Skip to main content
You are here: News


The following news feed provides an overview of the current activities and news from APPA members.

The articles on this page are updated regularly from members’ news and media pages. If you have any questions or concerns about the content contained in the articles, please contact the respective member. You can locate members’ details underneath each article or on our Contact us page.

FTC Requires Sherwin-Williams to Divest Assets as a Condition of Acquiring Valspar

Sherwin Williams will sell Valspar’s industrial wood coatings business to Axalta Coating Systems Ltd.

The Sherwin-Williams Company has agreed to settle Federal Trade Commission charges that its proposed $11.3 billion acquisition of Valspar Corporation is likely anticompetitive by selling Valspar’s North America Industrial Wood Coatings Business to Axalta Coating Systems Ltd. The transaction would combine Sherwin-Williams and Valspar, two of the top three industrial wood coatings manufacturers.

According to the complaint, the acquisition as originally proposed likely would reduce competition in the North American market for industrial wood coatings used to make furniture, kitchen cabinets, and building products. The complaint alleges that the combined firm would be likely to exercise unilateral market power, and that the combined firm and the other remaining competitors would compete less aggressively against each other.

Industrial wood coatings, which include stains, topcoats, and sealants, provide higher resistance to abrasion and water than consumer wood coatings, and are often sold to wood-products manufacturers along with on-site technical assistance. Because consumers and builders value the appearance of finished wood, there is no economically viable substitute for industrial wood coatings, according to the complaint. Barriers to entry for new suppliers of industrial wood coatings are high, because of both the large capital costs needed to build a high-volume industrial wood coatings plant, and the reluctance of customers to switch to unproven new suppliers.

Under the terms of the consent agreement, Sherwin-Williams will divest to Axalta two Valspar industrial wood coatings plants, one in High Point, North Carolina, and the other in Cornwall, Ontario. Axalta will also receive the research and development facilities, warehouses and testing facilities of Valspar’s Industrial Wood Coatings Business, as well as customer contracts, intellectual property, inventory, accounts receivable, government licenses and permits, and business records. The consent agreement limits Sherwin-Williams’s use of, and access to, confidential business information pertaining to the divestiture assets.

As one of the leading suppliers of coatings to large automotive and industrial original equipment manufacturers, Axalta is well positioned to operate these assets as an effective competitor that will maintain competition in the markets that would otherwise be affected by the merger.

Further details about the consent agreement – which appoints a monitor to oversee the implementation of the relief and allows the Commission to appoint a divestiture trustee as may be required – are set forth in the analysis to aid public comment for this matter.

The Commission vote to issue the complaint and accept the proposed consent order for public comment was 2-0. The FTC will publish the consent agreement package in the Federal Register shortly. The agreement will be subject to public comment for 30 days, beginning today and continuing through June 27, 2017, after which the Commission will decide whether to make the proposed consent order final. Comments can be filed electronically or in paper form by following the instructions in the “Supplementary Information” section of the Federal Register notice.

NOTE: The Commission issues an administrative complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. When the Commission issues a consent order on a final basis, it carries the force of law with respect to future actions. Each violation of such an order may result in a civil penalty of up to $40,654.

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about how competition benefits consumers or file an antitrust complaint. Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
26 May 2017, 10:00pm AEST

FTC Approves Final Order and Consent Agreement with American Guild of Organists

Following a public comment period, the Federal Trade Commission has approved a final order and consent agreement in which the American Guild of Organists agreed to eliminate rules that restrict its members from competing for opportunities to perform.

Announced in March 2017, the agreement between the FTC and the American Guild of Organists resolves the agency’s complaint that the guild’s rules restrained competition and harmed consumers in violation of the FTC Act. Under the guild’s code of ethics, if a consumer wished to have someone other than an “incumbent musician” play at a venue for a wedding, funeral or other service, the consumer was required to pay both the incumbent and the consumer’s chosen musician. The guild also developed and publicized compensation schedules and formulas, and instructed its chapters and members to develop and use regionally applicable versions to determine charges for their services.

The order requires the American Guild of Organists to stop restraining its members from soliciting work as musicians, and to stop issuing compensation schedules, guidance, or model contract provisions for members to use to determine their compensation. The guild must implement an antitrust compliance program, and is required under the order to stop recognizing chapters that fail to certify their compliance with the order’s provisions. The Commission recognizes the guild for taking steps to promptly comply with the proposed order and discontinue the identified practices at the earliest feasible time.

The Commission vote approving the final order was 2-0. (FTC File No. 141 0194; the staff contact is Karen A. Mills, Bureau of Competition, 202-326-2052.)

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about how competition benefits consumers or file an antitrust complaint. Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
26 May 2017, 10:00pm AEST

Introducing the APS Privacy Code

As part of an address to the AGS FOI and Privacy Forum on May 19, Commissioner Pilgrim outlined the reasons and aspirations behind the introduction of the APS Privacy Code.

Office of the Australian Information Commissioner
Source: News - OAIC
26 May 2017, 5:16am AEST

FTC Stops Operators of Unlawful Student Debt Relief and Credit Repair Scheme

FTC alleges defendants targeted consumers seeking to pay off student loans

The Federal Trade Commission charged the operators of a phony student loan debt relief and credit repair scheme with bilking millions of dollars from consumers by falsely promising to reduce or eliminate their student loan debt and offering them non-existent credit repair services.

At the FTC’s request, a federal court has temporarily halted the operation. The agency seeks to permanently stop the alleged illegal practices and obtain refunds for affected consumers.

“Consumers who paid Strategic Student Solutions for help with their student loans watched their situations go from bad to worse,” said Tom Pahl, Acting Director of the FTC’s Bureau of Consumer Protection. “The bottom line: never pay an up-front fee to a company promising to deliver debt relief.”

According to the FTC’s complaint, the operators of Strategic Student Solutions (SSS) and related companies lured student loan borrowers with promises such as “Payments as low as $0 Monthly” or “Save 60 percent or MORE on your monthly payment.”

According to the FTC’s complaint, SSS operators told the student loan borrowers they would be enrolled in a loan forgiveness or payment reduction program, and that their monthly payments would be applied to their loans. However, in many cases, consumers discovered that the defendants failed to enroll them in any loan forgiveness or payment reduction programs, and found out that none of their monthly payments were applied to their student loan debt.

In its complaint, the FTC also alleges that SSS operators falsely represented that they would provide credit repair services and improve consumers’ credit scores. In exchange for the promised debt relief and credit repair services, defendants charged illegal upfront fees of up to $1200 and monthly payments typically of $49.99.

The individual defendant, Dave Green, owner of SSS and the related entities, used corporate funds to pay for personal expenses such as jewelry, casino tabs, mortgage payments, luxury vehicles, clothing, and construction of a pool.

The defendants named in the complaint, Green and his companies—Strategic Student Solutions LLC, Strategic Credit Solutions LLC, Strategic Debt Solutions LLC, Strategic Doc Prep Solutions LLC, Student Relief Center LLC, and Credit Relief Center LLC—are charged with violating the Federal Trade Commission Act, the Telemarketing Sales Rule, and the Credit Repair Organizations Act.

The FTC appreciates the assistance provided by the Ohio Office of the Attorney General, the Florida Office of the Attorney General, the Florida Department of Agriculture and Consumer Services, and the Washington Office of the Attorney General in bringing this case. The Commission vote authorizing the staff to file the complaint was 2-0. The complaint was filed in the U.S. District Court for the Southern District of Florida.

To help make consumers aware of fraudulent debt relief services, the FTC offers advice about student loan debt relief, in English and Spanish. The FTC also offers a list of every company and person courts have banned from selling debt relief services as a result of FTC actions.

Consumers seeking to reduce their student loans should always contact the Department of Education for official guidance.

NOTE: The Commission files a complaint when it has “reason to believe” that the law has been or is being violated and it appears to the Commission that a proceeding is in the public interest. The case will be decided by the court..

The Federal Trade Commission works to promote competition, and protect and educate consumers. You can learn more about consumer topics and file a consumer complaint online or by calling 1-877-FTC-HELP (382-4357). Like the FTC on Facebook, follow us on Twitter, read our blogs and subscribe to press releases for the latest FTC news and resources.

Federal Trade Commission, United States
Source: Press Release Feed
25 May 2017, 10:00pm AEST

Trust and Transparency the focus of Privacy Awareness Week

The Office of the Information and Privacy Commissioner for BC, along with members of the Asia Pacific Privacy Authorities (APPA), will observe Privacy Awareness Week from May 15-21. This year’s theme, “Trust and Transparency,” will be highlighted in OIPC promotional materials, events, and activities throughout the week.

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
13 May 2017, 6:00am AEST

Should agencies leave no stone unturned?

Organisations sometimes get it wrong when they respond to a person’s request for their personal information. Information is sometimes lost, displaced or accidentally deleted. A recent privacy case dealt with by the Human Rights Review Tribunal considers when an organisation can call it quits when it comes to searching for personal information in responding to an access request.

In Yiasoumi v Attorney General [2017] NZHRRT12, Police were accused of breaching an individual’s privacy by concealing requested information.

Police investigation

The case unfolded when police officers arriving at a callout in a Wellington suburb in April 2013 found a man suffering from serious injuries. The victim, Yiasoumi Yiasoumi, was the landlord of the residential property where the attack took place. He told police officers he was visiting the address when he was set upon by unknown assailants who, without provocation, beat, kicked and choked him until he lost consciousness.

Mr Yiasoumi was accompanied to hospital by one of the police officers in an ambulance. Using his Police issued iPhone, the officer took four photos of the scene of the attack and, later at the hospital, two of Mr Yiasoumi’s heavily bandaged face. The officer who took the photos did not attach the ones of the victim’s injuries to the investigation file. Instead he stored them in his personal file in the system’s shared drive.

In an interview a few weeks later at the Lower Hutt Police Station, Mr Yiasoumi was informed Police had obtained CCTV footage of the incident and in it he was shown damaging the tyres of a vehicle owned by one of the people thought to be responsible for attacking him.

The detective in charge of the investigation told Mr Yiasoumi that Police could proceed with an assault complaint against one of the people but Mr Yiasoumi would also face charges of criminal damage. Faced with this dilemma, Mr Yiasoumi chose not to proceed with charges and did not make a statement. Police then closed the file.

But Mr Yiasoumi continued to be unhappy with the decision to close the case. One year and four months later, he made a request for the two photos of his injured face. He accused the detective in charge of creating a fictitious police report and concealing the photographs to prevent their use in an intended private prosecution against the officer for perverting the course of justice.

Police told Mr Yiasoumi they couldn’t comply with the request because staff were unable to find the photos in their File Management Centre, which is housed in Palmerston North. Mr Yiasoumi complained to the Privacy Commissioner that Police had breached his privacy by declining his access request and subsequently took his case to the Human Rights Review Tribunal.

Our investigation

In our investigation, we concluded there had been no breach of the Privacy Act because Police could not provide something they could not find - as set out in section 29(2)(b) of the Privacy Act. In hearing the case anew, the Tribunal also had to decide if Police had breached the Act in declining the request.  

Nevertheless, Police continued their inquiry into the question of whether photos had been taken at the hospital. When Mr Yiasoumi explained the photos had been taken by the uniformed police officer who accompanied him in ambulance, the photos were tracked down to the officer’s personal folder. Police explained they had no ability to search across such folders. As a result, due to human error, the File Management Centre did not have a record of the photos.

Tribunal decision

In its decision, the Human Rights Review Tribunal referred to Geary v Accident Compensation Corporation whereby in relying on section 29(2)(b), an agency must show that it made reasonable attempts to find the information. That search must not only be a reasonable one but also thorough and intelligent rather than mechanical.

The Tribunal concluded that section 29(2)(b) did not require an agency to apply unlimited resources to locate the requested information. While Police did carry out an exhaustive inquiry into the photographs, the Tribunal said a ‘no stone unturned’ inquiry is not the standard set by the Privacy Act.

Police were justified in refusing Mr Yiasoumi’s request under section 29(2)(b) on the grounds the information requested did not exist, or could not at the time be found. The Tribunal concluded there had been no interference with Mr Yiasoumi’s privacy. However, as a footnote, once the photos were eventually found, they were sent to Mr Yiasoumi.

When making a request

This case demonstrates the importance of being specific and giving context to your request. Agencies don’t have to expend unlimited resources looking for something - even when the request is really important to the individual. When making an access request, remember to:

  • be concise
  • give context
  • give details of who was involved and where you think they might have put the information; and
  • if appropriate, give reasons why you need the information.

Image credit: Creative Commons Licence via Pixabay

Office of the Privacy Commissioner, New Zealand
Source: Blog
10 May 2017, 7:13am AEST

What’s on this Privacy Awareness Week

Explore the latest privacy trends, issues, and solutions at one of our Privacy Awareness Week (PAW) events in Sydney or Canberra this May.

Office of the Australian Information Commissioner
Source: News - OAIC
10 May 2017, 4:38am AEST

Updated guidance on ‘personal information’

On 19 January, the Federal Court of Australia published its decision in the matter of Privacy Commissioner v Telstra, providing important guidance as to what is ‘personal information’ in terms of the Privacy Act 1988.

Office of the Australian Information Commissioner
Source: News - OAIC
8 May 2017, 6:58am AEST

BSA says media use of Facebook photos breached victims’ privacy

The Broadcasting Standards Authority (BSA) has ruled that TVNZ breached privacy standards in reporting on a fatal bus crash in 2016. The bus was carrying students and teachers from a Tongan school band who were visiting New Zealand to fundraise for their school.

Over 50 people were on board the bus when it crashed south of Gisborne on Christmas Eve, with three people killed and many injured in the accident. The 1 News item featured photos of two of the deceased victims and photos of the injured passengers, sourced from a public Facebook page for the Tongan community.

The BSA upheld a complaint that the use of the photographs breached the privacy standard of the Free-to-Air Television Code of Broadcasting Practice.

While photos on a publicly accessible Facebook page are generally regarded as in the public domain and available for use by broadcasters, broadcasters are not exempt from considering the privacy standard, particularly in sensitive circumstances involving grief and trauma. One person was shown in intensive care, ventilated and with bandaging to his face, and was not likely conscious at the time the picture was taken.

In making its finding, the BSA had to assess whether the patients were identifiable, whether the broadcast disclosed private information or material about them (this depends on whether a person has a reasonable expectation of privacy in relation to the information or material) and whether the disclosure was highly offensive from the perspective of an objective reasonable person.

The BSA was satisfied that the patients were identifiable in the photos. Although there is usually no reasonable expectation of privacy in relation to matters of public record, in some cases, there may be. In this particular case, the BSA considered the patients in the photos were in a particularly vulnerable situation and the images of their injuries, in connection with their involvement in a fatal accident, was sensitive information over which they would have had an expectation of privacy.

The BSA acknowledged that in times of trauma, it is important for the Tongan community, particularly the church community, to rally around the victims, their friends and family, and that one way this is done is through social media platforms that connect the community when family members are overseas. The BSA also noted that Tongan community Facebook groups often feature photos to support or honour those who have passed.

Nevertheless, the BSA decided that a public Facebook page connecting community members with a common bond is different to a national media platform. Broadcasting the images in a national news item widened the potential audience beyond the community for whom the images were shared. The use of the images was unreasonable given the patients’ highly vulnerable situation and it was unnecessary to show graphic imagery of the victims’ injuries, especially while unconscious. 

While the BSA determined there had been a breach of privacy, the authority acknowledged that the item was not overly sensationalised or demeaning to the people featured, and the photos were handled in a sensitive manner.

In the circumstances, the BSA felt, rather than making any orders, the most effective remedy was to issue the decision identifying the care needed when using social media content, particularly in sensitive circumstances. The BSA is undertaking research into views on privacy and social media, including views about broadcaster’s rights to access and republish social media content, to give guidance on the issues raised in this case.

Note: As news media organisations are exempt from the Privacy Act in relation to news activities, privacy complaints about broadcasters are handled by the BSA rather than by the Privacy Commissioner.

Image credit: Televisión Española testcard via Wikipedia

Office of the Privacy Commissioner, New Zealand
Source: Blog
1 May 2017, 3:02pm AEST

Celebrating Privacy Awareness Week 2017 in Singapore

The PDPC is participating in the global initiative by Asia Pacific Privacy Authorities and the Privacy Awareness Week (PAW) will be held in Singapore from 29 Apr - 5 May 2017.

The theme this year is "Share with Care" and the PDPC has arranged for a suite of activities to engage the public and organisations alike.

Please download the media document here:

Personal Data Protection Commission, Singapore
Source: Personal Data Protection Commission Singapore - Press Room
28 Apr 2017, 5:32pm AEST

Commissioner's US diary - part four

The International Working Group on Data Protection in Telecommunications is a bit of a mouthful, so it is shortened to “The Berlin Group,” referring to the Berlin Data Protection Office, which initiated the working group in 1983, and has provided its secretariat ever since.

It meets twice a year, once in Berlin, and once away, and this spring’s “away” meeting happened to coincide with the Global Privacy Summit.

The meeting begins with a round of “country reports”:

  • Korea reported that its courts had recognised individuals’ rights of access to personal information about them held by Google
  • The US reported that Vizio had settled a complaint that its TVs were collecting information about viewing habits.
  • Israel noted that its data breach notification law requires victims of breaches to notify the data protection authority which then determines whether the affected individuals should be notified  (a model New Zealand could look at).
  • Italy has been working with telecommunications providers to develop a system to get in touch with people during earthquakes (also lessons for New Zealand here).
  • Hungary reported that its data protection authority had been asked by the security services to audit its information systems.
  • The United Kingdom is considering the role Cambridge Analytica  played in influencing political engagement in the UK during the Brexit vote.

It is a genuine working group. Somehow 32 delegates from 20 data protection authorities, together with selected experts and advocates manage to work through quite complex papers to reach agreed positions on emerging privacy issues that connect with telecommunications. At this session we discussed papers on:

  • Privacy on e-learning platforms
  • Privacy issues in ICANN’s “new generation Registration Directory Service” (RDS)
  • Common position on governmental data requests for information held outside US territory
  • Firmware updates for IoT devices
  • Connected cars
  • Smart infrastructure/ cities
  • Smart TVs and privacy
  • Cyber bullying

New Zealand proposed a paper: “Towards International Principles or Instruments to Govern Intelligence Gathering”.  After input from Canada and Berlin, it was accepted at the same meeting it was proposed (reportedly only the second time in the last 10 years that a paper has done so, the other being New Zealand’s paper on Transparency Reporting in 2014). I’ll post about our paper, what it means, and what comes next, later.

Apple and differential privacy

Tuesday’s half day session began with a presentation from Apple on its “differential privacy” a mathematically and conceptually challenging system it has for getting the value of user data, without compromising privacy.

Did you ever wonder how your iPhone knew what emoji to suggest when you typed in that you were “pumped” about something? Me neither – I just made that up, but it is the kind of thing that might happen.

Your phone will contribute data to Apple’s analytics to improve predictive text, emoji recommendations or a range of other applications in ways which gives Apple very good information about trends (suddenly everyone is pumped, and using a fist emoji, for example) without collecting a creepy history of all your texts. It’s complicated. There is a differential privacy engine in your phone, which is the first filter. It’s only going to send information about a couple of autocorrects, or emojis each day. Those are hashed and randomized so that only really significant aggregate trends appear in Apple’s analytics – all the rest just drop off, or are seen as effectively statistical static.   And Epsilon had a lot to do with it. (OK - I didn’t really understand).

Department of Homeland Security

Our meeting concluded at 1pm, and at 2pm I met with the Privacy Officer, and Director of International Privacy Policy of the Department of Homeland Security.

I was interested in understanding the effect of President Trump’s Executive Order purporting to reverse privacy protections extended to non-US citizens and residents over many years. Section 14 of this executive order says

Sec. 14.  Privacy Act.  Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.  

Others had told me over the last week that the drafting leaves ambiguities which are difficult to interpret, but that the practical effect of the order might not be that significant for New Zealand travellers. Others had noted that as a matter of law, a discretion that exists in a statute could not be overridden by an Executive Order and, as such, section 14 might not be enforceable.

My contacts at DHS were, as you would expect, professional, neutral and circumspect. They did note that it would be open to New Zealand to seek inclusion in the Judicial Redress Act, which is the basis under which Europeans continue to enjoy the benefits of access to remedies, including Privacy Act protections. That is something worth pursuing, and which I will look into when I get back.

The other question I had was, do New Zealanders have to give over social media account details, and passwords, when they enter the States, as some have reported? Once again – this seems to have been the topic of some panic and misreporting, since the idea was first floated by the Secretary of Homeland Security at a House Homeland Security Committee hearing on February 7, 2017.

The answer is (at this stage) “No”. Social media account information is sought on an “optional” basis on visa forms, but is not required. There is no policy requiring social media account details, or passwords, and as part of the process of assessing any such proposal the DHS would undertake a full privacy impact assessment, like this one.

All options would be on the table were such a policy to be considered. The Secretary’s comments were prompted by concerns that border officials might not have an equal quality of information about citizens from all countries. 

The policy to require further information as a condition of entry might only apply to those countries for which the US authorities do not have good arrangements in place already, or could involve exempting “visa exempt” countries from any such requirement, which would include New Zealand.  At this stage, there seems to be no basis for New Zealanders to delete their accounts, or be overly concerned about border officials asking to review social media history.

That being said, if you have any problems at the border, and feel aggrieved by being delayed or subjected to extra screening, you are entitled to file a complaint or enquiry via the DHS TRIP Programme.

It’s been a packed and intense schedule, and I’m looking forward to heading home tomorrow. See you next week!

Image credit: Tara Siuk via Flickr

Office of the Privacy Commissioner, New Zealand
Source: Blog
27 Apr 2017, 8:17am AEST

Commissioner to audit ICBC information sharing agreements

Acting Information and Privacy Commissioner Drew McArthur has determined that the office will audit information sharing agreements of the Insurance Corporation of British Columbia (ICBC).

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
24 Feb 2017, 7:00am AEDT

Privacy and Security in Health Care

Presentation delivered via Skype

Office of the Information and Privacy Commissioner, British Columbia
Source: OIPC News and Events
10 Feb 2017, 7:00am AEDT

Good Data Protection Policies Enhance Trust in HR Consultancy

Personal Data Protection Commission, Singapore
Source: Personal Data Protection Commission Singapore - Press Room
7 Dec 2016, 1:00pm AEDT

Data Protection by Design Cornerstone of Market Research Firm's PDPA Compliance

Personal Data Protection Commission, Singapore
Source: Personal Data Protection Commission Singapore - Press Room
30 Nov 2016, 12:00pm AEDT

PCPD Joins Hands with Members of the Asia Pacific Privacy Authorities to Promote Privacy Awareness

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
29 Apr 2016, 10:00am AEST

A Community Service Order was imposed on an Insurance Agent for Using Personal Data in Direct Marketing without Consent

Office of the Privacy Commissioner for Personal Data, Hong Kong
Source: Office of the Privacy Commissioner for Personal Data
25 Apr 2016, 10:00am AEST