ResourceCenter

This is a 10-part series intended to help privacy professionals understand the operational impacts of the California Privacy Rights Act, including how it amends the current rights and obligations established by the California Consumer Privacy Act. Read More

The IAPP develops, maintains and houses a variety of tools to help members keep up with the rapid developments in privacy and their impact on business and the profession, from global privacy legislation comparisons to enforcement trackers and glossaries. Search All Tools US State Comprehensive Privacy Law ComparisonThe IAPP’s state law comparison tracker consists of proposed and enacted comprehensive privacy bills from across the U.S. to aid our members’ efforts to stay abreast of the chan... Read More

The IAPP published this infographic that puts recent data initiatives in the European Union in context. Read More

The findings presented in this report are the result of a collaborative research project between the IAPP and EY studying the effects of the COVID-19 pandemic on privacy teams around the world. Read More

View Report (PDF) This year’s “Privacy Governance Report” is the product of a partnership between the IAPP and FTI Consulting, our new sponsor for this year’s annual study that benchmarks the privacy profession. Now in its sixth year, this report takes a deep dive into the leadership structures, core functions, staff and budgets, and tasks and priorities of privacy programs around the globe. It provides key metrics on ongoing compliance with core pieces of privacy legislation, including the E... Read More

Published: December 2020 The U.S. Securities and Exchange Commission requires most publicly traded companies to annually disclose in their Form 10-K submissions potential risk factors to investors. Beginning in 2017, the IAPP studied these disclosures to assess not just whether companies have been disclosing personal data processing practices and privacy regulations as a risk, but also increasingly what business harms the organizations faced for getting privacy wrong. For the first several y... Read More

This is a five-part series aimed at helping global privacy professionals better understand the operational impacts of Brazil's new General Data Protection Law. The series addresses the LGPD in its current form, taking into account that, once formed, the national data protection authority, the Autoridade Nacional de Proteção de Dados, is authorized under various articles of the law to issue guidance on interpretation and expand upon certain provisions. Contributors Caitlin Fennessy, C... Read More

On Dec. 31, 2020, the Brexit transition period comes to an end. Unless parties can reach an agreement before the deadline, the U.K. will be considered a third country in the eyes of the European Economic Area member states. Here, we list some of the main items that companies need to check before the deadline. Read More

During summer 2020, 21 privacy leaders from industry, government and academia graciously shared their views on the impact of COVID-19 on privacy priorities, practices and programs. We captured their experiences, challenges and recommendations in this five-part series. Read More

Brazil’s General Data Protection Law is now in effect. Much like the EU General Data Protection Regulation, the LGPD has extraterritorial applicability, meaning any organization processing personal data in Brazil must comply with the law irrespective of the company’s location. One of the LGPD’s requirements for such companies under Article 41 is that they must appoint a data protection officer to be “in charge of processing personal data.” Given the prevalence of data processing in today’s dig... Read More