Certain content in the IAPP Resource Center is member-only. Not a member? Join now.
Tools and Trackers
US State AI Governance Legislation Tracker
US State Privacy Legislation Tracker
At-a-Glance: Salary and Jobs Report 2025–26
Privacy Engineering: Physical Architect
EU AI Act: Regulatory Directory
Privacy Engineering: UX Designers
Privacy Engineering: Data Scientist
Privacy Engineering: Software Developers and Engineers
Privacy Engineering: IT Infrastructure Architect
Data Security Program Cheat Sheet
Global AI Law and Policy Tracker
Navigate: Digital Risk Index 2025
10 tips for protecting children’s privacy online
At-a-Glance: AI Governance Profession Report 2025
Incident Notification and Information Sharing Requirements: EU Digital Laws
Ten steps to successful ransomware response
Mapping and Understanding the AI Governance Ecosystem
EU AI Act: Next Steps for Implementation
Digital Governance in Europe: A Stakeholder Map of European Institutions and Regulators
Key Dates of Federal Data Privacy Reform in Australia
At-a-Glance: Privacy Governance Report 2024
EU Product Liability Directive Reform: 101
European Strategy for Data – Overview of New Regulations
California Privacy and AI Legislation Tracker
Top 10 tips for career advancement: Empowering women in privacy
10 Tips for Global Compliance with Privacy and Data Protection Laws
At-a-Glance: AI Governance in Practice Report 2024
Global Cross-Border Privacy Rules – Guidance and Resources
Implementing Trans-Atlantic Transfers
European Parliament term recap
EU AI Act: The web of regulatory intersections
American Privacy Rights Act cheat sheet
The Intersection of Privacy and AI Governance
Enacted Federal Statutes with PRA
Global data transfer contracts
US Institutions Privacy Stakeholder Map
Navigating Government Access to Private Data in the EU
California Rulemaking Process Overview
At-a-Glance: IAPP-EY Professionalizing Organizational AI Governance Report
What AI Governance Leaders are Thinking About
Countries At-a-Glance: Privacy and Consumer Trust
At-a-Glance: Privacy Risk Study 2023
EU-US Data Privacy Framework – Guidance and Resources
Privacy Resources for Digital Health Data
EU decision-making at a glance: How do EU laws get approved?
At-a-Glance: Privacy and Consumer Trust
Requirements of the GDPR-mandated DPO
Refresher: The GDPR’s Six Legal Bases for Data Processing
Text comparison of principles for commercial transfers: From Privacy Shield to DPF
Scope of the draft American Data Privacy and Protection Act
UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework
From Privacy Shield to the Trans-Atlantic Data Privacy Framework
Show me the privacy money – Budget and Staffing
FTC Privacy Rulemaking – The Steps to Get There
Data Protection Officer Requirements by Country
How To Get Started in Privacy Law
Key provisions of BIPA legislation
Transfer Impact Assessment Templates
DPA and government guidance on ‘Schrems II’
EU Standard Contractual Clauses
How Defendants Are Attacking CCPA Claims
Frequently Asked Questions & Resources on ‘Schrems II’
Article 49 Derogations Summary Table
How to Provide DPO Contact Information to Your DPA
US State Data Breach Notification Chart
Summary of CPRA Contractual Obligations
How to get started in privacy engineering
The impact of the CJEU’s decision on ‘Schrems II’
CCPA Enforcement: Civil penalties companies can face
The Top 10 Most Impactful Provisions of the CPRA
COVID-19 Testing and Health Monitoring
Expedited Vendor Privacy and Security Assessment Checklist
Comparison of Indian PDPB 2019 and GDPR
Avoiding the pitfalls of CCPA noncompliance
EU Member State DPIA Whitelists, Blacklists and Guidance
The largest global privacy and security fines
What is selling under the CCPA
ABA Data Breach Response Flowchart
What triggers a DPIA under the GDPR
Consumer Privacy Notice Template
Understanding and Assessing Professional Credentials and Training
Sample Data Processing Agreement
Privacy Engineer Sample Job Description
US-EU Safe Harbor – Guidance and Resources
Comparison of the FOIA and Privacy Act
Sample Job Description of the Chief Privacy Officer
View More
Reports
Salary and Jobs Report 2025-26
AI Governance Profession Report 2025
Privacy Governance Report 2024
Privacy Curricula in US Law Schools
Responsible AI Management Report
AI Governance in Practice Report 2024
Professionalizing Organizational AI Governance Report
Privacy and Consumer Trust Report
Privacy and AI Governance Report
Privacy in M&A Transactions Playbook
Privacy in the Wake of COVID-19
Benefits, Attributes and Habits of Mature Privacy and Data Protection Programs
Measuring Privacy Operations Report
How Privacy Tech Is Bought and Deployed Report
Market for Data Privacy Legal Services Report
How IT and Infosec Value Privacy Report
The Top 10 Operational Impacts of the GDPR
View More
Research Articles
Global AI Governance Law and Policy: Australia
Dressing old laws in class-action suits: Applying anti-wiretapping laws to AI transcription services
Florida enters the privacy chat: Why Roku should be a wake-up call
PETs: Beyond privacy-enhancing
Ninth Circuit takes cautious approach to privacy and data security standing
10 tips to prepare for the EU Cyber Resilience Act
Global AI Governance Law and Policy: Canada
Global AI Governance Law and Policy: US
Global AI Governance Law and Policy: South Korea
Examining Western cyber policy reactions to China’s rise in the digital age
Data brokers, beware: Distinguishing PADFAA from the DOJ’s DSP
Whose risk is it anyway? How positions and perspectives inform digital risks
Risk analysis is the foundation of data security, but regulator approaches differ
California adopts Cybersecurity Audit Rule, outlining ‘reasonable’ cybersecurity
AI in every home: Analyzing the public comments behind the White House AI Action Plan
US state AI legislation: Reviewing the 2025 session
AI governance in the agentic era
UK data reform: Where have we landed?
Global AI Governance Law and Policy: Singapore
Global AI Governance Law and Policy: India
Emerging trends, insights from public enforcement of US state privacy laws
Global AI law and policy trends update
New threads in the patchwork: Key trends in US comprehensive state privacy law amendments
The final days of grace: Preparing for the U.S. sensitive data rule
Digital risk: Nothing ventured, nothing gained
The ethical use of AI in advertising
How different jurisdictions approach AI regulatory sandboxes
Compliance technology adoption: Navigating and overcoming challenges
Policy analysis: US House committee seeks moratorium on state AI rules
The increasing need to address digital governance
TAKE IT DOWN Act: The next bipartisan US federal privacy, AI law
New developments in global adequacy capabilities
US Data Privacy Litigation: Litigating accountability through shareholder action
US Data Privacy Litigation: Data brokers and judicial privacy litigation
Benchmarking salary for digital responsibility
US Data Privacy Litigation: Biometrics and consumer health data litigation
US Data Privacy Litigation: Security breach litigation
Peering through the US state privacy law kaleidoscope
US Data Privacy Litigation: Website tracking litigation
US Data Privacy Litigation: Breach of contract and warranties litigation
Data protection and privacy laws now in effect in 144 countries
IAPP Global Legislative Predictions 2025
Biden’s final order on cybersecurity represents evolution, not revolution
HHS proposes major overhaul of HIPAA security rule
How 119th US Congress committee leadership could shape digital policy
Ghost jobs: The phantom hiring trend with data privacy implications
New laws in California look to the future of privacy and AI
Tracking evolving policy paradigms in a hallmark year for AI governance
Top 10 operational impacts of the EU AI Act – Leveraging GDPR compliance
Council of Europe’s Framework Convention on AI and its global implications
Top operational impacts of reforms to the Australian Privacy Act
OMB seeks input on policies for commercially available data and AI
FTC adds right to delete to cybersecurity settlement
Workplace privacy in US laws and policies
Global AI Governance Law and Policy: EU
Scrutiny continues as the AI Act reaches implementation
The FCC issues cybersecurity model for the mobile telecommunications industry
AI and digital governance: Exploring platform liability laws in the EU
Top 10 operational impacts of the EU AI Act – AI Assurance across the risk categories
Cybersecurity and the cloud: Lessons from FCC cloud breach enforcement
AI and digital governance: Platform liability laws in the US
The DNA of privacy and the privacy of DNA
Top 10 operational impacts of the EU AI Act – Governance: EU and national stakeholders
Top 10 operational impacts of the EU AI Act – Obligations for general-purpose AI models
Top 10 operational impacts of India’s DPDPA – Data breaches
Implementing kids’ privacy protections around the world
Top 10 operational impacts of the EU AI Act – Obligations on nonproviders of high-risk AI systems
Precision nutrition and biometric privacy in health tech
Top 10 operational impacts of India’s DPDPA – Data protection impact assessments
Top 10 operational impacts of the EU AI Act – Obligations on providers of high-risk AI systems
Top 10 operational impacts of India’s DPDPA – Data audits for significant fiduciaries
Top 10 operational impacts of the EU AI Act – Understanding and assessing risk
AI and digital governance: Exploring platform liability
Top 10 operational impacts of the EU AI Act – Subject matter, definitions, key actors and scope
Top 10 operational impacts of India’s DPDPA – Consent management
Ceiling or floor? State law preemption and preservation in U.S. federal privacy bills
Connected Cars: The legislative environment, potential reform and privacy issues
Understanding ‘sensitive covered data’ under the APRA discussion draft
How privacy and data protection laws apply to AI: Guidance from global DPAs
Pay, OK or a third way: Context, analysis from the EDPB’s opinion
US state AI governance bills: Reflecting on the 2024 cycle with a new resource
The Colorado AI Act: What you need to know
The 2024 IAPP Governance Survey: What the data can show on AI
Private Rights of Action in US Privacy Legislation
Pursuit of app-iness: the legal considerations of SDKs
The American Privacy Rights Act’s definition of covered data
FTC enforcement trends: From straightforward actions to technical allegations
Luminos.AI wants to take on AI management woes
FISA Section 702’s Reauthorization Era
Major trends in US cybersecurity law and policy
Top takeaways from the draft American Privacy Rights Act
IAPP launches 2024 Governance Survey
EU elections explainer: Heading into the next term, reading the smoke signals
Global AI Governance Law and Policy: UK
EU elections explainer: 2024, a transition year into EU leadership overhaul
Checking in on proposed California privacy and AI legislation
OECD privacy, AI leaders come together to bridge gaps
Identifying global privacy laws, relevant DPAs
A new era of US privacy policy? National security restrictions on personal data transactions
Defining ‘comprehensive’: Florida, Washington and the scope of state tracking
Consumer Perspectives of Privacy and Artificial Intelligence
Opting In-n-Out: Five key analyses for adtech privacy law compliance
Amending Australia’s Privacy Act: Small businesses, bigger responsibilities
The truth about privacy: The FTC’s stance on accuracy as a privacy interest
Meta’s new digs: A deep dive into practical considerations of consent
Biased AI systems face the music: Analyzing the FTC’s Rite Aid enforcement
US federal AI governance: Laws, policies and strategies
UK GDPR reforms move forward in UK Parliament
Implications of the AI executive order for business
California privacy: 2022-23 legislative wrap-up
CPPA’s draft automated decision-making rules unpacked
Children’s privacy laws and freedom of expression: Lessons from the UK Age-Appropriate Design Code
Training AI on personal data scraped from the web
Data without borders: EU e-Evidence package facilitates access to private data across jurisdictions
Top 10 operational impacts of India’s DPDPA – Cross-border data transfers
Bipartisan consensus in US privacy lawmaking
Top 10 operational impacts of India’s DPDPA – Enforcement and the Data Protection Board
The CPPA’s upcoming rulemaking process
Top 10 operational impacts of India’s DPDPA – Obligations of data processing entities
Top 10 operational impacts of India’s DPDPA – Individual rights
The Kids Are All Rights: The Conflict between Free Speech and Youth Privacy Laws
UK-US Data Bridge becomes law, takes effect 12 Oct.
Top 10 operational impacts of India’s DPDPA – Scope, key definitions and lawful data processing
EU-US data adequacy litigation begins
Contentious areas in the EU AI Act trilogues
5 things to know about AI model cards
Addressing the duty of care in state privacy laws
AI regulatory enforcement around the world
Regulators’ rulebook for AI: Bit by bit
U.S. privacy legislation in 2023: Something old, something new?
The half-baked future of cookies and other tracking technologies
Privacy governance: A problem solved or an ongoing challenge?
The Snowden disclosures, 10 years on
What dancing taught me about privacy in the metaverse
What’s harm got to do with it?
A practical comparison of the EU, China and ASEAN standard contractual clauses
The Atlantic Declaration: Data bridges, privacy and AI
A trans-Atlantic comparison of a real struggle: Anonymized, deidentified or aggregated?
Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?
Aspiring privacy professionals compete in moot court
Indiana governor signs a comprehensive privacy act into law
Washington’s My Health, My Data Act
How should mobile apps prepare for California’s privacy scrutiny?
The latest in homomorphic encryption: A game-changer shaping up
Going back to basics for the EDPB’s year of the DPO
Iowa becomes sixth US state to enact comprehensive consumer privacy legislation
Filling the void? The 2023 state privacy laws and consumer health data
Generative AI: Privacy and tech perspectives
Standardization landscape for privacy: Part 3 — W3C and IEEE
Most consumers want data privacy and will act to defend it
California legislative wrap-up: CCPA amendments, children’s privacy and more
CNIL’s Secretary General rolls out plans for 2023 at DPI France
Top ten takeaways from the draft UK GDPR reform
Federated learning: Supporting data minimization in AI
The process behind the EDPB’s coordinated enforcement framework
Practical considerations from EU enforcement
A healthy dose of consent: Takeaways from the FTC’s GoodRx case
Practical considerations from EU enforcement
Cheering emerging PETs: Global privacy tech support on the rise
What the DPC-Meta decision tells us about the EU GDPR dispute resolution mechanism
Takeaways from Epic Games settlement: Teen privacy arrives at the FTC
The FTC’s rapidly evolving standards for MFA
Maximize your minimization and other takeaways from the FTC’s Drizly case
Is GPC the new ‘do not track’?
Privacy and digital health data: The femtech challenge
The EU-US Data Privacy Framework: A new era for data transfers?
A view from Brussels: The latest on the DSA, DMA and Privacy Shield
State views on proposed ADPPA preemption come into focus
The future of youth privacy is here
Reviewing the House Committee changes to the proposed ADPPA
The Sephora case: Do not sell – But are you selling?
Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?
Complying with the California Consumer Privacy Act’s consumer request process
FTC signals expanded breach notice obligations
Understanding the scope of the draft American Data Privacy and Protection Act
Distilling the essence of the American Data Privacy and Protection Act discussion draft
Exceptions in new US state privacy laws leave data without security coverage
Connecticut enacts comprehensive consumer data privacy law
Virginia amendment process complete, text finalized, ahead of Jan. 1 effective date
Utah becomes fourth US state to enact comprehensive consumer privacy legislation
Commission proposal for a regulation on the European health data space
Key data security insights from FTC CafePress settlement
Standardization landscape for privacy: Part 2 — ISO/IEC
Top 5 operational impacts of China’s PIPL — Part 5: International data transfers
Hidden privacy lessons in the FTC’s CafePress security enforcement
Top 5 operational impacts of China’s PIPL — Part 4: Penalties and enforcement mechanisms
Top 5 operational impacts of China’s PIPL: Part 3 — Personal information protection officer
What do the Google Analytics enforcement cases mean for privacy compliance?
Top-5 operational impacts of China’s PIPL: Part 2 — Obligations and rights
The Austrian Google Analytics decision: The race is on
An examination of the DPO requirements in India’s proposed Data Protection Bill
The origins and purpose of Data Protection/Privacy Day
CNIL sets parameters for processors’ reuse of data for product improvement
The way the third-party cookie crumbles: Part 1 – EU and UK developments
Status of the California Privacy Protection Agency’s work
Standardization landscape for privacy: Part 1 — The NIST Privacy Framework
The EU’s DMA and DSA: Why this should be of interest to privacy pros
New EDPB guidelines define international transfers: Dancing in place
A globalized CBPR framework: Peering into the future of data transfers
Quebec’s Bill 64: The first of many privacy modernization bills in Canada?
Privacy as code: A new taxonomy for privacy
Enhancing protections for children’s data
MOU between DPAs: Brazil, Spain to collaborate on data protection governance
Multiparty computation as supplementary measure and potential data anonymization tool
Vaccine credential systems: Considerations for US employers
China’s draft algorithm regulations: A first for consumer privacy
Privacy patchwork: Looking back at the 2021 legislative session
The UK’s new plans for data transfers: An interview with Joe Jones
UK announces independent adequacy decisions; Edwards named ICO top candidate
Privacy bills in the 117th Congress
Ransomware, data protection and compliance
Standing issues in U.S. privacy class actions
Will AI and algorithms truly dictate the future of content?
Local facial recognition bans begin to take hold
Colorado Privacy Act becomes law
EU adequacy decision for South Korea
A look at the California Privacy Protection Agency inaugural meeting
EDPB’s data transfer recommendations adopt a risk-based approach with teeth
Van Buren: The implications of what is left unsaid
Schrems II DPA investigations and enforcement: Lessons learned
50 years and still kicking: An examination of FIPPs in modern regulation
ePrivacy Regulation — Q&A on select topics
The Irish High Court judgment on EU-US data flows
Opt-in vs. opt-out approaches to personal information processing
How Google and Apple are shaking up adtech
Information Technology Rules, 2021 suggest big changes for Big Tech in India
A look at what’s in the EU’s newly proposed regulation on AI
Why the Fifth Circuit HIPAA case doesn’t mean ‘game over’ for HHS data security enforcement
TikTok settlement highlights power of privacy class actions to shape US protections
The first but not last comprehensive US privacy bill of 2021
Top-10 operational impacts of the CPRA: Part 10 — Enforcement and potential penalties
Virginia passes the Consumer Data Protection Act
Top-10 operational impacts of the CPRA: Part 9 — The scope of the anticipated regulations
Draft UK adequacy decisions — A somewhat lukewarm embrace?
Next-gen privacy: Examining the EU’s ePrivacy Regulation
Data transfers: Questions and answers abound, yet solutions elude
Will there be federal facial recognition regulation in the US?
Top-10 operational impacts of the CPRA: Part 7 — Responding to consumers’ requests to know
How the lack of a federal privacy law is resulting in a problematic application of the CFAA
Top-10 operational impacts of the CPRA: Part 6 — Service providers, contractors and third parties
Top-10 operational impacts of the CPRA: Part 5 — Notice obligations and right to opt out
How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs
Biden appoints Christopher Hoff to oversee Privacy Shield talks
Top-10 operational impacts of the CPRA: Part 4 — Other expanded rights and obligations
Proposal for an EU Data Governance Act — a first analysis
How might the 117th Congress approach privacy and cybersecurity?
FTC Zoom agreement highlights security, dissents foreshadow the importance of privacy in the future
Top-10 operational impacts of the CPRA: Part 1 – The California Privacy Protection Agency
Top-5 operational impacts of Brazil’s LGPD: Part 5 — Enforcement mechanisms and sanctions
New EU SCCs: A modernized approach
Top-5 operational impacts of Brazil’s LGPD: Part 4 — DPOs
A breakdown of EDPB’s recommendations for data transfers post-‘Schrems II’
How independent dispute resolution fosters the exercise of data subject rights
Top-5 operational impacts of Brazil’s LGPD: Part 3 — International transfers
BCRs after ‘Schrems II’ decision: A first analysis
Political and legal framework of German DPAs: The question of centralization
Top-5 operational impacts of Brazil’s LGPD: Part 1 — Processing, rights and DSARs
CCPA update: Calif. attorney general comments, new amendments signed into law
Study: LGPD likely to require at least 50K DPOs in Brazil alone
Israel’s Privacy Shield announcement: Tiptoeing between the EU and US
What to expect on revised standard contractual clauses
The Washington Privacy Act is back
Consolidating US privacy legislation: The SAFE DATA Act
Legal remedies to US surveillance after ‘Schrems II’
The role of data in the fight for social justice
Important commentary from Calif. OAG in proposed CCPA regulations package
The value of privacy research: The view from FTC’s PrivacyCon2020
Using SCCs post-‘Schrems II’: Guidance from DPAs
The ‘Schrems II’ decision: EU-US data transfers in question
Privacy and racial justice: Regulating facial recognition technology
Manual contact tracers and privacy: Building trust is a local effort
CCPA litigation: Shaping the contours of the private right of action
The evolution of the ‘reasonable security’ standard in the US context
With COVID-19, privacy is more central than ever before
GDPR’s second anniversary: A cause for celebration — and concern
Deja vu? The politics of privacy legislation during COVID-19
Privacy questions for COVID-19 testing and health monitoring
CPRA’s top-10 impactful provisions
Virtual justice and privacy: What does COVID-19 mean for due process?
Republican senators to introduce the COVID-19 Consumer Data Protection Act
A farewell to Joel Reidenberg: Mentor, scholar, mensch
Sharing COVID-19 data with government authorities: Guidance from DPAs
A timely resource: Updated guide to US government data sharing
How is COVID-19 affecting privacy programs? A call for research action
Should first responders know the addresses of those with COVID-19?
US Sen. Moran’s new privacy bill: Stacking up the federal proposals
Analyzing the second set of modifications to draft CCPA regulations
COVID-19 response and data protection law in the EU and US
A run down of US Sen. Gillibrand’s proposed Data Protection Act
Microsoft launches open-source privacy mapping tool
What is and what isn’t subject to a DPIA under GDPR? An update
EU representative on ‘How to operationalize Article 27’ of the GDPR
Comparing the new Washington Privacy Act to the CCPA
The advocate general’s ‘Schrems II’ opinion: What it says and means
Tracking the politics of US privacy legislation
US sens. unveil new federal privacy legislation
The Privacy Shield review and its potential to impact Schrems II
Book review: ‘Nobody’s Victim: Fighting Psychos, Stalkers, Pervs, and Trolls’
GDPR in the eyes of the member states
CJEU clarifies cookie consent requirements
A closer look at Carnegie Mellon’s privacy engineering program
A closer look at Carnegie Mellon’s privacy engineering program
Data scraping and the implications of the latest LinkedIn-hiQ court ruling
Inside the Privacy Shield annual review: Increasing common ground
The unique challenges CCPA poses for SMEs
Grazie maestro, ciao, Giovanni
In Memoriam: Giovanni Buttarelli, 1957–2019
Privacy engineering: The what, why and how
NIST Privacy Framework nearing completion
Could the CJEU upend the global framework for data flows by answering a different question?
GDPR compliance: Hits and misses
The GDPR, one year on: What about ePrivacy?
GDPR one year later: Looking backward and forward
Study: An estimated 500K organizations have registered DPOs across Europe
TheScore’s privacy notice analyzed against the CCPA
Privacy pros’ salaries rise, yet pay gaps by gender persist
Competing CCPA amendments sculpt law’s scope
State legislature debates CCPA ad-tech carve out amendment
US state comprehensive privacy law comparison
IAPP FAQs: Are GDPR-compliant companies prepared for CCPA?
The state Senate version of the Washington Privacy Act: A summary
NIST Privacy Framework recognizes critical need for workforce development
Washington state’s consumer privacy act takes next step toward passage
FTC issues its largest-ever COPPA fine
How opt-in consent really works
Creating meaningful data protection out of US privacy proposals
Privacy law and resolving ‘deepfakes’ online
CCPA offers minimal advantages for deidentification, pseudonymization, and aggregation
US Supreme Court case may have far-reaching privacy implications
Lawsuit against weather app sign of things to come?
Worse than negligent: Takeaways from Oath’s COPPA settlement with the NY AG
What’s subject to a DPIA under the GDPR? EDPB on draft lists of 22 supervisory authorities
American Bar Association issues ethics opinion on client-data breaches
Can Austria align ‘diverging views’ with proposed ePrivacy amendments?
Top 5 Operational Impacts of CCPA: Part 5 – Penalties and enforcement mechanisms
Cookies and consent at the IAPP
Top 5 Operational Impacts of the CCPA: Part 2 – Transparency and notice obligations
The ethical and legal ramifications of using ‘pseudo-AI’
Recap: Webinar looks at the exceptional nature of privacy harm
New California privacy law to affect more than half a million US companies
Constitution v Congress: Carpenter v United States
DPO liability and potential insurance coverage
Guidelines on White-Box Development
From Cambridge Analytica to GDPR: Enter digital supply chain management
The Irish DPC is fit: A response to Shaw
Update: Examining the Bulgarian presidency’s latest draft of the ePrivacy Regulation
What’s new in WP29’s final guidelines on transparency?
Why we’re releasing new WP29 document archives resource page
Top 10 Operational Responses to the GDPR – Part 10: Communicating with supervisory authorities
Top 10 Operational Responses to the GDPR – Part 8: Data breach and the GDPR
Top 10 Operational Responses to the GDPR – Part 7: Accommodating data subjects’ rights
Top 10 Operational Responses to the GDPR – Part 6: Transparency and privacy notices
US Supreme Court hears arguments in United States v. Microsoft
Guide to the Gramm-Leach-Bliley Act
Top 10 Operational Responses to the GDPR – Part 3: Build and maintain a data governance system
Top 10 operational responses to the GDPR – Part 2: Lawful bases for processing
Top 10 operational responses to the GDPR – Part 1: Data inventory and mapping
The top five contested issues in the EU’s developing ePrivacy Regulation
European Commission weighs in on Microsoft Ireland case
The Working Party guidance on consent is finally here
What’s in the WP29 update on transfers to third countries?
Reading the tea leaves in Carpenter v US
When the world’s DPAs get together: Resolutions of the ICDPPC
Can a cease-and-desist notice create CFAA liability? Scrapers beware
WP29 releases guidelines on profiling under the GDPR
Mass. weighs in on Equifax: Who else might?
Spokeo ruling means even ‘good’ errors are bad
Book Review: ‘Terms and Conditions’
WP29 proposes DPIA guidelines, shedding light on “high risk” processing
Book review: ‘Ctrl+Z: The Right to be Forgotten’
The Email Privacy Act: What happened and where we are now
The Ramirez legacy of enforcement at the FTC
Growing focus on privacy in Asia
Intangible Privacy Harms Post-Spokeo
The AT&T v. FTC common carrier ruling creates a regulatory ‘blind spot’
LabMD and the new definition of privacy harm
Not unfair may still be unreasonable: The ramifications of the SEC’s Morgan Stanley settlement
Can the U.S. legal system adapt to biometric technology?
How GDPR changes the rules for research
We’ve got a finalized Privacy Shield agreement: What’s new?
Rosen answers: What Would Brandeis Do?
We read Privacy Shield so you don’t have to
Top 10 operational impacts of the GDPR: Part 10 – Consequences for GDPR Violations
Top 10 operational impacts of the GDPR: Part 8 – Pseudonymization
Top 10 operational impacts of the GDPR: Part 7 – Vendor Management
Top 10 operational impacts of the GDPR: Part 6 – RTBF and data portability
Top 10 operational impacts of the GDPR: Part 4 – Cross-border data transfers
Top 10 operational impacts of the GDPR: Part 3 – consent
NIS + GDPR = A New Breach Regime in the EU
FTC Workshop Aims To Find Solutions to Pitfalls of Cross-Device Tracking
CalECPA: California’s New Privacy Law
What Place Do Search Engines Have Between Personal Data Law and Freedom of Speech?
The changing meaning of “personal data”
View More
Article Series
Top 10 operational impacts of India’s DPDPA
Standardization landscape for privacy
State AGs on privacy, cybersecurity, enforcement and legislation
Top 5 Operational Impacts of China’s PIPL
Top 10 operational impacts of the CPRA
Top 5 operational impacts of Brazil’s LGPD
Guidance notes for responding to ‘Schrems II’
How to Build a Culture of Privacy
Top 5 Operational Impacts of the CCPA
Top 10 operational responses to the GDPR
Monetizing Personal Information Series
Benchmarking your Privacy Incident Management Program
Shopping Smart for Cyberinsurance Series
Economics of Cybercrime Series
Building a Program that Provides Value
Key Attributes of a Successful Privacy Program
How the C-Suite Should Talk About Cybersecurity
Starting up privacy at a start-up
Monitoring Your Privacy Program Series
Third-Party Vendor Management Means Managing Your Own Risk
Ten Steps to a Quality Privacy Program
View More
Podcasts, Videos, Web Conferences
View All: Podcasts, Videos, Web Conferences
AI governance with Brenda Leong and Andrew Burt
Scaling trust: Building AI governance that drives strategy and value
Personal data defined? Ulrich Baumgartner on the implications of the CJEU’s SRB ruling
Discussing privacy in New Zealand in 2025
On leadership in digital governance: A chat with Ruby Zefo
EU digital law and policy: Making sense of the matrix
Data foundations for AI success: How governance powers privacy and compliance
New cybersecurity risks of the False Claims Act
AI governance in the agentic era
Data domino effect: How one missed data point can threaten your privacy program
You have been tracked: Consent, AI and the new privacy frontier
What makes an AI governance professional: A discussion with Ashley Casovan
EU-US Data Transfers: Reaction to the Latombe Judgment
The EU AI Act is here: Are global organizations ready?
Anticipating and preparing for changes in AI policy
New EU Mandate: What it means for your digital governance program (Part 2)
Age assurance: What’s working, what’s possible, what’s required
HIPAA compliance alert: Avoid breaches from online trackers on health websites
Behind the camera with ‘Privacy People’ documentarian and privacy pro Stephen Bolinger
Next steps for the CPPA: Priorities, approved regulations, legislation and more
UK Data Act: Key provisions and next steps for implementation
Agentic AI: Navigating the tension between privacy and the next generation of AI
Data governance and metaverse technologies
Geopolitics, national security and government access to data and technology
Risks and potential protections for children in the online world
Adapting antitrust metrics and regulations to the digital economy to protect consumer rights
What’s next after the AI moratorium?
Safe surfing: Protecting kids in the digital age
New EU Mandate: What it means for your digital governance program
AI agents and agentic AI: What privacy and AI governance leaders must know now
From global principles to APAC practice: Governing AI responsibly
Built to scale: Privacy and AI risk frameworks
Discussing the DPC Annual Report 2024
Cross-Border Privacy Rules gone global
Privacy for risk management: Bridge the business, technology and compliance gaps
Meta’s risk evolution: Automating privacy reviews for integrated digital governance
Patricia Kosseim reflects first term as Ontario’s information and privacy commissioner
Philippe Dufresne discusses office’s mission to protect and promote privacy rights
The challenges generative AI poses to creators and cultural industries
The hidden threat: Managing AI vendor and third-party risk before it hits
The impact of AI on companies of all sizes
The real-world work and right-now experience around AI governance in matters related to children
Exploring the idea of a broad AI governance
The strategic privacy pro: How to be a partner, not a blocker
The privacy gym: Get your data in shape!
The reluctant privacy pro: Shortcuts and tips for marketing, security, IT & more
Best practices for aligning with evolving US state privacy laws
A discussion with NYC CPO Michael Fitzpatrick
Ireland’s DPC on TikTok’s transfers to China
Data transfer and cybersecurity laws
View More
Content Type Pages
Topic Pages
Regional Pages
Featured Topics
Privacy by Region
Browse Topics
Building Your Career
Cloud Computing
Crafting a Privacy Notice
Cross-Device Tracking
Data Protection and Privacy Impact Assessments
Deidentification
Encryption
EU ePrivacy Regulation
Financial Technology
Incident and Breach Management
Location Privacy
Organizational Privacy Policies
Privacy In Education
Prudence the Privacy Pro
Small- and Medium-Sized Businesses
Workplace Privacy
Recently Added Resources
At-a-Glance: Organizational Digital Governance Report 2025 – Responding to Deregulation
This infographic presents key data points from the Organizational Digital Governance Report 2025, with a focus on responding to deregulation. Read More
Organizational Digital Governance Report 2025
This report provides insight on the extent to which organizations are defining, designing and deploying digital governance programs and how they are doing so. Read More
Global AI Governance Law and Policy: Jurisdiction Overviews 2025
This article series analyzes the laws, policies, and broader contextual history and developments relevant to AI governance across different jurisdictions. Read More
Global AI Governance Law and Policy: Japan
This article analyzes the laws, policies, and broader contextual history and developments relevant to AI governance in Japan. Read More
AI governance and cybersecurity in the agentic era
Resource Center / Web Conferences / AI governance and cybersecurity in the agentic era AI governance and cybersecurity in the agentic era Original broadcast date: November 2025 Register for Web ConferenceView all Web Conferences This roundtable will explore the intersection of AI governance and cybersecurity in enterprises, focusing on how organizations can scale AI responsibly by embedding trustworthy, transparent, and auditable governance practices across the lifecycle, from ... Read More
Global AI Governance Law and Policy: Australia
This article analyzes the laws, policies, and broader contextual history and developments relevant to AI governance in Australia. Read More
Guidance for Early Career Professionals in Privacy Law
This resource, developed by the IAPP Privacy Bar Section Advisor Board provides guidance for early career professionals in privacy law, including skills in focus, career resources, milestones and more. Read More
Global AI Governance Law and Policy: United Kingdom
This article analyzes the laws, policies, and broader contextual history and developments relevant to AI governance in the U.K. Read More
US State Comprehensive Privacy Laws Report
This report analyzes similarities and differences between enacted U.S. comprehensive state privacy laws. Read More
Scaling trust: Building AI governance that drives strategy and value
Resource Center / Web Conferences / Scaling trust: Building AI governance that drives strategy and value Scaling trust: Building AI governance that drives strategy and value Original broadcast date: October 2025 Register for Web ConferenceView all Web Conferences In this webinar, you will hear firsthand how ServiceNow operationalized AI governance across its organization and how that foundation is now evolving into a broader data governance strategy. Accessing the on-dem... Read More