(Dec 1, 2015) With eight trilogue meetings in the books, the negotiators looking to reach a final draft of the EU’s General Data Protection Regulation by Christmas are in the home stretch. Yet again this week, Green MEP Jan Philipp Albrecht, Parliamentarian rapporteur for the GDPR, reported a goal of reaching an agreement before the end of the year. No party from the Commission or Council has indicated anything to the contrary. Rather, we are now seeing the release of compromise positions as lobbying from co... Read More

Privacy Tracker, The Privacy Advisor

White House Steps Up APEC-EU Interoperability Push

(Nov 25, 2015) For the first time, the White House, along with the leaders of the other Asia-Pacific Economic Cooperation (APEC) economies, has called out the APEC-EU privacy interoperability project as one of the key initiatives APEC member economies will prioritize in order to enhance regional economic integration for the Asia Pacific region. The interoperability project is working to establish mechanisms to facilitate a company’s simultaneous participation in the Cross Border Privacy Rules (CBPR) and Bindin... Read More

The Privacy Advisor

PwC To Hold Freedom Conference, 2 December

(Nov 25, 2015) While we here in the IAPP offices continue to unravel our cancelled Data Protection Congress (DPC), and look toward scheduling a replacement event, we received a message that PwC was interested in picking up at least some of DPC's pieces in the short term.  They have announced a "Freedom Conference," to be held on what would have been the final day of DPC. Their announcement is as follows: "The cancellation of the DPC in Brussels was disappointing for everyone involved, but a necessary decisio... Read More

The Privacy Advisor

Who'll Replace FTC Commissioner Wright? And When?

(Nov 24, 2015) For those working in the privacy space, the FTC is a household name. Its enforcement actions and settlements have created a common law framework to which we turn for the dos and don’t of consumer interactions, and it's seen as the de-facto cop on the beat in the U.S. privacy space. That’s why privacy pros may be watching closely to see what happens next as the agency anticipates who’ll fill the empty seat at the commission’s proverbial dinner table, a vacancy that’s existed since Commissioner J... Read More

The Privacy Advisor

Building a Program That Provides Value: Understanding What You Have

(Nov 24, 2015) "Periodically, industry peers ask me about the effectiveness of a privacy compliance program and the value it brings to an organization. As privacy programs are becoming more common in corporate offices, their value can be questioned when not run effectively," writes Chris Pahl, CIPM, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT. This is the first in a series of four articles examining how to assess a program’s value, take inventory of what matters, use program metrics to show effectiveness and develop a strong communication plan. Read More

The Privacy Advisor

People on the Move; November

(Nov 24, 2015) Nancy Libin Jenner & Block welcomes Nancy Libin as partner of its Washington, D.C. office, the company announced in a statement. “Nancy is a highly regarded privacy lawyer whose presence further enhances our national privacy practice,” said the firm’s managing partner, Terrence Truax. "Given the multi-faceted privacy issues facing the business community, Nancy is well positioned to advise corporate clients on evolving standards.  She has an in-depth understanding of privacy issues specifica... Read More

The Privacy Advisor

Time to Get Security Smart About the Internet of Things

(Nov 24, 2015) It would be hard to name a business today that isn’t touched by the Internet of Things (IoT). Even if your organization isn’t involved in transportation or manufacturing or utilities, you almost certainly have customers and employees who access your network with mobile devices. But each new device adds to the potential attack surface for cyber attackers, and we’re already challenged in protecting the information systems that we have, as evidenced by the number of successful cyber attacks in the headlines almost every week. Richard Kam, CIPP/US, discusses why now's the time to get smart about IoT. Read More

The Privacy Advisor

Can a Postcard Constitute an Invasion of Privacy?

(Nov 23, 2015) In August, a Kansas news story brought attention to privacy in regard to physical mail—specifically, postcards. A Kansas man, only identified as Scott, received a postcard from the Kansas Department of Children and Families (DCF) as a reminder to pay child support. He claims that sending this reminder regarding child support on a postcard, rather than a sealed letter, is an “invasion of privacy.” Would an individual in this type of situation have grounds to bring a claim for invasion of privacy? Additionally, what sort of oversight is there for mail carriers maintaining confidentiality? Read More

The Privacy Advisor

Do You Care About Chinese Privacy Law? Well, You Should

(Nov 23, 2015) The business case for understanding Chinese privacy law is clear. With China’s growing economic power and large consumer base, any international company seeking to profit from consumers in the region should expend resources on understanding how best to succeed in the Chinese market. In this second of a three-part series, Tiffany Li and Zhou Zhou delve into the cultural and historical factors that influence the development and application of Chinese privacy law, as well as offer practical lessons and hypothetical case studies for how to proactively help your company or organization succeed in China. Read More

The Privacy Advisor

His Task? Start Up a Privacy Program at a Start-Up

(Nov 23, 2015) As a series of Monty Python sketches once said, “nobody expects the Spanish Inquisition!” I have to admit that I was one of the many privacy professionals who, for years, balked at the suggestion that Safe Harbor would cease to exist. So I was genuinely surprised at (and a bit bewildered by) the advocate general’s opinion and the European Court of Justice's final judgment in Schrems. Dealing with regulatory change can be difficult for any company, and even more so when you aren’t expecting it. In this case, the invalidation of Safe Harbor require start-up TeleSign's CPO to make some big decisions for the sake of the company's future. Read More

The Privacy Advisor