About the IAPP

Rita Heimes, CIPP/E, CIPP/US, CIPM

IAPP

General Counsel, DPO

(603) 427-9212
rheimes@iapp.org

Rita Heimes is Research Director at the International Association of Privacy Professionals, where she also serves as the in-house Data Protection Officer. Rita is an attorney and academic with many years of experience in the fields of privacy, information security and intellectual property law. In her role as Research Director at the IAPP, Rita helps to promote the privacy profession through empirical and qualitative research on privacy functions globally as well as through outreach to academic institutions developing the next generation of privacy and security professionals. As the DPO, Rita facilitates and oversees the IAPP’s data protection policies and practices.

Prior to joining the IAPP, Rita was a law professor and academic dean at the University of Maine School of Law, where she directed the Center for Law + Innovation and developed the nation’s first Privacy Pathways program and one of the first intellectual property clinics. She also spent many years in private practice with law firms in Seattle, Boulder and Portland (Maine). Rita remains an active scholar, and still coordinates and teaches in the Information Privacy Summer Institute at Maine Law. 

 

Contributions by Rita Heimes

• Privacy Governance in 2019: A Report on Leading Practices
  Speaker at IAPP Europe Data Protection Congress 2019
• Privacy Governance in 2019: A Report on Leading Practices
  Speaker at IAPP Privacy. Security. Risk. 2019
• Data scraping and the implications of the latest LinkedIn-hiQ court ruling
  Privacy Tracker
• GDPR one year later: Looking backward and forward
  Women Leading Privacy
• Are Businesses Ready for the CCPA? See the Survey Results
  Speaker at Global Privacy Summit 2019
• How opt-in consent really works
  DPO Confessional
• An Introduction to the California Consumer Privacy Act
  Speaker at IAPP Europe Data Protection Congress 2018
• Looking Beyond the GDPR: What Is the Future of Privacy?
  Moderator at IAPP Europe Data Protection Congress 2018
• Top 10 Operational Responses to the GDPR
  Author
• Data Deletion Day
  DPO Confessional
• Top 5 Operational Impacts of CaCPA
  Speaker at Privacy. Security. Risk. 2018
• Latest CJEU opinion may illuminate personal data risks
  Privacy Tracker
• Top 5 Operational Impacts of the CCPA: Part 3 - Responding to consumers’ personal information access requests
  The Privacy Advisor
• Cookies and consent at the IAPP
  DPO Confessional
• Top 5 Operational Impacts of the CCPA: Part 1 — Determining if you’re a business collecting or selling consumers’ personal information
  The Privacy Advisor
• New California privacy law to affect more than half a million US companies
  The Privacy Advisor
• Constitution v Congress: Carpenter v United States
  Privacy Tracker
• DPO Confessional: The prep for GDPR Day
  DPO Confessional
• DPO Confessional: Think globally, but direct market locally
  DPO Confessional
• Hoping to become a Privacy Law Specialist? Applications open today
  The Privacy Advisor
• Privacy Bar Section Forum Scholarship Presentation and Closing Remarks
  Speaker at IAPP Privacy Bar Section Forum 2018
• Privacy Law Specialist Q&A
  Speaker at Global Privacy Summit 2018
• Top 10 Operational Responses to the GDPR – Part 9: Vetting and contracting with processors
  Westin Research Center
• Top 10 Operational Responses to the GDPR – Part 5: Preparing and implementing data-retention and record-keeping policies and systems
  Westin Research Center
• Top 10 Operational Responses to the GDPR – Part 3: Build and maintain a data governance system
  Westin Research Center
• Top 10 operational responses to the GDPR: Data inventory and mapping
  Westin Research Center
• Explaining the GDPR to an American
  DPO Confessional
• White Paper – The Top 10 Operational Impacts of the EU’s General Data Protection Regulation
  
• Responding to subject access requests
  DPO Confessional
• Making a (privacy) statement
  DPO Confessional
• Privacy Training from Top to Bottom
  Moderator at Privacy. Security. Risk. 2017
• When is a vendor a processor?
  DPO Confessional
• Checking that pesky 'data mapping' box
  DPO Confessional
• The case of the unsolicited email
  DPO Confessional
• The IAPP DPO: Countdown to May 2018
  DPO Confessional
• So We Have Brexit: What Now for Data Protection?
  Moderator at Global Privacy Summit 2017
• WP29 releases guidance on DPOs, data portability, one-stop shop
  Privacy Tracker
• US appeals court narrows FTC's 'unfair' standard in LabMD case
  Westin Research Center
• Using Technology and Data for Change: Laws, Ethics and Social Norms
  Moderator at IAPP Europe Data Protection Congress 2016
• Study: GDPR’s global reach to require at least 75,000 DPOs worldwide
  The Privacy Advisor
• IAPP one step away from ‘Privacy Law Specialist’ designation in 2017
  The Privacy Advisor
• Web Conference - Top 10 Operational Impacts of the GDPR
  Privacy Bar Section
• So We Have Brexit: What Now for Data Protection?
  Moderator at Privacy. Security. Risk. 2016
• Models for Privacy and Security Education and Workforce Development
  Speaker at Privacy. Security. Risk. 2016
• The US government wants privacy pros: Time to act on it
  Privacy Perspectives
• Unpacking Spokeo v. Robins
  Privacy Tracker
• Study: At least 28,000 DPOs needed to meet GDPR requirements
  The Privacy Advisor
• Should states be more aggressive in privacy regulation and enforcement?
  The Privacy Advisor
• Top 10 operational impacts of the GDPR: Part 9 - Codes of conduct and certifications
  Westin Research Center
• Top 10 operational impacts of the GDPR: Part 5 - Profiling
  Westin Research Center
• Top 10 operational impacts of the GDPR: Part 2 - The mandatory DPO
  Westin Research Center
• Top 10 operational impacts of the GDPR: Part 1 – data security and breach notification
  Westin Research Center
• Member of Research Advisory Board 2016 - 2025