Certain content in the IAPP Resource Center is member-only. Not a member? Join now.
Featured Resources
The IAPP develops, maintains and houses a variety of tools to help members keep up with the rapid developments in privacy and their impact on business and the profession, from global privacy legislation comparisons to enforcement trackers to directories and glossaries.
CCPA Genius • GDPR Genius • US State Law Tracker • View All Tools and Trackers
Featured Resource Categories
The IAPP publishes original content on topics that are top of mind for those working in or closely following privacy today. Our expert guidance comes in a variety of formats, including white papers, reports, surveys, infographics, web conferences, podcasts and videos.
Reports and Surveys • White Papers • Web Conferences • Videos • Infographics • Podcasts
Featured Topics
Privacy by Region
Browse Topics
Accountability
Artificial Intelligence
Brexit
Building Your Career
Cloud Computing
Crafting a Privacy Notice
Cross-Device Tracking
Data Protection and Privacy Impact Assessments
Deidentification
Encryption
EU ePrivacy Regulation
Financial Technology
Geolocation
Gramm–Leach–Bliley Act
Health Insurance Portability and Accountability Act
How to Build a Privacy Program
Organizational Privacy Policies
Privacy In Education
Prudence the Privacy Pro
Responding to a Breach
Small- and Medium-Sized Businesses
Telephone Consumer Protection Act
US Government
Workplace Privacy
Recently Added Resources
Web Conference: Taking a Data-centric Approach for Security and Privacy Programs
Original broadcast date: March 25, 2021 The exponential growth of data fueled by technology modernization puts security and privacy professionals in an untenable position to protect data being generated by everyone and every “thing,” accessible from everywhere. Threat actors are able to easily monetize stolen data by selling it on the underground to other threat actors or even organizations seeking to harvest vast amounts of data. Organizations must take stock of their most precious resource (data) and prioritize the protection of it throughout its life cycle using a holistic data-centric approach. Prioritizing security strategy, controls and response activities based on a data-centric approach can help organizations balance and prioritize limited security and privacy resources. Read More
IAPP Privacy Tech Vendor Report
Twice a year, the IAPP updates its “Privacy Tech Vendor Report,” offering insight into the market and a directory of vendors, large and small, that offer various types of privacy technology solutions. Read More
CCPA-/CPRA-Related Legislation Tracker
Click to View (PDF) The California Consumer Privacy Act went into effect Jan. 1, 2020, and enforcement by California’s Office of the Attorney General began July 1, 2020. The California Privacy Rights Act ballot initiative passed in November 2020, with the majority of its provisions becoming operative Jan. 1, 2023. There are bills pending in the California Legislature that would amend the CCPA and/or the CPRA or otherwise impact how organizations understand or approach each law, as noted in t... Read More
Data Protection Officer Requirements by Country
Increasingly, privacy and data protection laws around the world require organizations to designate a data protection officer to translate legal protections into practical reality. This chart catalogues those requirements but does not include the many additional instances in which a DPO is recommended but not required. Read More
Opt in or opt out? State privacy bills introduced in 2021
The IAPP published this chart that outlines the opt in and opt out mechanisms for U.S. state privacy bills introduced in 2021. Read More
Web Conference: The 7 Sins of Managing Data Privacy
Original broadcast date: March 18, 2021 Join privacy veteran Marty Collins from QuinStreet and Vivek Kokkengada from Securiti as they reveal the 7 Sins of Managing Data Privacy and how to avoid them. You'll learn best practices for discovering, protecting and governing data across multi-cloud environments, what pitfalls to avoid with regards to honoring consumer rights, managing risks for vendors handling sensitive data and strategies for efficiently implementing privacy by design. Read More
Web Conference: Modeling the Windstorm to Predict Tomorrow’s Privacy Climate
Original broadcast date: March 17, 2021 Join us for this virtual, interactive IAPP session which will use Abrams’ currents and themes as a jumping off point and planning device for discussion to help privacy professionals navigate competing, and sometimes contradictory, interests and goals. He will be joined by renown privacy experts, including Gabriela Zanfir-Fortuna, Pam Snively, Sheila Colclasure and Scott Taylor who will explore the themes developed in the blog, and then work with session participants in breakout groups where they will explore together two of the themes in depth. Each breakout group will then provide a concise report out to the full group for further reflection. The session will end with shared insights on what the themes mean for organizational planning. Session participants will walk away with ideas about how to calm their organization’s often stormy privacy seas and about how to bring a little order to mapping their organization’s future privacy program. Read More
Web Conference: Decryption and Inspection and the Steps Needed for Privacy Compliance
Original broadcast date: March 16, 2021 Join us for this privacy education web conference to hear an overview of the threat landscape and how attackers use encryption to their benefit, why the inspection of network traffic is necessary for privacy compliance, key considerations for implementing decryption and the strong controls for secure processing of data and the benefits of applying a centralized decryption solution with granular policy enforcement. Read More
Web Conference: Tech 101 for Privacy Pros: What You Need to Know
Original broadcast date: March 11, 2021 Join us for this privacy education web conference to hear about, how product development processes work best, how security and data and other safety measures work in practice and how tech infrastructure and databases affect your company’s data-handling practices. Read More
Web Conference: Global Cyber Threat Landscape
Original broadcast date: March 10, 2021 The threat actor landscape is constantly changing and there is no one-size-fits-all approach when responding to a global data security incident. This presentation will relate real-world examples of trending APT and nation state attacks, plus lessons learned during global investigations in the U.S., APAC and EMEA regions. This will include insight into various, constantly changing and region-specific regulatory regimes around data security, insurance trends and other challenges, such as legal privilege and global notification. We will also compare how regulators in different parts of the world are responding to data breaches, including the types of questions they are asking and the role of forensics, IT and IS teams when responding to regulators. Read More