About the IAPP

Rita Heimes, CIPP/E, CIPP/US, CIPM

IAPP

General Counsel, DPO

(603) 427-9212
rheimes@iapp.org

Rita Heimes is the IAPP’s General Counsel and privacy officer/DPO. Prior to joining the IAPP as its first Research Director in 2015, Rita was a law professor and academic dean at the University of Maine School of Law, where she directed the Center for Law + Innovation and developed the nation’s first Privacy Pathways program. She also worked in private practice with law firms in Seattle, Boulder and Portland, ME. She has a BA in Journalism from the University of Iowa and a JD from Drake University School of Law. 

Contributions by Rita Heimes

• Privacy Governance in 2019: A Report on Leading Practices
  Speaker at IAPP Europe Data Protection Congress 2019
• Privacy Governance in 2019: A Report on Leading Practices
  Speaker at IAPP Privacy. Security. Risk. 2019
• Data scraping and the implications of the latest LinkedIn-hiQ court ruling
  Privacy Tracker
• GDPR one year later: Looking backward and forward
  Women Leading Privacy
• Are Businesses Ready for the CCPA? See the Survey Results
  Speaker at Global Privacy Summit 2019
• How opt-in consent really works
  DPO Confessional
• An Introduction to the California Consumer Privacy Act
  Speaker at IAPP Europe Data Protection Congress 2018
• Looking Beyond the GDPR: What Is the Future of Privacy?
  Moderator at IAPP Europe Data Protection Congress 2018
• Top 10 Operational Responses to the GDPR
  Author
• Data Deletion Day
  DPO Confessional
• Top 5 Operational Impacts of CaCPA
  Speaker at Privacy. Security. Risk. 2018
• Latest CJEU opinion may illuminate personal data risks
  Privacy Tracker
• Top 5 Operational Impacts of the CCPA: Part 3 - Responding to consumers’ personal information access requests
  The Privacy Advisor
• Cookies and consent at the IAPP
  DPO Confessional
• Top 5 Operational Impacts of the CCPA: Part 1 — Determining if you’re a business collecting or selling consumers’ personal information
  The Privacy Advisor
• New California privacy law to affect more than half a million US companies
  The Privacy Advisor
• Constitution v Congress: Carpenter v United States
  Privacy Tracker
• DPO Confessional: The prep for GDPR Day
  DPO Confessional
• DPO Confessional: Think globally, but direct market locally
  DPO Confessional
• Hoping to become a Privacy Law Specialist? Applications open today
  The Privacy Advisor
• Privacy Bar Section Forum Scholarship Presentation and Closing Remarks
  Speaker at IAPP Privacy Bar Section Forum 2018
• Privacy Law Specialist Q&A
  Speaker at Global Privacy Summit 2018
• Top 10 Operational Responses to the GDPR – Part 9: Vetting and contracting with processors
  Westin Research Center
• Top 10 Operational Responses to the GDPR – Part 5: Preparing and implementing data-retention and record-keeping policies and systems
  Westin Research Center
• Top 10 Operational Responses to the GDPR – Part 3: Build and maintain a data governance system
  Westin Research Center
• Top 10 operational responses to the GDPR: Data inventory and mapping
  Westin Research Center
• Explaining the GDPR to an American
  DPO Confessional
• White Paper – The Top 10 Operational Impacts of the EU’s General Data Protection Regulation
  
• Responding to subject access requests
  DPO Confessional
• Making a (privacy) statement
  DPO Confessional
• Privacy Training from Top to Bottom
  Moderator at Privacy. Security. Risk. 2017
• When is a vendor a processor?
  DPO Confessional
• Checking that pesky 'data mapping' box
  DPO Confessional
• The case of the unsolicited email
  DPO Confessional
• The IAPP DPO: Countdown to May 2018
  DPO Confessional
• So We Have Brexit: What Now for Data Protection?
  Moderator at Global Privacy Summit 2017
• WP29 releases guidance on DPOs, data portability, one-stop shop
  Privacy Tracker
• US appeals court narrows FTC's 'unfair' standard in LabMD case
  Westin Research Center
• Using Technology and Data for Change: Laws, Ethics and Social Norms
  Moderator at IAPP Europe Data Protection Congress 2016
• Study: GDPR’s global reach to require at least 75,000 DPOs worldwide
  The Privacy Advisor
• IAPP one step away from ‘Privacy Law Specialist’ designation in 2017
  The Privacy Advisor
• Web Conference - Top 10 Operational Impacts of the GDPR
  Privacy Bar Section
• So We Have Brexit: What Now for Data Protection?
  Moderator at Privacy. Security. Risk. 2016
• Models for Privacy and Security Education and Workforce Development
  Speaker at Privacy. Security. Risk. 2016
• The US government wants privacy pros: Time to act on it
  Privacy Perspectives
• Unpacking Spokeo v. Robins
  Privacy Tracker
• Study: At least 28,000 DPOs needed to meet GDPR requirements
  The Privacy Advisor
• Should states be more aggressive in privacy regulation and enforcement?
  The Privacy Advisor
• Top 10 operational impacts of the GDPR: Part 9 - Codes of conduct and certifications
  Westin Research Center
• Top 10 operational impacts of the GDPR: Part 5 - Profiling
  Westin Research Center
• Top 10 operational impacts of the GDPR: Part 2 - The mandatory DPO
  Westin Research Center
• Top 10 operational impacts of the GDPR: Part 1 – data security and breach notification
  Westin Research Center
• Member of Research Advisory Board 2016 - 2025