Browse Topics

Recently Added Resources

Prudence the Privacy Pro Vol. 3 No. 5

While everyone wants to make sure they hire the right people, that's no fair license to do a deep dive into a candidate's history. Prudence will keep you on the straight and narrow. If you would like to download a pdf copy to print out and hang somewhere in your office, click here. ... Read More

GDPR Complaint-Process Map

The General Data Protection Regulation is set to replace the Data Protection Directive 95/46/ec effective May 25, 2018. The GDPR is directly applicable in each Member State and will lead to a greater degree of data protection harmonization across EU nations. The GDPR empowers data subjects to seek judicial relief for damages and file administrative complaints with supervisory authorities. The GDPR’s consistency mechanisms – encouraging supervisory authorities to cooperate and agree on infringeme... Read More

Circular A-130: Managing Information as a Strategic Resource

This July 2016 Office of Management and Budget update to Circular  update to Circular A-130 is a collection of a wide range of policy updates for federal agencies regarding cybersecurity, information governance, privacy, records management, open data, and acquisitions. The new regulations require every federal agency to appoint a senior agency official for privacy, provide privacy training, conduct PIAs, maintain an inventory of PII, and actively limit the collection, use, storage, and processin... Read More

EU-U.S. Privacy Shield

There’s a new sheriff in town — or a new shield, at least. The EU-U.S. Privacy Shield, on July 12, 2016, was adopted by the European Commission, establishing a data transfer mechanism between the two regions.  All this started in 2012, with then-college student Max Schrems taking issue with the way Facebook was handling the data of European citizens and took his complaints all the way to the highest court in the EU. In October of last year, the European Court of Justice deemed the former data t... Read More

How to get Privacy Shield certified: Free IAPP web conference recording

Finally, nine months after the invalidation of Safe Harbor, the new EU-U.S. Privacy Shield Framework is here. Officially passed on July 12 and open for self certification starting August 1, the new framework has many companies on both sides of the Atlantic eager to join in order to minimize legal costs and administrative measures while transferring customer and employee data between the EU and the United States. Will Privacy Shield make things easier? What will change compared to the Safe Harbor... Read More

Department of Commerce Privacy Shield Website

This Department of Commerce site offers the ability beginning Aug. 1 to self-certify to Privacy Shield. It also includes the list of Shield-certified organizations and information for U.S. and EU organizations, individuals in Europe, and Data Protection Authorities including the final texts and an overview of the program.Access Site... Read More

Workplace Privacy: State Legislation & Future Technology Questions

This paper from the Center for Democracy & Technology first describes the current legal landscape of employee privacy at the state level, followed by a synopsis of three efforts to create a unified state law. We then use three case studies of workplace technology trends to demonstrate the privacy risks posed by current and future technology, and examine how the current proposals fall short. Finally, we propose methods to mitigate some of these threats through policy, innovation, and legal ex... Read More

Personal information online small business checklist

This checklist from the UK Information Commissioner’s Office aims to help small- and medium-sized businesses that operate online to make sure they collect and use information about the people they deal with properly. This checklist applies to information such as customers’ names and email addresses, or records of their purchases or enquiries. It also applies to information collected through the use of cookies, for example where this is used to target marketing at people. Read Now (PDF 458K)... Read More

Personal Data Breach Severity Assessment Methodology

Based on a 2011 ENISA study on implementation of Article 4 of the ePrivacy Directive, the Data Protection Authorities of Greece and Germany in collaboration with ENISA developed this methodology for data breach severity assessment that could be used both by DPAs as well as data controllers. This working document is a first result of the co-operation between experts of the two DPAs and ENISA. It is planned to further develop the methodology with the aim to generate a final practical tool for a da... Read More