Resource Center / Reports and Research Articles
IAPP Reports and Research Articles
TOPIC PAGE
This page hosts a collection of reports, research articles, article series and white papers published by the IAPP.
Navigate Page
IAPP Reports and Research Articles
Reports
Salary and Jobs Report 2025-26
AI Governance Profession Report 2025
Privacy Governance Report 2024
Privacy Curricula in US Law Schools
Responsible AI Management Report
AI Governance in Practice Report 2024
Professionalizing Organizational AI Governance Report
Privacy and Consumer Trust Report
Privacy and AI Governance Report
Privacy in M&A Transactions Playbook
Privacy in the Wake of COVID-19
Benefits, Attributes and Habits of Mature Privacy and Data Protection Programs
Measuring Privacy Operations Report
How Privacy Tech Is Bought and Deployed Report
Market for Data Privacy Legal Services Report
How IT and Infosec Value Privacy Report
The Top 10 Operational Impacts of the GDPR
View More
Research Articles
Florida enters the privacy chat: Why Roku should be a wake-up call
PETs: Beyond privacy-enhancing
Ninth Circuit takes cautious approach to privacy and data security standing
10 tips to prepare for the EU Cyber Resilience Act
Global AI Governance Law and Policy: Canada
Global AI Governance Law and Policy: US
Global AI Governance Law and Policy: South Korea
Examining Western cyber policy reactions to China’s rise in the digital age
Data brokers, beware: Distinguishing PADFAA from the DOJ’s DSP
Whose risk is it anyway? How positions and perspectives inform digital risks
Risk analysis is the foundation of data security, but regulator approaches differ
California adopts Cybersecurity Audit Rule, outlining ‘reasonable’ cybersecurity
AI in every home: Analyzing the public comments behind the White House AI Action Plan
US state AI legislation: Reviewing the 2025 session
AI governance in the agentic era
UK data reform: Where have we landed?
Global AI Governance Law and Policy: Singapore
Global AI Governance Law and Policy: India
Emerging trends, insights from public enforcement of US state privacy laws
Global AI law and policy trends update
New threads in the patchwork: Key trends in US comprehensive state privacy law amendments
The final days of grace: Preparing for the U.S. sensitive data rule
Digital risk: Nothing ventured, nothing gained
The ethical use of AI in advertising
How different jurisdictions approach AI regulatory sandboxes
Compliance technology adoption: Navigating and overcoming challenges
Policy analysis: US House committee seeks moratorium on state AI rules
The increasing need to address digital governance
TAKE IT DOWN Act: The next bipartisan US federal privacy, AI law
New developments in global adequacy capabilities
US Data Privacy Litigation: Litigating accountability through shareholder action
US Data Privacy Litigation: Data brokers and judicial privacy litigation
Benchmarking salary for digital responsibility
US Data Privacy Litigation: Biometrics and consumer health data litigation
US Data Privacy Litigation: Security breach litigation
Peering through the US state privacy law kaleidoscope
US Data Privacy Litigation: Website tracking litigation
US Data Privacy Litigation: Breach of contract and warranties litigation
Data protection and privacy laws now in effect in 144 countries
IAPP Global Legislative Predictions 2025
Biden’s final order on cybersecurity represents evolution, not revolution
HHS proposes major overhaul of HIPAA security rule
How 119th US Congress committee leadership could shape digital policy
Ghost jobs: The phantom hiring trend with data privacy implications
New laws in California look to the future of privacy and AI
Tracking evolving policy paradigms in a hallmark year for AI governance
Top 10 operational impacts of the EU AI Act – Leveraging GDPR compliance
View More
Article Series
Top 10 operational impacts of India’s DPDPA
Standardization landscape for privacy
State AGs on privacy, cybersecurity, enforcement and legislation
Top 5 Operational Impacts of China’s PIPL
Top 10 operational impacts of the CPRA
Top 5 operational impacts of Brazil’s LGPD
Guidance notes for responding to ‘Schrems II’
How to Build a Culture of Privacy
Top 5 Operational Impacts of the CCPA
Top 10 operational responses to the GDPR
Monetizing Personal Information Series
Benchmarking your Privacy Incident Management Program
Shopping Smart for Cyberinsurance Series
Economics of Cybercrime Series
Building a Program that Provides Value
Key Attributes of a Successful Privacy Program
How the C-Suite Should Talk About Cybersecurity
Starting up privacy at a start-up
Monitoring Your Privacy Program Series
Third-Party Vendor Management Means Managing Your Own Risk
Ten Steps to a Quality Privacy Program
View More
White Papers
The Rise of Prescriptive Technical Safeguards in FTC Settlements
Self-sovereign identity as future privacy by design solution in digital identity?
Negotiating privacy: Bipartisan agreement on US privacy rights in the 117th Congress
Privacy Leaders’ Views – The Impact of COVID-19 on Privacy Priorities, Practices and Programs
The Skill Set Technologists Need to Implement a Privacy Risk Management Framework
An Overview of US Surveillance in Light of “Schrems II”
The Skill Set Needed to Implement the NIST Privacy Framework
Privacy Risks to Individuals in the Wake of COVID-19
Assessing the Right to Personal Data Portability in Mexico
COPRA and CDPA: Similarities, Gray Areas and Differences
Negotiating with Service Providers and Third Parties under CCPA
Privacy 2030: A New Vision for Europe
5 Steps You Must Take to Prepare for the CCPA
CCPA Compliance Operation: Delivering Data Access via Accounts
Timelines and budgets for GDPR compliance: A meta-analysis
Consensus and Controversy in the Debate Over US Federal Data Privacy Legislation
Building Ethics into Privacy Frameworks for Big Data and AI
Applying the Positive-Sum Principle for Successful Privacy by Design Outcomes
6 Ways Privacy Awareness Training Will Transform Your Staff
Five Lessons I Learned Transitioning from Security to Privacy
Getting Started with Privacy in Canada
Must-Have Privacy Training Features for Your Team
Privacy and Data Security is for Everyone
They Did What? Top Privacy Mistakes To Watch Out For (and How To Avoid Them)
Some Privacy Practices May Result in Under-Reporting of Breach Incidents
What the GDPR Requires of and Leaves to the Member States
Consent for the Collection, Use, and/or Disclosure of Children’s Personal Information
How DPA Budget and Staffing Levels Mirror National Differences in GDP and Population
How Privacy Awareness Builds Trust
IAPP Privacy 101 White Paper Series
The UX Guide to Getting Consent
Check or Mate? Strategic Privacy by Design
Applying VPPA to Online Video Privacy
Assessing Mobile App Data Privacy Risk
From Here to DPO: Building a Data Protection Officer
Preparing for the GDPR: DPOs, PIAs, and Data Mapping
The Risk-Based Approach in the GDPR: Interpretation and Implications
Top 45 Security and Privacy Blind Spots
Privacy, Security and Practical Considerations for Developing or Enhancing a BYOD Program
Privacy 101 for SMEs: The Best Defense is a Good Offense
Privacy Policies: How To Communicate Effectively with Consumers
A Call for Agility: The Next-Generation Privacy Professional
View More