Certain content in the IAPP Resource Center is member-only. Not a member? Join now.


Featured Resources

Tools and Trackers

The IAPP develops, maintains and houses a variety of tools to help members keep up with the rapid developments in privacy and their impact on business and the profession, from global privacy legislation comparisons to enforcement trackers to directories and glossaries.

CCPA GeniusGDPR GeniusUS State Law TrackerView All Tools and Trackers


Featured Resource Categories

The IAPP publishes original content on topics that are top of mind for those working in or closely following privacy today. Our expert guidance comes in a variety of formats, including white papers, reports, surveys, infographics, web conferences, podcasts and videos.

Reports and Surveys • White PapersWeb ConferencesVideosInfographicsPodcasts


Featured Topics

Privacy by Region

Browse Topics

Recently Added Resources

Web Conference: Taking a Data-centric Approach for Security and Privacy Programs

Original broadcast date: March 25, 2021  The exponential growth of data fueled by technology modernization puts security and privacy professionals in an untenable position to protect data being generated by everyone and every “thing,” accessible from everywhere. Threat actors are able to easily monetize stolen data by selling it on the underground to other threat actors or even organizations seeking to harvest vast amounts of data. Organizations must take stock of their most precious resource (data) and prioritize the protection of it throughout its life cycle using a holistic data-centric approach. Prioritizing security strategy, controls and response activities based on a data-centric approach can help organizations balance and prioritize limited security and privacy resources. Read More

IAPP Privacy Tech Vendor Report

Twice a year, the IAPP updates its “Privacy Tech Vendor Report,” offering insight into the market and a directory of vendors, large and small, that offer various types of privacy technology solutions. Read More

CCPA-/CPRA-Related Legislation Tracker

Click to View (PDF) The California Consumer Privacy Act went into effect Jan. 1, 2020, and enforcement by California’s Office of the Attorney General began July 1, 2020. The California Privacy Rights Act ballot initiative passed in November 2020, with the majority of its provisions becoming operative Jan. 1, 2023. There are bills pending in the California Legislature that would amend the CCPA and/or the CPRA or otherwise impact how organizations understand or approach each law, as noted in t... Read More

Data Protection Officer Requirements by Country

Increasingly, privacy and data protection laws around the world require organizations to designate a data protection officer to translate legal protections into practical reality. This chart catalogues those requirements but does not include the many additional instances in which a DPO is recommended but not required. Read More

Web Conference: The 7 Sins of Managing Data Privacy

Original broadcast date: March 18, 2021  Join privacy veteran Marty Collins from QuinStreet and Vivek Kokkengada from Securiti as they reveal the 7 Sins of Managing Data Privacy and how to avoid them. You'll learn best practices for discovering, protecting and governing data across multi-cloud environments, what pitfalls to avoid with regards to honoring consumer rights, managing risks for vendors handling sensitive data and strategies for efficiently implementing privacy by design. Read More

Web Conference: Modeling the Windstorm to Predict Tomorrow’s Privacy Climate

Original broadcast date: March 17, 2021  Join us for this virtual, interactive IAPP session which will use Abrams’ currents and themes as a jumping off point and planning device for discussion to help privacy professionals navigate competing, and sometimes contradictory, interests and goals. He will be joined by renown privacy experts, including Gabriela Zanfir-Fortuna, Pam Snively, Sheila Colclasure and Scott Taylor who will explore the themes developed in the blog, and then work with session participants in breakout groups where they will explore together two of the themes in depth. Each breakout group will then provide a concise report out to the full group for further reflection. The session will end with shared insights on what the themes mean for organizational planning. Session participants will walk away with ideas about how to calm their organization’s often stormy privacy seas and about how to bring a little order to mapping their organization’s future privacy program. Read More

Web Conference: Decryption and Inspection and the Steps Needed for Privacy Compliance

Original broadcast date: March 16, 2021  Join us for this privacy education web conference to hear an overview of the threat landscape and how attackers use encryption to their benefit, why the inspection of network traffic is necessary for privacy compliance, key considerations for implementing decryption and the strong controls for secure processing of data and the benefits of applying a centralized decryption solution with granular policy enforcement. Read More

Web Conference: Tech 101 for Privacy Pros: What You Need to Know

Original broadcast date: March 11, 2021  Join us for this privacy education web conference to hear about, how product development processes work best, how security and data and other safety measures work in practice and how tech infrastructure and databases affect your company’s data-handling practices. Read More

Web Conference: Global Cyber Threat Landscape

Original broadcast date: March 10, 2021  The threat actor landscape is constantly changing and there is no one-size-fits-all approach when responding to a global data security incident. This presentation will relate real-world examples of trending APT and nation state attacks, plus lessons learned during global investigations in the U.S., APAC and EMEA regions. This will include insight into various, constantly changing and region-specific regulatory regimes around data security, insurance trends and other challenges, such as legal privilege and global notification. We will also compare how regulators in different parts of the world are responding to data breaches, including the types of questions they are asking and the role of forensics, IT and IS teams when responding to regulators. Read More