About the IAPP

Caitlin Fennessy, CIPP/US

IAPP

Research Director

+16034279200 X401
caitlin@iapp.org

Caitlin Fennessy is the Research Director at the International Association of Privacy Professionals. Caitlin also leads the IAPP’s privacy engineering initiative and serves as an in-house privacy expert. 

Prior to joining the IAPP, Caitlin was the Privacy Shield Director at the U.S. International Trade Administration. Caitlin joined ITA in 2009 and spent the next ten years working on international privacy and cross-border data flow policy issues. Caitlin served an adjunct professor of international privacy law at the University of Maine School of Law in 2016 and 2015 and at the University of New Hampshire School of Law in 2014. Before her time at ITA, Caitlin worked in the National Security Division of the Office of Management and Budget and with the U.S. Senate Foreign Relations Committee. 

Caitlin has a master’s degree in public affairs from Princeton University and a bachelor’s degree in social policy from Northwestern University.

Contributions by Caitlin Fennessy

• 'Schrems II' DPA investigations and enforcement: Lessons learned
  Westin Research Center
• The Irish High Court judgment on EU-US data flows
  Westin Research Center
• How Google and Apple are shaking up adtech
  Westin Research Center
• Data Protection Officer Requirements by Country
  
• Data transfers: Questions and answers abound, yet solutions elude
  Westin Research Center
• Top-10 operational impacts of the CPRA: Part 6: Service providers, contractors and third parties
  Westin Research Center
• Summary of CPRA Contractual Obligations
  
• 2021 Data Privacy Predictions
  Speaker at Virtual Bristol KnowledgeNet: 27 January 2021
• Building Trust — Charting the Path Forward for Privacy in a Post-COVID-19 World
  Web Conference Speaker
• Cyber Risk, Breaches and Security in 2021
  Web Conference Speaker
• Biden appoints Christopher Hoff to oversee Privacy Shield talks
  Westin Research Center
• A Delicate Balance Part II: Regulatory Pressures vs. Consumer Privacy Attitudes
  Web Conference Speaker
• Raising The Privacy Standard
  Speaker at Virtual Melbourne KnowledgeNet: 1 October 2020
• New EU SCCs: A modernized approach
  Westin Research Center
• A breakdown of EDPB's recommendations for data transfers post-'Schrems II'
  Westin Research Center
• Top-5 operational impacts of Brazil’s LGPD: Part 3 — International transfers
  Westin Research Center
• Privacy Leaders’ Views — The Impact of COVID-19 on Privacy Priorities, Practices and Programs
  
• White Paper – The Skill Set Technologists Need to Implement a Privacy Risk Management Framework
  
• Raising The Privacy Standard
  Speaker at Virtual Melbourne KnowledgeNet: 1 October 2020
• Speaker at IAPP Privacy. Security. Risk. 2020 - Canceled
• Practical aspects of the 'Schrems II' decision
  Speaker at Virtual Bristol and London Joint KnowledgeNet: 10 September 2020
• Dual Literacy in Privacy and Security — A Guide for Infosec Professionals
  Speaker at IAPP Summit Sessions 2020 Online
• The Schrems II Decision: The Day After
  Moderator at IAPP Summit Sessions 2020 Online
• The CJEU Decision Unpacked: DPC v Facebook Ireland, Schrems
  Moderator at IAPP Summit Sessions 2020 Online
• The 'Schrems II' decision: EU-US data transfers in question
  Westin Research Center
• Dual Literacy in Privacy and Security — A Guide for Infosec Professionals
  Web Conference Speaker
• FTC Enforcement Lessons in Privacy and Security
  Speaker at IAPP Summit Sessions 2020 Online
• California Privacy Rights Act (CPRA): What Lies Ahead?
  Speaker at IAPP Summit Sessions 2020 Online
• Privacy Framework: Improving Privacy Through Enterprise Risk Management
  Speaker at IAPP Summit Sessions 2020 Online
• User-Centric Privacy: Designing Effective Protections That Meet Users' Needs
  Speaker at IAPP Summit Sessions 2020 Online
• Manual contact tracers and privacy: Building trust is a local effort
  Westin Research Center
• Engineering Formal Privacy Into the 2020 Census
  Speaker at IAPP Summit Sessions 2020 Online
• California Privacy Rights Act: What Lies Ahead?
  Web Conference Speaker
• The Case Against Consent: Designing for Privacy
  Speaker at IAPP Summit Sessions 2020 Online
• CPRA's top-10 impactful provisions
  Westin Research Center
• Virtual justice and privacy: What does COVID-19 mean for due process?
  Westin Research Center
• A timely resource: Updated guide to US government data sharing
  Westin Research Center
• Moderator at IAPP Global Privacy Summit 2020 - Canceled
• Moderator at IAPP Global Privacy Summit 2020 - Canceled
• US Sen. Moran's new privacy bill: Stacking up the federal proposals
  Westin Research Center
• Microsoft launches open-source privacy mapping tool
  Westin Research Center
• White Paper – The Skill Set Needed to Implement a Privacy Risk Management Framework
  
• White Paper – The Skill Set Needed to Implement a Global Privacy Standard: ISO/IEC 27701 alignment with IAPP CIPM and CIPP/E certifications
  
• EU representative on 'How to operationalize Article 27' of the GDPR
  Westin Research Center
• Measuring Privacy Operations
  Web Conference Speaker
• The advocate general's 'Schrems II' opinion: What it says and means
  Westin Research Center
• The IAPP's top resources of 2019
  Westin Research Center
• US sens. unveil new federal privacy legislation
  Westin Research Center
• Measuring Privacy Operations in 2019
  LBS Speaker at IAPP Europe Data Protection Congress 2019
• The Privacy Shield review and its potential to impact Schrems II
  Westin Research Center
• Member of Research Advisory Board 2019 - 2050
• White Paper – 5 Steps You Must Take to Prepare for the CCPA
  
• A closer look at Carnegie Mellon's privacy engineering program
  Westin Research Center
• Inside the Privacy Shield annual review: Increasing common ground
  Westin Research Center
• ISO 27701 Privacy Standard and Certification
  Web Conference Speaker
• The unique challenges CCPA poses for SMEs
  Westin Research Center
• Privacy engineering: The what, why and how
  Westin Research Center
• White Paper – GDPR at One Year: What We Heard from Leading European Regulators
  
• NIST Privacy Framework nearing completion
  Westin Research Center
• Could the CJEU upend the global framework for data flows by answering a different question?
  Westin Research Center
• Member of Privacy Engineering Section Advisory Board 2019
• GDPR compliance: Hits and misses
  Westin Research Center
• Study: An estimated 500K organizations have registered DPOs across Europe
  Westin Research Center
• IAPP FAQs: Are GDPR-compliant companies prepared for CCPA?
  Westin Research Center
• Notes from the IAPP, April 12, 2019
  United States Privacy Digest
• NIST Privacy Framework recognizes critical need for workforce development
  Westin Research Center
• Getting Privacy Shield Right
  Speaker at Global Privacy Summit 2017
• One-on-one Privacy Shield Consultations
  Speaker at IAPP Europe Data Protection Intensive 2017
• Privacy Shield in Practice: Oversight, Enforcement and International Cooperation
  Speaker at IAPP Europe Data Protection Intensive 2017
• One-on-one Privacy Shield Consultations
  Speaker at IAPP Europe Data Protection Intensive 2017
• Privacy Shield - The Transfer Mechanism of Choice?
  Web Conference Speaker
• EU–U.S. Privacy Shield: The Nuts and Bolts
  Speaker at Privacy. Security. Risk. 2016
• One-on-One Privacy Shield Consultations
  Speaker at Privacy. Security. Risk. 2016