Are you making what you’re worth?

(Apr 20, 2017) That’s the big question. Per usual, the IAPP has the answer, with today’s release of the 2017 IAPP Privacy Professionals Salary Survey, sponsored by OneTrust and exclusively for IAPP members. Within, you’ll find data on the mean and median salaries, bonuses, and rate of salary increases for a wide variety of privacy professionals. We break things out by industry, years in privacy, certifications held, education attained, and by geography. Even by where you live — big city or the ’burbs. Presente... Read More

Lynch named IAPP Vanguard Award recipient

(Apr 20, 2017) The IAPP Vanguard Award is the highest honor in the privacy profession, awarded in the past to the likes of Chris Wolf, Scott Taylor, CIPP/US, Jennifer Barrett Glasgow, CIPP/US, and Mary Ellen Callahan, CIPP/US. Yesterday, the IAPP honored Microsoft CPO Brendon Lynch, CIPP/US, former IAPP Board of Directors Chair and a long-time thought leader in privacy management. “No one exemplifies excellence in our field in a greater magnitude than Brendon Lynch,” IAPP CEO and President Trevor Hughes said. ... Read More

Groman, Dean take home Privacy Leadership awards

(Apr 20, 2017) Yesterday, the IAPP announced the winners of its Privacy Leadership Award, split between two privacy professionals who put in long hours with the U.S. federal government this past year. In his role as special advisor to the White House, Marc Groman, CIPP/US, was instrumental in revamping the way the privacy profession is valued within federal departments. As a vital voice in the EU-U.S. Privacy Shield negotiations, Ted Dean was deeply involved in bringing data transfer between the EU and United ... Read More

Irish Minister on US-EU digital strategies

(Apr 20, 2017) In interviewing Irish Data Protection Minister Dara Murphy yesterday here at the IAPP Global Privacy Summit, IAPP VP of Research and Education Omer Tene asked a pointed question: Given that the vast majority of the large internet firms are American, “Would you say that the European digital market strategy has failed?” Murphy said that he would, “but I don’t think it continues to fail.” Thus began an examination into U.S. and EU approaches to digital innovation, why U.S. internet firms dominate, ... Read More

Edelson announces three new suits; discusses current realities of data breach litigation

(Apr 20, 2017) If you ask Jay Edelson, he'll tell you things are about to get significantly better for class-action litigants on the plaintiffs' side. He sees a shift in the way courts are willing or not willing to handle settlements. He's feeling good enough about the future of such cases, in fact, that he announced yesterday three new filings on behalf of Edelson PC, his Chicago-based law firm, recently put forth or with plans to officially file, including one against Bose, for sharing its consumers' listeni... Read More

An update on the future of standard contractual clauses

(Apr 20, 2017) Just weeks after the Irish High Court heard arguments from select parties in a case that could affect the future of private trans-Atlantic data flows, Irish Data Protection Commissioner Helen Dixon shared her thoughts about the case and questions the court must consider. "These hearings were positive," she said during a panel session at the IAPP Global Privacy Summit in Washington. "It was an extremely comprehensive hearing on complex issues. This wasn't a case where the judge will rush to judge... Read More

See how they make the sausage, er, podcast

(Apr 20, 2017) Hooked on the weekly Privacy Advisor Podcast, hosted by Advisor Editor Angelique Carson, CIPP/US? Perhaps you’d like to see it recorded live, right here at the Summit. Today at 9:30, Carson corners Alvaro Bedoya, former chief counsel to the U.S. Senate Judiciary Subcommittee on Privacy, Technology and the Law and to then Chairman U.S. Sen. Al Franken (D-Minn.), and now the founding executive director of the Center on Privacy & Technology at Georgetown Law. They’ll talk surveillance, how priv... Read More

So we have Brexit

(Apr 20, 2017) With news of June 6 elections in the U.K., the Brexit era has become even more potentially complicated. You’d be forgiven for not knowing quite exactly what is going on, especially if you’ve been watching from afar. That’s why we’ve grabbed two of London’s most sophisticated data protection lawyers to lay it out for you: How does it work, when will it happen, and how will data protection law be affected? Bird & Bird’s Ruth Boardman and Hogan Lovells’ Eduardo Ustaran, CIPP/E, have the answers... Read More

Get all your incident-response info in one handy place

(Apr 19, 2017) It’s the information you don’t need until you really need it badly: The breach notification and response rules for every jurisdiction in which you do business. What needs to be in the notification? How much time do you have? Which regulator needs which information? Does what happened even rise to the level of being a breach? Now, with the help of RADAR, the IAPP has you covered. The brand-new IAPP-RADAR Incident Response Center is designed to give IAPP members the answers to all of the above ans... Read More

Data mapping is a problem. We’ve got the solution

(Apr 19, 2017) Whether it’s to comply with the upcoming General Data Protection Regulation or just simply to manage your privacy program effectively, you need to know what data your organization has, where it comes from, and where it goes. Often, privacy professionals document this in Microsoft Word or Excel, where it sits on a hard drive for a year. You need something with multiple ways to input data. You need something that automatically produces a data visualization map. You need something better. That’s wh... Read More

Need some help with Privacy Shield? Go straight to the source

(Apr 19, 2017) Regardless of dire predictions about the EU-U.S. Privacy Shield’s future, the fact is that it’s in place now and an accessible way to manage data transfers out of the EU to the United States. Maybe you’ve got some questions about whether it’s right for your organization or how to self-certify? That’s why the U.S. Department of Commerce is on site here at the Summit to provide one-to-one consultations on how to get all of your bases covered. Hey, they’re happy to talk Swiss-U.S. Privacy Shield, t... Read More

Exploring the risk-based approach to de-identification

(Apr 19, 2017) As with so many things in this world, there is rarely, if ever, a silver-bullet solution to a complex problem in privacy. Perhaps the most glaring example of this is in defining the identifiability of an individual. Countless privacy laws and regulations around the world define personal information in different ways using varying definitions. Though not new, de-identification, or anonymization, is a useful tool to meet compliance and mitigate risk. "Identifiability is relative and contextual," M... Read More

Using metrics to demonstrate your program’s value

(Apr 19, 2017) It doesn't matter what it is you decide to track, but pick something, and then follow it. It's more about being able to show change over time than anything else. That was the advice Jennifer Garone, CIPP/US, CIPT, FIP, gave attendees in an Active Learning session yesterday on "Measuring and (Proving!) Privacy's Business Value," here at the Summit. In the end, "The number isn't so important," she said. "It's about showing change. It's about storytelling." Using the metrics you gather, she said, y... Read More

Just getting into privacy? Time to get going

(Apr 19, 2017) One of the most frequent questions we get at the IAPP is: “How do you break into the privacy profession?” Well, we’re glad you asked. One of our most popular breakout sessions returns today at 4:30 p.m., with “Get in and Get Going: Navigating Your Entry into the Privacy Field,” a frank discussion from privacy professionals at different stages of their careers about how they broke in and began the climb up the ladder. And if you’re interested in this topic, make sure to check out our Career Centr... Read More

The next hot privacy spot: Latin America

(Apr 19, 2017) While all eyes recently have been on the European Union, and for good reason, the rest of the world is busy developing new privacy regulation as well. Maybe you’ve even been eyeing what Asia is up to, with the APEC Privacy Framework and CBPRs. Well, here’s a reminder that many Latin American countries are APEC members as well, and that privacy regulation is shifting quickly in Latin American, with new laws either in place or under development in Peru, Chile, Argentina, Mexico, and more. To make ... Read More

Might Dublin be London 2.0?

(Apr 19, 2017) Post-Brexit, it’s hard to know how the world will see the U.K. It’s certainly possible that global firms will feel the need to find a new English-speaking location for setting up an EU-based HQ. Might Dublin rise in prominence as a data protection gateway to the EU? Such is one of many questions with which IAPP VP of Research and Education Omer Tene will ply Dara Murphy, Minister of State for data protection in Ireland, as part of “A Bridge to Europe: Ireland's Growing Role in the Transatlantic ... Read More

Calculating risk in the mobile app environment

(Apr 17, 2017) We hear about “mitigating privacy risk” on a regular basis. The GDPR calls for a risk-based approach to privacy operations. Certain “high-risk” endeavors even trigger data protection impact assessments and calls to the local data protection authority’s office. Rarely, however, do we see risk-scoring in action. Until today. The IAPP and Kryptowire have teamed up to survey 400 privacy professionals regarding how they score the risk of collecting dozens of types of data and performing various actio... Read More

The rise of privacy tech

(Apr 17, 2017) Since the debut of the IAPP Privacy Tech Vendor Report at the end of January, we’ve seen privacy tech vendors seemingly come out the woodwork, with increasingly sophisticated offerings. We refreshed the report with v1.2 for the RSA Security event in late February, and now we release v1.3 for Summit, with 18 new vendors in the listings and an all-new category-based table of contents. It’s no wonder the exhibit floor is the largest we’ve ever seen, enhanced by a number of first-time exhibitors. Gr... Read More

Up for a game of Privacy Bingo?

(Apr 17, 2017) Are you the sort of person who likes to have something to keep focused on during breakout sessions? Or do you go to enough conferences that every session starts to sound the same? You might be right for Privacy Bingo, the invention of the NAI’s Grant Nelson, CIPP/US, and CDT’s Joe Jerome, CIPP/US, and debuting for the first time here at the Summit. Just hop online, pick the session you’re in, and start marking squares. Was that a mention of “hackers”? Did someone say it’s not if, but when you’ll... Read More

It’s a bird, it’s a privacy pro — it’s Prudence!

(Apr 17, 2017) By now, you’re surely aware of the world’s first privacy superhero, Prudence the Privacy Pro (and her trusty sidekick, Opt-Out, the Hawk), but have you grabbed your free 2017-2018 Prudence calendar? They’re available at the IAPP Resource Center booth on the exhibit floor, sponsored by OneTrust. Make sure to bring one home for the office wall. In the meantime, also be sure to visit the Prudence page in the online Resource Center, where we’ve collected all three years of monthly comics, plus a pai... Read More

Let’s talk 'Privacy Law Fundamentals'

(Apr 17, 2017) It’s an odd year, so you know what that means: An updated version of "Privacy Law Fundamentals." For 2017’s edition, authors Dan Solove and Paul Schwartz have dramatically increased the content of the must-have desk reference guide to privacy law, with new sections on the EU’s General Data Protection Regulation and a more robust global overview, in general. The best part? You can grab a signed copy from Solove, himself, on the exhibit floor tonight at the opening reception and throughout the Sum... Read More

The original privacy enforcement action

(Apr 17, 2017) You think 4 percent of global turnover is a harsh punishment? How about being turned into a stag for your own hunting hounds to chase down and tear limb from limb? Such was the fate of Actaeon in Ovid’s Metamorphoses, after the goddess Diana caught him watching her bathe alongside her nymphs. It’s a story that’s captivated this year’s Summit artist-in-residence, Lincoln Perry, who has used it for inspiration in his Diana’s Baths series. Contemporizing the story, and setting it among a series of ... Read More

Women Leading Privacy want you to network, network, network

(Apr 17, 2017) The IAPP’s Women Leading Privacy section has been busy this year, with a new Listserve (group name is WomenLeadingPrivacy), new section home page, and gatherings at each IAPP event. Now, here at the Summit, you can join in on Women Leading Privacy After Hours at the Dignitary in the Marriott at 7:30 p.m. tonight; check out some WLP Speed Networking during the Privacy Bash on Wednesday night; head to the Avepoint booth on the exhibit floor to participate in a WLP video project, or hear about “Bu... Read More

Everyone else wants you to network, network, network, too

(Apr 17, 2017) As the Summit has grown, we’ve heard your calls for more networking opportunities. It seems like there’s 3,500 people here, but it’s hard to actually meet anyone. Well, there’s no more excuse for that. This year we’ve massively built out your opportunity to find someone who gets your vibe or feels your pain, whether it’s our peer-to-peer discussion round tables — happening all day Wednesday — or whether it’s our KnowledgeNet meet-ups, where KNets from just about every region of the world have a ... Read More

US gov’t recognizes distinct roles of privacy leaders

(Sep 16, 2016) The federal government yesterday at P.S.R. released updated guidance on the role of senior agency officials for privacy (SAOPs). Specifically, the Office of Management and Budget’s guidance establishes that privacy and security are distinct disciplines and require distinct training and perspectives. In a blog post, Marc Groman, CIPP/US, senior advisor for privacy at OMB, said the guidance further "recognizes that the success of an agency's privacy program depends upon its leadership.” But, more ... Read More

O’Neil to privacy pros: Help me destroy big data’s lies

(Sep 16, 2016) Cathy O'Neil is out for blood. Her target? Big data. That was the message she delivered to privacy pros during her keynote address yesterday here at Privacy. Security. Risk. 2016, and she asked for help in her mission. To be clear, what O'Neil really aims to destroy are the algorithms employed in the name of utilizing big data to make decisions, algorithms she calls weapons of math disruption, or WMDs, which she says have very real negative impacts on vulnerable populations. But it's not so much... Read More

CSA announces Ron Knode Service Award winners

(Sep 16, 2016) The Cloud Security Alliance announced yesterday morning the recipients of its fifth annual Ron Knode Service Award, named for the creator of the CSA Cloud Trust Protocol, who died in May 2012. Known for his boundless energy and good humor, Knode personified the volunteer spirit and contributed to CSA’s mission with countless contributions toward promoting best practices in establishing a secure computing environment. These six members from the Americas, Asia-Pacific and EMEA have each, themselve... Read More

Tech leaders unpack data ethics, corporate values

(Sep 16, 2016) Companies are able to collect and process more data than ever before, and with that comes the opportunity for research and testing at unprecedented and potentially life-saving levels. Such research could come in the relatively harmless form of A-B testing to unveil how the color of a company’s logo translates to better user engagement, but also move into more murky efforts intending to find solutions for the social good, such as discovering a cure for cancer. At P.S.R. Thursday, tech privacy lea... Read More

Privacy notice change management

(Sep 16, 2016) It might be the oldest topic in the IAPP canon: What makes a good privacy notice? In fact, while attendees of Privacy. Security. Risk. were mingling in San Jose, California, the U.S. Federal Trade Commission was discussing that very topic in Washington, DC, as part of their workshop series. Somehow, though, there remains grist for the mill. The panelists at P.S.R.’s “Making the Grade: Moving Beyond Compliance into Data Stewardship,” moderated by the IAPP’s Jedidiah Bracy, CIPP, even found someth... Read More

What lies ahead for autonomous vehicles?

(Sep 16, 2016) Smartphones took the world by storm; now, less than 10 years later, they are part of everyday life. A similar trend is about to happen with connected and autonomous vehicles. This emergence will disrupt the automotive and transportation industry in ways that go to its very foundation. As this groundbreaking technology rapidly advances, what are the legal and ethical considerations for manufacturers as they bring new solutions to their customers? For one, how should cars, and the tech companies a... Read More

Privacy litigation: Defining privacy harm

(Sep 16, 2016) Recently, in a case that has already spanned five years, the U.S. Supreme Court ruled in favor of data broker Spokeo, overturning a lower court’s ruling by a 6-2 vote. The case generated attention because of its potential to shift the balance one way or another in privacy cases, specifically those in which plaintiffs allege they've been "harmed" by a company's data protection practices (or lack thereof). There is some debate, however, as to whether the ruling is actually "in favor" of Spokeo at ... Read More

BigID launches early access beta program

(Sep 16, 2016) Enterprise privacy management technology firm BigID used its space on the Privacy. Security. Risk. show floor to announce the availability of its early access beta program. Founded earlier this year, with a $2.1 million funding round in May, BigID helps enterprises “better protect the privacy of their customers’ personal data through the application of data science.” The company’s technology “gives enterprises intelligence and governance controls needed to help protect against proliferating priv... Read More

2016 Annual IAPP-EY Privacy Governance Report released

(Sep 15, 2016) What’s the mean privacy budget for a company with $1 billion in revenues? What’s the primary reason for a company with fewer than 5,000 employees to have a privacy program? What do manufacturing firms consider to be the toughest compliance task in the General Data Protection Regulation? The answers to these questions and many more are now available in the 2016 IAPP-EY Privacy Governance Report, 126 pages of detailed information from 600 companies around the world that have provided answers to bu... Read More

HPE-IAPP Privacy Technology Innovation winners announced

(Sep 15, 2016) This morning, the IAPP was pleased to announce the winners of the annual HPE-IAPP Privacy Innovation Awards, including for this year’s “most innovative privacy technology.” Two companies received the technology award this year. Vysk Communications has invented the QS1, a smartphone case designed to protect and secure voice calling and allow users a multitude of ways to secure their phone. Protenus offers a new platform for health care organizations needing to find a better system for protecting ... Read More

Talking ethics with Facebook and LinkedIn

(Sep 15, 2016) Running a privacy program for a worldwide communication platform isn’t easy. Challenges include dealing with regulators, consumers and the press across the globe. Increasingly, however, organizations are developing ethical frameworks they use to do more than simply avoid disaster. Of course, avoiding disaster is more important when you have one of the largest databases in the world. Such is the case with Facebook and LinkedIn. In “Privacy Law and Ethics in Communications Platforms,” on Thursday ... Read More

Thinking of heading to Women in Privacy Sesh tomorrow?

(Sep 15, 2016) At a recent Women Leading Privacy KnowledgeNet in Los Angeles, California, covered by Robert Kang for The Privacy Advisor, panelists discussed the ways in which they work to encourage other women to get into strong leadership positions. For example, FBI Assistant Special Agent in Charge Gina Osborn gave one example about inspiring even the youngest generation of future women leaders. Despite her busy schedule protecting public safety, Osborn takes the time to speak with elementary school girls a... Read More

Rosen keynote to contrast RTBF and First Amendment rights

(Sep 15, 2016) On the 100th anniversary of privacy pioneer Louis Brandeis’ appointment to the U.S. Supreme Court, Jeffrey Rosen released his new book, Louis D. Brandeis, American Prophet, published by Yale University Press. Of course, writes IAPP Westin Fellow Anna Myers, CIPP/US, in her review of the quick, 200-page read, Brandeis could very well be considered the center square for a privacy bingo board, but “Rosen’s book does more than appeal to the obvious constituency of readers with interests in privacy, ... Read More

Cathy O’Neil warns of ‘Weapons of Math Destruction’

(Sep 15, 2016) Remember the 2008 financial crisis and the “dark financial arts” that caused it? According to P.S.R. keynoter Cathy O’Neil, there are parallels between those calamitous days and the use of big data today. In her new book, “Weapons of Math Destruction,” O’Neil, a Harvard-trained mathematician who used to ply her talents on Wall Street, argues that the “discriminatory and even predatory way in which algorithms are being used in everything from our school system to the criminal justice system is re... Read More

Don’t forget tonight’s block party!

(Sep 15, 2016) Do you love to mingle with privacy and security pros after a long day of work to talk shop? Do you like parties? Then you’re going to want to show up for the P.S.R. Block Party from 5:30 to 7:30 p.m. Head out of the Marriot Convention Center and follow our “human signs” just down the street to San Pedro Square Market, where you can finally grab the ear of that speaker you saw earlier in the day while munching on a delicious assortment of local foods from dozens of purveyors based right here in S... Read More

What’s next in the FCC’s telecom takeover?

(Sep 15, 2016) When the Senate Committee on Commerce, Science, and Transportation held a July hearing on the Federal Communications Commission’s proposal to apply a new regime of privacy rules to broadband internet providers, on hand to testify were a slew of industry reps and academics. The FCC says the rules are aimed at giving consumers choices about how internet service providers use their data as well as confidence their data is safe. But some feel the rules are too top-down prescriptive. Former FTC Chair... Read More

IAPP and OneTrust combine to release PIA Platform

(Sep 13, 2016) With a mix of enterprise-grade automation, flexibility and customization, the new PIA Platform is a cloud-based solution released by OneTrust and the IAPP. Exclusively for IAPP members, it has been designed to allow privacy professionals to simplify their privacy impact assessments, and it provides executive dashboards, centralized record keeping and reporting, and unlimited usage by members of your organization. Out of the box, the PIA Platform comes with a PIA template for new HR initiatives, ... Read More

New IAPP Communities debuts at P.S.R.

(Sep 13, 2016) Privacy used to be little. Now it’s big. At 26,000 members, and growing, the IAPP isn’t the intimate affair it once was. Sometimes, it can feel difficult to connect with other practitioners facing the same hurdles you are. We feel your pain. That’s why we’ve launched IAPP Communities, a landing page that should make it easier for you to find just who you’re looking for. Whether through KnowledgeNets in your geographical area, official Sections that focus on common interests, or Affinity Groups t... Read More

How ‘data governance’ can empower the privacy pro

(Sep 13, 2016) Last year at this time, Peter Cullen, CIPP/US, was just joining PwC and talking about helping privacy professionals change the way they think about information risk management. Just as he was getting up to speed doing that very thing for the Information Accountability Foundation. Now, the market is seeing some of the fruits of that labor. At Privacy. Security. Risk. this week, Cullen will join with Intuit’s Barb Lawler, FIP, CIPM, CIPP/US, Google’s Troy Sauro, and PwC’s Toby Spry, CIPP/US, to ta... Read More

Predicting the price of a breach

(Sep 13, 2016) You’ve probably seen the Ponemon-IBM study examining the cost of a breach. This year, the average breach caused $4 million in damage, or roughly $158 per lost record. But the cost is different for every breach, depending on the nature of the data lost, how vital it was to the operations of the business in question, and what remediation is necessitated. Is there any way to more accurately predict what a breach would cost for your organization? That’s exactly what the Privacy Ref, Bob Siegel, FIP,... Read More

How exactly do you get beyond compliance?

(Sep 13, 2016) It’s getting to be a bit of an industry buzz phrase: Organizations are moving beyond compliance with their privacy operations. But what does that look like and how do companies who aren’t quite there yet get started? The Online Trust Alliance is doing its best to give you some examples. This year, in their eighth annual “Trust Audit & Honor Roll,” OTA has highlighted Twitter, Dropbox, Instagram, and a number of others for doing more than they have to. Some eschew the use of third-party track... Read More

Making sure privacy isn’t just for the privileged

(Sep 13, 2016) As opening P.S.R. keynoter Cathy O’Neil will tell you, the algorithms that make decisions nowadays can lead to discrimination even when programmers have the best of intents. And, as Angelique Carson, CIPP/US, has recounted in a piece for Privacy Perspectives, there are plenty of issues that need examining with minority populations receiving an undue share of surveillance and other privacy-invasive monitoring. To talk further about these issues, Carson has assembled “How To Ensure Privacy Isn’t O... Read More

Need some Shield info? We’ve got you covered

(Sep 13, 2016) As the clock ticks toward the end of the first 60 days since the EU-U.S. Privacy Shield framework came into effect, at which point the certain allowances for management of third-party vendors will lapse, many of you may be scrambling to get your ducks in a row. The IAPP is here to help. With our Resource Center landing page, you can get all of the texts and facts you need, and four sessions here at P.S.R. are geared just for you: “All You Need to Know about the EU-U.S. Privacy Shield Agreement,”... Read More

Where to get more cyber pros

(Sep 13, 2016) You’ve all seen the data: More than 100,000 cybersecurity professionals are needed right now in the United States alone to fill demand. But where will they come from? The National Institute for Standards and Technology are looking at that very question. In May, NIST announced $1 million cybersecurity education grants, as part of the National Initiative for Cybersecurity Education. Here at P.S.R., IAPP Director of Research Rita Heimes, CIPP/US, will examine these efforts in-depth with NIST’s Sean... Read More

Keynoter Denham on her new role in the UK

(May 9, 2016) You’ve likely seen Elizabeth Denham on the stage at the Privacy Symposium more than once. She has been a frequent and admired speaker. However, this is also likely the last time you’ll see her as a Symposium speaker – at least as a Canadian regulator. Denham recently was appointed to the position of Information Commissioner of the United Kingdom, and she’ll be moving across the pond, as they say, in July. Angelique Carson, CIPP/US, caught up with her on the way out the door to discuss her new ro... Read More

What’s Privacy Core? Come find out

(May 9, 2016) The IAPP has been working feverishly over the past year to deliver something many of you have been demanding for years: A privacy training series for the non-privacy pro, something to use for everyone who handles data, and not just the privacy team. The result is Privacy Core, a learning management system-based series of content modules, interactive and easy-to-use, that get employees up to speed on the basics of privacy and data-handling in a hurry. The IAPP will be demonstrating Core for the f... Read More

New panel on privacy for tech innovation added

(May 9, 2016) Due to a family emergency, Microsoft’s John Weigelt was forced to miss this year’s Symposium, but his session has been replaced with a panel discussion on the same topic. “Appreciating the Privacy Context for New Technologies” will now feature Deloitte’s Sylvia Kingsmill, IBM Canada’s Paul Lewis, CIPP/C, CIPT, and long-time privacy consultant John Wunderlich, CIPM, CIPP/C, exploring the way that new technologies and services shift the frame of reference used for privacy analysis. Hyper-scale clo... Read More

How should Canada regulate data breaches?

(May 9, 2016) Would you like to be part of the future of Canadian privacy regulation? The Privacy Symposium delivers your chance Thursday morning, at 8 a.m., with a special breakfast consultation session with the Department of Innovation, Science and Economic Development Canada (ISED). The Privacy and Data Protection Policy Directorate will lead a discussion with assembled privacy professionals about how PIPEDA’s new breach reporting regime should actually be implemented. Don’t miss having your voice heard in... Read More

IAPP and Nymity team to release tool for structured approach to accountability

(Apr 5, 2016) Accountability is the term of the moment, embedded in the new General Data Protection Regulation and something that is becoming an expectation of data protection authorities around the world. But how does an organization demonstrate accountability? Further, how does an organization even go about beginning the process of launching an accountability program? Nymity and the IAPP have teamed to provide a free set of tools that can help you figure out where you are and where you have to go. The Nymit... Read More

FBI GC Jim Baker: ‘I consider myself a privacy lawyer’

(Apr 5, 2016) In a wide-ranging and rare conversation yesterday at the Summit, FBI General Counsel Jim Baker discussed his role within the agency and provided an update to the current state of the highly publicized smartphone-encryption debate. “I’m worried about saying it in this room, but I do consider myself to be a privacy lawyer,” Baker said. With 27 privacy officers embedded within the FBI, Baker said it’s not about balancing privacy and national security. “We have to do both and reconcile them.” Jedidi... Read More

Privacy Shield? It’s a start

(Apr 5, 2016) At the IAPP Global Privacy Summit here in Washington yesterday, the FTC's Edith Ramirez and the CNIL's Isabelle Falque-Pierrotin faced reporter Jennifer Baker to address whether this whole Privacy Shield thing is really going to work and, more broadly, whether the EU and U.S. can find a way to play nicely and allow data transfers to continue between the continents. The consensus? It's a solid start. Falque-Pierrotin was tight-lipped over Article 29 Working Party deliberations on the framework, w... Read More

Privacy Shield winners and losers?

(Apr 5, 2016) Privacy Shield is still very much a work in process, but the heavy lifting is done and we’ve moved to the examination phase. As you prepare for “Regulating Technology on Both Sides of the Atlantic,” at 10:45 a.m. today, you can get Executive Director of World Privacy Forum Pam Dixon’s take on who the Privacy Shield winners and losers are, should the document become a finalized adequacy finding by the EU. Of course, Dixon writes, “With the Article 29 Working Party opinion on the Privacy Shield fo... Read More

Why you privacy pros should care about the new FCC rules

(Apr 5, 2016) Early this week, the Federal Communications Commission released a 147-page text outlining a set of privacy and security rules for broadband providers. As you prepare for this afternoon’s “The FCC’s Evolving Role in Data Privacy and Security Enforcement,” featuring FCC enforcement head Travis LeBlanc, read DLA Piper Partner Jim Halpert’s take on the proposed rules. Though the proposal is still subject to public comment, and “may change significantly,” privacy pros should care about it, he contend... Read More

APIA turns two: A look at how it’s used

(Apr 5, 2016) The IAPP’s APIA tool for automating privacy impact assessments was released at the Global Privacy Summit 2014. Since that time, it has been downloaded by more than 2,000 organizations. With the ability to load in customized question sets, assign tasks to various members of the organization via Active Directory, monitor the progress of a PIA as it develops, and issue auto-generated reports, APIA has become for many organizations a way of life. For Lisa Ruff, business development manager at H3 Sol... Read More

Microsoft’s Smith to Summit: We need new, better law

(Apr 5, 2016) "It was the best of times, it was the worst of times." That well-known phrase was penned by Charles Dickens more than 150 years ago, but it's just as relevant now. And while Dickens wasn't talking about privacy, he could have been, said Microsoft's Brad Smith as he opened his keynote speech at the IAPP's Global Privacy Summit here in Washington yesterday. In a well-received address, Smith outlined especially Microsoft’s position toward government access requests for personal data and concluded t... Read More

So, a moose, a giraffe, and a camera walked into a bar…

(Apr 5, 2016) Curious about those green mannequins wearing the T-shirts? They’re part of a larger collection of 1984 ephemera the IAPP has acquired and is presenting in pieces at events around the world. If you didn’t get a close-up look, here’s your chance, as we’ve put together a quick little gallery to showcase them near and far. And if you’re interested in adding to your own T-shirt collection, make sure to hit the IAPP booth in the exhibit hall, where you can get a new way to show the world #IGetPrivacy.... Read More

IAPP and Bloomberg Law frame the privacy counsel market

(Apr 4, 2016) Organizations around the world are grappling with an ever-changing legal landscape for privacy and data protection. It’s no surprise they rely heavily on expert legal counsel to help them navigate what can seem like a choppy sea of jurisdictions. But how much are they using external counsel? What are they paying? What services are they farming out and what are they keeping in house? To answer these questions and more, the IAPP and Bloomberg Law have teamed for a first-of-its-kind survey and repo... Read More

First look at Turkey’s historic data protection law

(Apr 4, 2016) After more than 10 years of drafting and debate, Turkey last week finally passed its Law on the Protection of Personal Data, the last Council of Europe Member State to address the protection of personal data with a framework law. Here at the Summit, we’ve got it covered, with “E-Commerce and Data Privacy in Turkey,” happening Wednesday at 2:30 p.m. on our Inspired Speakers stage. Make sure you bone up by reading Yusuf Mansur Özer’s analysis of the law for Privacy Tracker. With this law in place,... Read More

The privacy professional’s career track

(Apr 4, 2016) You’re here at the Global Privacy Summit for a reason: Privacy is your job. While you’re gathering information for how to do your job better, though, why not also make time to think about your career? That’s the aim of “Get in and Get Going: Navigating Your Entry into the Privacy Profession,” organized by Dennis Holmes, CIPP/US, who entered the privacy profession via the IAPP’s inaugural class of Westin Research Fellows. The panel will look at various ways to kick careers into high gear and make... Read More

Privacy Ref to offer accountability implementation service

(Apr 4, 2016) As chief operating officer at his company, Privacy Ref, Bob Siegel, CIPM, CIPP/C, CIPP/E, CIPP/US, CIPT, sees organizations he counsels struggle through a common problem: The privacy office drives responsibility for privacy and data protection, but there’s a disconnect between that assignment and the business offices responsible for seeing that through. Siegel had long been a fan of Nymity’s privacy software solution, Nymity Attestor, which serves as a tool for privacy offices to demonstrate acc... Read More

New this year: Inspired Speakers take the stage

(Apr 4, 2016) So many keynote-worth speakers in our field, so little time on the keynote stage. How do you solve that problem? This year, we’ve worked to solve it with our Inspired Speakers stage, featuring 20 speakers from throughout the privacy industry that are ready to challenge and illuminate. From game developers and artists to hackers and activists, the Inspired Speakers stage is where to find the most cutting-edge discussion at the Global Privacy Summit, often looking well beyond the policy and practi... Read More

Get a signature for the shelf

(Apr 4, 2016) Hopefully, you got a chance to grab a signed copy of Mulligan and Bamberger’s "Privacy on the Ground" at last night’s opening reception. If not, there might be a couple left over at the IAPP booth. Regardless, make sure to catch both keynoter Alec Ross and keynoter Frank Warren at their book signings today and tomorrow. Ross, interviewed by re/code at the “Read More” link, traveled to 41 countries to gather material for his "The Industries of the Future," released this spring. He signs today at ... Read More

2016 Data Security Incident Response Report

(Apr 4, 2016) BakerHostetler has yet again compiled a year's worth of breach response data into a compact report that analyzes trends in data breach response, released this year to coincide with the Global Privacy Summit. "Is Your Organization Compromise Ready?" documents lessons learned from more than 300 security incidents in 2015. Some of the major findings? Nearly a quarter of all breaches happened in the healthcare industry. It takes an average of 69 days from occurrence of a breach to its discovery, and... Read More

Listen up: The Privacy Pros Podcast and you

(Apr 4, 2016) The podcast era is here, and the IAPP publications team has got you covered, with a new podcast in the iTunes store and on Soundcloud featuring in-depth privacy discussion and interviews with privacy luminaries. The latest episode features Hilary Wandall, CIPM, CIPP/E, CIPP/US, who’ll speak today as part of “The Changing Landscape of Healthcare Marketing,” interviewed by podcast host Angelique Carson, CIPP/US. What’s that you say? You’d like to find yourself on the podcast sometime soon? Well, s... Read More

IAPP releases new GDPR readiness tool with TRUSTe

(Apr 1, 2016) The EU’s General Data Protection Regulation, even though it has yet to be officially cast into law, is already the subject of intense scrutiny. At nearly 250 pages, and with every company holding personal data of EU citizens under its jurisdiction, it’s no wonder. Two years may not be enough time to get ready. To help our members figure out what they need to do to comply, however, the IAPP has teamed with TRUSTe to release a new browser-based GDPR Readiness Assessment tool exclusively for IAPP m... Read More

Can we make the GDPR a cathedral in two years?

(Apr 1, 2016) Speaking of preparation, the Center for Information Policy Leadership’s Bojana Bellamy, CIPP/E, and Markus Heyder have some thoughts on how industry and regulators can work together to make the two-year implementation period manageable, and leave the EU with a cathedral of a regulation in two years. Whether you’re attending the GDPR Bootcamp today, or planning to hit “GDPR: The Big Picture” or “Bridging Privacy, Security, and IT to Prepare for GDPR and Beyond” (featuring Bellamy) on Wednesday, w... Read More

Artist-in-residence makes surveillance, weather tangible

(Apr 1, 2016) Despite what her work seemingly indicates, Nathalie Miebach will tell you right away: She’s no scientist. She’s an artist. A data sculptor, to be precise. And this week she’s serving as artist-in-resident here at the Summit. How does one become a data sculptor? Angelique Carson, CIPP/US, caught up with Miebach to ask that very question and learn about how one goes about making surveillance, and, well, the weather, into something tangible for Summit attendees to engage with.Read More... Read More

New lunchtime panel: “Going Dark”

(Apr 1, 2016) While much of the Summit programming is created months in advance through our call-for-presentations process, we do leave space in the program so that we can be responsive to the news of the day. What could be newsier than the FBI’s battle with Apple over access to a San Bernardino iPhone? In response, we’ve programmed “Going Dark? The Fallout from Apple vs. FBI,” featuring MIT’s Danny Weitzner, formerly of the White House, and the Brookings Institution’s Benjamin Wittes. Should companies be abl... Read More

A deep dive into Latin American privacy

(Apr 1, 2016) “The combination of a boom on the use of digital devices and the growth on the use of different Internet services that monetize data for profit have led to the need for data protection laws to protect citizens … not only from private companies’ undue practices, but also from disproportional and unreasonable state intrusion in their private lives,” writes Renato Leite Monteiro for Privacy Tracker. Get brief synopses of laws in Argentina, Brazil, Colombia, Costa Rica, Mexico, Peru, Uruguay and Ven... Read More

Information sharing is here to stay


(Apr 1, 2016) The adoption of the Cybersecurity Information Sharing Act in the U.S., among other initiatives both in the U.S. and internationally, are “likely to bring about a significant change in the way information sharing and collaboration works,” writes Allison Bender of Hogan Lovells for Privacy Tracker. Paired with emerging technical standards that “promise to enable efficient information sharing at scale,” we will begin to see how “cyber-threat intelligence is poised to transition from a revenue-gener... Read More

Do you #GetPrivacy?

(Apr 1, 2016) At tonight’s opening reception, you may notice an IAPP booth filled with green-clad staffers, right down to their shoes. You might think to yourself, “man, I’d look really good in that T-shirt…” Well, good news: You can get yourself one. And you might even wind up with a free pass to a future IAPP event of your choosing. Just grab a shirt, throw it on, and take a photo of yourself wearing it. Then post to Twitter or Facebook with the #IGetPrivacy hashtag. One random privacy pro will find themsel... Read More

Get a peek behind the curtain with 'Democracy'

(Apr 1, 2016) You probably know by now that it took nearly five years to get the EU General Data Protection Regulation to completion. Maybe you even know the name Jan Philipp Albrecht, the Green MEP who spearheaded the effort. With the documentary "Democracy," however, you’ll come to know him and his colleagues like never before, as the film follows Albrecht, his lead privacy policy advisor Ralf Bendrath, and a host of others as they move from big idea to the end of a long haul. The film shows at 7:30 p.m. in... Read More

Lovejoy: You’re All Infected

(Oct 1, 2015) Kristin Lovejoy, former CISO at IBM and current CEO at Acuity Systems, entered the Privacy. Security. Risk. keynote stage here in Las Vegas with a bang: “Fact: Every one of our institutions is infected.” The last statistics generated by IBM paint a grim picture of the security landscape. The attacks are unrelenting, and they are increasingly successful. What can organizations do? Lovejoy said they need to think differently about how they protect their data.Read More... Read More

The Privacy Pitfalls of Cross-Device Tracking

(Oct 1, 2015) In November, the Federal Trade Commission (FTC) will host a workshop on cross-device tracking for marketing and advertising purposes. Now it's possible to watch users browse for vacation destinations on their iPads, buy a weekend in the country on their desktop and then drive there using their cell-phone GPS. That kind of detailed consumer picture is worth a lot of money if you're job is finding out what people are interested in with an eye toward selling them something they'll entertain buying.... Read More

Treharne-Jones: The Privacy Consequences of Ad Blockers

(Oct 1, 2015) The rise in ad-blocking technology and its increased adoption by consumers has flooded the headlines of late, bringing up debates around what this will ultimately mean for the Internet. However, ad-blocking technology can also block cookie notices, something required by EU law. “It now appears that some ad blockers, acting under a banner of privacy, are achieving exactly the opposite by removing consumer visibility into the tracking that’s taking place and consumers’ ability to choose which cook... Read More

Meet the Privacy Vanguard and HP-IAPP Privacy Innovation Award Winners

(Oct 1, 2015) Yesterday morning at the new Awards Breakfast at P.S.R., the winners of the 2015 IAPP Privacy Vanguard Award and the 13th Annual HP-IAPP Privacy Innovation Awards were honored for their work in the privacy field. Hogan Lovells Partner and Director of the Privacy and Information Management Practice and Co-Chair of the Future of Privacy Forum Christopher Wolf was recognized with this year's IAPP Privacy Vanguard Award and hailed as a trailblazer in the privacy profession and a "Dean of the Industr... Read More

Ron Knode Service Award Recipients Announced

(Oct 1, 2015) The Cloud Security Alliance (CSA) announced the recipients of its Fourth Annual Ron Knode Service Award, recognizing six members from the Americas, Asia-Pacific and EMEA regions for their excellence in volunteerism. The award’s winners, who are being honored here in Las Vegas this week at Privacy. Security. Risk., were selected by the CSA executive team and chosen based on their valuable contributions toward fulfilling CSA’s mission of promoting best practices to help ensure security in cloud co... Read More

CSA Releases New Guidance for Identity and Access Management for IoT

(Oct 1, 2015) Here at Privacy. Security. Risk, the Cloud Security Alliance (CSA) Internet of Things (IoT) Working Group has released a new summary guidance report entitled Identity and Access Management for the Internet of Things. The IoT has been experiencing massive growth in both consumer and business environments. In response to this emerging market and the particular security requirements of these connected devices, the CSA established the IoT Working Group to focus on providing relevant guidance to its ... Read More

AvePoint Releases New Compliance Guardian at P.S.R.

(Oct 1, 2015) AvePoint launched its new Compliance Guardian, a tool updated to now allow for a number of new capabilities, yesterday at P.S.R. Companies in a SharePoint environment can now identify and review data for potential privacy or permissions violations, even blocking inappropriate content; automatically tag new and existing content based on context and ownership, and use a new suite of data loss prevention tools. For more information, see the AvePoint team on the exhibit floor or click the “Read More... Read More

IBM Releases New BYOD Solution at P.S.R.

(Oct 1, 2015) Here at P.S.R., IBM Security announced new cloud security technology that helps privacy pros manage the increasing bring-your-own-device (BYOD) issue. IBM describes Cloud Security Enforcer as “the first technology to combine cloud identity management with the ability for companies to discover outside apps being accessed by their employees, including those they are using on their mobile devices.” Now the workforce can use the apps they want without hiding it from IT. For more information, see the... Read More

Revenge Porn: Why It’s Your Problem, Too

(Sep 30, 2015) From November 2011 to April 2013, Craig Brittain owned and operated the website isanybodydown.com. According to the FTC, isanybodydown.com was a “revenge porn” website used to post nude images of men and women—often accompanied by personal information about the depicted individuals—without their consent. The FTC proceeded to bring down the hammer, shutting down the site and calling Brittain’s behavior “reprehensible.” Clearly, regulators are taking notice (as are state legislatures),... Read More

Drowning in a Sea of Vendors

(Sep 30, 2015) Jordan Abbott, a compliance attorney at Acxiom, didn't mince words when he opened the preconference session here at Privacy. Security. Risk. 2015 on vendor management. "Bottom line you’re going to take away from this program is vendors are a problem," Abbott said. That's because businesses have hundreds of thousands of vendors for myriad uses. It can be incredibly difficult to keep track of vendor compliance with the rules and regulations your organization is required to comply with. To have a f... Read More

New Healthcare Tech, New Privacy Issues

(Sep 30, 2015) Healthcare isn’t immune to the need for Privacy by Design. Further, healthcare engineers and medical professionals are designing new data-collecting healthcare solutions faster than ever before. How, for example, are you going to provide consent for access to the data being transferred from your swallow-able diagnostic tool when you’re unconscious? Such were the tough questions posed by the panelists in “Managing Emerging Technology in Healthcare,” a half-day workshop here on the first day of Pr... Read More

Bringing Your PIA Into the 21st Century

(Sep 30, 2015) The concept of the privacy impact assessment (PIA) has roots in the age of mainframe computers, an age when compliance was key to avoiding regulatory action or consumer backlash. But massive datasets, advanced algorithms and increased data collection points make these age-old PIAs a thing of the past and mean that organizations must go beyond mere compliance into governance. During the preconference workshop “Big Data Project Vetting To Assure Fair and Innovative Data Use,” Information Accountab... Read More

Webcon: Straight from the Source on Assessing and Mitigating Privacy Risk

(Sep 30, 2015) Yesterday, we launched an in-depth report from the IAPP and Bloomberg Law documenting the risks to an organization that privacy lapses pose, what privacy professionals think helps in mitigating that risk and just how good organizations think they are at doing those vital tasks. To hear follow-up analysis and ask questions of the report’s developers, including Bloomberg Law Commercial Product Director Brian Kudowitz, make sure to take part in the free IAPP-Bloomberg Law web conference “Mitigating... Read More

Break out the Band

(Sep 30, 2015) At the end of this first full day of P.S.R., you’ll have done a lot of work. Time to let your hair down a bit. Sure, Las Vegas offers plenty of options, but the IAPP events staff has cooked up a killer event to get your started, the Party at Poolside, which will feature the chilling vibes of Odd Couple, a band that truly merges the analog and the digital, featuring a live drummer and a DJ working an MPC player. Team that with inventive cocktails and, of course, great company, and you’ve got your... Read More

Women Leading Privacy and Security To Share Their Stories

(Sep 30, 2015) The privacy profession first emerged from the Internet and technological boom of the 1990s, leading to a wealth of new opportunities. While many were hesitant to embark on this unknown path, a group of women crossed boundaries and paved the way for others to follow. Tomorrow at 11 a.m., some of the top female privacy and security leaders will talk about their experiences, the obstacles they had to overcome and what to expect as a professional just starting out. The session, to be held in Monet 2... Read More

Verisign Launches Public DNS at P.S.R.

(Sep 30, 2015) Just about every time you hit the web, you run into the Domain Name System (DNS), which translates online requests into a set of navigation instructions so you get where you want to go. It is, notes Verisign, one of the riches sources of PII as well. Most people just use whichever DNS is provided by their Internet service provider, subjecting them unwittingly to having their data sold to third parties. Here at P.S.R., however, Verisign has launched Public DNS, a new free recursive DNS services t... Read More

Study: A Deep Dive Into Assessing and Mitigating Privacy Risk

(Sep 29, 2015) It’s the next frontier in privacy: moving from compliance to risk. This summer, the IAPP and Bloomberg Law (Booth 36-37 here at P.S.R.) sought to document the risks to an organization that privacy lapses pose, what privacy professionals think helps in mitigating that risk and just how good organizations think they are at doing those vital tasks. In this new in-depth report, released here at the Privacy. Security. Risk. conference, you get a deep dive into how companies perceive risk, how they’re... Read More

Download the New P.S.R. App

(Sep 29, 2015) Maybe you’ve used the IAPP Events App before, but you’ve never used an IAPP Events App like this one, newly released for Privacy. Security. Risk. While it’s true you’ll have to newly download it to your mobile device, there are a number of new features we hope are worth the trouble. You’ll now be able to rate sessions right in the app, not have to leave the app if you click a URL, be able to customize your agenda—even be able to interact with other attendees. Yes, you need to create a prof... Read More

Late Program Changes and Additions

(Sep 29, 2015) If you’ve downloaded the app, you’ll technically be able to note these changes and additions, but, hey, the P.S.R. program is our most expansive ever, so you may miss them. First, look for “Candidates Getting Fs,” a look at the privacy policies—or lack thereof—on the websites of U.S. presidential candidates, featuring TRUSTe CEO Chris Babel, the Future of Privacy Forum’s Joseph Jerome, CIPP/US, Holland & Knight’s Steven Roosa and Craig Spiezle, president of the Online Trust Allia... Read More

Getting the “Drops” on Reshipping

(Sep 29, 2015) With so many retailers now refusing to ship to Russia or Eastern Europe because of the endemic of organized cybercrime, how do these cyber-thieves use the credit card numbers they’ve stolen? The answer is “reshipping,” a practice documented in the report “Drops for Stuff,” newly released and written by eight security researchers, including Brian Krebs, who will provide a keynote address to open the general session of Privacy. Security. Risk. tomorrow morning here in Las Vegas. How does it work? ... Read More

Keynoter Yang: Privacy Demands a Structural Rethink

(Sep 29, 2015) “The way we’re programming is still very similar to the way we were programming in the 1970s.” That’s Jean Yang, who’ll provide a keynote address here in Las Vegas at Privacy. Security. Risk. tomorrow as part of the opening general session, talking with TechCrunch. Our new era of massive software programs and armies of coders demands a new way of coding, she argues, that lets programmers do their thing but enforces privacy and security “under the covers.” How does that work? The article provides... Read More

“He Said, Xi Said”

(Sep 29, 2015) In the latest episode of his CyberLaw podcast, Steptoe & Johnson Partner and former NSA General Counsel Stewart Baker chats with Team Cymru’s Margie Gilbert and fellow Steptoe Partner and former Department of Homeland Security policy-maker Alan Cohn about the recent visit to the White House of Chinese President Xi Jinping. Should the U.S. settle for a “no first use” assurance to protect critical infrastructure? Baker and Cohn will record their next episode of the podcast here at P.S.R. with ... Read More

Bloomberg Releases Brand New Bloomberg Law: Privacy & Data Security

(Sep 29, 2015) Here at P.S.R., Bloomberg has announced a brand new subscription content offering, Bloomberg Law: Privacy & Data Security, which features “a number of time-saving practice tools, including ‘chart builders’ that assist counsel in comparing laws on breach notification, medical privacy and other issues across jurisdictions.” There are also resources providing statutes, case law, regulations, agency guidance and a news “heat map,” plus a number of practical documents and forms for operational pr... Read More

TRUSTe Releases New Assessment Manager at P.S.R.

(Sep 29, 2015) Here at P.S.R., TRUSTe has announced the release of Assessment Manager 2.0, an update to its SaaS privacy assessment solution. New features include privacy Key Performance Indicators, enhanced reporting, risk scoring and new assessment templates, including one for the pending General Data Protection Regulation in the EU. “Focusing on key performance indicators and generating customizable reports, that can include remediation actions and risk scoring, will help privacy, risk and compliance execut... Read More