Certain content in the IAPP Resource Center is member-only. Not a member? Join now.
Tools and Trackers
Privacy Engineering: UX Designers
Privacy Engineering: Data Scientist
Privacy Engineering: Software Developers and Engineers
Privacy Engineering: IT Infrastructure Architect
US State AI Governance Legislation Tracker
US State Privacy Legislation Tracker
Data Security Program Cheat Sheet
Global AI Law and Policy Tracker
Navigate: Digital Risk Index 2025
10 tips for protecting children’s privacy online
At-a-Glance: AI Governance Profession Report 2025
Incident Notification and Information Sharing Requirements: EU Digital Laws
Ten steps to successful ransomware response
Mapping and Understanding the AI Governance Ecosystem
EU AI Act: Next Steps for Implementation
View More
Reports
US State Comprehensive Privacy Laws Report
Organizational Digital Governance Report
Privacy Curricula in US Law Schools
Responsible AI Management: Evolving Practice, Growing Value
AI Governance in Practice Report 2024
IAPP-EY Professionalizing Organizational AI Governance Report
IAPP Privacy and Consumer Trust Report
Privacy and AI Governance Report
IAPP Privacy Tech Vendor Report
Privacy in M&A transactions: The playbook
Privacy in the Wake of COVID-19
Benefits, Attributes and Habits of Mature Privacy and Data Protection Programs
How Privacy Tech Is Bought and Deployed
Getting to GDPR Compliance: Risk Evaluation and Strategies for Mitigation
The Market for Data Privacy Legal Services
How IT and Infosec Value Privacy
The Top 10 Operational Impacts of the EU’s General Data Protection Regulation
View More
Research Articles
Risk analysis is the foundation of data security, but regulator approaches differ
California adopts Cybersecurity Audit Rule, outlining ‘reasonable’ cybersecurity
AI in every home: Analyzing the public comments behind the White House AI Action Plan
US state AI legislation: Reviewing the 2025 session
AI governance in the agentic era
UK data reform: Where have we landed?
Global AI Governance Law and Policy: Singapore
Global AI Governance Law and Policy: India
Emerging trends, insights from public enforcement of US state privacy laws
Global AI law and policy trends update
New threads in the patchwork: Key trends in US comprehensive state privacy law amendments
The final days of grace: Preparing for the U.S. sensitive data rule
Digital risk: Nothing ventured, nothing gained
The ethical use of AI in advertising
How different jurisdictions approach AI regulatory sandboxes
Compliance technology adoption: Navigating and overcoming challenges
Policy analysis: US House committee seeks moratorium on state AI rules
The increasing need to address digital governance
TAKE IT DOWN Act: The next bipartisan US federal privacy, AI law
New developments in global adequacy capabilities
US Data Privacy Litigation: Litigating accountability through shareholder action
US Data Privacy Litigation: Data brokers and judicial privacy litigation
Benchmarking salary for digital responsibility
US Data Privacy Litigation: Biometrics and consumer health data litigation
US Data Privacy Litigation: Security breach litigation
Peering through the US state privacy law kaleidoscope
US Data Privacy Litigation: Website tracking litigation
US Data Privacy Litigation: Breach of contract and warranties litigation
Data protection and privacy laws now in effect in 144 countries
IAPP Global Legislative Predictions 2025
Biden’s final order on cybersecurity represents evolution, not revolution
HHS proposes major overhaul of HIPAA security rule
How 119th US Congress committee leadership could shape digital policy
Ghost jobs: The phantom hiring trend with data privacy implications
New laws in California look to the future of privacy and AI
Tracking evolving policy paradigms in a hallmark year for AI governance
Top 10 operational impacts of the EU AI Act – Leveraging GDPR compliance
Council of Europe’s Framework Convention on AI and its global implications
Top operational impacts of reforms to the Australian Privacy Act
OMB seeks input on policies for commercially available data and AI
FTC adds right to delete to cybersecurity settlement
Workplace privacy in US laws and policies
Scrutiny continues as the AI Act reaches implementation
The FCC issues cybersecurity model for the mobile telecommunications industry
AI and digital governance: Exploring platform liability laws in the EU
Top 10 operational impacts of the EU AI Act – AI Assurance across the risk categories
Cybersecurity and the cloud: Lessons from FCC cloud breach enforcement
AI and digital governance: Platform liability laws in the US
The DNA of privacy and the privacy of DNA
Top 10 operational impacts of the EU AI Act – Governance: EU and national stakeholders
Top 10 operational impacts of the EU AI Act – Obligations for general-purpose AI models
Top 10 operational impacts of India’s DPDPA – Data breaches
Implementing kids’ privacy protections around the world
Top 10 operational impacts of the EU AI Act – Obligations on nonproviders of high-risk AI systems
Precision nutrition and biometric privacy in health tech
Top 10 operational impacts of India’s DPDPA – Data protection impact assessments
Top 10 operational impacts of the EU AI Act – Obligations on providers of high-risk AI systems
Top 10 operational impacts of India’s DPDPA – Data audits for significant fiduciaries
Top 10 operational impacts of the EU AI Act – Understanding and assessing risk
AI and digital governance: Exploring platform liability
Top 10 operational impacts of the EU AI Act – Subject matter, definitions, key actors and scope
Top 10 operational impacts of India’s DPDPA – Consent management
Global AI Governance Law and Policy: Canada
Ceiling or floor? State law preemption and preservation in U.S. federal privacy bills
Connected Cars: The legislative environment, potential reform and privacy issues
Understanding ‘sensitive covered data’ under the APRA discussion draft
How privacy and data protection laws apply to AI: Guidance from global DPAs
Global AI Governance Law and Policy: EU
Pay, OK or a third way: Context, analysis from the EDPB’s opinion
US state AI governance bills: Reflecting on the 2024 cycle with a new resource
The Colorado AI Act: What you need to know
The 2024 IAPP Governance Survey: What the data can show on AI
Private Rights of Action in US Privacy Legislation
Pursuit of app-iness: the legal considerations of SDKs
The American Privacy Rights Act’s definition of covered data
FTC enforcement trends: From straightforward actions to technical allegations
Luminos.AI wants to take on AI management woes
Global AI Governance Law and Policy: US
FISA Section 702’s Reauthorization Era
Major trends in US cybersecurity law and policy
Top takeaways from the draft American Privacy Rights Act
IAPP launches 2024 Governance Survey
EU elections explainer: Heading into the next term, reading the smoke signals
Global AI Governance Law and Policy: UK
EU elections explainer: 2024, a transition year into EU leadership overhaul
Checking in on proposed California privacy and AI legislation
OECD privacy, AI leaders come together to bridge gaps
Identifying global privacy laws, relevant DPAs
A new era of US privacy policy? National security restrictions on personal data transactions
Defining ‘comprehensive’: Florida, Washington and the scope of state tracking
Consumer Perspectives of Privacy and Artificial Intelligence
Opting In-n-Out: Five key analyses for adtech privacy law compliance
Amending Australia’s Privacy Act: Small businesses, bigger responsibilities
The truth about privacy: The FTC’s stance on accuracy as a privacy interest
Meta’s new digs: A deep dive into practical considerations of consent
Biased AI systems face the music: Analyzing the FTC’s Rite Aid enforcement
US federal AI governance: Laws, policies and strategies
UK GDPR reforms move forward in UK Parliament
Implications of the AI executive order for business
California privacy: 2022-23 legislative wrap-up
CPPA’s draft automated decision-making rules unpacked
Children’s privacy laws and freedom of expression: Lessons from the UK Age-Appropriate Design Code
Training AI on personal data scraped from the web
Data without borders: EU e-Evidence package facilitates access to private data across jurisdictions
Top 10 operational impacts of India’s DPDPA – Cross-border data transfers
Bipartisan consensus in US privacy lawmaking
Top 10 operational impacts of India’s DPDPA – Enforcement and the Data Protection Board
The CPPA’s upcoming rulemaking process
Top 10 operational impacts of India’s DPDPA – Obligations of data processing entities
Top 10 operational impacts of India’s DPDPA – Individual rights
The Kids Are All Rights: The Conflict between Free Speech and Youth Privacy Laws
UK-US Data Bridge becomes law, takes effect 12 Oct.
Top 10 operational impacts of India’s DPDPA – Scope, key definitions and lawful data processing
EU-US data adequacy litigation begins
Contentious areas in the EU AI Act trilogues
5 things to know about AI model cards
Addressing the duty of care in state privacy laws
AI regulatory enforcement around the world
Regulators’ rulebook for AI: Bit by bit
U.S. privacy legislation in 2023: Something old, something new?
The half-baked future of cookies and other tracking technologies
Privacy governance: A problem solved or an ongoing challenge?
The Snowden disclosures, 10 years on
What dancing taught me about privacy in the metaverse
What’s harm got to do with it?
A practical comparison of the EU, China and ASEAN standard contractual clauses
The Atlantic Declaration: Data bridges, privacy and AI
A trans-Atlantic comparison of a real struggle: Anonymized, deidentified or aggregated?
Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?
Aspiring privacy professionals compete in moot court
Indiana governor signs a comprehensive privacy act into law
Washington’s My Health, My Data Act
How should mobile apps prepare for California’s privacy scrutiny?
The latest in homomorphic encryption: A game-changer shaping up
Going back to basics for the EDPB’s year of the DPO
Iowa becomes sixth US state to enact comprehensive consumer privacy legislation
Filling the void? The 2023 state privacy laws and consumer health data
Generative AI: Privacy and tech perspectives
Standardization landscape for privacy: Part 3 — W3C and IEEE
Most consumers want data privacy and will act to defend it
California legislative wrap-up: CCPA amendments, children’s privacy and more
CNIL’s Secretary General rolls out plans for 2023 at DPI France
Top ten takeaways from the draft UK GDPR reform
Federated learning: Supporting data minimization in AI
The process behind the EDPB’s coordinated enforcement framework
Practical considerations from EU enforcement: One-stop shop
A healthy dose of consent: Takeaways from the FTC’s GoodRx case
Practical considerations from EU enforcement: legal bases and transparency
Cheering emerging PETs: Global privacy tech support on the rise
What the DPC-Meta decision tells us about the EU GDPR dispute resolution mechanism
Takeaways from Epic Games settlement: Teen privacy arrives at the FTC
The FTC’s rapidly evolving standards for MFA
Maximize your minimization and other takeaways from the FTC’s Drizly case
Is GPC the new ‘do not track’?
Privacy and digital health data: The femtech challenge
The EU-US Data Privacy Framework: A new era for data transfers?
A view from Brussels: The latest on the DSA, DMA and Privacy Shield
State views on proposed ADPPA preemption come into focus
The future of youth privacy is here
Reviewing the House Committee changes to the proposed ADPPA
The Sephora case: Do not sell – But are you selling?
Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?
Complying with the California Consumer Privacy Act’s consumer request process
FTC signals expanded breach notice obligations
Understanding the scope of the draft American Data Privacy and Protection Act
Distilling the essence of the American Data Privacy and Protection Act discussion draft
Exceptions in new US state privacy laws leave data without security coverage
Connecticut enacts comprehensive consumer data privacy law
Virginia amendment process complete, text finalized, ahead of Jan. 1 effective date
Utah becomes fourth US state to enact comprehensive consumer privacy legislation
Commission proposal for a regulation on the European health data space
Key data security insights from FTC CafePress settlement
Standardization landscape for privacy: Part 2 — ISO/IEC
Top 5 operational impacts of China’s PIPL — Part 5: International data transfers
Hidden privacy lessons in the FTC’s CafePress security enforcement
Top 5 operational impacts of China’s PIPL — Part 4: Penalties and enforcement mechanisms
Top 5 operational impacts of China’s PIPL: Part 3 — Personal information protection officer
What do the Google Analytics enforcement cases mean for privacy compliance?
Top-5 operational impacts of China’s PIPL: Part 2 — Obligations and rights
The Austrian Google Analytics decision: The race is on
An examination of the DPO requirements in India’s proposed Data Protection Bill
The origins and purpose of Data Protection/Privacy Day
CNIL sets parameters for processors’ reuse of data for product improvement
The way the third-party cookie crumbles: Part 1 – EU and UK developments
Status of the California Privacy Protection Agency’s work
Standardization landscape for privacy: Part 1 — The NIST Privacy Framework
The EU’s DMA and DSA: Why this should be of interest to privacy pros
New EDPB guidelines define international transfers: Dancing in place
A globalized CBPR framework: Peering into the future of data transfers
Quebec’s Bill 64: The first of many privacy modernization bills in Canada?
Privacy as code: A new taxonomy for privacy
Enhancing protections for children’s data
MOU between DPAs: Brazil, Spain to collaborate on data protection governance
Multiparty computation as supplementary measure and potential data anonymization tool
Vaccine credential systems: Considerations for US employers
China’s draft algorithm regulations: A first for consumer privacy
Privacy patchwork: Looking back at the 2021 legislative session
The UK’s new plans for data transfers: An interview with Joe Jones
UK announces independent adequacy decisions; Edwards named ICO top candidate
Privacy bills in the 117th Congress
Ransomware, data protection and compliance
Standing issues in U.S. privacy class actions
Will AI and algorithms truly dictate the future of content?
Local facial recognition bans begin to take hold
Colorado Privacy Act becomes law
EU adequacy decision for South Korea
A look at the California Privacy Protection Agency inaugural meeting
EDPB’s data transfer recommendations adopt a risk-based approach with teeth
Van Buren: The implications of what is left unsaid
Schrems II DPA investigations and enforcement: Lessons learned
50 years and still kicking: An examination of FIPPs in modern regulation
ePrivacy Regulation — Q&A on select topics
The Irish High Court judgment on EU-US data flows
Opt-in vs. opt-out approaches to personal information processing
How Google and Apple are shaking up adtech
Information Technology Rules, 2021 suggest big changes for Big Tech in India
A look at what’s in the EU’s newly proposed regulation on AI
Why the Fifth Circuit HIPAA case doesn’t mean ‘game over’ for HHS data security enforcement
TikTok settlement highlights power of privacy class actions to shape US protections
The first but not last comprehensive US privacy bill of 2021
Top-10 operational impacts of the CPRA: Part 10 — Enforcement and potential penalties
Virginia passes the Consumer Data Protection Act
Top-10 operational impacts of the CPRA: Part 9 — The scope of the anticipated regulations
Draft UK adequacy decisions — A somewhat lukewarm embrace?
Next-gen privacy: Examining the EU’s ePrivacy Regulation
Data transfers: Questions and answers abound, yet solutions elude
Will there be federal facial recognition regulation in the US?
Top-10 operational impacts of the CPRA: Part 7 — Responding to consumers’ requests to know
How the lack of a federal privacy law is resulting in a problematic application of the CFAA
Top-10 operational impacts of the CPRA: Part 6: Service providers, contractors and third parties
Top-10 operational impacts of the CPRA: Part 5 — Notice obligations and right to opt out
How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs
Biden appoints Christopher Hoff to oversee Privacy Shield talks
Top-10 operational impacts of the CPRA: Part 4 — Other expanded rights and obligations
Proposal for an EU Data Governance Act — a first analysis
How might the 117th Congress approach privacy and cybersecurity?
FTC Zoom agreement highlights security, dissents foreshadow the importance of privacy in the future
Top-10 operational impacts of the CPRA: Part 1 – The California Privacy Protection Agency
Top-5 operational impacts of Brazil’s LGPD: Part 5 — Enforcement mechanisms and sanctions
New EU SCCs: A modernized approach
Top-5 operational impacts of Brazil’s LGPD: Part 4 — DPOs
A breakdown of EDPB’s recommendations for data transfers post-‘Schrems II’
How independent dispute resolution fosters the exercise of data subject rights
Top-5 operational impacts of Brazil’s LGPD: Part 3 — International transfers
BCRs after ‘Schrems II’ decision: A first analysis
Political and legal framework of German DPAs: The question of centralization
Top-5 operational impacts of Brazil’s LGPD: Part 1 — Processing, rights and DSARs
CCPA update: Calif. attorney general comments, new amendments signed into law
Study: LGPD likely to require at least 50K DPOs in Brazil alone
Israel’s Privacy Shield announcement: Tiptoeing between the EU and US
What to expect on revised standard contractual clauses
The Washington Privacy Act is back
Consolidating US privacy legislation: The SAFE DATA Act
Legal remedies to US surveillance after ‘Schrems II’
The role of data in the fight for social justice
Important commentary from Calif. OAG in proposed CCPA regulations package
The value of privacy research: The view from FTC’s PrivacyCon2020
Using SCCs post-‘Schrems II’: Guidance from DPAs
The ‘Schrems II’ decision: EU-US data transfers in question
Privacy and racial justice: Regulating facial recognition technology
Manual contact tracers and privacy: Building trust is a local effort
CCPA litigation: Shaping the contours of the private right of action
The evolution of the ‘reasonable security’ standard in the US context
With COVID-19, privacy is more central than ever before
GDPR’s second anniversary: A cause for celebration — and concern
Deja vu? The politics of privacy legislation during COVID-19
Privacy questions for COVID-19 testing and health monitoring
CPRA’s top-10 impactful provisions
Virtual justice and privacy: What does COVID-19 mean for due process?
Republican senators to introduce the COVID-19 Consumer Data Protection Act
A farewell to Joel Reidenberg: Mentor, scholar, mensch
Sharing COVID-19 data with government authorities: Guidance from DPAs
A timely resource: Updated guide to US government data sharing
How is COVID-19 affecting privacy programs? A call for research action
Should first responders know the addresses of those with COVID-19?
US Sen. Moran’s new privacy bill: Stacking up the federal proposals
Analyzing the second set of modifications to draft CCPA regulations
COVID-19 response and data protection law in the EU and US
A run down of US Sen. Gillibrand’s proposed Data Protection Act
Microsoft launches open-source privacy mapping tool
What is and what isn’t subject to a DPIA under GDPR? An update
EU representative on ‘How to operationalize Article 27’ of the GDPR
Comparing the new Washington Privacy Act to the CCPA
The advocate general’s ‘Schrems II’ opinion: What it says and means
Tracking the politics of US privacy legislation
US sens. unveil new federal privacy legislation
The Privacy Shield review and its potential to impact Schrems II
Book review: ‘Nobody’s Victim: Fighting Psychos, Stalkers, Pervs, and Trolls’
GDPR in the eyes of the member states
CJEU clarifies cookie consent requirements
A closer look at Carnegie Mellon’s privacy engineering program
A closer look at Carnegie Mellon’s privacy engineering program
Data scraping and the implications of the latest LinkedIn-hiQ court ruling
Inside the Privacy Shield annual review: Increasing common ground
The unique challenges CCPA poses for SMEs
Grazie maestro, ciao, Giovanni
In Memoriam: Giovanni Buttarelli, 1957–2019
Privacy engineering: The what, why and how
NIST Privacy Framework nearing completion
Could the CJEU upend the global framework for data flows by answering a different question?
GDPR compliance: Hits and misses
The GDPR, one year on: What about ePrivacy?
GDPR one year later: Looking backward and forward
Study: An estimated 500K organizations have registered DPOs across Europe
TheScore’s privacy notice analyzed against the CCPA
Privacy pros’ salaries rise, yet pay gaps by gender persist
Competing CCPA amendments sculpt law’s scope
State legislature debates CCPA ad-tech carve out amendment
US state comprehensive privacy law comparison
IAPP FAQs: Are GDPR-compliant companies prepared for CCPA?
The state Senate version of the Washington Privacy Act: A summary
NIST Privacy Framework recognizes critical need for workforce development
Washington state’s consumer privacy act takes next step toward passage
FTC issues its largest-ever COPPA fine
How opt-in consent really works
Creating meaningful data protection out of US privacy proposals
Privacy law and resolving ‘deepfakes’ online
CCPA offers minimal advantages for deidentification, pseudonymization, and aggregation
US Supreme Court case may have far-reaching privacy implications
Lawsuit against weather app sign of things to come?
Worse than negligent: Takeaways from Oath’s COPPA settlement with the NY AG
What’s subject to a DPIA under the GDPR? EDPB on draft lists of 22 supervisory authorities
American Bar Association issues ethics opinion on client-data breaches
Can Austria align ‘diverging views’ with proposed ePrivacy amendments?
Top 5 Operational Impacts of CCPA: Part 5 – Penalties and enforcement mechanisms
Cookies and consent at the IAPP
Top 5 Operational Impacts of the CCPA: Part 2 – Transparency and notice obligations
The ethical and legal ramifications of using ‘pseudo-AI’
Recap: Webinar looks at the exceptional nature of privacy harm
New California privacy law to affect more than half a million US companies
Constitution v Congress: Carpenter v United States
DPO liability and potential insurance coverage
Guidelines on White-Box Development
From Cambridge Analytica to GDPR: Enter digital supply chain management
The Irish DPC is fit: A response to Shaw
Update: Examining the Bulgarian presidency’s latest draft of the ePrivacy Regulation
What’s new in WP29’s final guidelines on transparency?
Why we’re releasing new WP29 document archives resource page
Top 10 Operational Responses to the GDPR – Part 10: Communicating with supervisory authorities
Top 10 Operational Responses to the GDPR – Part 8: Data breach and the GDPR
Top 10 Operational Responses to the GDPR – Part 7: Accommodating data subjects’ rights
Top 10 Operational Responses to the GDPR – Part 6: Transparency and privacy notices
US Supreme Court hears arguments in United States v. Microsoft
Guide to the Gramm–Leach–Bliley Act
Top 10 Operational Responses to the GDPR – Part 3: Build and maintain a data governance system
Top 10 operational responses to the GDPR – Part 2: Lawful bases for processing
Top 10 operational responses to the GDPR – Part 1: Data inventory and mapping
The top five contested issues in the EU’s developing ePrivacy Regulation
European Commission weighs in on Microsoft Ireland case
The Working Party guidance on consent is finally here
What’s in the WP29 update on transfers to third countries?
Reading the tea leaves in Carpenter v US
When the world’s DPAs get together: Resolutions of the ICDPPC
Can a cease-and-desist notice create CFAA liability? Scrapers beware
WP29 releases guidelines on profiling under the GDPR
Mass. weighs in on Equifax: Who else might?
Spokeo ruling means even ‘good’ errors are bad
Book Review: ‘Terms and Conditions’
WP29 proposes DPIA guidelines, shedding light on “high risk” processing
Book review: ‘Ctrl+Z: The Right to be Forgotten’
The Email Privacy Act: What happened and where we are now
The Ramirez legacy of enforcement at the FTC
Growing focus on privacy in Asia
Intangible Privacy Harms Post-Spokeo
The AT&T v. FTC common carrier ruling creates a regulatory ‘blind spot’
LabMD and the new definition of privacy harm
Not unfair may still be unreasonable: The ramifications of the SEC’s Morgan Stanley settlement
Can the U.S. legal system adapt to biometric technology?
How GDPR changes the rules for research
We’ve got a finalized Privacy Shield agreement: What’s new?
Rosen answers: What Would Brandeis Do?
We read Privacy Shield so you don’t have to
Top 10 operational impacts of the GDPR: Part 10 – Consequences for GDPR Violations
Top 10 operational impacts of the GDPR: Part 8 – Pseudonymization
Top 10 operational impacts of the GDPR: Part 7 – Vendor Management
A brief history of the General Data Protection Regulation (1981-2016)
Top 10 operational impacts of the GDPR: Part 6 – RTBF and data portability
Top 10 operational impacts of the GDPR: Part 4 – Cross-border data transfers
Top 10 operational impacts of the GDPR: Part 3 – consent
NIS + GDPR = A New Breach Regime in the EU
FTC Workshop Aims To Find Solutions to Pitfalls of Cross-Device Tracking
CalECPA: California’s New Privacy Law
What Place Do Search Engines Have Between Personal Data Law and Freedom of Speech?
The changing meaning of “personal data”
View More
Article Series
Top 10 operational impacts of India’s DPDPA
Standardization landscape for privacy
State Attorneys General on privacy, cybersecurity, enforcement and legislation
Top 5 Operational Impacts of China’s PIPL
Top 10 operational impacts of the CPRA
Top 5 operational impacts of Brazil’s LGPD
Guidance notes for responding to ‘Schrems II’
How to Build a Culture of Privacy
Top 5 Operational Impacts of the California Consumer Privacy Act
Top 10 operational responses to the GDPR
On Monetizing Personal Information
Benchmarking your Privacy Incident Management Program
The General Data Protection Regulation Matchup Series
How to Shop Smart for Cyberinsurance
Building a Program that Provides Value
For a Successful Privacy Program, Use these Three A’s
How the C-Suite Should Talk About Cybersecurity
Starting up privacy at a start-up
Monitoring Your Privacy Program
Third-Party Vendor Management Means Managing Your Own Risk
Ten Steps to a Quality Privacy Program
View More
Podcasts, Videos, Web Conferences
View All: Podcasts, Videos, Web Conferences
Agentic AI: Navigating the tension between privacy and the next generation of AI
Data governance and metaverse technologies
Geopolitics, national security and government access to data and technology (Navigate 2025)
Risks and potential protections for children in the online world (Navigate 2025)
Adapting antitrust metrics and regulations to the digital economy to protect consumer rights
What’s next after the AI moratorium?
Safe surfing: Protecting kids in the digital age
New EU Mandate: What it means for your digital governance program
AI agents and agentic AI: What privacy and AI governance leaders must know now
From global principles to APAC practice: Governing AI responsibly
Built to scale: Privacy and AI risk frameworks
Cross-Border Privacy Rules gone global
Privacy for risk management: Bridge the business, technology and compliance gaps
Meta’s risk evolution: automating privacy reviews for integrated digital governance
Patricia Kosseim reflects first term as Ontario’s information and privacy commissioner (CPS 2025)
Philippe Dufresne discusses office’s mission to protect and promote privacy rights (CPS 2025)
The challenges generative AI poses to creators and cultural industries (CPS 2025)
The hidden threat: Managing AI vendor and third-party risk before it hits
The impact of AI on companies of all sizes (AIGG Europe 2025)
Exploring the idea of a broad AI governance (AIGG Europe 2025)
The strategic privacy pro: How to be a partner, not a blocker
The privacy gym: Get your data in shape!
The reluctant privacy pro: Shortcuts and tips for marketing, security, IT & more
Best practices for aligning with evolving US state privacy laws
A discussion with NYC CPO Michael Fitzpatrick
Ireland’s DPC on TikTok’s transfers to China
Data transfer and cybersecurity laws
Promoting innovation in the digital economy while protecting individual privacy (GPS 2025)
Women’s historical legal struggles to control their privacy and personal information (GPS 2025)
Importance of robots being approachable and safe for people to interact with (GPS 2025)
Discussing if AI and robotics can help us be more human by freeing us of repetitive work (GPS 2025)
Discussing a digital Fourth Amendment to govern search and seizure of digital assets (GPS 2025)
Privacy in the age of robotics: A discussion with Erin Relford
Exploring AI’s impact on health care
A holistic approach to data privacy for the AI era
What to expect from the next wave of computing technology (DPI UK 2025)
A blueprint for efficient SRRs: Mastering your subject rights workflow
Mid-career transitions in privacy, AI governance and cyber
Cybersecurity risks from Kaspersky to TikTok
Discussing privacy and technology with Dan Solove
Regulating online safety: Australia eSafety Commissioner Julie Inman-Grant
Major new US rule on transborder data flows
Sleeping giant of privacy, security and e-discovery data deletion
Around the world with global privacy law and policy
US state law and policy roundup
US state AI legislation in 2025: Connecticut state Sen. James Maroney
Discovering the ROI of privacy automation
Getting bang for your buck: Spending your 2025 privacy budget wisely
Data Privacy Day 2025: A chat with global leaders
Navigating privacy in AI: Insights for Data Privacy Day 2025
Synthesizing US state privacy law: Cross-cutting compliance strategies for 2025
Holistic mobile app privacy risk prevention: Dynamic and static app scanning
Privacy, AI governance and cybersecurity law in 2025
New year, new privacy laws and new attorneys general on the beat
Generative AI in the workplace: Practical privacy strategies
Bindl v Commission: Reaction and insights from Thomas Bindl
India’s Draft Digital Personal Data Protection Act rules: Expert reactions
EDPB opinion on personal data and AI models: how consequential is it?
Navigating the privacy landscape: A look back at 2024 and what is to come
Digital policy 2024: A year in review with Omer Tene
Implementing third-party AI tools: Guardrails and vendor risk management
A look inside the new European Commission’s teams and priorities
2025 Privacy law preview: Be prepared
Discussing the UK government’s effort in 2024 to reform data protection law
Data deletion ‘Jeopardy’: Minimizing risk in a data-driven world
EU Data Act: Dive into the new rules on data access and use
The US election: What’s next for privacy, AI governance and cybersecurity
Discussing technology regulation within today’s competitive market (DPC 2024)
Perspective on how democracies can build a better technological future (DPC 2024)
Women in privacy: Unpacking dark patterns in ads, AI and beyond
How to become a speaker at IAPP AI Governance Global EU 2025
Privacy pros: Why collaborate with sales and marketing and how to do it well
AI red teaming strategy and risk assessments: A conversation with Brenda Leong
Demystifying AI risk: Risk tiering in regulated and nonregulated industries
Are you ready for NIS2? The impact of Europe’s new cybersecurity directive
AI governance professionals: Who, what and why now?
Unlock privacy ROI: Why making cross-functional allies is key
30 countries, 200+ domains, one end goal: Managing privacy compliance at scale
Diving into India’s Digital Governance and the DPDPA
Risks and rewards of AI laws and regulations
Investing in AI governance literacy
Unlocking privacy by design through effective records of processing activities
Women leading in privacy and the impostor syndrome: Inseparable companions?
Data governance approaches to mitigating AI risk
Former Google privacy chief reflects on 14 years under the microscope
Automated decision-making: Navigating your compliance obligations
Why privacy is your secret weapon against third-party risk
Presidential election 2024: Where the candidates stand on privacy and AI governance
AI and privacy: Bridging the gap between progress and protection
AI’s impact on the language industry
US state privacy 2024: A retrospective with Keir Lamont and David Stauss
Cybersecurity: Heightened Legal Risk Requires New Expertise
Examining technology’s impact on our moral futures (PSR 2024)
Organizational Digital Responsibility in Practice
New FTC Report Examining Industry Data Practices & Proposed Protections
Trevor Hughes provides important IAPP updates on stage at PSR24
Implementing AI governance in a global compliance environment
Digital incident and litigation response playbook
When AI meets PI: Assessing and governing AI from a privacy perspective
Evolving jobs in privacy: AI and Big Data’s impact on role redefinition
Sharing is (health)caring? A look into the new European Health Data Space
Future-proofing consent: Effective compliance in a changing landscape
The many faces and fora for data flows and digital trade
Privacy curricula in US law schools
Assessing AI risks and impact: A conversation with NIST’s Reva Schwartz
Operationalizing privacy for the revised Australian Privacy Act
Navigating the regulation jungle: Be compliant, work efficiently and stay sane
Privacy and AI: Bridging the divide
The crucial role of obtaining valid consent in the era of AI model development
Data brokers unveiled: How to vet and choose wisely
Tips for IAPP conference submissions
Empowering women in privacy: Various career paths and useful skills for success
UK election results: What is next for digital policy?
EU AI Act compliance: How can a privacy program give a head-start?
Privacy litigation trends: A discussion with Darren Abernethy
The cost of noncompliance: More than just fines
What to expect when you are acquiring data: New rules for data brokers
AI governance perspective through the lens of a Google executive (AIGG 2024)
Keynote: Brad Smith, Vice Chair and President, Microsoft (AI Governance Global 2024)
Midyear data privacy check-in: Trends and key updates
Securing buy-in: Making the business case for data privacy
What does the Colorado AI Act mean for AI governance and policymaking?
A global initiative to elevate safeguards against data scraping
Building the case: Get buy-in to minimize data across your organization
Proactive privacy operations with Microsoft Priva
You are here: First steps in data mapping
Get ready for the EU AI Act: Priorities for compliance
How the rise of generative AI affects privacy risks
Beyond setup: Key steps to continuous compliance in consent management
Protecting Americans’ Data from Foreign Adversaries Act
Adtech: Practical takeaways from recent EU developments
Building an AI governance and compliance program
Inside the EU AI Act negotiations: A conversation with Laura Caroli
AI and data privacy: Minimizing risk and maximizing opportunity
Bringing your AI policy to life: Operationalizing key strategies for governance
Consent or Pay: The EDPB weighs in
Maximize impact by streamlining consent & subject requests with Microsoft Priva
Highway to the regulation zone: The Intersection of cyber and privacy
How to become a trusted brand in the age of data privacy
The role consumer consent plays in the future of trusted commerce
Keynote: Rachele Didero, founder, Cap_able (IAPP GPS 2024)
Keynote: Anna Funder, author (IAPP GPS 2024)
Keynote: Anu Bradford, author, Professor of Law, Columbia Law School (IAPP GPS 2024)
Top trends in cybersecurity: A discussion with James Dempsey and John Carlin
Path to privacy legislation: In conversation with a top Senate advisor
The American Privacy Rights Act: Julie Brill and Cam Kerry react
The American Privacy Rights Act: Privacy leaders’ preview
Universal consent: Building beyond cookie consent
Regulating AI in the UK: A conversation with Lord Holmes
Auditing consent: Essential strategies for improving consent compliance in 2024
Preparing to implement the EU AI Act
The EU AI Act: A view from the lawmaker on next steps
The EU AI Act: A major moment in the digital world
Best practices for building and enforcing global retention schedules
The genesis and evolution of the AI governance profession
Immediate action required: Navigating CPRA compliance and enforcement in 2024
A sneak peek at Summit: Kashmir Hill
A sneak peek at Summit: Anna Funder
3 steps to elevating your third-party risk management process
A sneak peek at Summit: Anu Bradford
Pay or OK: Practical considerations for adtech and beyond
Demystifying data mapping: Why it matters and how to do it well
Kids’ privacy redux: Unpacking the draft COPPA rule update
Mastering the art of AI governance to unlock generative AI innovation
Data Privacy Day: How privacy champions can build a privacy-centric culture
Prioritizing privacy to bolster trust in innovation
The EDPB report on DPOs: What you need to know
Mastering data inventories: Strategic privacy compliance and data governance
Regulation radar: A guide to today’s US data privacy laws
Data Privacy Day and 2024 predictions
Let’s do it live: Role-playing a GenAI project risk assessment
Research and insights: Priorities and predictions for privacy and AI governance
Three practical tweaks to optimize your program in 2024
Managing Cybersecurity and CISO Risk — SolarWinds and New SEC Rule Implications
Privacy and data protection 2023: A year in review with Joe Jones
Getting to know the Center for Democracy and Technology’s AI Governance Lab
Bridging the Atlantic: EU-US data transfers and the data privacy framework
The EU AI Act’s political deal and what’s next
The EU AI Act: ‘We have a deal!’ Now what?
Responsible AI: Putting data ethics into action
Foundations for an effective AI governance program
Exploring the ever-changing role of a data protection officer
Marketing privacy: Overlooked aspects, key questions and practical audits
A look back at Martin Abram’s career in information privacy and consumer policy
How to unlock AI: A delicate balance between policy, privacy and risk
Keynote: Rachele Didero, founder, Cap_able (IAPP DPC 2023)
Keynote: Léa Steinacker, co-founder and Chief Innovation Officer, ada (IAPP Europe DPC 2023)
EU AI Act negotiations – A discussion with Dragos Tudorache and Kai Zenner
AI Leadership in Action (AI Governance Global, an IAPP event 2023)
No AI without IP (AI Governance Global, an IAPP event 2023)
Can Generative AI Survive the GDPR? (AI Governance Global, an IAPP event 2023)
Regulating AI (AI Governance Global, an IAPP event 2023)
Responsible AI (AI Governance Global, an IAPP event 2023)
The Alignment Problem in AI (AI Governance Global, an IAPP event 2023)
My Health, My Data, My Class Action Lawsuit — Mitigating Healthcare Privacy Risk
A conversation with IAPP AI Governance Center Managing Director Ashley Casovan
Consumer perspectives on AI and implications for your privacy program
Digital identity and responsible AI, an IAPP ANZ Summit preview
Data bias: AI fairness and the need for diversity in privacy/data/AI governance
UK-US Data Bridge: What it means, how to implement and what is next
Children’s privacy: Latest news and tips for compliance
Privacy by design to evolve beyond compliance & enforce responsible use of data
The California Delete Act: Implications for data brokers and privacy
Rethinking data visibility — Why effective governance needs always-on discovery
London calling: Digital regulation and AI governance
Generative AI Governance 101 — A masterclass for privacy pros
Managing privacy in the era of generative AI
AI & ethics – New developments, regulatory considerations and ethical obligations
Legal basis and consequences for personalized advertising
White House Blueprint for an AI Bill of Rights: Catching up with the co-author
EU data transfers: The latest and what comes next
The EU-U.S. Data Privacy Framework in practice
CPRA is here – How to get ahead
What can LGBTQ+ privacy teach us about privacy for all?
The state of the States: U.S. state-level privacy legislation
10 years later: Assessing the Snowden revelations
Data as a competitive advantage – Investing in privacy to drive CX and revenue
The EU Artificial Intelligence Act: A look into the EU negotiations
IAPP/TRU Staffing Partners: The State of Salary and Jobs in Privacy
Generative AI: Privacy and Ethical Considerations for Your Business
The art of consent: Navigating the compliance trifecta
Embedding privacy by design to enforce responsible use of data
Unpacking the DPC’s data transfers decision
Privacy beyond checkmarks: Law 25 and the evolving landscape of Canadian consent
The EDPB Coordinated Enforcement Action on the role of DPOs
From silo to synergy between cybersecurity and privacy
From silo to synergy between cybersecurity and privacy in Europe
What AI Can Learn from Privacy: Recommendations for AI Governance
The IAPP AI Governance Center: A call to action for privacy pros
The building blocks for managing privacy risks at Square Enix
Final Countdown – How to address 5 new CPRA obligations before 1 July
PrivTech Talks: Emerging privacy-enhancing technologies
Report on responsible AI and privacy governance – discussion of findings
The sweeping scope of Washington’s My Health, My Data Act
EDPB/DPC decisions on data transfers: What is expected?
Privacy Around the Globe: Dubai International Financial Centre
Getting companies to embrace a holistic data strategy (IAPP Global Privacy Summit 2023)
Reforming the GDPR in a Global Context (IAPP Global Privacy Summit 2023)
Main stage: Alvaro Bedoya (IAPP Global Privacy Summit 2023)
Keynote: Dan Bouk (IAPP Global Privacy Summit 2023)
Keynote Panel Discussion on GDPR (IAPP Global Privacy Summit 2023)
Keynote: Nina Schick (IAPP Global Privacy Summit 2023)
Keynote: Danielle Citron (IAPP Global Privacy Summit 2023)
PrivTech Talks: Privacy tech in health care and medical research
IAPP Summit Keynote Nina Schick on the latest AI developments
Privacy beyond checkmarks: How to Navigate Cross-border Transfers
EU-U.S. Data Privacy Framework: New Independent, Binding Redress Mechanism
The ins and outs of workplace privacy law: A chat with Zoe Argento
Building a legal and business case for data inventory
California Privacy Rights Act: Are We There Yet?
Privacy Around the Globe: Nigeria
Chinese SCCs are here: Are you ready?
Changing Privacy and Stakeholder Management for a Cloud-First World
Weathering the storm: Building an effective privacy budget & proving ROI in 2023
Biggest Data Privacy Year Yet: New States, HR Data, Evolving Regs and More
Rethinking data visibility: Why effective governance needs continuous discovery
One word: Privacy. A conversation on privacy careers with Krysten Jenci
Building trust in a data-driven world: A collaborative approach to privacy
The new AI Risk Management Framework: NIST’s Reva Schwartz
State AGs and Privacy in 2023: What Your Business Needs to Know
Leveraging privacy governance for the responsible use of AI
Five ways to build a bulletproof PBD program with your security partners
The FTC-GoodRx case: Top takeaways with Kirk Nahra
Quo Vadis Europe? IAPP Country Leaders’ predictions for 2023
Privacy Around the Globe: United Kingdom
Privacy Incident Management Simplified
Taking your EU GDPR program across the pond
Data Privacy Day and 2023 predictions
Legal and Marketing – Practical Tips to Work Together to be Privacy Centric
Privacy in 2023: Omer Tene on what to expect
EDPB’s Meta decisions explained: Resolving the adtech dispute
Privacy in Practice: Our top three for 2023
Cyber New Year’s Resolutions – Predictions and Best Practices for Risk Management
Privacy in the world of hybrid work – Solving the cloud challenge
Shining a Light on Dark Patterns – Good Marketing vs Consumer Manipulation
Unpacking DPC Ireland’s Meta decisions: AdTech and beyond
All things ‘California Privacy Law’ with Lothar Determann
Privacy by Code: Filling the Gap in Your Privacy Programs
What Your Business Should Be Doing Now to Unlock Privacy Benefits
Self-sovereign identity: a primer for privacy pros
How Consumer Reports is aiming to help with data subject rights
Artificial intelligence: How to play in the sandbox
Data Lifecycle: The Privacy Path Less Chosen
Next Gen Privacy: Breathing life into your legacy inventory process
Privacy Around the Globe: South Africa
The EU AI Act: A discussion with Dragoș Tudorache
How to future-proof your privacy program
‘Schrems II’ & the EU-US DPF: Stakeholders volley (IAPP Europe Data Protection Congress 2022)
2022 midterm results: What it means for US privacy law
Privacy Around the Globe: Argentina
Operating the U.S. Cloud Under Schrems II
Protecting intimate privacy: A chat with Danielle Citron
Managing Data Breach Liability & Exposure
Automated Data Mapping That Charts the Course for Privacy and Beyond
Cyber Incident Reporting Simplified with Privacy Best Practices
Privacy Around the Globe: Canada
Three Ways Privacy and Security Can Crush Third-Party Reviews – as Friends
Robert Silvers, Department of Homeland Security Under Secretary for Policy (PSR 2022)
How to Avoid a Dystopian Future: Answers to Questions You Didn’t Know to Ask (PSR 2022)
Rebecca Kelly Slaughter, U.S. Federal Trade Commissioner (PSR 2022)
Panel on the implications of the Supreme Court’s Dobbs decision (PSR 2022)
The EU-US Data Privacy Framework and next steps for data transfers
IAPP country leaders weigh in: What’s next for data protection in Europe?
Privacy is hiring! Tips to recruit, tips to move
DSAR Nightmare: Discover Everything About Your Data Before You Respond
The Privacy & Ecommerce Report: Balancing Personalization and Consumer Privacy
How to Operationalize Data Mapping for Engineering
Introducing Foundations of Privacy and Data Protection — a new IAPP training
Privacy Metrics to Uplevel Your Privacy Program
Start your engines: What does FTC rulemaking mean for privacy?
Consumer Perspectives on Data Privacy and Implications for Business Growth
IAPP Training: More than a path to certification
User Consent in the Digital Age
EU Artificial Intelligence Act Proposal: What could it change?
UK Data Reform: Will the UK become a privacy island paradise?
How Mars streamlines and automates privacy rights with BigID
Managing Privacy Risk and Safeguarding Personal Information
US state privacy laws: What you need to know
A viable US privacy bill: Could this be the one?
The Global Cross Border Privacy Rules Forum
AI and Biometrics Privacy: Trends and Developments
A view from Brussels: GDPR & DGA, DSA, DMA: When the rubber meets the road
The Automated Data Map: Your Foundation for Privacy, Security and Governance
A View From DC: If Federal Privacy Passed, What Would It Look Like?
Privacy Engineer Your Operations for Excellence
Privacy Technology Evolution: From Point Solutions to Data Governance
The Importance of Diversity in the Privacy Office: A U.S. Perspective
The Constitutional Right To Privacy
Credentialing the Next Generation of Privacy Professionals
A conversation with UK Information Commissioner John Edwards
A Conversation with IAPP Vanguard Award Winners
Brad Smith, Microsoft President and Vice Chair, (GPS 2022)
Journalist Panel Keynote (GPS 2022)
Zahra Mosawi, Ex-Commissioner, Access to Information Commission of Afghanistan (GPS 2022)
Tim Cook, Apple CEO (GPS 2022)
Amy Gajda, author of ‘Seek and Hide’ (GPS 2022)
Lina Khan, Chair of the Federal Trade Commission (GPS 2022)
Discussing children’s privacy and safety with Kalinda Raina
Didier Reynders, European Commissioner for Justice (GPS 2022)
Building a Privacy Risk Framework for Accountability Through PIAs
Data Retention: The Blind Spot in Your Privacy Program
A conversation with Danielle Citron
Talking Strategic Privacy by Design with R. Jason Cronk
Zero Day Exploits for Privacy Professionals: Risks, Mitigation and Due Diligence
Data Transfer Enforcement, Risk and Compliance: What You Need to Know Now
How To Build An Effective Privacy Engineering Team
Tool-based Privacy and Security Risk Mitigation
Shaping the Future of Privacy Workforce: Insights from the NIST PWWG
A Lawyer, a Chemist, an Ethicist, a Copywriter and a Programmer Walk Into a Bar
Marketing and Consumer Experience Perspectives to Enhance Your Privacy Program
Data Privacy Day and 2022 Predictions
Practical Tips for Building Your Privacy Operations
Demystifying Digital Transformation in Privacy
Building an Effective and Strategic Healthcare Privacy Program
The Privacy Evolution: Enabling Trusted Data Use
How to Build an Effective Privacy Team
A chat with Neil Richards on ‘Why Privacy Matters’
Catching up on the EU’s digital agenda from the AI Act to the DSA
Breaking Into Privacy: Tips for transitioning into privacy from other roles
The Uncertainty of OSHA & CMS Regulations – What You Need to Know Today
New EDPB Guidelines: What is a data transfer under the GDPR?
Cybersecurity Law Fundamentals – A chat with Jim Dempsey
A Fireside Chat with Commissioner Falk (ANZ Summit Online 2021)
A Fireside Chat with Commissioner Edwards (ANZ Summit Online 2021)
How Digital Ocean Takes A Deep Dive Into Their Financial Data With BigID
Digital Ads Unboxed: When Data Sharing, Not Data Theft, is a Privacy Issue
Practical Privacy: Operationalizing the Data Governance Life Cycle
Establishing Repeatable and Scalable Privacy Programs
The Data Protection Sandbox: A Driver of Innovative Regulation
From Data Compliance to Data Intelligence
A Practitioner Approach to Implementing Data Protection & Privacy by Design
Introducing China’s New Privacy Law: PIPL
The convergence of privacy and competition enforcement – A chat with Samuel Stolton
From Programs to Programmatic: New Mindsets & Methods for Privacy Challenges
Ohio Lt. Governor Jon Husted discusses the state’s privacy bill
Building Data Trust: Measuring the Impact and Readiness for the CPPA
Conducting Data Privacy Impact Assessment on Your Cloud Environments
Why Privacy Departments Hold the Key to Incident Response
The New Frontier: Privacy, Big Data, and Antitrust
Privacy Incident Management Meets Intelligent Automation
Security and Privacy: The Yin and Yang of Effective Enterprise Data Governance
Differential Privacy: Practical Overview and Implementation
The rise of the voice intelligence industry: A conversation with Joseph Turow
#MeToo vs. GDPR: Investigating Sexual Misconduct by EU Employees
How to Deal with Facial Recognition and Make it Compliant?
Rethinking notice and consent: A chat with Jen King
The Elephant in the Data Room — Privacy Challenges in M&A Transactions
Humans in the Loop: Building a Culture of Responsible AI
‘Privacy+’ for Developing and Deploying Artificial Intelligence
Jamming It Up! Innovative Solutions to the Online Consent Challenge
International Data Transfers — Are BCRs the Salvation to Data Transfers?
Profiles in Privacy — A conversation with Patrice Ettinger
Creating Privacy Protections for Government Requests Across Borders
Fairy Tale to Worst Nightmare: Privacy Class-Action Lawsuits
More than Face Value: Facial Recognition Technology & Privacy
How to Measure Privacy’s Impact
Privacy in M&A — Recent Practice and Trends
Eliminating Complexities: The Power of Control-Based Privacy
LBS — IAPP CIPT: Technology Innovation and the Need for the Privacy Technologist
What it will take to pass US privacy legislation: A chat with Rep. Delbene
The EU AI Regulation — What’s New and What’s Not?
Building a Resilient Privacy Program and Operation
Adopting a Proactive Approach to Privacy Protection
Understanding Machine Learning Technology and Developing A Risk-Based Approach
Incorporating Privacy & Cyber Risk Assessments into Mergers & Acquisition
Look Before you Cross: Where Privacy, Anti-Trust & Consumer Protection Intersect
Annual Commissioner’s Address (CPS 2021)
Unleash Business Value by Operationalizing Privacy Programs with Data Governance
Future-Proof Compliance with Breach Notification Regulations
Profiles in Privacy — A conversation with Dayo Simms
Ian Kerr Memorial Lecture Series: Afloat In A Sea of Ethics
What CISOs and CDOs Should Know About Data Ethics Strategy Design
Building a Next Generation Practice Leadership
Privacy Metrics: Measuring Privacy Programs
Vendor Due Diligence in the Age of Data Protection Laws
Seize the Data: Enhancing Your Privacy Program with Automated Data Discovery
How the Role of the CPO and CISO Has Evolved to Meet Privacy Obligations
Emotion-detection tech: Exploring the privacy and ethical issues
Blurred Regulatory Lines — Privacy, Competition and Consumer Protection Collide
At Risk From Within — How People Make Cyber Incidents/Security Happen
Choose the Right Privacy Vendor or Regret It Later
Data Breach: Mitigating Risks in an Ever-Changing Landscape
Privacy Careers: Job placement three years in
Privacy Beyond Compliance? Enhance Privacy Implementation with Maturity Models
Trim Costs, Reduce Risks and Improve Compliance: Data Retention the Right Way
May the 4th Be with You! Vendor Compliance in the Complex World of Media
Influencing Privacy as a Priority: A Regulator’s Perspective
Diversity and Inclusion: An AI Formula for HR Success
US surveillance, global data flows and Big Tech: A chat with April Doss
State of the States: A Look at 2021 U.S. State Privacy Legislation
The Recovery Phase: The Role of Tech and Impact of COVID-19 on Privacy
EU-U.S. Data Transfers: The Road Ahead
Facial Recognition Tech and Privacy: Who Are You? Everyone Wants to Know
Protecting Children Online: Privacy by Design Approaches
Privacy and Data Governance: The Key to Unlocking Privacy at Scale
IAPP Vanguard and Leadership Awards Ceremony
Non-Stop Discussion of the One-Stop Shop
Profiles in Privacy — A conversation with Michelle Beistle
Do We Need Privacy Regulation? In Conversation with Elizabeth Denham
Dark Patterns, Icons and Toggles: A Conversation on Design and Regulation
Privacy KPIs: Showing the Business Your Privacy Management is Effective
Privacy Updates in China and India: 2 Giants Legislating Data Protection
Commoditization of Data: Potentials and Pitfalls of Data Dividend Proposals
Modern Privacy Notices — An Expression of Business Strategy
Customers, Employees, Vendors — Oh My! Slaying the 3-Headed Privacy Dragon
The Next Frontier: Aligning Privacy and Data Ethics with CSR and ESG Programs
Private Sector vs. Public Sector Privacy: How Different Are They Really?
Digital Privacy and Smartphones: Finding the Consent Sweet Spot
Privacy Incident Benchmarking and KPIs: Data to Drive Operational Excellence
Advancing Data-Driven Health Research and Innovation Responsibly
The Ethics of Leveraging Data to Improve Diversity and Inclusion
Data Ethics and Marketing: Applying a Design Thinking Approach
Raise the Bar on Brand Trust by Making Data Privacy Your Competitive Advantage!
Ethic-tive Immediately: Building Trust by Handling Data Ethically
The Privacy Challenges for Retailers 4.0
Profiles in Privacy — A conversation with William Marden
Showcasing an IoT Privacy and Security Label
Taking a Data-centric Approach for Security and Privacy Programs
The privacy case against Grindr and dark patterns – A chat with Finn Myrstad
The 7 Sins of Managing Data Privacy
ISO 27701 vs. NIST Privacy Framework: Choosing the Right One for You
Decryption and Inspection and the Steps Needed for Privacy Compliance
Is a ‘multilateral privacy treaty’ the answer to ‘Schrems II’?
Tech 101 for Privacy Pros: What You Need to Know
Women Leading Tech and Privacy
D&I and Your Privacy Program: A Discussion on Intersectionality
Analyzing Virginias new privacy law with Odia Kagan
A 360-Degree View of Enterprise-wide Privacy Risk
Privacy engineering and design with Nishant Bhajaria
Ethical-AI-by-Design: How Responsible AI Yields a Brighter Tomorrow
Resiliency is Part of Our Mission
Marketing Technology 101 for Privacy Officers
How to Leverage APEC Accountability Agents for Your Global Privacy & Governance
US state privacy legislation in 2021: A conversation with David Stauss
How to Manage Risk and Compliance in the Digital Ecosystem
Data Privacy Day and 2021 Predictions
Profiles in Privacy — A conversation with Jorge Oliveira
Privacy in 2020: A look back with Omer Tene and Caitlin Fennessy
Profiles in Privacy — A conversation with Kim Richardson
Demonstrating Compliance and Privacy Standards Using Smartsheet
Privacy, AI ethics and democracy: A chat with Carissa Véliz
Keynote: The Data Revolution in Today’s Workplace
Keynote: Ruth Bader Ginsburg’s Privacy Legacy
Profiles in Privacy — A conversation with Farah Zaman
Privacy in 2030 — AR/VR and Brain-Computer Interfaces Will Shape the Next Decade
Data Sharing for Research: Advancing Science While Protecting Privacy
AI, a Privacy Odyssey: Conducting Privacy Assessments on AI Projects
Privacy in the Boardroom: The Metrics, Dashboards and Reporting You Need
Privacy Around the Globe: Brazil
Where’s the Data? How to Find Your Biggest Privacy, Security & Governance Risks
Does Your Data Spark Joy? Life-Changing Magic of Data Minimization
California’s Proposition 24 – A chat with Alastair Mactaggart
We Love You, You’re Perfect, Now Change: Stories of Data Protection in M&A
Profiles in Privacy – A conversation with Ruby Zefo
Questions about IAPP Certifications & Training
How to know who’s tracking you: A discussion with Julia Angwin and Surya Mattu
IAPP Keynote: ‘Defending Democracy’
Profiles in Privacy — A conversation with Brendon Lynch
The US SAFE DATA Act and this week’s Senate hearing
Privacy Tech Talk — A conversation with Securys
Privacy Tech Talk — A conversation with OneTrust DataGuidance
Privacy Tech Talk — A conversation with OneTrust
How do we protect kids’ privacy during a COVID-dominated school year?
Mobile App Privacy: A Master Class for Privacy Pros
Brazilian Senate approves amendment allowing LGPD to go into effect
Profiles in Privacy – A conversation with Beverly Walker
Pathways into Privacy Engineering
Privacy Program Remediation to Incorporate Legacy Systems
Top 6 Reasons Why the Consumer Response to a Data Breach Will Fail
Building a Privacy Culture: A Conversation with Privacy Program Managers
IAPP 20th Anniversary Board Chair Chat
What Works: Benchmarking and Strengthening Your Privacy Program
Using Data Intelligence to Solve the Hardest Aspects of Privacy Management
The ‘Schrems II’ Decision: The Day After
Privacy Shield is invalid: What to do next?
The Privacy Briefing: Looking the Board in the Eye
Are COVID-19 apps doing privacy well?
Dual Literacy in Privacy and Security — A Guide for Infosec Professionals
Building Data Privacy into Your Infosec Stack
The Platforms Weigh In: Privacy, Exposure Notification and Contact Tracing
Suing to stop the surveillance
Building a Privacy Culture in Our Conflicted Age
Building Ethical Decision Making into Legal Advice on Data Protection
Practical Primer on Privacy Preparedness
How can we overcome gridlock on a U.S. privacy bill?
Uncover the Benefits of IAPP Online Privacy Training
Like Your Water, Is Your Data Privacy Transparent Enough?
A privacy dispatch from Brussels
The Inaugural Ian Kerr Memorial Lecture
A discussion with Bermuda’s first privacy commissioner
Strategic Vendor Risk Management for Privacy Pros
GDPR-based class actions on the rise
COVID-19: Does privacy even matter right now?
COVID-19: Should we give up our data to help the herd?
What happens to data privacy in a pandemic?
Data protection, ethics and ePrivacy in the EU
How should we interpret the European Commission’s new AI strategy?
CNIL President Marie-Laure Denis (DPI France 2020)
The ICO’s new children’s code: What it could mean for your company
Jay Edelson on settling with Facebook for $550M
A debrief on the Washington Privacy Act
How to maximize your IAPP membership
Celebrating Data Privacy Day with the IAPP Engagement team
Caitlin Fennessy speaks with author Dani Shapiro
Get your electrolytes in for 2020
What the regulators had to say at DPC 2019 in Brussels
The inside scoop on the future of online advertising
The 7 Principles of Privacy by Design in Practice
Dispatch on legislative action in Brussels
What will happen to cross-border data transfers?
Some industry perspective on amended CCPA
Ellen Nadeau discusses NIST Privacy Engineering Collaboration Space
Right To Be Forgotten hits pop culture
Women Who Inspire: A Career Panel with IAPP Leaders
Ellen Nadeau on how NIST’s Privacy Framework highlights workforce needs
Is the FTC’s COPPA settlement with Google and YouTube a game-changer?
Ellen Nadeau breaks down NIST Privacy Framework
Lorrie Cranor on why privacy engineers benefit from certification
Lorrie Cranor discusses her work on user-centered design in privacy
Cranor discusses Carnegie Mellon‘s Privacy Engineering Master’s curriculum
Debrief on ePrivacy Regulation, Schrems II case
The importance of the Privacy Law Specialist designation
CCPA co-architect on this week’s amendments
Kashmir Hill talks privacy journalism and joining NYT
Privacy Advisor Podcast celebrates its 100th episode
Boyd discusses taking control of social situations at Summit
Year one of GDPR was unprecedented
A look at privacy in Mexico and Brazil
Did this US Senate hearing on federal privacy push the ball forward?
NZ commissioner calls for post-terrorism reforms
Edelson on his firms’ $925M privacy class-action win
The latest on Brexit and the ePrivacy Regulation
A recap of this week’s hearings on Capitol Hill
What’s the status of that federal privacy bill?
Santa Clara County’s CPO on building a privacy program from the ground up
Data integrity as a method for preserving democracy
How 57 women won a trip to DEFCON
Product design as an exercise of power and manipulation
Jay Edelson on why the CCPA is bad law and suing Kanye West
What Carpenter means for the future of digital surveillance
How do we deal with viral hate online?
Michael Geist calls for more robust privacy law
FTC talks robocall enforcement
Bedoya on government monitoring of religious minorities
Therrien details new consent guidelines
What’s your life look like on May 26, then?
How to raise kids in the digital age
UK ICO Elizabeth Denham talks GDPR enforcement priorities, Brexit
Why online advertising will survive this massive legal shift
A journalist’s view reporting on privacy from the EU
Johnny Ryan on the continuing crisis ad tech faces
Sam Pfeifle’s dispatch from the EU
Whitney Merrill: Video games, policy and passion collide
What you need to know about the House vote on Section 702
Was 2017 just the amuse-bouche for 2018?
What will Congress do with Section 702?
Odia Kagan: Her dream of becoming a lawyer
The future of digital professions: The Cyber Pro
Justin Brookman talks moving to Consumers Union
Gilad Rosner on solving IoT’s problems before genies get out of bottles
Alexandra Ross on why mindfulness has a place in privacy
The Equifax breach: What privacy professionals should take away from the incident
What to do if you know you’re not GDPR-ready
Her job was to infiltrate: A chat with Rachel Tobac
Joe Jerome on why autonomy is essential
What it’s like to be just starting out in privacy
Dipayan Ghosh on the kind of leaders who can push smart public policy
Kirk Nahra talks data ethics, third-party vendors and deidentification
Privacy Advisor Podcast celebrates its 50th episode
Tracy Ann Kosa on ethics and metrics as the profession’s frontier
Sharon Anolik talks being tapped by HBO for Silicon Valley
José Alejandro Bermudez on what’s happening in Latin America
Brendon Lynch on his Vanguard Award win
Live from the Global Privacy Summit 2017 with Alvaro Bedoya
Five Minutes of FaceTime: Marc Groman
What should I be psyched for at the Global Privacy Summit 2017
Rachel Tobac on winning big at DEFCON
Chris Zoladz on why no one’s ready for GDPR
Jed Bracy discusses his experience at the 2017 RSA Conference
Jessica Rich on leaving the FTC
Duncan Campbell: Head of U.S. Data Privacy at Barclays
Meg Leta Jones discusses her book, “Ctrl + Z: The Right To Be Forgotten”
Phil Lee discusses his career counseling companies both in the U.S. and the EU
John Bowman discusses the implications of Brexit on data protection and privacy in the U.K.
Looking back at the biggest privacy stories of 2016
Linnette Attai on making sure student data stays safe
Data Mapping: How to Do It & Why It Matters
Mike Hintze on working for Microsoft and why he decided it was time to go
Tene, Buttarelli, Falque-Pierrotin, Ramirez || IAPP Data Protection Congress 2016
IAPP-OneTrust’s U.S. Federal Agency Privacy Impact Assessment Demo
Amie Stepanovich discusses her work at Access Now
Recap of Data Protection Congress 2016
Cam Kerry on Snowden revelations fallout
Jay Edelson on how he’s been able to craft winning court arguments
Tim Sparapani discusses his experiences in privacy thus far
Jeramie Scott and Margot Kaminski: Panelists at the FTC’s drone workshop
Dean Forbes on his seminal case against Geocities
Peter Swire discusses whether the Privacy Shield will survive in years to come
Anna Lauren Hoffmann discusses her work in data ethics
Arvind Narayanan discusses life as a researcher and recent work on online tracking
Susan Hennessey on NSA changes after Snowden revelations
PIAs and Data Mapping – Operationalizing GDPR and Privacy by Design
Max Schrems on taking down Safe Harbor
Abigail Dubiniecki discusses her experiences in privacy
Megan Price talks about the ways privacy is essential to her work
Jacob Kohnstamm talks about his experiences leading the Article 29 Working Party
LinkedIn Global Head of Privacy Kalinda Raina discusses her career in privacy
FTC Chief Technologist Lorrie Faith Cranor talks about working with privacy regulators.
John Verdi discusses his experience as the public face of NTIA
Timothy Yim on crafting smart policies citywide
Understanding the privacy and data protection implications of Brexit
Eduardo Ustaran offers tips privacy pros should take toward complying with the GDPR
Diana Marina Cooper discusses her passion for working in drones and robotics
Bojana Bellamy discusses facilitating consistency in GDPR interpretation
Lourdes Terrecha and Sarah Bruno discuss their experiences in the privacy field
Saira Nayak discusses adtech changes under GDPR
Abhishek Agarwal discusses his experiences in the privacy field
Christopher Graham Keynote || IAPP Europe Data Protection Intensive 2016
Justin Weiss discusses the importance of the privacy pro’s role at a fundamental level
K Royal discusses how her varied background has helped her as a privacy pro.
Giorgia Lupi on how to get hands-on with your data
Bamberger, Mulligan talk ‘Privacy on the Ground’
Danny Weitzner and Benjamin Wittes discuss the Apple v. FBI case
Microsoft President Brad Smith (GPS 2016)
Hilary Wandall discusses what keeps her interested in privacy and what it takes to be a good CPO
The Privacy Advisor Podcast: Omer Tene
IAPP Privacy Bar Section Announcement
Building a Privacy Program from Ground Zero
Google’s Keith Enright speaks to Asia’s Privacy Opportunity
Max Schrems talks Facebook and the ECJ (DPC 2015)
Videre’s Oren Yakobovich on empowering people with surveillance
Sarah Lewis to GPS25 attendees: Privacy Breeds Innovation
Google General Counsel Kent Walker at GPS2015
FTC’s Julie Brill and CNIL’s Isabelle Falque-Pierrotin Discuss the US-EU Privacy Divide (DPC 14)
Jeffrey Toobin on the Future of the Supreme Court
The IAPP Celebrates its Tenth Anniversary
View More
Content Type Pages
Topic Pages
Regional Pages
Featured Topics
Privacy by Region
Browse Topics
Building Your Career
Cloud Computing
Crafting a Privacy Notice
Cross-Device Tracking
Data Protection and Privacy Impact Assessments
Deidentification
Encryption
EU ePrivacy Regulation
Financial Technology
Incident and Breach Management
Location Privacy
Organizational Privacy Policies
Privacy In Education
Prudence the Privacy Pro
Small- and Medium-Sized Businesses
Workplace Privacy
Recently Added Resources
Global AI Governance Law and Policy: U.S.
This article analyzes the laws, policies, and broader contextual history and developments relevant to AI governance in the U.S. Read More
Global AI Governance Law and Policy: Canada
This article analyzes the laws, policies, and broader contextual history and developments relevant to AI governance in Canada. Read More
Global AI Governance Law and Policy: South Korea
This article analyzes the laws, policies, and broader contextual history and developments relevant to AI governance in South Korea. Read More
HIPAA compliance alert: Avoid breaches from online trackers on health websites
Resource Center / Web Conferences / HIPAA compliance alert: Avoid breaches from online trackers on health websites HIPAA compliance alert: Avoid breaches from online trackers on health websites Original broadcast date: August 2025 Register for Web ConferenceView all Web Conferences Third-party online tracking technologies are secretly collecting patient data and personal health information on 95% of health care websites, putting organizations at serious risk. Hear from renown... Read More
Privacy Engineering Domains
This is a multipart series intended to provide privacy professionals with an overview of privacy engineering domains, with each covered domain having its own chart. Read More
Salary and Jobs Report 2025–26: Privacy, AI Governance and Digital Responsibility – Executive Summary
This report helps professionals and organizations across the privacy, AI governance and digital responsibility domains to benchmark salaries and compensation. Read More
Salary and Jobs Report 2025–26: Privacy, AI Governance and Digital Responsibility
This report helps professionals and organizations across the privacy, AI governance and digital responsibility domains to benchmark salaries and compensation. Read More
Tools and Trackers
The IAPP develops, maintains and houses a variety of tools to help members keep up with the rapid developments in privacy and their impact on business and the profession, from global privacy legislation comparisons to enforcement trackers and glossaries. Read More
EU AI Act: Regulatory Directory
This tool identifies competent authorities responsible for the implementation and enforcement of the EU Artificial Intelligence Act. Read More
Key Terms for AI Governance
This glossary provides definitions and explanations for some of the most common terms related to AI governance. Read More