ResourceCenter

The U.S. Securities and Exchange Commission requires most publicly traded companies to annually disclose potential risk factors, including exposure to cybersecurity threats and violations of consumer privacy laws. The IAPP’s third annual study of these disclosures (part of Form 10-K) of 150 publicly...

The Phisher Queen creates her Latest weapon ... Blockhead! Click on the image below if you would like to download a high-resolution pdf to print and hang in your office. (26.7MB)...

This slide deck created by the IAPP research team offers a customizable template for a report to organizational leadership to help Data Protection Officers show the activities of the data protection team as well as record compliance with the General Data Protection Regulation....

This flowchart describes the duties imposed on attorneys by the Model Rules of Professional Conduct following a data breach or cyberattack in which client information was compromised. It provides a stepwise process for attorneys to follow after the attack. The chart is based on the guidance publishe...

Data protection authorities of many EU member states have published draft lists of data processing activities that would trigger the need for a data protection impact assessment in that country. The European Data Protection Board weighed in on the drafts, you can find its opinions here. And IAPP ...