What is life without cookies?

(Oct 21, 2021) With Google’s phasing out of third-party cookies, Apple’s mobile tracking restrictions, current and upcoming privacy legislation and enforcement, the cookieless future train has certainly left the station, leaving lots of questions and uncertainty about the future of the advertising technology space. The IAPP’s Joe Duball recently looked at the changes by Apple and Google, and Thursday’s session — at 2:30 p.m. in Marina Ballroom E — will dig even deeper into what a cookieless future looks like a... Read More

Join the team! Gain insights from NIST’s Privacy Workforce Public Working Group

(Oct 21, 2021) Take a look at the privacy job market today, and there’s no doubt demand is outpacing supply. The U.S. National Institute of Standards and Technology’s Privacy Workforce Public Working Group has gathered hundreds of experts to help organizations develop a workforce with the tools to address privacy risk. Former IAPP writer Ryan Chiavetta recently spoke with the Working Group’s co-chairs, who will shed further light on progress to date, lessons learned and more, during Thursday’s noontime session... Read More

An inside look at the evolution of international privacy policymaking

(Oct 21, 2021) Join us in “the room where it happens” for an inside look at U.S. privacy policymaking in the international arena. During Thursday’s round table discussion, at 10:45 a.m. in San Diego Ballroom B, current and former privacy experts with the U.S. Department of Commerce’s International Trade Administration will share their insights on the trajectory of international privacy, the ITA’s role in shaping privacy policymaking and the path ahead for U.S. privacy on the international stage. Panelist Chris... Read More

Caring about health care: Privacy in the current health care landscape

(Oct 20, 2021) The U.S. Department of Health and Human Services has certainly been busy with privacy the last 18 months, and Thursday at 2:30 p.m. they’re here to talk about it. A representative from HHS’s Office for Civil Rights will discuss the current landscape of privacy and health care, including HIPAA, ransomware in health care and best practices when handling health data. And if you’re still working out how to handle employee vaccinations, take a look at Westin Fellow Taylor Kay Lively’s overview of the... Read More

Mingling with new, old faces in ‘America’s Finest City’

(Oct 20, 2021) P.S.R. will provide invaluable in-person learning experiences many have been missing and craving. Equally important, there will be ample opportunity to network and catch up with fellow privacy professionals. What better way to get acquainted or reacquainted than with our signature 5-Minute Mixer Wednesday night at 5:45 p.m. in the Pacific Ballroom with our welcome reception as a backdrop. After Hours meetups are back as well, with IAPP Affinity Groups Happy Hours at 7:15 p.m. Wednesday, while IA... Read More

Remember CPRA? It’s getting closer

(Oct 20, 2021) Being in California, it is impossible to ignore the California Privacy Rights Act and its effective date, Jan. 1, 2023, are drawing near. Organizations are awaiting CPRA regulations from the California Privacy Protection Agency, which is soliciting public comment on rulemaking through Nov. 8, but they are hardly in wait-and-see mode from a compliance standpoint. Those seeking to better grasp the CPRA’s complexities should stop by Wednesday’s CPRA Comprehensive half-day workshop to get yourself i... Read More

Fitting the privacy square into the AI circle

(Oct 20, 2021) No one questions the growing concerns regarding privacy and artificial intelligence. The head-scratcher comes when the two fall under the same umbrella. Wednesday morning’s workshop, “AI for Privacy Professionals,” will offer a look at points of interest in production-level AI that could alarm or encourage you as a privacy professional. As a primer, read this piece from Digital Rights Watch’s Samantha Floreani, CIPM, and Salinger Privacy’s Anna Johnston, CIPP/E, CIPM, FIP, explaining when profes... Read More

Vendors assemble! The return of the Exhibit Hall

(Oct 20, 2021) Being two years since the last IAPP event on U.S. soil, folks might be fuzzy on conference happenings. Many staples of conferences past will be returning from hibernation, including the Exhibit Hall. Attendees can rediscover the magic of the hall, which plays host to many of the privacy technology providers found in the IAPP 2021 “Privacy Tech Vendor Report.” You can get an initial glance at the hall, located in the Pacific Ballroom, during Wednesday’s welcome reception at 6 p.m. There’s also ou... Read More

Ensuring a safe, healthy PSR experience

(Oct 20, 2021) While the IAPP is thrilled to be back in the conference swing, the organization realizes the ongoing challenges the world faces with the COVID-19 pandemic. Health and safety will be the chief priority every step of the way throughout the event, and the IAPP will uphold that priority status by way of its comprehensive health and safety protocols. Attendees can check out the health and safety tab on the P.S.R. homepage to review the various protocols in place and understand what will be required o... Read More

The metrics system: Measuring your privacy program’s performance

(Oct 20, 2021) Understanding the degree of privacy enjoyed by users in a system and the amount of protection provided is no cakewalk. Organizations are using various metrics to draw performance insights, but how effective are those metrics? Wednesday’s workshop schedule features a session dedicated to baseline knowledge regarding strong metrics programs and helping attendees devise a roadmap related to the ins and outs of measurement. Clorox Company’s Ben Kimberley and Greenberg Traurig’s David Zetoony recentl... Read More

Don’t forget the Little Big Stage

(Oct 19, 2021) Want to get some learning in without having to leave the exhibit floor? You can! Located in the Exhibit Hall, the Little Big Stage offers quick-hit presentations on the latest technology and hottest topics. The stage kicks off programming Thursday at 10:20 a.m., with a look at mitigating vendor risk with SafeGuard Privacy’s Richy Glassberg, and continues throughout the conference. Make sure to look for the lightbulb icon on our schedule page so you don’t miss any.Read More... Read More

Where does consent stand in adtech’s changing landscape?

(Oct 18, 2021) The advertising technology space has hit a crossroads with its privacy practices and regulatory compliance. A common thread among issues is user consent, which raises tough questions related to the “opt-in versus opt-out” argument and whether consent places too great a burden on consumers. Professionals entrenched in the adtech privacy conversation will convene at a breakout session Thursday to discuss potential solutions to this consent conundrum and other issues plaguing the industry, includin... Read More

A global view on standardizing data processing agreements

(Oct 18, 2021) Privacy professionals around the world are grinding through implementation of the EU’s new standard contractual clauses, which took effect Sept. 27. Companies in the European Economic Area that plan to enter into new cross-border data transfer arrangements based on SCCs with non-EEA organizations need to adopt the new versions. Baker McKenzie’s Lothar Determann recently looked at data processing agreements around the world and how they connect with the new SCCs. Determann will lead a panel discu... Read More

On handling data subject access requests

(Sep 26, 2019) While the EU General Data Protection Regulation is in its second year and the California Consumer Privacy Act quickly approaches, privacy professionals still have a lot of questions about how to properly handle data subject access requests. How much of the process should be automated? Should we privacy pros buy a tool to handle DSARs, or build one internally? Should you hire an intermediary to help handle the requests? Panelists sought to answer these questions and others during a breakout sessi... Read More

Wheeler to PSR audience: It’s your job to save democracy

(Sep 25, 2019) If there was one message former Federal Communications Commission Chairman Tom Wheeler wanted to impart on the privacy and security professionals convened in Las Vegas, Nevada, at the IAPP Privacy. Security. Risk. conference, it was that they’ve got an important task to take part in: saving democracy. "You are all positioned in such an incredibly unique environment," he said, imploring them to recognize the importance of their jobs. Pointing to the ways past innovations have posed risks to the h... Read More

What privacy pros should know when presenting to the board

(Sep 25, 2019) Privacy professionals may have experienced this scene before: The head of a privacy team is about to leave for the night when the head of audit compliance says a board meeting has been scheduled. The board has gotten wind of a new privacy law, and they want to know where their organization stands before it goes into effect. Panelists at a breakout session at the IAPP Privacy. Security. Risk. conference discussed what privacy professionals should do in order to properly report what is at stake wi... Read More

Bank CPOs consider what a CCPA exemption means for compliance

(Sep 25, 2019) There's a lot to digest when organizations explore their obligations under the California Consumer Privacy Act. Financial institutions get a reprieve from the CCPA in some regards thanks to the Gramm-Leach-Bliley Act exemption added to the law. The carveout withholds certain types of defined personal financial information from the CCPA's provisions on personal data. The exemption was brought up multiple times during a question-and-answer session with chief privacy officers from several big U.S. ... Read More

The City of Sin ponders the changing world of children's privacy

(Sep 25, 2019) The U.S. Children's Online Privacy Protection Act went into effect in 2000, and a lot has changed over the past 19 years. “The Changing World of Children’s Privacy” breakout session at P.S.R. will examine how the EU General Data Protection Regulation and California Consumer Privacy Act have changed the child privacy landscape and tackle the U.S. Federal Trade Commission’s upcoming COPPA review. Session participants include Future of Privacy Forum Policy Counsel Amelia Vance, Common Sense Media S... Read More

NIST is ready for your feedback on its Privacy Framework

(Sep 25, 2019) The U.S. National Institute of Standards and Technology is closing in on the first version of its Privacy Framework, and attendees at P.S.R. will get their chance to offer feedback during a breakout session with NIST officials. NIST Senior Privacy Policy Advisor Naomi Lefkovitz and Privacy Framework Deputy Manager Ellen Nadeau will offer a close look at the latest draft of the Privacy Framework. NIST initiated the development process for the framework right before last year’s P.S.R. conference i... Read More

What’s the buzz on the PSR 2019 show floor?

(Sep 25, 2019) The truth about any professional conference, hopefully, is there are more opportunities for you to learn and network than there is time. It’s a pretty good problem to have, right? So, if you’ve been running around from session to session trying to absorb as much information as you possibly can — as you should — we’ve got a little recap for you that might help you to feel more on top of what’s transpired. In this segment for “LinkedIn Live,” IAPP Editor Angelique Carson, CIPP/US, took viewers aro... Read More

UC Irvine researching cyber insurance

(Sep 25, 2019) Academic researchers from the University of California, Irvine are doing research on cyber insurance to better understand the role of insurance companies for private-sector cybersecurity. This study — which is not being fielded by the IAPP — is being led by UCI Law Professor Shauhin Talesh and UCI’s Cybersecurity Policy & Research Institute Executive Director Bryan Cunningham. They hope to raise awareness about the role cyber insurance plays in society to help prevent and assist with data br... Read More

How privacy is done, by the numbers

(Sep 24, 2019) Today, the IAPP and EY release the fifth annual IAPP-EY Privacy Governance Report, the authoritative look at how the job of privacy is done, with documentation of average budgets, staff sizes, program priorities and much more. This year's report also examines GDPR compliance metrics, the impact of Brexit, and data subject access request benchmarking. Read the 123-page report, which is free to download from the Resource Center, for all the numbers, and hear from the report’s creators at 12:30 p.m... Read More

How to build a privacy program that stands against any regulation

(Sep 24, 2019) It's no secret that privacy regulations in the U.S. are on the rise. There are 15 states with some form of existing or proposed regulations related to data privacy. What remains to be seen is how organizations plan to tackle the development of privacy programs that meet compliance requirements for each state regulation and global laws, in some cases, that their data falls under. The answer may lie with baseline privacy principles, which amount to bare necessities an organization uses as building... Read More

SAP wins 2019 HPE-IAPP Innovation Award

(Sep 24, 2019) Presented this morning at the Privacy. Security. Risk. conference in Las Vegas, Nevada, the IAPP has named SAP as the winner of this year's HPE-IAPP Innovation Award. SAP is being recognized for its creation and development of Data Custodian, a multi-cloud software-as-a-service application that provides customers with data protection, transparency and regulatory compliance aid, among other data management functions, within a public cloud. IAPP Staff Writer Joe Duball spoke with members of SAP to... Read More

'Right to be Forgotten' takes the stage

(Sep 24, 2019) A surefire way to take the social temperature of a time period is to sample its art. For those who have been working in privacy for some time, it is perhaps slightly surreal to now see aspects of the profession reflected in popular culture. In October, “Right to Be Forgotten,” by playwright Sharyn Rothstein, will debut at the Arena Stage in Washington. It follows the story of a 17 year old seeking to have his past misdeeds forgotten online and the obstacles he faces in doing that. IAPP Editor An... Read More

DSAR answers might be found in breakout sessions

(Sep 24, 2019) Data subject access requests have continued to be a compliance challenge for organizations subject to the EU General Data Protection Regulation, and those covered by the California Consumer Privacy Act should expect to face similar tests. The subject will be covered in the “Demystifying the DSR Process: Handling Difficult Data Subject Rights Requests” and “Handling Data Rights Requests in the Workplace” breakout sessions at the Privacy. Risk. Security. conference. DSARs have been the topic of a ... Read More

Your one-stop US legislative-tracking session

(Sep 24, 2019) It's been a busy year for privacy legislation here in the U.S. True, much of it is lead by the California Consumer Privacy Act, but that's not the only legislation on the privacy radar. States and the federal government have been crafting and considering privacy legislation throughout the year. Catch up on the latest developments during a luncheon session with speakers with their collective hands on the legislative pulse. In the meantime, check out this recent Privacy Tracker piece on recent CCP... Read More

Just when should the encryption exception apply?

(Sep 24, 2019) “How familiar are you with the ‘encryption exception’ in the EU General Data Protection Regulation and some U.S. state laws?” It is a question InfraGard General Counsel, North Texas Kelce Wilson, CIPP/E, CIPP/US, CIPM, asked in this piece in which he explained why the encryption exception may be overused. Wilson will touch upon the topic once again at a breakout session at the IAPP Privacy. Security. Risk. conference. The question Wilson and University of Texas Student and CyberDefense Labs’ Kri... Read More

Aiming for CCPA compliance? Define those vendor relationships

(Sep 24, 2019) Organizations that have gone through the grind to comply with the EU General Data Protection Regulation may have advantages over those that have not as preparations for the California Consumer Privacy Act head into the home stretch. For those who are not GDPR veterans, one area that may give them a headache is determining whether a vendor is a service provider or a third party. Mercer Chief Privacy Officer Jo Davaris, CIPP/US, and Perkins Coie Partner Dominique Shelton Leipzig discussed how orga... Read More

Privacy engineers, unite!

(Sep 21, 2019) The Privacy Engineering Section Forum is back and chock-full of practical content to help those working in this rapidly emerging space. Hopefully,  you already purchased your ticket, because, like the CCPA workshop, the PESF is sold out. This daylong forum features some of the world’s brightest minds in the field and touches on designing privacy into products, improving engineering outcomes with scalable privacy knowledge, the role of technologists at the FTC and insight from some of the folks a... Read More

On implementing the CCPA amid a regulatory US patchwork

(Sep 21, 2019) Yeah, we need to talk more about this one. The California Consumer Privacy Act is the most sweeping privacy law in the United States and rivals the EU General Data Protection Regulation in terms of the shift it will require in mindset and business for all persons, organizations and enterprises processing personal information about California residents. Businesses must begin preparing — and rapidly — for the statute. But companies don’t have to just worry about the CCPA. The regulatory landscape ... Read More

Benchmarking CCPA readiness: The September edition

(Sep 21, 2019) For the second time this year, the IAPP, with support from OneTrust, has asked privacy pros how ready their organizations are for the looming California Consumer Privacy Act. To monitor how levels of CCPA preparedness are changing over time, we fielded this second survey from July to August 2019. What’s new? Well, perhaps unsurprisingly, there has been a marked improvement since the first quarter of 2019, but significant work remains, as only 2% of organizations report that they are currently in... Read More

Building a program from scratch? OMG

(Sep 21, 2019) Building a privacy program can be a daunting task. One man who knows something about that is Mike Shapiro, chief privacy officer of Santa Clara County. In this episode of The Privacy Advisor Podcast, Shapiro discusses building a privacy program from the ground up for an entire county, one that comprises so many different government entities (hospitals, police departments, social services) and with them so many laws and regulations to comply with. Then there's the tension between, as a public ser... Read More

A one-stop shop for your IAPP resources

(Sep 21, 2019) True, the next three days are going to be busy between all the networking, educational sessions and … well, Vegas, but we also have plenty of resources and information to help out with it all. Starting at 7 a.m. and going until 5 p.m., the IAPP Resource Center is a place where you can come browse IAPP books and other information aimed at helping you meet your organization’s privacy challenges. And in case you missed it, the IAPP website has a robust Resource Center chock full of research, tools,... Read More

Encryption, blockchain, anonymization, oh my!

(Sep 21, 2019) Technologies of many stripes are emerging, helping organizations with innovation and the bottom line, while also presenting thorny privacy issues. Many of these technologies evade regulation, can be targets for adversaries, and present significant challenges for regulators, privacy and infosec pros, as well as consumers. There are, however, technologies that can help: encryption, blockchain, anonymization, among others. This afternoon, check out the half-day workshop, “Talking Tech for Privacy P... Read More

IAPP Tech Vendor Report entry catch your eye? See if they made it to PSR

(Sep 20, 2019) Since its inception in 2017, the IAPP Privacy Tech Vendor Report has grown by leaps and bounds as the market for privacy tech solutions surged with the advent of the EU General Data Protection Regulation and upcoming California Consumer Privacy Act. The Tech Vendor Report has more than 200 companies listed, including a mix of well-established organizations and startups looking to break into the market. If you want to meet some of the vendors who can be found in the report, be sure to make your w... Read More

Sin City nightlife with a hint of privacy

(Sep 20, 2019) How do you give networking some flair? Adding the backdrop of Las Vegas' bright, extravagant atmosphere may do the trick. The first chance for mingling comes tonight at 5:30 p.m. with our signature 5-Minute Mixer, which coincides with the Welcome Reception in the Exhibit Hall of the Grácia Ballroom. The rapid-fire meet-and-greet session has become one of the hot spots for connecting and trading business cards. The fun rolls on with After Hours meetups starting at 6:30 p.m. for cybersecurity pros... Read More

Need a CCPA fix? There’s a session for that

(Sep 20, 2019) Tomorrow’s slate of breakouts features plenty of talk on the California Consumer Privacy Act, which had its final amendments settled upon in the California Legislature Sept. 13. You can brush up on the amendments through the IAPP’s "CCPA Amendment Tracker" in our Resource Center. You may read this while sitting in today’s "Understanding the CCPA" workshop, which offers a base knowledge that will undoubtedly expand from Tuesday’s discussions. DLA Piper’s Jim Halpert, a regular contributor to IAPP... Read More

From the EU to Washington: A privacy travelogue

(May 3, 2019) In front of a packed room of privacy professionals during a breakout session Thursday at the IAPP Global Privacy Summit 2019 in Washington, a discussion took place about movement. Not about moving around the busy halls of the Marriott Marquis and the Walter E. Washington Convention Center, but rather about the movement within privacy legislation. Specifically, how ideals and provisions seen in other laws have traveled from the European Union to Washington state. A panel of privacy professionals ... Read More

FTC chair suggests record fines are on their way

(May 3, 2019) For a few weeks now, rumors have circled Washington that the U.S. Federal Trade Commission is negotiating a potentially record-breaking fine of Facebook for alleged privacy violations. Media reports have placed a potential fine in the $3 billion to $5 billion mark, and just this week, new reports state negotiations also include a slew of new privacy positions as part of the FTC settlement. With that as a backdrop, FTC Chairman Joe Simons joined IAPP Chief Knowledge Officer Omer Tene for an in-de... Read More

Financial privacy pros talk GDPR, CCPA at GPS19

(May 3, 2019) If one were to describe the state of privacy in 2019, the argument could easily be made that the industry is both in a state of reflection and anticipation. On one hand, the EU General Data Protection Regulation is weeks away from its first birthday. On the other, privacy professionals are counting down the days until the California Consumer Privacy Act makes its debut. However, a group of privacy professionals who has worked in the financial industry discussed both laws in a session at the IAPP... Read More

From keynote stage, regulators hint at coming sanctions

(May 3, 2019) It was clear from the keynote stage at the IAPP Global Privacy Summit 2019 in Washington Thursday that it wasn't the first time Irish Data Protection Commissioner Helen Dixon had heard the question: When are you going to issue a fine? Because of the number of tech companies headquartered in Dublin, Dixon conceded, "My office is the internet authority." But she was quick to remind the 4,000 privacy professionals from around the globe that a data protection authority isn't only there to enforce, b... Read More

2019 IAPP Privacy Professionals Salary Survey now available

(May 2, 2019) The IAPP has released its 2019 IAPP Privacy Professionals Salary Survey. More than 1,000 privacy pros responded to the survey, which was fielded in early 2019. This year, the IAPP focused on those working in-house in the private sector, government, academia or nonprofits and generally excluded outside counsel and consultants. In one key finding since the 2017 survey, median salaries overall have risen by more than $8,000 to $123,050, and additional compensation in the form of bonuses and raises ... Read More

Perspective: Some takeaways from this year’s Salary Survey

(May 2, 2019) With more than 1,000 respondents to the 2019 IAPP Privacy Professionals Salary Survey, there was a lot of data to analyze. Much of this tall task was led by IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US. Though there is some great news based on these results — that on the whole, privacy pros have higher salaries than two years ago — there was some not-so-good news involving geographic disparities and, most notably, gender gaps in compensation. In this post for Privacy Perspe... Read More

IAPP now has 50K members worldwide

(May 2, 2019) When IAPP President and CEO J. Trevor Hughes, CIPP, sent a companywide email April 18 that simply said, "Come to the staff commons at 2 p.m.," there was a bit of a buzz in the building. It’s not so unlike the CEO, who is fond of rallying the troops to celebrate milestones or call for “all-hands-on-deck” assistance with an office project. But when a banner dropped from a banister in the high-ceilinged headquarters in Portsmouth, New Hampshire, it was clear this was a special kind of announcement:... Read More

Catch a recording of The Privacy Advisor Podcast Live!

(May 2, 2019) History was made April 12 when the largest-ever privacy class-action verdict was announced. A federal jury in Oregon decided, in Wakefield v. ViSalus, it would tell health supplement marketer ViSalus to pay $925 million in damages after it was charged by a certified class of 800,000 people with making 2 million illegal robocalls without consumers’ consent, in violation of the Telephone Consumer Protection Act. In this episode of The Privacy Advisor Podcast, Jay Edelson, whose firm argued the cas... Read More

New IAPP book: How to coordinate, draft, negotiate data processing agreements

(May 1, 2019) Members of the Privacy Bar Section of the International Association of Privacy Professionals have come together to produce this collective work, designed to assist newer and veteran practitioners alike to better understand the particulars of drafting and negotiating data processing agreements. This practical book references sections of the IAPP’s Sample Data Processing Agreement throughout and incorporates the insights of privacy pros from companies and firms across Africa, the Americas, Asia, E... Read More

Have you seen our new ‘CCPA Rights and Obligations Tool’ yet?

(May 1, 2019) The Westin Research Center has released a new tool to help IAPP members understand the California Consumer Privacy Act. The “CCPA Rights and Obligations Tool” organizes the act’s consumer rights and business obligations around the different phases of interaction with a consumer described in the act — initial disclosure and notice requirements and receipt and response to a consumer request — the act’s enforcement provisions, and its security obligations. The tool is intended to help privacy profe... Read More

Giovanni Buttarelli named IAPP's 2019 Privacy Leadership Award winner

(May 1, 2019) The International Association of Privacy Professionals has announced that European Data Protection Supervisor Giovanni Buttarelli is the recipient of the organization’s 2019 Privacy Leadership Award. Buttarelli was not in attendance to receive his award when it was presented today at the IAPP’s Global Privacy Summit in Washington but did provide a video acceptance speech. The IAPP Privacy Leadership Award is given annually to individuals who demonstrate an “ongoing commitment to furthering priva... Read More

Bojana Bellamy receives the 2019 IAPP Privacy Vanguard Award

(May 1, 2019) The International Association of Privacy Professionals has named Hunton Andrews Kurth Centre for Information Policy Leadership President Bojana Bellamy, CIPP/E, its 2019 winner of the IAPP Privacy Vanguard Award. Bellamy accepted the honor today at the IAPP’s Global Privacy Summit in Washington. Recipients of the IAPP Vanguard Award are recognized as privacy professionals “who show exceptional leadership, knowledge and creativity in the field of privacy and data protection, whether through spear... Read More

Let’s talk about territorial scope

(May 1, 2019) Extraterritorial applicability of laws like the EU General Data Protection Regulation is very complex and lays out challenges for privacy pros. Outside the European Union, it applies when an organization’s data processing activities relate to offering goods or services to — or monitoring the behavior of — EU data subjects in the EU. But what does that mean in practice? To help answer this difficult question, check out the break out session, “The Long Arm of the GDPR – The Who, What and Where for... Read More

Don’t forget about all that privacy tech

(May 1, 2019) Hopefully by now, you’ve had a chance to peruse the exhibit floor (assuming you made it to last night’s Welcome Reception). If you haven’t yet, what are you waiting for? The exhibit floor has grown immensely over the years, especially with the rise in the privacy tech marketplace. This week, several vendors have launched new tools aimed at helping privacy pros do their jobs better, whether through automation, detection or information privacy management. To name but a few, Nymity has launched a n... Read More

IAPP and OneTrust release CCPA-readiness survey

(Apr 30, 2019) It’s the most anticipated privacy law since the EU General Data Protection Regulation, and ready or not, the California Consumer Privacy Act is on its way, set to take effect Jan. 1, 2020. Sure, it was hastily assembled. Indeed, there is confusing language in there. And, yes, it’s possible that a federal law could preempt the CCPA — but those chances are probably slim at this point, right? Federal privacy law aside, how prepared are organizations for the CCPA? Well, that’s what the IAPP, togethe... Read More

Active Learning Day in 5, 4, 3, 2, 1 …

(Apr 30, 2019) It’s truly time to roll up your sleeves and dive into a day of active learning sessions here at the Global Privacy Summit. Whether you’ve registered for a daylong session on the CCPA or the Privacy Bar Section Forum, a half-day immersion into privacy engineering, data breach, data subject access requests or the GDPR versus technology, or a smattering of two-hour sessions on everything from UX design to fourth-party vendor management, these hands-on, practical sessions should have you going back ... Read More

Get your privacy engineering cap on

(Apr 30, 2019) It’s a burgeoning area within the privacy profession. With more and more products and services collecting more and more user data, companies need professionals who can work between policy and technology. Enter: the privacy engineer. But what make a privacy engineer? A year after hosting our first section forum on privacy engineering, it’s back with a new program aimed at helping privacy engineers learn from one another. This nitty-gritty half-day event will look at how privacy management integra... Read More

To deidentify or not to deidentify? That is the question

(Apr 30, 2019) “Data deidentification has many benefits in the context of the EU General Data Protection Regulation. One of the recurring questions is whether consent is required to anonymize or deidentify data,” Khaled El Emam and Mike Hintze, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, write. They also note that Article 29 Working Party guidance sets a high bar for strong anonymization. Both approaches offer controllers and processors with powerful means to use and share data, sometimes including sensi... Read More

Meet your peers, visit the exhibitors, have a snack and bevy

(Apr 30, 2019) Perhaps you’ll spend the day working your brain cells in our Active Learning Day sessions, or maybe you’re just getting into town for the event after a day of traveling. Either way, be sure to swing by the Welcome Reception – sponsored by OneTrust — for food, drinks and good conversation all while checking out our sold-out exhibit floor. With 67 exhibitors this year, there are plenty of privacy tech solutions featured here. And who knows, one or two might be that scalable solution you’ve been lo... Read More

Looking to connect with like-minded pros after hours? We’ve got you covered

(Apr 30, 2019) While it’s thrilling to be among some 4,000 privacy professionals at this year’s GPS19, it can be overwhelming. There are so many hands to shake and so many fascinating conversations to be had. But how to find who you’re looking for in the crowd? Each year, we assemble a number of after-hours events to help you narrow in on the experience you’re after. Check out such affinity groups as “Latin America,” “Young Privacy Pros,” “LGBTQ” or “Women in Privacy,” to name just a few. And be sure not to mi... Read More

Are you going to the Cell Phone Disco?

(Apr 30, 2019) Each year we feature an artist-in-residence here at Summit to display that curious intersection between art, technology and privacy. GPS19 features the work of architect Ursula Lavrenčič and information designer Auke Touwslager. Their Cell Phone Disco is a surface that displays the electromagnetic field of active cellphones by illuminating thousands of lights when a call is made or received in the vicinity of the installation. Cell Phone Disco makes an invisible property of the environment perce... Read More

Yeah … it’s not quite privacy, but content moderation offers parallels

(Apr 30, 2019) As social media and user-generated content have grown in the last decade, the need for so-called content moderators has grown dramatically. True, the content moderation profession isn’t exactly privacy, but there are overlaps and lots of parallels. Both professions help maintain user trust and safety. Both are tasked with applying policies and principles in complex technological settings while ensuring transparency, due process, accountability and individual recourse. To help explore these dynam... Read More

GoDaddy wins IAPP Privacy Innovation Award

(Oct 18, 2018) Publications Editor Jedidiah Bracy, CIPP/US, presented the GoDaddy privacy team with the 2018 IAPP Privacy Innovation Award yesterday, right before the team launched into a detailed presentation of how they’ve architected one of the most progressive privacy programs going today. In case you missed it, the IAPP's Molly Hulefeld spoke with members of the GoDaddy team for this piece in The Privacy Advisor, to give you a flavor for what makes the company's privacy program so unique.Read More... Read More

Chopra details FTC’s mandate

(Oct 18, 2018) Six months into his new role as commissioner at the U.S. Federal Trade Commission, Rohit Chopra is still settling into his role, but he’s got a plan to bring “more enforcement teeth to everything that we do.” In this Digital Age, the FTC needs to “prove to the public that we’re up to the task. Otherwise that’s a recipe for disaster.” Such was the gist of his remarks during a live taping of The Privacy Advisor Podcast yesterday. Did you miss it? IAPP Content Director Sam Pfeifle provides a summar... Read More

What’s up with ePrivacy? It’s a mess

(Oct 18, 2018) Only a few minutes into his breakout session yesterday, WilmerHale Cybersecurity and Privacy Practice Group Co-Chair Reed Freeman, CIPP/US, did not mince words on the current status of the ePrivacy Regulation. “The ePrivacy Regulation is a giant mess, it’s a bigger mess than the [California Consumer Privacy Act of 2018]," he said. "There is so much uncertainty about whether it is needed, what is required and what is the process for all of this. Nevertheless it is out there, and it might happen."... Read More

Data integrity as a method for preserving democracy

(Oct 18, 2018) During their keynote panel last night, David Becker, executive director of the Center for Election Innovation and Research, and Jeff Jonas, founder of Senzing, had some good news for those of us who maybe got a bit down in the mouth the night before: We're making serious progress on data integrity in a way that's benefitting democracy. Period. In an innovative use of privacy by design, the two have teamed up to cut down on the level of voter disenfranchisement here in the U.S. Angelique Carson, ... Read More

Let's have a chat about chatbots, ethics and privacy

(Oct 18, 2018) California recently passed Senate Bill 1001, which bars companies and people from using bots that intentionally mislead those they are talking to into thinking they are human. During a session today at 9 a.m. called, "Branded Chatbots: Privacy, Advertising and Ethical Risks," Hannah Taylor and Daniel Goldberg, both of Frankfurt Kurnit Dlein & Selz; NCC Media CPO and General Counsel Noga Rosenthal; and L'Oreal VP, Legal Services Cassidy Sehgal will discuss how chatbots can improve the custome... Read More

Privacy Shield at Age 2: What should we expect?

(Oct 18, 2018) As we meet here at P.S.R., the Privacy Shield is undergoing its second annual review. As privacy and security professionals, we’re all understandably a little concerned about the future of effective data-transfer mechanisms between the EU and the U.S. On July 5, the European Parliament recommended by way of a non-binding resolution from its Committee on Civil Liberties, Justice and Home Affairs that the Commission suspend the EU/U.S. Privacy Shield on Sept. 1 unless and until all defined correct... Read More

What does the USMCA mean for privacy?

(Oct 18, 2018) Remember NAFTA? Now it’s called the United States-Mexico-Canada Agreement, or USMCA for short. The new trade deal hammered out last month made headlines for the sometimes-heated negotiations between the U.S. and its neighbors to the north and south, but there was a lot that flew under the radar, including new language surrounding privacy and trans-border data flows. In a last-minute programming addition, PwC’s Jocelyn Aqua, CIPP/G, and Constantine Karbaliotis, CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT... Read More

How does privacy work at a company like Uber?

(Oct 18, 2018) If there’s any company that knows a thing or two about enforcing privacy within a company, it’s Uber. The company settled in 2017 with the Federal Trade Commission, which mandated that it implement a comprehensive privacy program. Since then, there have been many internal shifts at the ride-hailing company, including a new chief of cybersecurity, a new data protection officer as mandated under the GDPR, and its very first CPO. Angelique Carson, CIPP/US, reports on the hiring of Ruby Zefo, CIPP/U... Read More

How privacy is done, by the numbers

(Oct 17, 2018) Today, the IAPP and EY release the fourth annual IAPP-EY Privacy Governance Report, the authoritative look at how the job of privacy is done, with documentation of average budgets, staff sizes, program priorities, and much more. This year, as you might expect, the report focuses on the response to the GDPR, which has turned out to be an impactful piece of regulation, indeed. The average organization expects to spend an average of $3 million building compliance programming and adapting products a... Read More

Manjoo: Abandoning data-driven business comes with benefits, risks

(Oct 17, 2018) As part of a general session that saw Zeynep Tufekci challenge Farhad Manjoo to a vote for most-depressing keynote, Alastair Mactaggart, the man who brought us the California Consumer Privacy Act of 2018, may have offered the rosiest picture of the future. Yet Manjoo, writes Ryan Chiavetta, CIPP/US, for The Privacy Advisor, couldn’t quite come out and fully endorse business models that avoid the use of personal data. The consequences could be dire. Is Apple ascending while Facebook and Google de... Read More

The buzz intensifies around Privacy Engineering Section

(Oct 17, 2018) Privacy engineering is a growing field these days, becoming an essential function in many modern businesses as they grapple with the "how" of privacy and trust. To respond, the IAPP created the Privacy Engineering Section earlier this year. After a successful opening at the Global Privacy Summit last spring, the Privacy Engineering Section Forum returned for another half-day workshop here at PSR yesterday to help those working in the field to think through tough challenges, learn best practices ... Read More

Does the FTC have the tools it needs to achieve its priorities?

(Oct 17, 2018) With the recent departure of Commissioner Maureen Ohlhausen, the U.S. Federal Trade Commission is now fully staffed with newcomers. Led by Chairman Joseph Simons, the FTC will unveil its priorities through its actions in the coming months and years: Will it focus more heavily on anti-trust? Consumer protection? Recently, a number of FTC commissioners appeared before the U.S. House Energy and Commerce Subcommittee on Digital Commerce and Consumer Protection, where representatives sought to hear w... Read More

What’s going on with ePrivacy, anyway?

(Oct 17, 2018) At one point, the world was told the EU General Data Protection Regulation and its ePrivacy Regulation would come into force at the same time. Now, six months after the GDPR became reality, we still don’t even have a final draft of ePrivacy to look at. What’s going on? To help you make sense of things, WilmerHale’s Reed Freeman leads “The EU ePrivacy Regulation: Current Status and New Expectations for AdTech,” at 2 p.m. today. Freeman will review key elements of the latest drafts and outline ste... Read More

Need some advice on managing your vendors? We got you

(Oct 17, 2018) Managing third-party vendors has always been an important part of managing an organization’s risk. Now, under the GDPR, vendor management is even more important. At a session today, “Vendor Risk Management: Maintaining Relationships While Limiting Liability,” at 10:30 a.m., Bloomberg Law’s Mike Smith, CIPP/C, CIPP/US, MoneyGram International’s Tami Dokken, CIPP/E, CIPP/US, VLP Law Group’s Melissa Krasnow, CIPP/US, and Spencer Fane’s Shawn Tuma will talk about how to determine which vendor contra... Read More

The Bash goes on, rain or shine

(Oct 17, 2018) Hey, we’re in Texas. Where it never rains. And it’s always warm. Which is why we organized a pool party for this year’s P.S.R. grand networking event. However, it’s clear the weather might not be cooperating for the Party by the Poolside. But don’t worry! We’ll have a party — somewhere — no matter what, starting at 5:30 p.m. tonight. The hotel ain’t gonna let us give the booze and food back, that’s for sure. So make sure to hit the General Session tonight, to hear about privacy issues working on... Read More

Vendors release new offerings for PSR

(Oct 17, 2018) The PSR exhibit floor is full of vendors launching new products and services here at the event. TrustArc, for example, has released its Intelligence Engine, which the company says will allow organizations to “save up to 75 percent of the time it takes to identify, analyze, and prioritize privacy risks.” Privacy Ref, among other new services, now has an attestation service organizations can use to document compliance with both laws and company policy. OneTrust, hot off its first user-group meetin... Read More

Privacy Tech Vendor Report, v2.4, ready for PSR

(Oct 16, 2018) Begun in 2017 with fewer than 50 companies, the IAPP’s Privacy Tech Vendor Report has grown to become the de facto resource for privacy professionals looking to invest in technology to help operationalize their programs. With this fourth iteration of 2018, we now have 192 vendors represented in 10 different categories, with dynamic tables of content and live links to take you to more information on each company listed. So download the updated report and then hit the exhibit hall to learn more, s... Read More

Privacy by Design? We’ve got the book on that

(Oct 16, 2018) Privacy engineering is definitely a thing. This year’s sold-out Privacy Engineering Section Forum today is just one indication among many. As part of a dedicated response to covering the topic, the IAPP here at P.S.R. releases "Strategic Privacy by Design," a new book by R. Jason Cronk, CIPP/US, CIPM, CIPT, FIP. Written from a practitioner's perspective, this is the first IAPP book to get into the details of how privacy by design works, with dozens of sample scenarios, workflows, charts, and tab... Read More

Get up to speed on the CCPA in a hurry

(Oct 16, 2018) Tonight’s keynote speakers include Alastair Mactaggart, one of the people who brought the brand-new California Consumer Privacy Act of 2018 into being. You’ll hear him talk about what drove him to make all the effort — and spend all the money — to make it happen. But you also need to know how to set up operations to actually comply with the law once it comes into force in January of 2020. Perhaps you’re attending the day-long primer today? Regardless, we now have an updated addendum to our best-... Read More

How the heck does ad tech work?

(Oct 16, 2018) Anyone paying attention to the ad tech space can tell you there's been a growing tension among its players on the future of the industry. Can ad tech continue to operate as it has before the EU shifted its legal landscape on data protection and privacy, or will it have to shift to a new model in order to be compliant? But it’s hard to follow it all if you don’t understand the mechanics of ad tech in the first place. If you’re not hitting today’s half-day workshop on the topic, be sure to catch t... Read More

The next great privacy challenge?

(Oct 16, 2018) While tonight’s keynoter Zeynep Tufekci has certainly spoken and written long and gracefully about the core issues of privacy compliance, she takes a broad view of the internet landscape, looking, too, at how social media and the internet at large are affecting democracy, society, and our very way of lives. One issue that’s beginning to burn particularly brightly is that of content moderation. How does a responsible platform know what is legitimate information and what’s only being posted with t... Read More

PSR: After dark

(Oct 16, 2018) Okay, not all of the networking events happen at night, but many of them do, and you’re not going to want to miss them. Make sure you bring your business cards to the 5-Minute Mixer, which starts at 3:30 p.m. today in the Lone Star Ballroom Foyer, just before the keynotes start. This has become a must-attend phenomenon, with people fighting for seats. Then, after the keynotes, make sure to hit the opening reception and then keep it going for the After Hours meet-ups for cyber pros, Women Leading... Read More

Don’t forget the Little Big Stage

(Oct 16, 2018) What if you could get some learning in without having to leave the exhibit floor? We’re here to tell you: You can do it. The Little Big Stage is a place right in the exhibit hall where you can get quick-hit presentations, often focused on the latest technology. The stage kicks off programming tonight at 6:30 p.m., with a look at taming global breach notification regulations, and continues throughout the conference. Make sure to look for the lightbulb icon on our schedule page to find them all.Re... Read More

Do you even run?

(Oct 16, 2018) Perhaps you’ve had a minute to look around here in Austin. Did you notice anything? Perhaps how fit everyone seems to be? It’s an outdoor culture here, and we’re taking full advantage with tomorrow morning’s run and walk. Meet up at 6:45 a.m. in the Marriott Hotel lobby, chat some folks up, and then get 5k or so in before the proper start of the conference. We’ve got a great route picked out and there’s usually a strong contingent of both runners and walkers at large events like this one. And if... Read More

IAPP releases data processing agreement template

(Mar 27, 2018) With the GDPR looming, vendor management is top of everyone’s mind. The first step, of course, is a good contract. To help with that, volunteers from the IAPP’s Privacy Bar Section have worked together to crowdsource a model data processing agreement that is now freely available for IAPP members. This is not legal advice, and you use or modify it at your own risk, but some really good lawyers put time and energy into this as part of a larger effort of writing “Negotiating Data Processing Agreeme... Read More

Get your updated US Private-Sector Privacy book at IAPP Central

(Mar 27, 2018) Have you heard? We've updated the U.S. Private-Sector Privacy book. And if you're a privacy pro working in the private sector you'll want it on your shelf. Peter Swire, CIPP/US, and DeBrae Kennedy-Mayo, CIPP/US, provide an analysis of U.S. laws and regulations and the developments that influence them in this reorganized, expanded and updated text. The book covers the medical, financial, educational, telecommunications and marketing sectors, as well as enforcement, data breach and incident manage... Read More

Falque-Pierrotin: We understand GDPR is a learning curve

(Mar 27, 2018) It was easy to understand yesterday why Borden Ladner Gervais Partner Eloise Gratton’s interview with Isabelle Falque-Pierrotin was filled to the brim with anxious privacy professionals. With just two months until the go-live date of the EU General Data Protection Regulation, everyone wants to hear thoughts from the former Article 29 Working Party Chair and current CNIL President about what enforcement looks like on May 26. The good news: “Even if you’re not finished [preparing for the GDPR] on ... Read More

What is blockchain and where is it going?

(Mar 27, 2018) The mysterious and trendy concept du jour otherwise known as blockchain was front and center during an extended breakout session Tuesday at the Global Privacy Summit. Skadden Partner Stuart Levi and Filament CEO Allison Clift-Jennings expounded on this paradigm-shifting concept to a packed room during the session, "How Blockchain Will Transform Privacy and Identity." Levi, who took the first portion of the session to lay out some of the basics of the blockchain concept to the uninitiated, likene... Read More

Israel, Japan, Canada talk keeping up with the GDPR

(Mar 27, 2018)   In a session at the Global Privacy Summit 2018 called "The World Beyond: Global Privacy Priorities Outside the GDPR," regulators from Israel, Japan and Canada outlined the nuances of each of their respective privacy regimes, all undergoing changes of some sort and all aiming to keep pace with the legal requirements of the GDPR in order to be considered "adequate." For now, looking forward, Japan awaits its answers from the EU, as does Canada. Canadian Privacy Commissioner Daniel Therrien... Read More

See live podcast, get a T-shirt?

(Mar 27, 2018) Nearly 200,000 downloads later, The Privacy Advisor Podcast is a hit. If you’d like to see how the sausage is made, host Angelique Carson, CIPP/US, will be recording a live version at 9:30 a.m. in Salon 3 with former senior privacy advisor at the White House Marc Groman, CIPP/US, and his husband, David Reitman, an assistant professor of pediatrics focusing on adolescent medicine at Medstar-Georgetown University Hospital. The privacy angle? The way online and app use is changing the very health o... Read More

Don’t go home! There’s more on Privacy Engineering

(Mar 27, 2018) Privacy engineering is a burgeoning field with significant implications for the future of the privacy profession. The IAPP aims to facilitate this growing field, in part, by having created a new Privacy Engineering Section. Tomorrow, we will host our inaugural Privacy Engineering Section Forum. In a post for Privacy Tech, Georgia Tech Professor Annie Antón, who chairs the IAPP Privacy Engineering Section Advisory Board, offers a sneak peek into the themes for the post-Summit event. "We are only ... Read More

Making your own path in privacy

(Mar 27, 2018) You need the job to get the experience, but you need the experience to get the job. Sound familiar? Breaking in to a career in privacy can be tough, as can advancing to the next level. However, there's lots of good news for job seekers; between the GDPR, the ever-growing scope of data breaches, and the frenetic pace of technological change, privacy pros are in demand. Check out the IAPP's Intro to Privacy page for tools, advice and information for people in the beginning stages of their privacy ... Read More

Full ebook released: “Top 10 Operational Responses to the GDPR”

(Mar 26, 2018) Last year, one piece of IAPP content was downloaded above all others: “The Top 10 Operational Impacts of the EU’s General Data Protection Regulation.” Some 70,000 of you availed yourselves of the free ebook. Well, we’re no dummies. This year we’ve created, and release today, its companion piece: “The Top 10 Operational Responses to the EU’s General Data Protection Regulation,” another ebook, free to IAPP members, which focuses on practical and focused tasks that privacy pros have to accomplish a... Read More

New GDPR consent, subject rights management tool for IAPP members

(Mar 26, 2018) Here at the Summit, OneTrust has released an update to its free tool for IAPP members, which has been revamped to help with the management of the GDPR’s new requirements for consent and data subject rights, as well as current obligations under the ePrivacy Directive. The tool allows IAPP members to “manage and validate consent preferences, facilitate data subject requests, as well as generate demonstrable record keeping in the event of a regulatory audit,” plus scan for tracking technologies. Ge... Read More

Don’t sleep on California — read the book

(Mar 26, 2018) Before there were 48 breach notification laws in the United States, and a looming addition in the European Union, there was California: The first U.S. state to implement breach notification, back in 2003. And then there’s CalOPPA, the first U.S. law to require privacy notices, way back in 2004. Clearly, as California goes, so goes the nation. That’s why the IAPP is excited to be publishing Baker McKenzie Partner Lothar Determann’s “California Privacy Law,” the authoritative text on understanding... Read More

Lorrie Faith Cranor receives Privacy Leadership Award

(Mar 26, 2018) At a ceremony this morning at the Summit, Lorrie Faith Cranor, CIPT, co-director of Carnegie Mellon University’s MSIT-Privacy Engineering masters program and director of the CyLab Usable Privacy and Security Laboratory, was awarded the IAPP’s Privacy Leadership Award by IAPP President and CEO Trevor Hughes, CIPP. Cranor has been a pioneer in bringing the field of privacy engineering into existence and is just off a stint serving as the Federal Trade Commission’s chief technologist. “Her merits a... Read More

Henriette “Jetty” Tielemans receives Privacy Vanguard Award

(Mar 26, 2018) At a ceremony this morning at the Summit, Henriette “Jetty” Tielemans, co-chair of Covington & Burling’s global privacy and data security practice, was awarded the IAPP’s Privacy Vanguard Award by IAPP President and CEO Trevor Hughes, CIPP. As founder of Covington’s Brussels office in 1990, Tielemans was one of the very first lawyers working in the privacy field and has built a reputation for navigating some of the trickiest cases before national regulators. Further, said Hughes, “In terms o... Read More

Making sense of the exhibit floor

(Mar 26, 2018) Five years ago, the Summit exhibit floor largely consisted of lawyers sitting behind tables answering questions about their services. Now, the floor is awash with video screens and technology touting solutions for all of your privacy program ills. How does one evaluate and buy software? Perhaps you should start with the IAPP Tech Vendor Report. Now in its second year, the free document features more than 120 companies offering technology from all around the world, plus analysis of how to shop fo... Read More

Privacidad en Español

(Mar 26, 2018) Now in its third year, the Spanish-language update on Latin American privacy regulations and enforcement is a must-attend session for anyone serious about doing the work of privacy in the southern part of the Western Hemisphere. This year features data protection authorities from Costa Rica, Argentina, and Mexico, plus an update on Brazil’s long journey toward a comprehensive data protection law. Hosted by former Colombian DPA José Alejandro Bermúdez, the IAPP provides simultaneous translation f... Read More

New releases at the Summit

(Mar 26, 2018) We told you the exhibit floor was hopping: This year’s Summit features a slew of brand-new releases worth checking out. Incident-response management solution provider Radar has announced its Breach Guidance Engine is now updated with the GDPR’s “stringent breach risk assessment and notification timelines.” Similarly, Nymity has updated its offerings with its GDPR Implementation Tracker, which will allow subscribers to get up-to-the-minute updates on how EU members states are implementing the GDP... Read More

IAPP and OneTrust map ISO 27001 to the GDPR

(Mar 24, 2018) According to the International Standards Organization, in 2016 more than 33,000 organizations globally held certification to the ISO 27001 standard, which relates to information security management systems and security controls. That same year, the European Union’s General Data Protection Regulation was finalized, launching a two-year scramble for compliance by May 25, 2018, for companies of all sizes around the world. Noting the significant common ground between the GDPR and ISO 27001 requireme... Read More

New study resource for CIPP/A

(Mar 24, 2018) Maybe you’re eyeing that session on Tuesday at 2 p.m.: “Journey to the East: A Primer on Asia’s Data Protection and Privacy Developments.” Maybe you’re considering getting CIPP/A certified? We’ve got some good news for you. The IAPP Westin Research Center has produced a brand-new CIPP/A Study Guide, formatted to mimic the very popular “GDPR in 20 Minutes” study guide that members have flocked to. It walks you through all the principles of privacy that serve as the foundation for Asian privacy la... Read More

New to the Summit? Here’s some advice

(Mar 24, 2018) The massive scale of the Global Privacy Summit can make it a total sensory overload. If you don’t come in with at least a half-baked plan, you are bound to end up spinning in circles. While there may be no “right” way to attend a conference, after attending a few IAPP events former IAPP Westin Fellow Cobun Keegan can safely say that you need at least the semblance of a plan. In this piece for Privacy Perspectives, Keegan lays out some tips and tricks for the first-time Summit attendee (or even t... Read More

GDPR? We’ve got a few books for that

(Mar 24, 2018) Perhaps you’ve heard: There’s this very large law coming into effect in the European Union in May. The General Data Protection Regulation? Have you heard of it? It’s likely you have. And that you’re looking for as many great resources as you can find to help you with preparations. Good news: In addition to “European Data Protection,” our textbook supporting the CIPP/E program, we are releasing today at Summit two new, practically-focused books, “Hands-On Guide to GDPR Compliance,” by Karen Lawre... Read More

Monday? More like fun-day

(Mar 24, 2018) Yes, we did just write that headline. Because the new arrangement of the Summit means that Monday night is networking night, with After Hours events scheduled all over town. There are events scheduled to gather the Latin American community, the Minorities in Privacy group, the Young Privacy Professionals, the Women Leading Privacy group, the LGBTQ community, and a “General After Hours,” for those who just don’t like to go to bed early. Make sure you check out the Networking+ page for all the eve... Read More

Meet our Artist-in-Residence: Will Sears

(Mar 24, 2018) Artists have long helped us to better understand the world around us, providing new lenses through which to view complex issues. That’s why the Summit each year invites an artist to come and dress the place up a little, giving attendees a new way to think about privacy. This year, Will Sears brings his abstract sign-making for your consideration, deconstructing what are meant to be clear, functional sign-posts and reassembling them in ways that make us consider what they are really asking us to ... Read More

Do you have your copy of Privacy & Freedom?

(Mar 24, 2018) You’ve seen the work of the IAPP Westin Fellows. From the “Top 10 Operational Responses to the GDPR” series to illuminating studies of DPA budget and staffing to examinations of the U.S. v. Microsoft case, these year-long researchers with the IAPP produce great work. But have you read the work of Alan Westin, the seminal thinker in data privacy for which the Westin Research Center is named? If not, get to the IAPP booth and pick up your copy of Privacy & Freedom. For a $50 donation to the We... Read More

Get up to speed before the opening keynotes

(Mar 24, 2018) Monica Lewinsky? Monica Lewinsky. Twenty years on, it’s still impossible not to hear that name without seeing the beret. Without thinking about … well, things that are probably best talked about outside of a professional setting. And that’s the point. How, in this day and age, does one get one’s name back? How does one get society to move on? If you haven’t kept up with Lewinsky’s story arc, make sure to read her piece in Vanity Fair before her opening keynote on Tuesday, to be followed by Jon R... Read More

Get your guidance on the WP29 guidance

(Oct 18, 2017) Just in time for P.S.R., the EU's Article 29 Working Party released yesterday new guidance on data breach notification and automated decision-making and profiling. And, of course, the IAPP has you covered. Our current Westin Research Fellows, Muge Fazlioglu, CIPP/US, and Lee Matheson, CIPP/US, have produced quick recaps of the lengthy guides, and this morning's breakout sessions are chock-full of GDPR experts ready to expound on what we've learned. Find the breach notification recap here and the... Read More

The UX Guide to Getting Consent

(Oct 18, 2017) In the EU General Data Protection Regulation, set to come into force in May of 2018, the word “consent” appears 72 different times. However, another word is conspicuously absent from the GDPR: “notice.” Actually, it appears a single time in the document, but in a setting that’s irrelevant to data subjects. The GDPR says that the EU Commission must give notice to a third country when revoking an adequacy decision for trans-border data flow, but doesn’t say anything about how organizations should ... Read More

The straight dope on the Equifax hack

(Oct 18, 2017) In yesterday’s keynote conversation, ISACA CEO Matt Loeb wondered who in the crowd was affected by the Equifax hack: “Really? With 143 million records, I’d have thought every hand would go up.” Truly, it was a big deal. The CEO resigned, the interim CEO used The Wall Street Journal to apologize to the world, and there’s talk of Congress passing new legislation to ward off this sort of thing happening again. And yet the IRS told reporters yesterday it didn’t think the breach would have much impac... Read More

Trying to make sense of blockchain

(Oct 18, 2017) In a packed room yesterday, privacy pros learned about, and discussed, what is perhaps the most hyped, and least understood, technology in the digital world: blockchain. With an internet-of-things ecosystem exploding across the globe, the mathematics and cryptography informing blockchain may well provide a transparent, cohesive formula for solving IoT's privacy and security issues, as well as other obstacles in finance, health care, industrial infrastructure, and beyond. Though there is a hunger... Read More

Will we see the great ad tech disruption?

(Oct 18, 2017) There's no question the EU GDPR has anyone who's paying attention on their feet. Talk to any privacy consultant or vendor and they'll tell you: Business is good these days. But there's one group in particular that's got both a lot at stake and a lot of unknowns to contend with ahead of May 2018, and that's the ad tech industry. That was clear at yesterday's session, "What Third-Party Compliance Will Look Like for Ad Tech," where there were at times more questions than answers. Privacy Advisor Ed... Read More

TrustArc’s Data Flow Manager launches at PSR 17

(Oct 18, 2017) GDPR’s Article 30 obligations, requiring both an understanding of the data you’ve collected and the consent attached to it, has led to an explosion in offerings designed to help you understand what data your organization holds and how it moves through your organization. For PSR 17, TrustArc has released a new data inventory and mapping solution they’re calling Data Flow Manager, designed to help simplify the compliance obligations with which many organizations are now faced. At 9 a.m., TrustArc ... Read More

How to do training well

(Oct 18, 2017) One thing the IAPP-EY Privacy Governance Report reinforces year after year: Training is part of the gig. After drafting privacy policies and notices, providing enterprise privacy training and awareness is the second-most-popular activity in which privacy professionals engage. But how to do it well? That’s the focus of “Privacy Training from Top to Bottom,” featuring California Edison’s Chris Pahl, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, and WorkDay’s Barbara Cosgrove, taking place at 1... Read More

What’s that app collecting, anyway? And how risky is it?

(Oct 18, 2017) The story of the flashlight app has become almost apocryphal: Once the Federal Trade Commission learned that it was collecting — and selling — location data, the hammer of justice landed swiftly. Consumers, certainly, would not expect their flashlight to collect their location and distribute it to others. But what data should mobile apps collect, and what risk does that collection present? That’s the question Kryptowire helps to answer. With the IAPP, the app-scanning company has taken the risk-... Read More

2017 IAPP-EY Privacy Governance Report released

(Oct 17, 2017) You’ve been waiting all year for it: The 2017 IAPP-EY Privacy Governance Report, nearly 150 pages of data you can use to benchmark your privacy program against what the rest of the world is doing, with breakdowns by industry, by company size, and by geography. This year, we have a special focus on (you guessed it) the EU’s General Data Protection Regulation, and the results are pretty clear: The GDPR is having a massive effect on the way that privacy is done. We are seeing bigger staffs, more bu... Read More

The dawning of the Age of the Cyberpro

(Oct 17, 2017) "The siloed data governance professions of today will not be able to meet organizations’ data risk management needs of tomorrow." Such is the argument put forward in a paper by Professor Dennis Hirsch, Faculty Director at The Ohio State University's Michael E. Moritz College of Law Program on Data and Governance, with Program Manager Keir Lamont. What's needed to address changes happening rapidly in our digital society are professionals with hybridized skills and fluency across the domains of cy... Read More

Levy details our intimate relationship with surveillance

(Oct 17, 2017) It's often true that privacy professionals talk about the datafication of our lives as being impersonal. In fact, however, data is incredibly personal and intimate, and the technologies we employ impact us in incredibly intimate ways. Given that, it's important for privacy professionals to work beyond compliance and closely examine the ways technologies are going to be used, in particular, in asymmetric power dynamics. That was the message from yesterday’s closing keynoter, Karen Levy, here at P... Read More

New Alliance of tech vendors emerges

(Oct 17, 2017) With new privacy challenges has emerged new privacy technology, solutions to help with what can sometimes seem like the truly monumental task of managing privacy operations. The are so many vendors jumping into the space that the IAPP has put together a Privacy Tech Vendor Report to help privacy pros locate privacy tech vendors and their solutions and a new Alliance of Global Privacy Solution Providers has emerged to help privacy pros understand when software tools are appropriate for compliance... Read More

APIA gets a GDPR infusion

(Oct 17, 2017) For three years now, the IAPP has teamed with AvePoint to distribute APIA, a free tool for automating privacy impact assessments. Today at PSR, AvePoint unveils the latest version, which integrates “an advanced GDPR Detailed Assessment” template the company developed with assistance from the Microsoft privacy team. The new GDPR assessment is designed to help organizations and their service providers track their progress toward GDPR compliance over time and recommend ways to close identified gaps... Read More

OneTrust unveils what it calls “first-to-market” Data Subject Access Request Portal

(Oct 17, 2017) Here at PSR, OneTrust is launching what it believes to be a new category of privacy technology: its Data Subject Access Request Portal, which is designed to allow organizations to manage all of the requests newly allowed by the GDPR for data subjects to access their data, correct it, revoke consent, or ask for data to be deleted. The idea is to automate record keeping and make it easier to not only fulfill requests, but also to demonstrate compliance. The DSAR Portal is fully integrated with the... Read More

Politics and privacy

(Oct 17, 2017) As privacy issues have gone more mainstream, they have inevitably developed into political hot buttons. This morning at 9 a.m., the Women Leading Privacy Section of the IAPP will explore how the Trump administration “has brought policies and executive orders that appear to have a disproportionate impact on the privacy rights of women and children.” The panel of the ACLU’s Matt Cagle, McKinsey Global Privacy Officer Amy Yates and Frankfurt Kurnit Klein & Selz Partner Tanya Forsheit will explo... Read More

Bloomberg releases “Cyber Insurance” white paper

(Oct 17, 2017) Nothing mitigates risk quite like insurance. It’s a propos, then, that Bloomberg Law has chosen PSR for the release of its new white paper, “Cyber Insurance,” penned by Hunton & Williams’ Sergio Oehninger, Patrick McDermott, and Walter Andrews. A practical guide, the paper aims to help privacy professionals negotiate better cyber insurance coverage, identify risk appropriately, and plan for how the insurer should participate in coordinating incident response. The paper is the newest addition... Read More

Teleperformance wins IAPP-HPE Privacy Innovation Award for privacy operations

(Oct 15, 2017) Specializing in providing support for companies through outsourced customer experience management, Teleperformance operates in 74 countries. Its annual interaction with 40 percent of the global population makes it the world’s largest data processor. Being great at privacy is clearly in the company’s best interests. It is perhaps no surprise, then, that Teleperformance is this year’s winner of the HPE-IAPP Innovation Award in the category of privacy operations innovation. The HPE-IAPP Privacy Inn... Read More

Radar wins HPE-IAPP Privacy Innovation Award for privacy technology

(Oct 15, 2017) The evolution of the privacy field has seen a swift reaction from software companies, all eager to find new ways and methods of lessening the burden of compliance and privacy regulation for privacy professionals. This year’s 2017 HPE-IAPP Innovation Award for Privacy Technology goes to RADAR for its patented SaaS-based incident response management software. RADAR’s technology guides clients through a methodical process designed to objectively reduce risk and streamline compliance surrounding dat... Read More

Getting the “Security” in PSR

(Oct 15, 2017) The IAPP, including the Education Advisory Board that programs our U.S.-based conferences, knows privacy. That’s what we do. Security? That’s a different animal, as privacy professionals the world over regularly explain as part of their enterprise-wide training. So, this year we teamed with a pair of security-focused organizations to program the security portion of Privacy. Security. Risk.: The Online Trust Alliance (now an Internet Society initiative) and the Center for Internet Security. Both ... Read More

Levy to talk love, truckers, and the future of our digital selves

(Oct 15, 2017) Recently, MIT Technology Review published data showing the way people meet is affecting the nature of marriage and society, itself. While we have traditionally found love from within our personal network, keeping us sort of personally siloed, the new reality of online dating has created pairs of absolute strangers, which has, perhaps counter-intuitively, led to stronger marriage bonds. We’re apparently marrying better matches, rather than the best we can find amongst our circle of friends. This ... Read More

Satiate your hunger for Junger

(Oct 15, 2017) Man, if you know Sebastian Junger, the rhyme scheme in the headline really doesn’t work, does it? No matter. If you know Sebastian Junger, you know we’re being presented with a pretty cool opportunity tonight when he speaks on the plenary stage. The author of “A Perfect Storm,” the book from which George Clooney’s awful Massachusetts accent was launched, and now the best-selling “Tribes,” Junger is a journalist who has been to the farthest reaches of the world and experienced the best and worst ... Read More

Get your GDPR fix here

(Oct 15, 2017) We know, we know: The GDPR Bootcamp today is sold out. Some of you are bummed to have missed out. We do, however, have good news. If you’ve got a yearning to hear Bird & Bird’s Ruth Boardman and Hogan Lovells’ Eduardo Ustaran talk GDPR, we can help with that. Recently, the pair chipped in for our three-part “Knowing and Implementing the GDPR” series, which explored the big issues the GDPR presents for organizations all over the world. The best part? We’re giving it away — find part one, with... Read More

Find your folks later tonight

(Oct 15, 2017) While the opening reception ends at 6:15 p.m. tonight, that’s not the end of your networking opportunities for the night. Our membership team has been busy organizing events where you can head into San Diego and find privacy professionals just like you. We’ve got specific gatherings for Young Privacy Pros, people from the Southwest (led by our Southwestern KnowledgeNet Chairs), Women Leading Privacy (men welcome!), and a lot more. Make sure to head to the networking page through the “Read More” ... Read More

Join the conversation on Twitter with #PSR17

(Oct 15, 2017) Do you do the Twitter thing? It can surely be a time suck, and a great place to meet a bot without knowing it, but it can also be a cool place to engage in conversation and debate with folks in real-time. Should you be interested in wading in, we’ll be online with @DailyDashboard and @PrivacyPros (along with @JedBracy and @PrivacyPen, for that matter) and using the #PSR17 hashtag to tweet out news, thoughts, and maybe a few photos about what’s happening at the conference this week. Feel free to ... Read More

Are you making what you’re worth?

(Apr 20, 2017) That’s the big question. Per usual, the IAPP has the answer, with today’s release of the 2017 IAPP Privacy Professionals Salary Survey, sponsored by OneTrust and exclusively for IAPP members. Within, you’ll find data on the mean and median salaries, bonuses, and rate of salary increases for a wide variety of privacy professionals. We break things out by industry, years in privacy, certifications held, education attained, and by geography. Even by where you live — big city or the ’burbs. Presente... Read More

Lynch named IAPP Vanguard Award recipient

(Apr 20, 2017) The IAPP Vanguard Award is the highest honor in the privacy profession, awarded in the past to the likes of Chris Wolf, Scott Taylor, CIPP/US, Jennifer Barrett Glasgow, CIPP/US, and Mary Ellen Callahan, CIPP/US. Yesterday, the IAPP honored Microsoft CPO Brendon Lynch, CIPP/US, former IAPP Board of Directors Chair and a long-time thought leader in privacy management. “No one exemplifies excellence in our field in a greater magnitude than Brendon Lynch,” IAPP CEO and President Trevor Hughes said. ... Read More

Groman, Dean take home Privacy Leadership awards

(Apr 20, 2017) Yesterday, the IAPP announced the winners of its Privacy Leadership Award, split between two privacy professionals who put in long hours with the U.S. federal government this past year. In his role as special advisor to the White House, Marc Groman, CIPP/US, was instrumental in revamping the way the privacy profession is valued within federal departments. As a vital voice in the EU-U.S. Privacy Shield negotiations, Ted Dean was deeply involved in bringing data transfer between the EU and United ... Read More

Irish Minister on US-EU digital strategies

(Apr 20, 2017) In interviewing Irish Data Protection Minister Dara Murphy yesterday here at the IAPP Global Privacy Summit, IAPP VP of Research and Education Omer Tene asked a pointed question: Given that the vast majority of the large internet firms are American, “Would you say that the European digital market strategy has failed?” Murphy said that he would, “but I don’t think it continues to fail.” Thus began an examination into U.S. and EU approaches to digital innovation, why U.S. internet firms dominate, ... Read More

Edelson announces three new suits; discusses current realities of data breach litigation

(Apr 20, 2017) If you ask Jay Edelson, he'll tell you things are about to get significantly better for class-action litigants on the plaintiffs' side. He sees a shift in the way courts are willing or not willing to handle settlements. He's feeling good enough about the future of such cases, in fact, that he announced yesterday three new filings on behalf of Edelson PC, his Chicago-based law firm, recently put forth or with plans to officially file, including one against Bose, for sharing its consumers' listeni... Read More

An update on the future of standard contractual clauses

(Apr 20, 2017) Just weeks after the Irish High Court heard arguments from select parties in a case that could affect the future of private trans-Atlantic data flows, Irish Data Protection Commissioner Helen Dixon shared her thoughts about the case and questions the court must consider. "These hearings were positive," she said during a panel session at the IAPP Global Privacy Summit in Washington. "It was an extremely comprehensive hearing on complex issues. This wasn't a case where the judge will rush to judge... Read More

See how they make the sausage, er, podcast

(Apr 20, 2017) Hooked on the weekly Privacy Advisor Podcast, hosted by Advisor Editor Angelique Carson, CIPP/US? Perhaps you’d like to see it recorded live, right here at the Summit. Today at 9:30, Carson corners Alvaro Bedoya, former chief counsel to the U.S. Senate Judiciary Subcommittee on Privacy, Technology and the Law and to then Chairman U.S. Sen. Al Franken (D-Minn.), and now the founding executive director of the Center on Privacy & Technology at Georgetown Law. They’ll talk surveillance, how priv... Read More

So we have Brexit

(Apr 20, 2017) With news of June 6 elections in the U.K., the Brexit era has become even more potentially complicated. You’d be forgiven for not knowing quite exactly what is going on, especially if you’ve been watching from afar. That’s why we’ve grabbed two of London’s most sophisticated data protection lawyers to lay it out for you: How does it work, when will it happen, and how will data protection law be affected? Bird & Bird’s Ruth Boardman and Hogan Lovells’ Eduardo Ustaran, CIPP/E, have the answers... Read More

Get all your incident-response info in one handy place

(Apr 19, 2017) It’s the information you don’t need until you really need it badly: The breach notification and response rules for every jurisdiction in which you do business. What needs to be in the notification? How much time do you have? Which regulator needs which information? Does what happened even rise to the level of being a breach? Now, with the help of RADAR, the IAPP has you covered. The brand-new IAPP-RADAR Incident Response Center is designed to give IAPP members the answers to all of the above ans... Read More

Data mapping is a problem. We’ve got the solution

(Apr 19, 2017) Whether it’s to comply with the upcoming General Data Protection Regulation or just simply to manage your privacy program effectively, you need to know what data your organization has, where it comes from, and where it goes. Often, privacy professionals document this in Microsoft Word or Excel, where it sits on a hard drive for a year. You need something with multiple ways to input data. You need something that automatically produces a data visualization map. You need something better. That’s wh... Read More

Need some help with Privacy Shield? Go straight to the source

(Apr 19, 2017) Regardless of dire predictions about the EU-U.S. Privacy Shield’s future, the fact is that it’s in place now and an accessible way to manage data transfers out of the EU to the United States. Maybe you’ve got some questions about whether it’s right for your organization or how to self-certify? That’s why the U.S. Department of Commerce is on site here at the Summit to provide one-to-one consultations on how to get all of your bases covered. Hey, they’re happy to talk Swiss-U.S. Privacy Shield, t... Read More

Exploring the risk-based approach to de-identification

(Apr 19, 2017) As with so many things in this world, there is rarely, if ever, a silver-bullet solution to a complex problem in privacy. Perhaps the most glaring example of this is in defining the identifiability of an individual. Countless privacy laws and regulations around the world define personal information in different ways using varying definitions. Though not new, de-identification, or anonymization, is a useful tool to meet compliance and mitigate risk. "Identifiability is relative and contextual," M... Read More

Using metrics to demonstrate your program’s value

(Apr 19, 2017) It doesn't matter what it is you decide to track, but pick something, and then follow it. It's more about being able to show change over time than anything else. That was the advice Jennifer Garone, CIPP/US, CIPT, FIP, gave attendees in an Active Learning session yesterday on "Measuring and (Proving!) Privacy's Business Value," here at the Summit. In the end, "The number isn't so important," she said. "It's about showing change. It's about storytelling." Using the metrics you gather, she said, y... Read More

Just getting into privacy? Time to get going

(Apr 19, 2017) One of the most frequent questions we get at the IAPP is: “How do you break into the privacy profession?” Well, we’re glad you asked. One of our most popular breakout sessions returns today at 4:30 p.m., with “Get in and Get Going: Navigating Your Entry into the Privacy Field,” a frank discussion from privacy professionals at different stages of their careers about how they broke in and began the climb up the ladder. And if you’re interested in this topic, make sure to check out our Career Centr... Read More

The next hot privacy spot: Latin America

(Apr 19, 2017) While all eyes recently have been on the European Union, and for good reason, the rest of the world is busy developing new privacy regulation as well. Maybe you’ve even been eyeing what Asia is up to, with the APEC Privacy Framework and CBPRs. Well, here’s a reminder that many Latin American countries are APEC members as well, and that privacy regulation is shifting quickly in Latin American, with new laws either in place or under development in Peru, Chile, Argentina, Mexico, and more. To make ... Read More

Might Dublin be London 2.0?

(Apr 19, 2017) Post-Brexit, it’s hard to know how the world will see the U.K. It’s certainly possible that global firms will feel the need to find a new English-speaking location for setting up an EU-based HQ. Might Dublin rise in prominence as a data protection gateway to the EU? Such is one of many questions with which IAPP VP of Research and Education Omer Tene will ply Dara Murphy, Minister of State for data protection in Ireland, as part of “A Bridge to Europe: Ireland's Growing Role in the Transatlantic ... Read More

Calculating risk in the mobile app environment

(Apr 17, 2017) We hear about “mitigating privacy risk” on a regular basis. The GDPR calls for a risk-based approach to privacy operations. Certain “high-risk” endeavors even trigger data protection impact assessments and calls to the local data protection authority’s office. Rarely, however, do we see risk-scoring in action. Until today. The IAPP and Kryptowire have teamed up to survey 400 privacy professionals regarding how they score the risk of collecting dozens of types of data and performing various actio... Read More

The rise of privacy tech

(Apr 17, 2017) Since the debut of the IAPP Privacy Tech Vendor Report at the end of January, we’ve seen privacy tech vendors seemingly come out the woodwork, with increasingly sophisticated offerings. We refreshed the report with v1.2 for the RSA Security event in late February, and now we release v1.3 for Summit, with 18 new vendors in the listings and an all-new category-based table of contents. It’s no wonder the exhibit floor is the largest we’ve ever seen, enhanced by a number of first-time exhibitors. Gr... Read More

Up for a game of Privacy Bingo?

(Apr 17, 2017) Are you the sort of person who likes to have something to keep focused on during breakout sessions? Or do you go to enough conferences that every session starts to sound the same? You might be right for Privacy Bingo, the invention of the NAI’s Grant Nelson, CIPP/US, and CDT’s Joe Jerome, CIPP/US, and debuting for the first time here at the Summit. Just hop online, pick the session you’re in, and start marking squares. Was that a mention of “hackers”? Did someone say it’s not if, but when you’ll... Read More

It’s a bird, it’s a privacy pro — it’s Prudence!

(Apr 17, 2017) By now, you’re surely aware of the world’s first privacy superhero, Prudence the Privacy Pro (and her trusty sidekick, Opt-Out, the Hawk), but have you grabbed your free 2017-2018 Prudence calendar? They’re available at the IAPP Resource Center booth on the exhibit floor, sponsored by OneTrust. Make sure to bring one home for the office wall. In the meantime, also be sure to visit the Prudence page in the online Resource Center, where we’ve collected all three years of monthly comics, plus a pai... Read More

Let’s talk 'Privacy Law Fundamentals'

(Apr 17, 2017) It’s an odd year, so you know what that means: An updated version of "Privacy Law Fundamentals." For 2017’s edition, authors Dan Solove and Paul Schwartz have dramatically increased the content of the must-have desk reference guide to privacy law, with new sections on the EU’s General Data Protection Regulation and a more robust global overview, in general. The best part? You can grab a signed copy from Solove, himself, on the exhibit floor tonight at the opening reception and throughout the Sum... Read More

The original privacy enforcement action

(Apr 17, 2017) You think 4 percent of global turnover is a harsh punishment? How about being turned into a stag for your own hunting hounds to chase down and tear limb from limb? Such was the fate of Actaeon in Ovid’s Metamorphoses, after the goddess Diana caught him watching her bathe alongside her nymphs. It’s a story that’s captivated this year’s Summit artist-in-residence, Lincoln Perry, who has used it for inspiration in his Diana’s Baths series. Contemporizing the story, and setting it among a series of ... Read More

Women Leading Privacy want you to network, network, network

(Apr 17, 2017) The IAPP’s Women Leading Privacy section has been busy this year, with a new Listserve (group name is WomenLeadingPrivacy), new section home page, and gatherings at each IAPP event. Now, here at the Summit, you can join in on Women Leading Privacy After Hours at the Dignitary in the Marriott at 7:30 p.m. tonight; check out some WLP Speed Networking during the Privacy Bash on Wednesday night; head to the Avepoint booth on the exhibit floor to participate in a WLP video project, or hear about “Bu... Read More

Everyone else wants you to network, network, network, too

(Apr 17, 2017) As the Summit has grown, we’ve heard your calls for more networking opportunities. It seems like there’s 3,500 people here, but it’s hard to actually meet anyone. Well, there’s no more excuse for that. This year we’ve massively built out your opportunity to find someone who gets your vibe or feels your pain, whether it’s our peer-to-peer discussion round tables — happening all day Wednesday — or whether it’s our KnowledgeNet meet-ups, where KNets from just about every region of the world have a ... Read More

US gov’t recognizes distinct roles of privacy leaders

(Sep 16, 2016) The federal government yesterday at P.S.R. released updated guidance on the role of senior agency officials for privacy (SAOPs). Specifically, the Office of Management and Budget’s guidance establishes that privacy and security are distinct disciplines and require distinct training and perspectives. In a blog post, Marc Groman, CIPP/US, senior advisor for privacy at OMB, said the guidance further "recognizes that the success of an agency's privacy program depends upon its leadership.” But, more ... Read More

O’Neil to privacy pros: Help me destroy big data’s lies

(Sep 16, 2016) Cathy O'Neil is out for blood. Her target? Big data. That was the message she delivered to privacy pros during her keynote address yesterday here at Privacy. Security. Risk. 2016, and she asked for help in her mission. To be clear, what O'Neil really aims to destroy are the algorithms employed in the name of utilizing big data to make decisions, algorithms she calls weapons of math disruption, or WMDs, which she says have very real negative impacts on vulnerable populations. But it's not so much... Read More

CSA announces Ron Knode Service Award winners

(Sep 16, 2016) The Cloud Security Alliance announced yesterday morning the recipients of its fifth annual Ron Knode Service Award, named for the creator of the CSA Cloud Trust Protocol, who died in May 2012. Known for his boundless energy and good humor, Knode personified the volunteer spirit and contributed to CSA’s mission with countless contributions toward promoting best practices in establishing a secure computing environment. These six members from the Americas, Asia-Pacific and EMEA have each, themselve... Read More

Tech leaders unpack data ethics, corporate values

(Sep 16, 2016) Companies are able to collect and process more data than ever before, and with that comes the opportunity for research and testing at unprecedented and potentially life-saving levels. Such research could come in the relatively harmless form of A-B testing to unveil how the color of a company’s logo translates to better user engagement, but also move into more murky efforts intending to find solutions for the social good, such as discovering a cure for cancer. At P.S.R. Thursday, tech privacy lea... Read More

Privacy notice change management

(Sep 16, 2016) It might be the oldest topic in the IAPP canon: What makes a good privacy notice? In fact, while attendees of Privacy. Security. Risk. were mingling in San Jose, California, the U.S. Federal Trade Commission was discussing that very topic in Washington, DC, as part of their workshop series. Somehow, though, there remains grist for the mill. The panelists at P.S.R.’s “Making the Grade: Moving Beyond Compliance into Data Stewardship,” moderated by the IAPP’s Jedidiah Bracy, CIPP, even found someth... Read More

What lies ahead for autonomous vehicles?

(Sep 16, 2016) Smartphones took the world by storm; now, less than 10 years later, they are part of everyday life. A similar trend is about to happen with connected and autonomous vehicles. This emergence will disrupt the automotive and transportation industry in ways that go to its very foundation. As this groundbreaking technology rapidly advances, what are the legal and ethical considerations for manufacturers as they bring new solutions to their customers? For one, how should cars, and the tech companies a... Read More

Privacy litigation: Defining privacy harm

(Sep 16, 2016) Recently, in a case that has already spanned five years, the U.S. Supreme Court ruled in favor of data broker Spokeo, overturning a lower court’s ruling by a 6-2 vote. The case generated attention because of its potential to shift the balance one way or another in privacy cases, specifically those in which plaintiffs allege they've been "harmed" by a company's data protection practices (or lack thereof). There is some debate, however, as to whether the ruling is actually "in favor" of Spokeo at ... Read More

BigID launches early access beta program

(Sep 16, 2016) Enterprise privacy management technology firm BigID used its space on the Privacy. Security. Risk. show floor to announce the availability of its early access beta program. Founded earlier this year, with a $2.1 million funding round in May, BigID helps enterprises “better protect the privacy of their customers’ personal data through the application of data science.” The company’s technology “gives enterprises intelligence and governance controls needed to help protect against proliferating priv... Read More

2016 Annual IAPP-EY Privacy Governance Report released

(Sep 15, 2016) What’s the mean privacy budget for a company with $1 billion in revenues? What’s the primary reason for a company with fewer than 5,000 employees to have a privacy program? What do manufacturing firms consider to be the toughest compliance task in the General Data Protection Regulation? The answers to these questions and many more are now available in the 2016 IAPP-EY Privacy Governance Report, 126 pages of detailed information from 600 companies around the world that have provided answers to bu... Read More

HPE-IAPP Privacy Technology Innovation winners announced

(Sep 15, 2016) This morning, the IAPP was pleased to announce the winners of the annual HPE-IAPP Privacy Innovation Awards, including for this year’s “most innovative privacy technology.” Two companies received the technology award this year. Vysk Communications has invented the QS1, a smartphone case designed to protect and secure voice calling and allow users a multitude of ways to secure their phone. Protenus offers a new platform for health care organizations needing to find a better system for protecting ... Read More

Talking ethics with Facebook and LinkedIn

(Sep 15, 2016) Running a privacy program for a worldwide communication platform isn’t easy. Challenges include dealing with regulators, consumers and the press across the globe. Increasingly, however, organizations are developing ethical frameworks they use to do more than simply avoid disaster. Of course, avoiding disaster is more important when you have one of the largest databases in the world. Such is the case with Facebook and LinkedIn. In “Privacy Law and Ethics in Communications Platforms,” on Thursday ... Read More

Thinking of heading to Women in Privacy Sesh tomorrow?

(Sep 15, 2016) At a recent Women Leading Privacy KnowledgeNet in Los Angeles, California, covered by Robert Kang for The Privacy Advisor, panelists discussed the ways in which they work to encourage other women to get into strong leadership positions. For example, FBI Assistant Special Agent in Charge Gina Osborn gave one example about inspiring even the youngest generation of future women leaders. Despite her busy schedule protecting public safety, Osborn takes the time to speak with elementary school girls a... Read More

Rosen keynote to contrast RTBF and First Amendment rights

(Sep 15, 2016) On the 100th anniversary of privacy pioneer Louis Brandeis’ appointment to the U.S. Supreme Court, Jeffrey Rosen released his new book, Louis D. Brandeis, American Prophet, published by Yale University Press. Of course, writes IAPP Westin Fellow Anna Myers, CIPP/US, in her review of the quick, 200-page read, Brandeis could very well be considered the center square for a privacy bingo board, but “Rosen’s book does more than appeal to the obvious constituency of readers with interests in privacy, ... Read More

Cathy O’Neil warns of ‘Weapons of Math Destruction’

(Sep 15, 2016) Remember the 2008 financial crisis and the “dark financial arts” that caused it? According to P.S.R. keynoter Cathy O’Neil, there are parallels between those calamitous days and the use of big data today. In her new book, “Weapons of Math Destruction,” O’Neil, a Harvard-trained mathematician who used to ply her talents on Wall Street, argues that the “discriminatory and even predatory way in which algorithms are being used in everything from our school system to the criminal justice system is re... Read More

Don’t forget tonight’s block party!

(Sep 15, 2016) Do you love to mingle with privacy and security pros after a long day of work to talk shop? Do you like parties? Then you’re going to want to show up for the P.S.R. Block Party from 5:30 to 7:30 p.m. Head out of the Marriot Convention Center and follow our “human signs” just down the street to San Pedro Square Market, where you can finally grab the ear of that speaker you saw earlier in the day while munching on a delicious assortment of local foods from dozens of purveyors based right here in S... Read More

What’s next in the FCC’s telecom takeover?

(Sep 15, 2016) When the Senate Committee on Commerce, Science, and Transportation held a July hearing on the Federal Communications Commission’s proposal to apply a new regime of privacy rules to broadband internet providers, on hand to testify were a slew of industry reps and academics. The FCC says the rules are aimed at giving consumers choices about how internet service providers use their data as well as confidence their data is safe. But some feel the rules are too top-down prescriptive. Former FTC Chair... Read More

IAPP and OneTrust combine to release PIA Platform

(Sep 13, 2016) With a mix of enterprise-grade automation, flexibility and customization, the new PIA Platform is a cloud-based solution released by OneTrust and the IAPP. Exclusively for IAPP members, it has been designed to allow privacy professionals to simplify their privacy impact assessments, and it provides executive dashboards, centralized record keeping and reporting, and unlimited usage by members of your organization. Out of the box, the PIA Platform comes with a PIA template for new HR initiatives, ... Read More

New IAPP Communities debuts at P.S.R.

(Sep 13, 2016) Privacy used to be little. Now it’s big. At 26,000 members, and growing, the IAPP isn’t the intimate affair it once was. Sometimes, it can feel difficult to connect with other practitioners facing the same hurdles you are. We feel your pain. That’s why we’ve launched IAPP Communities, a landing page that should make it easier for you to find just who you’re looking for. Whether through KnowledgeNets in your geographical area, official Sections that focus on common interests, or Affinity Groups t... Read More

How ‘data governance’ can empower the privacy pro

(Sep 13, 2016) Last year at this time, Peter Cullen, CIPP/US, was just joining PwC and talking about helping privacy professionals change the way they think about information risk management. Just as he was getting up to speed doing that very thing for the Information Accountability Foundation. Now, the market is seeing some of the fruits of that labor. At Privacy. Security. Risk. this week, Cullen will join with Intuit’s Barb Lawler, FIP, CIPM, CIPP/US, Google’s Troy Sauro, and PwC’s Toby Spry, CIPP/US, to ta... Read More

Predicting the price of a breach

(Sep 13, 2016) You’ve probably seen the Ponemon-IBM study examining the cost of a breach. This year, the average breach caused $4 million in damage, or roughly $158 per lost record. But the cost is different for every breach, depending on the nature of the data lost, how vital it was to the operations of the business in question, and what remediation is necessitated. Is there any way to more accurately predict what a breach would cost for your organization? That’s exactly what the Privacy Ref, Bob Siegel, FIP,... Read More

How exactly do you get beyond compliance?

(Sep 13, 2016) It’s getting to be a bit of an industry buzz phrase: Organizations are moving beyond compliance with their privacy operations. But what does that look like and how do companies who aren’t quite there yet get started? The Online Trust Alliance is doing its best to give you some examples. This year, in their eighth annual “Trust Audit & Honor Roll,” OTA has highlighted Twitter, Dropbox, Instagram, and a number of others for doing more than they have to. Some eschew the use of third-party track... Read More

Making sure privacy isn’t just for the privileged

(Sep 13, 2016) As opening P.S.R. keynoter Cathy O’Neil will tell you, the algorithms that make decisions nowadays can lead to discrimination even when programmers have the best of intents. And, as Angelique Carson, CIPP/US, has recounted in a piece for Privacy Perspectives, there are plenty of issues that need examining with minority populations receiving an undue share of surveillance and other privacy-invasive monitoring. To talk further about these issues, Carson has assembled “How To Ensure Privacy Isn’t O... Read More

Need some Shield info? We’ve got you covered

(Sep 13, 2016) As the clock ticks toward the end of the first 60 days since the EU-U.S. Privacy Shield framework came into effect, at which point the certain allowances for management of third-party vendors will lapse, many of you may be scrambling to get your ducks in a row. The IAPP is here to help. With our Resource Center landing page, you can get all of the texts and facts you need, and four sessions here at P.S.R. are geared just for you: “All You Need to Know about the EU-U.S. Privacy Shield Agreement,”... Read More

Where to get more cyber pros

(Sep 13, 2016) You’ve all seen the data: More than 100,000 cybersecurity professionals are needed right now in the United States alone to fill demand. But where will they come from? The National Institute for Standards and Technology are looking at that very question. In May, NIST announced $1 million cybersecurity education grants, as part of the National Initiative for Cybersecurity Education. Here at P.S.R., IAPP Director of Research Rita Heimes, CIPP/US, will examine these efforts in-depth with NIST’s Sean... Read More

Keynoter Denham on her new role in the UK

(May 9, 2016) You’ve likely seen Elizabeth Denham on the stage at the Privacy Symposium more than once. She has been a frequent and admired speaker. However, this is also likely the last time you’ll see her as a Symposium speaker – at least as a Canadian regulator. Denham recently was appointed to the position of Information Commissioner of the United Kingdom, and she’ll be moving across the pond, as they say, in July. Angelique Carson, CIPP/US, caught up with her on the way out the door to discuss her new ro... Read More

New panel on privacy for tech innovation added

(May 9, 2016) Due to a family emergency, Microsoft’s John Weigelt was forced to miss this year’s Symposium, but his session has been replaced with a panel discussion on the same topic. “Appreciating the Privacy Context for New Technologies” will now feature Deloitte’s Sylvia Kingsmill, IBM Canada’s Paul Lewis, CIPP/C, CIPT, and long-time privacy consultant John Wunderlich, CIPM, CIPP/C, exploring the way that new technologies and services shift the frame of reference used for privacy analysis. Hyper-scale clo... Read More

How should Canada regulate data breaches?

(May 9, 2016) Would you like to be part of the future of Canadian privacy regulation? The Privacy Symposium delivers your chance Thursday morning, at 8 a.m., with a special breakfast consultation session with the Department of Innovation, Science and Economic Development Canada (ISED). The Privacy and Data Protection Policy Directorate will lead a discussion with assembled privacy professionals about how PIPEDA’s new breach reporting regime should actually be implemented. Don’t miss having your voice heard in... Read More

IAPP and Nymity team to release tool for structured approach to accountability

(Apr 5, 2016) Accountability is the term of the moment, embedded in the new General Data Protection Regulation and something that is becoming an expectation of data protection authorities around the world. But how does an organization demonstrate accountability? Further, how does an organization even go about beginning the process of launching an accountability program? Nymity and the IAPP have teamed to provide a free set of tools that can help you figure out where you are and where you have to go. The Nymit... Read More

FBI GC Jim Baker: ‘I consider myself a privacy lawyer’

(Apr 5, 2016) In a wide-ranging and rare conversation yesterday at the Summit, FBI General Counsel Jim Baker discussed his role within the agency and provided an update to the current state of the highly publicized smartphone-encryption debate. “I’m worried about saying it in this room, but I do consider myself to be a privacy lawyer,” Baker said. With 27 privacy officers embedded within the FBI, Baker said it’s not about balancing privacy and national security. “We have to do both and reconcile them.” Jedidi... Read More

Privacy Shield? It’s a start

(Apr 5, 2016) At the IAPP Global Privacy Summit here in Washington yesterday, the FTC's Edith Ramirez and the CNIL's Isabelle Falque-Pierrotin faced reporter Jennifer Baker to address whether this whole Privacy Shield thing is really going to work and, more broadly, whether the EU and U.S. can find a way to play nicely and allow data transfers to continue between the continents. The consensus? It's a solid start. Falque-Pierrotin was tight-lipped over Article 29 Working Party deliberations on the framework, w... Read More

Privacy Shield winners and losers?

(Apr 5, 2016) Privacy Shield is still very much a work in process, but the heavy lifting is done and we’ve moved to the examination phase. As you prepare for “Regulating Technology on Both Sides of the Atlantic,” at 10:45 a.m. today, you can get Executive Director of World Privacy Forum Pam Dixon’s take on who the Privacy Shield winners and losers are, should the document become a finalized adequacy finding by the EU. Of course, Dixon writes, “With the Article 29 Working Party opinion on the Privacy Shield fo... Read More

Why you privacy pros should care about the new FCC rules

(Apr 5, 2016) Early this week, the Federal Communications Commission released a 147-page text outlining a set of privacy and security rules for broadband providers. As you prepare for this afternoon’s “The FCC’s Evolving Role in Data Privacy and Security Enforcement,” featuring FCC enforcement head Travis LeBlanc, read DLA Piper Partner Jim Halpert’s take on the proposed rules. Though the proposal is still subject to public comment, and “may change significantly,” privacy pros should care about it, he contend... Read More

APIA turns two: A look at how it’s used

(Apr 5, 2016) The IAPP’s APIA tool for automating privacy impact assessments was released at the Global Privacy Summit 2014. Since that time, it has been downloaded by more than 2,000 organizations. With the ability to load in customized question sets, assign tasks to various members of the organization via Active Directory, monitor the progress of a PIA as it develops, and issue auto-generated reports, APIA has become for many organizations a way of life. For Lisa Ruff, business development manager at H3 Sol... Read More

Microsoft’s Smith to Summit: We need new, better law

(Apr 5, 2016) "It was the best of times, it was the worst of times." That well-known phrase was penned by Charles Dickens more than 150 years ago, but it's just as relevant now. And while Dickens wasn't talking about privacy, he could have been, said Microsoft's Brad Smith as he opened his keynote speech at the IAPP's Global Privacy Summit here in Washington yesterday. In a well-received address, Smith outlined especially Microsoft’s position toward government access requests for personal data and concluded t... Read More

So, a moose, a giraffe, and a camera walked into a bar…

(Apr 5, 2016) Curious about those green mannequins wearing the T-shirts? They’re part of a larger collection of 1984 ephemera the IAPP has acquired and is presenting in pieces at events around the world. If you didn’t get a close-up look, here’s your chance, as we’ve put together a quick little gallery to showcase them near and far. And if you’re interested in adding to your own T-shirt collection, make sure to hit the IAPP booth in the exhibit hall, where you can get a new way to show the world #IGetPrivacy.... Read More

IAPP and Bloomberg Law frame the privacy counsel market

(Apr 4, 2016) Organizations around the world are grappling with an ever-changing legal landscape for privacy and data protection. It’s no surprise they rely heavily on expert legal counsel to help them navigate what can seem like a choppy sea of jurisdictions. But how much are they using external counsel? What are they paying? What services are they farming out and what are they keeping in house? To answer these questions and more, the IAPP and Bloomberg Law have teamed for a first-of-its-kind survey and repo... Read More

First look at Turkey’s historic data protection law

(Apr 4, 2016) After more than 10 years of drafting and debate, Turkey last week finally passed its Law on the Protection of Personal Data, the last Council of Europe Member State to address the protection of personal data with a framework law. Here at the Summit, we’ve got it covered, with “E-Commerce and Data Privacy in Turkey,” happening Wednesday at 2:30 p.m. on our Inspired Speakers stage. Make sure you bone up by reading Yusuf Mansur Özer’s analysis of the law for Privacy Tracker. With this law in place,... Read More

The privacy professional’s career track

(Apr 4, 2016) You’re here at the Global Privacy Summit for a reason: Privacy is your job. While you’re gathering information for how to do your job better, though, why not also make time to think about your career? That’s the aim of “Get in and Get Going: Navigating Your Entry into the Privacy Profession,” organized by Dennis Holmes, CIPP/US, who entered the privacy profession via the IAPP’s inaugural class of Westin Research Fellows. The panel will look at various ways to kick careers into high gear and make... Read More

Privacy Ref to offer accountability implementation service

(Apr 4, 2016) As chief operating officer at his company, Privacy Ref, Bob Siegel, CIPM, CIPP/C, CIPP/E, CIPP/US, CIPT, sees organizations he counsels struggle through a common problem: The privacy office drives responsibility for privacy and data protection, but there’s a disconnect between that assignment and the business offices responsible for seeing that through. Siegel had long been a fan of Nymity’s privacy software solution, Nymity Attestor, which serves as a tool for privacy offices to demonstrate acc... Read More

New this year: Inspired Speakers take the stage

(Apr 4, 2016) So many keynote-worth speakers in our field, so little time on the keynote stage. How do you solve that problem? This year, we’ve worked to solve it with our Inspired Speakers stage, featuring 20 speakers from throughout the privacy industry that are ready to challenge and illuminate. From game developers and artists to hackers and activists, the Inspired Speakers stage is where to find the most cutting-edge discussion at the Global Privacy Summit, often looking well beyond the policy and practi... Read More

Get a signature for the shelf

(Apr 4, 2016) Hopefully, you got a chance to grab a signed copy of Mulligan and Bamberger’s "Privacy on the Ground" at last night’s opening reception. If not, there might be a couple left over at the IAPP booth. Regardless, make sure to catch both keynoter Alec Ross and keynoter Frank Warren at their book signings today and tomorrow. Ross, interviewed by re/code at the “Read More” link, traveled to 41 countries to gather material for his "The Industries of the Future," released this spring. He signs today at ... Read More

2016 Data Security Incident Response Report

(Apr 4, 2016) BakerHostetler has yet again compiled a year's worth of breach response data into a compact report that analyzes trends in data breach response, released this year to coincide with the Global Privacy Summit. "Is Your Organization Compromise Ready?" documents lessons learned from more than 300 security incidents in 2015. Some of the major findings? Nearly a quarter of all breaches happened in the healthcare industry. It takes an average of 69 days from occurrence of a breach to its discovery, and... Read More

Listen up: The Privacy Pros Podcast and you

(Apr 4, 2016) The podcast era is here, and the IAPP publications team has got you covered, with a new podcast in the iTunes store and on Soundcloud featuring in-depth privacy discussion and interviews with privacy luminaries. The latest episode features Hilary Wandall, CIPM, CIPP/E, CIPP/US, who’ll speak today as part of “The Changing Landscape of Healthcare Marketing,” interviewed by podcast host Angelique Carson, CIPP/US. What’s that you say? You’d like to find yourself on the podcast sometime soon? Well, s... Read More

IAPP releases new GDPR readiness tool with TRUSTe

(Apr 1, 2016) The EU’s General Data Protection Regulation, even though it has yet to be officially cast into law, is already the subject of intense scrutiny. At nearly 250 pages, and with every company holding personal data of EU citizens under its jurisdiction, it’s no wonder. Two years may not be enough time to get ready. To help our members figure out what they need to do to comply, however, the IAPP has teamed with TRUSTe to release a new browser-based GDPR Readiness Assessment tool exclusively for IAPP m... Read More

Can we make the GDPR a cathedral in two years?

(Apr 1, 2016) Speaking of preparation, the Center for Information Policy Leadership’s Bojana Bellamy, CIPP/E, and Markus Heyder have some thoughts on how industry and regulators can work together to make the two-year implementation period manageable, and leave the EU with a cathedral of a regulation in two years. Whether you’re attending the GDPR Bootcamp today, or planning to hit “GDPR: The Big Picture” or “Bridging Privacy, Security, and IT to Prepare for GDPR and Beyond” (featuring Bellamy) on Wednesday, w... Read More

Artist-in-residence makes surveillance, weather tangible

(Apr 1, 2016) Despite what her work seemingly indicates, Nathalie Miebach will tell you right away: She’s no scientist. She’s an artist. A data sculptor, to be precise. And this week she’s serving as artist-in-resident here at the Summit. How does one become a data sculptor? Angelique Carson, CIPP/US, caught up with Miebach to ask that very question and learn about how one goes about making surveillance, and, well, the weather, into something tangible for Summit attendees to engage with.Read More... Read More

New lunchtime panel: “Going Dark”

(Apr 1, 2016) While much of the Summit programming is created months in advance through our call-for-presentations process, we do leave space in the program so that we can be responsive to the news of the day. What could be newsier than the FBI’s battle with Apple over access to a San Bernardino iPhone? In response, we’ve programmed “Going Dark? The Fallout from Apple vs. FBI,” featuring MIT’s Danny Weitzner, formerly of the White House, and the Brookings Institution’s Benjamin Wittes. Should companies be abl... Read More

A deep dive into Latin American privacy

(Apr 1, 2016) “The combination of a boom on the use of digital devices and the growth on the use of different Internet services that monetize data for profit have led to the need for data protection laws to protect citizens … not only from private companies’ undue practices, but also from disproportional and unreasonable state intrusion in their private lives,” writes Renato Leite Monteiro for Privacy Tracker. Get brief synopses of laws in Argentina, Brazil, Colombia, Costa Rica, Mexico, Peru, Uruguay and Ven... Read More

Information sharing is here to stay


(Apr 1, 2016) The adoption of the Cybersecurity Information Sharing Act in the U.S., among other initiatives both in the U.S. and internationally, are “likely to bring about a significant change in the way information sharing and collaboration works,” writes Allison Bender of Hogan Lovells for Privacy Tracker. Paired with emerging technical standards that “promise to enable efficient information sharing at scale,” we will begin to see how “cyber-threat intelligence is poised to transition from a revenue-gener... Read More

Do you #GetPrivacy?

(Apr 1, 2016) At tonight’s opening reception, you may notice an IAPP booth filled with green-clad staffers, right down to their shoes. You might think to yourself, “man, I’d look really good in that T-shirt…” Well, good news: You can get yourself one. And you might even wind up with a free pass to a future IAPP event of your choosing. Just grab a shirt, throw it on, and take a photo of yourself wearing it. Then post to Twitter or Facebook with the #IGetPrivacy hashtag. One random privacy pro will find themsel... Read More

Get a peek behind the curtain with 'Democracy'

(Apr 1, 2016) You probably know by now that it took nearly five years to get the EU General Data Protection Regulation to completion. Maybe you even know the name Jan Philipp Albrecht, the Green MEP who spearheaded the effort. With the documentary "Democracy," however, you’ll come to know him and his colleagues like never before, as the film follows Albrecht, his lead privacy policy advisor Ralf Bendrath, and a host of others as they move from big idea to the end of a long haul. The film shows at 7:30 p.m. in... Read More

Lovejoy: You’re All Infected

(Oct 1, 2015) Kristin Lovejoy, former CISO at IBM and current CEO at Acuity Systems, entered the Privacy. Security. Risk. keynote stage here in Las Vegas with a bang: “Fact: Every one of our institutions is infected.” The last statistics generated by IBM paint a grim picture of the security landscape. The attacks are unrelenting, and they are increasingly successful. What can organizations do? Lovejoy said they need to think differently about how they protect their data.Read More... Read More

The Privacy Pitfalls of Cross-Device Tracking

(Oct 1, 2015) In November, the Federal Trade Commission (FTC) will host a workshop on cross-device tracking for marketing and advertising purposes. Now it's possible to watch users browse for vacation destinations on their iPads, buy a weekend in the country on their desktop and then drive there using their cell-phone GPS. That kind of detailed consumer picture is worth a lot of money if you're job is finding out what people are interested in with an eye toward selling them something they'll entertain buying.... Read More

Treharne-Jones: The Privacy Consequences of Ad Blockers

(Oct 1, 2015) The rise in ad-blocking technology and its increased adoption by consumers has flooded the headlines of late, bringing up debates around what this will ultimately mean for the Internet. However, ad-blocking technology can also block cookie notices, something required by EU law. “It now appears that some ad blockers, acting under a banner of privacy, are achieving exactly the opposite by removing consumer visibility into the tracking that’s taking place and consumers’ ability to choose which cook... Read More

Meet the Privacy Vanguard and HP-IAPP Privacy Innovation Award Winners

(Oct 1, 2015) Yesterday morning at the new Awards Breakfast at P.S.R., the winners of the 2015 IAPP Privacy Vanguard Award and the 13th Annual HP-IAPP Privacy Innovation Awards were honored for their work in the privacy field. Hogan Lovells Partner and Director of the Privacy and Information Management Practice and Co-Chair of the Future of Privacy Forum Christopher Wolf was recognized with this year's IAPP Privacy Vanguard Award and hailed as a trailblazer in the privacy profession and a "Dean of the Industr... Read More

Ron Knode Service Award Recipients Announced

(Oct 1, 2015) The Cloud Security Alliance (CSA) announced the recipients of its Fourth Annual Ron Knode Service Award, recognizing six members from the Americas, Asia-Pacific and EMEA regions for their excellence in volunteerism. The award’s winners, who are being honored here in Las Vegas this week at Privacy. Security. Risk., were selected by the CSA executive team and chosen based on their valuable contributions toward fulfilling CSA’s mission of promoting best practices to help ensure security in cloud co... Read More

CSA Releases New Guidance for Identity and Access Management for IoT

(Oct 1, 2015) Here at Privacy. Security. Risk, the Cloud Security Alliance (CSA) Internet of Things (IoT) Working Group has released a new summary guidance report entitled Identity and Access Management for the Internet of Things. The IoT has been experiencing massive growth in both consumer and business environments. In response to this emerging market and the particular security requirements of these connected devices, the CSA established the IoT Working Group to focus on providing relevant guidance to its ... Read More

AvePoint Releases New Compliance Guardian at P.S.R.

(Oct 1, 2015) AvePoint launched its new Compliance Guardian, a tool updated to now allow for a number of new capabilities, yesterday at P.S.R. Companies in a SharePoint environment can now identify and review data for potential privacy or permissions violations, even blocking inappropriate content; automatically tag new and existing content based on context and ownership, and use a new suite of data loss prevention tools. For more information, see the AvePoint team on the exhibit floor or click the “Read More... Read More

IBM Releases New BYOD Solution at P.S.R.

(Oct 1, 2015) Here at P.S.R., IBM Security announced new cloud security technology that helps privacy pros manage the increasing bring-your-own-device (BYOD) issue. IBM describes Cloud Security Enforcer as “the first technology to combine cloud identity management with the ability for companies to discover outside apps being accessed by their employees, including those they are using on their mobile devices.” Now the workforce can use the apps they want without hiding it from IT. For more information, see the... Read More

Revenge Porn: Why It’s Your Problem, Too

(Sep 30, 2015) From November 2011 to April 2013, Craig Brittain owned and operated the website isanybodydown.com. According to the FTC, isanybodydown.com was a “revenge porn” website used to post nude images of men and women—often accompanied by personal information about the depicted individuals—without their consent. The FTC proceeded to bring down the hammer, shutting down the site and calling Brittain’s behavior “reprehensible.” Clearly, regulators are taking notice (as are state legislatures),... Read More

Drowning in a Sea of Vendors

(Sep 30, 2015) Jordan Abbott, a compliance attorney at Acxiom, didn't mince words when he opened the preconference session here at Privacy. Security. Risk. 2015 on vendor management. "Bottom line you’re going to take away from this program is vendors are a problem," Abbott said. That's because businesses have hundreds of thousands of vendors for myriad uses. It can be incredibly difficult to keep track of vendor compliance with the rules and regulations your organization is required to comply with. To have a f... Read More

New Healthcare Tech, New Privacy Issues

(Sep 30, 2015) Healthcare isn’t immune to the need for Privacy by Design. Further, healthcare engineers and medical professionals are designing new data-collecting healthcare solutions faster than ever before. How, for example, are you going to provide consent for access to the data being transferred from your swallow-able diagnostic tool when you’re unconscious? Such were the tough questions posed by the panelists in “Managing Emerging Technology in Healthcare,” a half-day workshop here on the first day of Pr... Read More

Bringing Your PIA Into the 21st Century

(Sep 30, 2015) The concept of the privacy impact assessment (PIA) has roots in the age of mainframe computers, an age when compliance was key to avoiding regulatory action or consumer backlash. But massive datasets, advanced algorithms and increased data collection points make these age-old PIAs a thing of the past and mean that organizations must go beyond mere compliance into governance. During the preconference workshop “Big Data Project Vetting To Assure Fair and Innovative Data Use,” Information Accountab... Read More

Webcon: Straight from the Source on Assessing and Mitigating Privacy Risk

(Sep 30, 2015) Yesterday, we launched an in-depth report from the IAPP and Bloomberg Law documenting the risks to an organization that privacy lapses pose, what privacy professionals think helps in mitigating that risk and just how good organizations think they are at doing those vital tasks. To hear follow-up analysis and ask questions of the report’s developers, including Bloomberg Law Commercial Product Director Brian Kudowitz, make sure to take part in the free IAPP-Bloomberg Law web conference “Mitigating... Read More

Break out the Band

(Sep 30, 2015) At the end of this first full day of P.S.R., you’ll have done a lot of work. Time to let your hair down a bit. Sure, Las Vegas offers plenty of options, but the IAPP events staff has cooked up a killer event to get your started, the Party at Poolside, which will feature the chilling vibes of Odd Couple, a band that truly merges the analog and the digital, featuring a live drummer and a DJ working an MPC player. Team that with inventive cocktails and, of course, great company, and you’ve got your... Read More

Women Leading Privacy and Security To Share Their Stories

(Sep 30, 2015) The privacy profession first emerged from the Internet and technological boom of the 1990s, leading to a wealth of new opportunities. While many were hesitant to embark on this unknown path, a group of women crossed boundaries and paved the way for others to follow. Tomorrow at 11 a.m., some of the top female privacy and security leaders will talk about their experiences, the obstacles they had to overcome and what to expect as a professional just starting out. The session, to be held in Monet 2... Read More

Verisign Launches Public DNS at P.S.R.

(Sep 30, 2015) Just about every time you hit the web, you run into the Domain Name System (DNS), which translates online requests into a set of navigation instructions so you get where you want to go. It is, notes Verisign, one of the riches sources of PII as well. Most people just use whichever DNS is provided by their Internet service provider, subjecting them unwittingly to having their data sold to third parties. Here at P.S.R., however, Verisign has launched Public DNS, a new free recursive DNS services t... Read More

Study: A Deep Dive Into Assessing and Mitigating Privacy Risk

(Sep 29, 2015) It’s the next frontier in privacy: moving from compliance to risk. This summer, the IAPP and Bloomberg Law (Booth 36-37 here at P.S.R.) sought to document the risks to an organization that privacy lapses pose, what privacy professionals think helps in mitigating that risk and just how good organizations think they are at doing those vital tasks. In this new in-depth report, released here at the Privacy. Security. Risk. conference, you get a deep dive into how companies perceive risk, how they’re... Read More

Download the New P.S.R. App

(Sep 29, 2015) Maybe you’ve used the IAPP Events App before, but you’ve never used an IAPP Events App like this one, newly released for Privacy. Security. Risk. While it’s true you’ll have to newly download it to your mobile device, there are a number of new features we hope are worth the trouble. You’ll now be able to rate sessions right in the app, not have to leave the app if you click a URL, be able to customize your agenda—even be able to interact with other attendees. Yes, you need to create a prof... Read More

Late Program Changes and Additions

(Sep 29, 2015) If you’ve downloaded the app, you’ll technically be able to note these changes and additions, but, hey, the P.S.R. program is our most expansive ever, so you may miss them. First, look for “Candidates Getting Fs,” a look at the privacy policies—or lack thereof—on the websites of U.S. presidential candidates, featuring TRUSTe CEO Chris Babel, the Future of Privacy Forum’s Joseph Jerome, CIPP/US, Holland & Knight’s Steven Roosa and Craig Spiezle, president of the Online Trust Allia... Read More

Getting the “Drops” on Reshipping

(Sep 29, 2015) With so many retailers now refusing to ship to Russia or Eastern Europe because of the endemic of organized cybercrime, how do these cyber-thieves use the credit card numbers they’ve stolen? The answer is “reshipping,” a practice documented in the report “Drops for Stuff,” newly released and written by eight security researchers, including Brian Krebs, who will provide a keynote address to open the general session of Privacy. Security. Risk. tomorrow morning here in Las Vegas. How does it work? ... Read More

Keynoter Yang: Privacy Demands a Structural Rethink

(Sep 29, 2015) “The way we’re programming is still very similar to the way we were programming in the 1970s.” That’s Jean Yang, who’ll provide a keynote address here in Las Vegas at Privacy. Security. Risk. tomorrow as part of the opening general session, talking with TechCrunch. Our new era of massive software programs and armies of coders demands a new way of coding, she argues, that lets programmers do their thing but enforces privacy and security “under the covers.” How does that work? The article provides... Read More

“He Said, Xi Said”

(Sep 29, 2015) In the latest episode of his CyberLaw podcast, Steptoe & Johnson Partner and former NSA General Counsel Stewart Baker chats with Team Cymru’s Margie Gilbert and fellow Steptoe Partner and former Department of Homeland Security policy-maker Alan Cohn about the recent visit to the White House of Chinese President Xi Jinping. Should the U.S. settle for a “no first use” assurance to protect critical infrastructure? Baker and Cohn will record their next episode of the podcast here at P.S.R. with ... Read More

Bloomberg Releases Brand New Bloomberg Law: Privacy & Data Security

(Sep 29, 2015) Here at P.S.R., Bloomberg has announced a brand new subscription content offering, Bloomberg Law: Privacy & Data Security, which features “a number of time-saving practice tools, including ‘chart builders’ that assist counsel in comparing laws on breach notification, medical privacy and other issues across jurisdictions.” There are also resources providing statutes, case law, regulations, agency guidance and a news “heat map,” plus a number of practical documents and forms for operational pr... Read More

TRUSTe Releases New Assessment Manager at P.S.R.

(Sep 29, 2015) Here at P.S.R., TRUSTe has announced the release of Assessment Manager 2.0, an update to its SaaS privacy assessment solution. New features include privacy Key Performance Indicators, enhanced reporting, risk scoring and new assessment templates, including one for the pending General Data Protection Regulation in the EU. “Focusing on key performance indicators and generating customizable reports, that can include remediation actions and risk scoring, will help privacy, risk and compliance execut... Read More