take several forms. It can mean giving a copy of a document; giving a reasonable opportunity to look at a document, or listen to or view a recording; giving a summary of the information; providing a transcript; or giving the information orally – depending on the requester’s preference.

Pointers for responding to a complaint

But here’s the thing. Failing to respond to a request for personal information can result in a complaint from the requester to the Privacy Commissioner. We hope this never happens to you but in case it does, here are some pointers on how best to engage with us.

  1. The first thing to do is talk to us and to tell us what you know about the complaint and the information that’s requested. Our aim is to try and resolve the matter to the satisfaction of both parties – the complainant and the respondent (your practice). Be nice to us because we’re only doing our jobs. We are not advocates for the complainant.
  2. The second thing to observe is timeliness. Respond as promptly as you can to our requests for information. No one wins in a protracted complaints dispute. If a complaint drags on, it can become stressful, tiring and expensive for your practice and the complainant. There are many benefits in resolving a complaint to prevent it becoming a case before the Human Rights Review Tribunal. This can be an even longer and more costly process and, in the end, the Tribunal could well decide in favour of the complainant and against your practice.
  3. The third point is to remember that our goal is to resolve, not to punish. We’re here to mediate and we do this in a number of ways. One of the techniques we use is to call conferences between both parties, but we’d rather keep things less formal  and resolve them quickly, without a situation escalating.

Tell us in confidence

  1. In order for us to review your decision to withhold information from a requester, we will almost always need to see the information.
  2. When you send us the information, what we are doing is reviewing it to see if we agree with your reasons for not handing it over to the requester.
  3. We are not allowed to disclose the information that is being reviewed and we do not disclose the information.

However, when you give us information to review, it will help us if you can tell us clearly what information is being withheld and the reasons why your practice wants to withhold it.

One example is whether to disclose information about a child to a non-custodial parent. While section 22 of the Health Act permits parents and guardians to request their child’s health information, a health agency, such as a GP, can withhold health information where:

  • the child does not want the information to be disclosed;
  • it would not be in the child's best interests to disclose the information; or
  • one of the other withholding grounds in the Privacy Act applies.

Looking ahead

We have many resources to help medical practices comply with the Privacy Act. Our website has tools such as AskUs – our online privacy FAQs, the Priv-o-matic privacy statement generator, as well as our free online privacy training modules. We have a range of health brochures (in English and Te Reo). All of these are designed to be used to help make privacy easy.

A starting point is to familiarise yourself with our Quick Tour of the Privacy Principles. It may also be a good idea to display it in the administrative area of your practice to help colleagues and employees understand the obligations and responsibilities that come with holding personal information. This way, when you have an encounter with a privacy issue, you’ll know where to start. And if you need to know more, ask us.

Originally published in NZ Doctor (31 January 2018)

Image credit: Blue and silver stethoscope via Pexels


Office of the Privacy Commissioner, New Zealand
Source: Blog
13 Feb 2018, 7:23am AEDT

Use of video surveillance by local governments

In recent weeks many local governments have reported plans to implement video surveillance in public spaces, on a scale that would be unprecedented in BC. Richmond plans to spend over $2 million to deploy video surveillance throughout the city and Terrace plans to install surveillance in its public parks. The City of Kelowna – which already has CCTV in place – plans to hire employees to monitor their surveillance cameras continuously, in real time.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
8 Feb 2018, 7:00am AEDT

PCPD Joins Hands with Members of the Asia Pacific Privacy Authorities to Promote Privacy Awareness

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
29 Apr 2016, 10:00am AEST

A Community Service Order was imposed on an Insurance Agent for Using Personal Data in Direct Marketing without Consent

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
25 Apr 2016, 10:00am AEST