ResourceCenter

November 14, 2018, draft proposal on the withdrawal of the United Kingdom and Northern Ireland from the European Union and the European Atomic Energy Community. The proposal wishes to set out the arrangements for the withdrawal, while taking account of the framework for the future relationship between the two countries and the remaining member-states of the European Union.Read Now (1.37 MB)... Read More

This Nov. 13, 2018, communication from the Commission to the European Parliament, the European Council, the Council, the European Central Bank, the European Economic and Social Committee, the Committee of the Regions and the European Investment Bank outlines a so-called "no deal" Brexit.Read Now (PDF 728KB)    ... Read More

This flowchart describes the duties imposed on attorneys by the Model Rules of Professional Conduct following a data breach or cyberattack in which client information was compromised. It provides a stepwise process for attorneys to follow after the attack. The chart is based on the guidance published by the American Bar Association in Formal Opinion 483. Attorneys’ duties of competence, confidence, and to keep the client reasonably informed impose distinct, but overlapping, obligations following... Read More

Data protection authorities of many EU member states have published draft lists of data processing activities that would trigger the need for a data protection impact assessment in that country. The European Data Protection Board weighed in on the drafts, you can find its opinions here. And IAPP Westin Fellow Müge Fazlioglu, CIPP/E, CIPP/US, has written an analysis of the opinions here. Country DPIA blacklist/whitelist Austria Whitelist from the Austrian Data Protection ... Read More

The IAPP has compiled this list of member state GDPR implementation laws and drafts to help privacy professionals keep track of and comply with local implementation of the derogations under the GDPR. Read More

Many U.S. state agencies publish lists of reported data breaches in their respective state. Below are links to the published lists. If you know of a state data breach list we have not linked to here, please let us know at resourcecenter@iapp.org. State Alabama (Unavailable) Alaska (Unavailable) Arizona (Unavailable) Arkansas (Unavailable) California's Attorney General Office Data Breach List Colorado (Unavailable) ... Read More

This publication from Troutman Sanders offers an overview of new U.S. state and federal legislation, regulations and guidance, including a comparison chart for the California Consumer Privacy Act of 2018 and the EU General Data Protection Regulation. The update also includes information on evolving case law, attorney general enforcement, and notable international developments.Read Now (PDF 6.6MB)... Read More

The Information Technology Industry Council has released its “Framework to Advance Interoperable Rules (FAIR) on Privacy.” The framework offers recommendations to give data subjects more control and a stronger understanding of the ways their information is used. Measures are also included to ensure companies focus on responsible data use and transparency.View Now (2.88 MB)... Read More

In this white paper, Intel offers six policy recommendations for privacy and artificial intelligence, such as new comprehensive legislative and regulatory initiatives that are tech neutral and support the free flow of data and an emphasis on risk-based accountability approaches.View Now (161 kb)... Read More

This self-assessment tool, released by the U.K. Information Commissioner's Office, helps outline the level of data protection compliance your small business or organization adheres to. Also, after completing the self-assessment checklist, you are provided with a report suggesting practical actions you can take and providing links to additional guidance you could read that will help you improve your data protection compliance.View Now... Read More