Browse Topics

Recently Added Resources

Privacy in our Digital Lives: Protecting Individuals and Promoting Innovation

In the last week of his presidency, former President Barack Obama released this report summing up his administration's work on privacy, surveillance and innovation. The report includes the administration's work on domestic and international privacy initiatives, including the Privacy Shield and APEC frameworks as well as reforms to national surveillance. Read Now (PDF 391K)... Read More

Toolkit for Recruiting, Hiring, and Retaining Privacy Professionals in the Federal Government

The U.S. Federal Privacy Council has launched a new toolkit on its career page aimed at assisting federal agency human resources staff and hiring managers in understanding the new world of federal government privacy, making decisions about which types of positions they should use in their privacy offices, designing federal privacy positions, then conducting recruitment and selection activities.  This toolkit contains hiring authorities and flexibilities, template position descriptions and job op... Read More

The State of Data Sharing for Healthcare Analytics 2015 - 2016: Change, Challenges and Choice

This report summarizes the key findings from a survey launched by Privacy Analytics, in collaboration with the Electronic Health Information Laboratory. The survey assessed the state of data sharing in healthcare and the challenges in disclosing data for secondary use. Secondary use of health data applies to protected health information that is used for reasons other than direct patient care, such as data analysis, research, safety measurement, public health, payment, provider certification or m... Read More

2017 Health Information Privacy and Security New Year's Resolutions

Davis Wright Tremaine has created this checklist of potential health information privacy and security resolutions. It offers annual, quarterly and monthly lists to map out your privacy and security tasks for the year, and then you can check them off as you complete them. There are also empty rows for you to add your own resolutions.Read Now (PDF 1.45M)... Read More

An Introduction to Privacy Engineering and Risk Management in Federal Systems

This document from NIST provides an introduction to the concepts of privacy engineering and risk management for federal systems. These concepts establish the basis for a common vocabulary to facilitate better understanding and communication of privacy risk within federal systems, and the effective implementation of privacy principles. This publication introduces two key components to support the application of privacy engineering and risk management: privacy engineering objectives and a privacy ... Read More

M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information

This Office of Management and Budget memorandum, released in January 2017, sets forth the policy for federal agencies to prepare for and respond to a breach of personally identifiable information. It includes a framework for assessing and mitigating the risk of harm to individuals potentially affected by a breach, as well as guidance on whether and how to provide notification and services to those individuals. This memorandum is intended to promote consistency in the way agencies prepare for and... Read More

Circular A-108: Federal Agency Responsibilities for Review, Reporting, and Publication under the Privacy Act

This Office of Management and Budget Circular describes agency responsibilities for implementing the review, reporting, and publication requirements of the Privacy Act of 1974 and related OMB policies. Last issued in 2000, this revision released in January 2017 addresses how government agencies review, report and publish system of records notices; outlines how they do Privacy Act compliance reviews; and promotes agency collaboration through interagency review of government-wide systems of record... Read More

Sixth Annual Benchmark Study on Privacy and Security of Healthcare Data

This study by the Ponemon Institute, finds that criminal attacks are the leading cause of half of all data breaches in health care. Employee mistakes, third-party snafus, and stolen computer devices are the root cause of the other half of data breaches. The study also found that while most health care organizations believe they are vulnerable to a data breach, they are unprepared to address new threats and lack the resources to protect patient data.Read Now (PDF 5.8M)... Read More

Flash Eurobarometer 443

The European Commission’s Directorate-General for Communications Networks commissioned this survey as part of a review of the ePrivacy Directive to assess the general opinions of citizens across the EU in relation to key issues that are part of online privacy. In particular, the survey looks at privacy of communications, tracking over the internet with cookies requiring permission/consent, unsolicited communications by e-mail and unwanted marketing calls. It also covers the ways and extent in wh... Read More