Browse Topics

Recently Added Resources

EU-U.S. Privacy Shield

There’s a new sheriff in town — or a new shield, at least. The EU-U.S. Privacy Shield, on July 12, 2016, was adopted by the European Commission, establishing a data transfer mechanism between the two regions.  All this started in 2012, with then-college student Max Schrems taking issue with the way Facebook was handling the data of European citizens and took his complaints all the way to the highest court in the EU. In October of last year, the European Court of Justice deemed the former data t... Read More

How to get Privacy Shield certified: Free IAPP web conference recording

Finally, nine months after the invalidation of Safe Harbor, the new EU-U.S. Privacy Shield Framework is here. Officially passed on July 12 and open for self certification starting August 1, the new framework has many companies on both sides of the Atlantic eager to join in order to minimize legal costs and administrative measures while transferring customer and employee data between the EU and the United States. Will Privacy Shield make things easier? What will change compared to the Safe Harbor... Read More

Department of Commerce Privacy Shield Website

This Department of Commerce site offers the ability beginning Aug. 1 to self-certify to Privacy Shield. It also includes the list of Shield-certified organizations and information for U.S. and EU organizations, individuals in Europe, and Data Protection Authorities including the final texts and an overview of the program.Access Site... Read More

Workplace Privacy: State Legislation & Future Technology Questions

This paper from the Center for Democracy & Technology first describes the current legal landscape of employee privacy at the state level, followed by a synopsis of three efforts to create a unified state law. We then use three case studies of workplace technology trends to demonstrate the privacy risks posed by current and future technology, and examine how the current proposals fall short. Finally, we propose methods to mitigate some of these threats through policy, innovation, and legal ex... Read More

Personal information online small business checklist

This checklist from the UK Information Commissioner’s Office aims to help small- and medium-sized businesses that operate online to make sure they collect and use information about the people they deal with properly. This checklist applies to information such as customers’ names and email addresses, or records of their purchases or enquiries. It also applies to information collected through the use of cookies, for example where this is used to target marketing at people. Read Now (PDF 458K)... Read More

Personal Data Breach Severity Assessment Methodology

Based on a 2011 ENISA study on implementation of Article 4 of the ePrivacy Directive, the Data Protection Authorities of Greece and Germany in collaboration with ENISA developed this methodology for data breach severity assessment that could be used both by DPAs as well as data controllers. This working document is a first result of the co-operation between experts of the two DPAs and ENISA. It is planned to further develop the methodology with the aim to generate a final practical tool for a da... Read More

The Industry of Privacy

Privacy is a dynamic industry that has moved quickly, so quickly that few have stopped to take stock in how far the industry has come, and perhaps more importantly, what the industry has become. The IAPP’s salary surveys and new Industry of Privacy study is some of the only work benchmarking the industry’s growth. Below we have collected these studies and others to help you take stock, compare your practices to those of other organizations and get budget.... Read More

EU-U.S. Privacy Shield

This press release from the European Commission offers an overview of the new data transfer agreement between the U.S. Department of Commerce and the European Commission, including links to the Annexes, a Q&A and a fact sheet.Read Now... Read More

Building a program that provides value (four-part series)

This four-part series by Chris Pahl for The Privacy Advisor examining how to assess a program’s value, take inventory of what matters, use program metrics to show effectiveness and develop a strong communication plan. Building a Program That Provides Value: Understanding What You HaveThis is the first in a series of four articles examining how to assess a program’s value, take inventory of what matters, use program metrics to show effectiveness and develop a strong communication plan. First, le... Read More