Browse Topics

Recently Added Resources

Draft Agreement on the withdrawal of the United Kingdom of Great Britain and Northern Ireland from the European Union

November 14, 2018, draft proposal on the withdrawal of the United Kingdom and Northern Ireland from the European Union and the European Atomic Energy Community. The proposal wishes to set out the arrangements for the withdrawal, while taking account of the framework for the future relationship between the two countries and the remaining member-states of the European Union.Read Now (1.37 MB)... Read More

Contingency Action Plan for U.K. Exit from the EU

This Nov. 13, 2018, communication from the Commission to the European Parliament, the European Council, the Council, the European Central Bank, the European Economic and Social Committee, the Committee of the Regions and the European Investment Bank outlines a so-called "no deal" Brexit.Read Now (PDF 728KB)    ... Read More

ABA Data Breach Response Flowchart

This flowchart describes the duties imposed on attorneys by the Model Rules of Professional Conduct following a data breach or cyberattack in which client information was compromised. It provides a stepwise process for attorneys to follow after the attack. The chart is based on the guidance published by the American Bar Association in Formal Opinion 483. Attorneys’ duties of competence, confidence, and to keep the client reasonably informed impose distinct, but overlapping, obligations following... Read More

EU Member State DPIA Whitelists, Blacklists and Guidance

Data protection authorities of many EU member states have published draft lists of data processing activities that would trigger the need for a data protection impact assessment in that country. The European Data Protection Board weighed in on the drafts, you can find its opinions here. And IAPP Westin Fellow Müge Fazlioglu, CIPP/E, CIPP/US, has written an analysis of the opinions here. Country DPIA blacklist/whitelist Austria Whitelist from the Austrian Data Protection ... Read More

U.S. State Data Breach Lists

Many U.S. state agencies publish lists of reported data breaches in their respective state. Below are links to the published lists. If you know of a state data breach list we have not linked to here, please let us know at resourcecenter@iapp.org. State Alabama (Unavailable) Alaska (Unavailable) Arizona (Unavailable) Arkansas (Unavailable) California's Attorney General Office Data Breach List Colorado (Unavailable) ... Read More

Data Privacy: The Current Legal Landscape (Sept. 2018)

This publication from Troutman Sanders offers an overview of new U.S. state and federal legislation, regulations and guidance, including a comparison chart for the California Consumer Privacy Act of 2018 and the EU General Data Protection Regulation. The update also includes information on evolving case law, attorney general enforcement, and notable international developments.Read Now (PDF 6.6MB)... Read More

Data Protection law compliance: Assessment for small business owners and sole traders

This self-assessment tool, released by the U.K. Information Commissioner's Office, helps outline the level of data protection compliance your small business or organization adheres to. Also, after completing the self-assessment checklist, you are provided with a report suggesting practical actions you can take and providing links to additional guidance you could read that will help you improve your data protection compliance.View Now... Read More