As we wrap up 2019 here at the IAPP and look toward 2020, we are reminded, yet again, of the incredible pace at which the privacy profession is advancing. New laws and legislation abound. More are expected in the year to come. The IAPP aims to help you make sense of it all. So, before we turn to 2020, let’s take a look back at our most-accessed resources of 2019.
This year, while EU General Data Protection Regulation implementation remained a priority for privacy professionals, California Consumer Privacy Act and U.S. state laws were top of mind. The landscape of U.S. federal privacy legislation also grew complex with a multitude of proposals this legislative session.
Huge thanks to all our contributors for helping us keep up. Please keep the research ideas and contributions coming in 2020! (Note, those with an asterisk [*] are open to IAPP members only.)
'GDPR Genius'*
The GDPR Genius was our single most-accessed tool of 2019. It provides IAPP members a one-stop shop to understand GDPR requirements by mapping GDPR text to relevant data protection authority enforcement actions, European Data Protection Board and member state guidance, court cases, expert analysis and more.
CCPA
We couldn’t narrow it down to just one CCPA resource. This year, the Westin Research Center and our outside contributors focused heavily on the CCPA to help privacy professionals prepare for the law’s entry into force Jan. 1, 2020. Here are some of the tools and white papers that our members found most useful.
'CCPA Amendment Tracker'
More than a dozen CCPA amendments were tabled in the California Legislature this year. Mitchell Noordyke, CIPP/E, CIPP/US, CIPM, former IAPP Westin research fellow now with Faegre Baker Daniels, created the “CCPA Amendment Tracker” to help privacy professionals monitor the status of each bill. The tracker includes a link to and a summary of the proposed amendment, its lead author, its status and last legislative action. In October, seven of the amendments were signed into law by the governor.
'CCPA Rights and Obligations Tool'*
This tool, also designed by Noordyke during his Westin fellow days, helps businesses understand the actionable rights and business responsibilities that the CCPA creates. It is organized around the different phases of interaction with a consumer described in the act, the act’s enforcement provisions and its security obligations. In 2020, the IAPP’s Westin Research Center plans to transition the rights and obligations tool to a “CCPA Genius,” mapping the law’s provisions to the attorney general’s regulations and expert guidance and analysis.
White Paper – 'Negotiating with Service Providers and Third Parties under CCPA'
This white paper, by Tanya Forsheit, CIPP/US, CIPT, PLS, at Frankfurt Kurnit Klein & Selz, offers businesses guidance on how to approach service provider and third-party contract updates under the CCPA. Businesses have made clear that putting in place these new contracts is one of the biggest CCPA-compliance hurdles they face. This new white paper aims to make that process just a little bit easier.
E-book – 'Implementing the CCPA: A Guide for Global Business'
This e-book, by Perkins Coie Partner Dominique Shelton Leipzig, CIPP/US, outlines the steps businesses can take to address the consumer rights and business obligations the CCPA creates. It also offers detailed assessments of how CCPA requirements apply to specific sectors, including to digital advertising and analytics, retailers, the medical industry, financial industry, artificial intelligence, the internet of things and business-to-business relationships.
'US State Comprehensive Privacy Law Comparison'
This year brought a significant increase in state-level privacy proposals, with legislation adopted in California, Maine and Nevada. IAPP’s Westin Research Center created this color-coded map to help privacy professionals track the status of comprehensive privacy bills by state and a compendium table comparing the major provisions included in each proposal.
EU Cookie Guidance Comparison Table
In 2019, the U.K. Information Commissioner’s Office, the CNIL in France, the Spanish DPA and German authorities each published guidance on the use of cookies and other internet-tracking technologies. This comparison table helps privacy professionals make sense of it all and understand areas of convergence and divergence. Thanks to Gabriel Voisin, Ruth Boardman, Simon Assion, CIPP/E, Clara Clark Nevola, Lupe Sampedro and Ester Vidal of Bird and Bird for the collaboration on this critical resource.
'2019 Privacy Tech Vendor Report'
As the privacy tech vendor community has exploded, the IAPP has continued to produce this much-sought resource, cataloging and categorizing the tools and technologies available to help privacy professionals do their jobs. This year’s report includes more than 250 privacy tech vendors.
'Big Tech’s Shift to Privacy'
This year brought privacy from the boardroom into the living room, with major tech companies promoting their privacy values directly to American consumers, including on prime-time television. To understand how companies are messaging their approach to privacy publicly, the IAPP’s Westin Research Center reviewed and summarized the consumer-facing privacy disclosures and statements of major tech players.
'Privacy in US Law Schools: An IAPP Westin Center Report'
Recognizing the growing need for qualified privacy professionals, in 2019, the IAPP began working to identify and pave pathways into the privacy workforce. We released “Privacy in U.S. Law Schools,” identifying schools with privacy programs and grouping them into three initial tiers. The IAPP invited feedback from the academic community and refined our initial report based on input received. In 2020, we plan to expand this initiative with the aim of supporting and encouraging the development of privacy curricula in higher education.
'In Memoriam: Giovanni Buttarelli'
The IAPP marked the passing of a much-admired privacy thought-leader, Giovanni Buttarelli. To recognize his impact and legacy, the IAPP launched this "In Memoriam" page, where members of the privacy community shared tributes, memories and thoughts on his life and contributions to our field.
'IAPP-EY Annual Governance Report 2019'
We published our fifth annual IAPP-EY Privacy Governance Report. The report sheds light on how privacy professionals are building privacy programs, approaching compliance and responding to major privacy-related developments. This year’s report highlights some of the compliance challenges these professionals face as they grapple with constantly increasing and sometimes divergent privacy requirements around the world.
'2019 IAPP Privacy Professionals Salary Survey — Full Report'*
We released our biennial salary survey report in 2019 based on data from more than 1,000 respondents from around the world. The report helps privacy professionals benchmark their compensation and that of their growing teams.
Honorable mention
US privacy legislation
Among our favorite resources, even if not the most accessed, are those covering the U.S. legislative landscape. We know privacy professionals focus more on practical needs than policy or politics. But, we also believe U.S. privacy legislation is coming ... soon. So, we work hard to keep you apprised of existing federal proposals, particularly those we think could gain traction. Here is the Westin Research Center’s latest coverage of federal privacy bills.
- "Tracking the politics of US privacy legislation"
- White paper – "COPRA and CDPA: Similarities, Gray Areas and Differences"
- "Consensus and Controversy in the Debate Over US Data Privacy Legislation"
If we left off your favorite tool, report, white paper or article from our Resource Center, please let us know about it in the comment section below.
Photo by Plush Design Studio on Unsplash