In this year’s IAPP-EY governance survey report we go back to the foundations of governance, seeking to explore “the way that organizations are managed, and the systems for doing this,” with a view to shedding light on the question senior executives routinely ask chief privacy officers: “What should a privacy function look like in 2022 and beyond?” Read More

This report analyzes similarities and differences between enacted U.S. comprehensive state privacy laws. Read More

The US SEC requires most publicly traded companies to annually disclose in their Form 10-K submissions potential risk factors to investors. The IAPP studies these disclosures to assess not just whether companies have been disclosing personal data processing practices and privacy regulations as a risk, but also increasingly what business harms the organizations faced for getting privacy wrong. Read More

This year’s “Privacy Tech Vendor Report” finds the industry at a crossroads of sorts. As privacy has shifted from an afterthought to a necessity within the last decade, the conversation today regarding its place in product development has evolved from the abstract to the technical implementation of an array of solutions. Read More

Universities around the world are adding privacy curricula in their law, business and computer science schools. The IAPP’s Westin Research Center has catalogued these programs with the aim of promoting, catalyzing and supporting academia’s growing efforts to build an on-ramp to the privacy profession. The information presented in the second issue of “Privacy and Data Protection in Academia, A Global Guide to Curricula” represents the results of our publicly available survey. Read More

This article provides a breakdown of Washington’s new health data act. Read More

On 8 March 2023, the U.K. government introduced the Data Protection and Digital Information (No. 2) Bill to Parliament. Its objective is to “update and simplify” the U.K.’s data protection laws and certain other legislation. This article sets out a comprehensive summary of the changes in comparison to the GDPR. Read More

The EDPB’s coordinated enforcement action focused on the role of the DPO. This article examines the legal requirements for DPOs and breaks down the role’s designation, position and tasks as set out in the GDPR. Read More

This article breaks down the key practical takeaways and things to look out for on the EU General Data Protection Regulation’s legal bases and transparency requirements. Read More

Mergers and acquisitions has been central to us for a long time. Given our group emphasis on the importance of privacy in data-centric transactions, consideration of data protection and other associated issues in an M&A context is essential. This playbook aims to address this need by consolidating our group’s experiences and learnings to date in this domain. Read More

The IAPP and EY launched a research initiative to gain more insight into the unique ways privacy and data protection practices have been affected by the pandemic. The initial phase of the project included a survey of privacy professionals, taking a deeper look at how organizations, in general, and privacy programs, in particular, are handling the privacy and data protection issues that have emerged alongside COVID-19, such as privacy and security issues related to working from home, monitoring the health of employees, and sharing data with governments, researchers and public health authorities. Read More

The IAPP, in partnership with FairWarning, set out to identify characteristics and behaviors of privacy and data protection teams. Read More

The IAPP, in partnership with BigID, set out to gain insight into the landscape of individual data rights, and how organizations provide data transparency to their employees and consumers. This report explores components of a framework for processing data access requests, deletion requests, and data transparency - including understanding the demand for data rights and its relationship to building brand trust. Read More

Published: July 2020Click To View (PDF) This 20th anniversary publication, “Visions of Privacy,” is a future-looking anthology of contributions from privacy thought-leaders from around the world. We asked these leading voices to take a moment for reflection on the last 20 years of privacy — to pause and think deeply about the future of privacy. We are excited to provide you with these incredible reflections on how far we have come as a profession over the past two decades and what the future ... Read More

Throughout 2019, the IAPP and OneTrust have fielded surveys to U.S.-based subscribers of IAPP’s Daily Dashboard seeking to benchmark and track CCPA compliance efforts over time. This short report demonstrates the results of our third and final survey, which was disseminated in November 2019. Read More

In Measuring Privacy Operations 2019, the IAPP and TrustArc offer privacy professionals around the globe a look at how their colleagues are implementing privacy requirements. This is the latest in a series of reports designed to help companies benchmark their own privacy practices against those of their partners and competitors. Read More

For the second year running, the IAPP together with TrustArc surveyed 345 privacy professionals around the globe to gain an understanding of how privacy technology products are purchased and deployed within an organization. Results this year shine a light on which products are in use and under whose budget privacy tech purchases are made, as well as other budgetary and purchase-decision-making insights. Read More

In this study gauging the risks of non-compliance with various aspects of the GPDR, the IAPP surveyed nearly 500 privacy pros. We asked them to rate the risk of noncompliance with various requirements of the GDPR and what actions they are taking to mitigate each perceived GDPR risk. Read More

Images of the IAPP's collection of editions of George Orwell's Nineteen Eighty-Four. Read More

Published: April 2016Click To View (PDF) In January 2016 the IAPP and Bloomberg Law conducted a survey of 353 privacy professionals and identified 181 in-house privacy professionals who self-identified as currently employing outside counsel, shopping for external counsel, or having employed outside counsel in the last year. This revealed a number of interesting findings. ... Read More

Across 2015 and 2016, the IAPP published a series of Safe Harbor guidance resources, reports, web conferences and articles. Read More

Published: March 2016Click To View (PDF) As a more mature field, information security has long enjoyed larger budgets and more staff than information privacy. As privacy teams have matured and grown, however, their budgets are beginning to be substantive. How do information security and privacy teams work in concert, so that their respective spends can complement one another? Are their priorities aligned? Have firms decided that information privacy investments can enhance information security... Read More

Published: November 2014Click To View (PDF) Over the summer of 2014, the IAPP embarked on the first of what will be an annual effort to research and benchmark the privacy programs of the Fortune 1000. In partnership with third-party research firm Fondulas Strategic Research, we queried roughly 275 privacy leads at Fortune 1000 companies, all of them large, private, for-profit firms operating from a base in the United States, and got a 23-percent response rate, providing us with one of the mos... Read More

The question raised in the title of this article is the complex and long-debated one that the Court of Justice of the European Union (the “CJEU”) will have to answer, following an application made by the Spanish High Court. The case leading to this question is between Mr. X, a Spanish national, and Google. Mr. X noticed that when he typed his name into the Google search engine, two of the results redirected the user to pages of a newspaper that included details of the auctioning of a property seized due to a failure by Mr. X to pay social contributions. Mr. X brought a claim against the newspaper and Google before the Spanish Personal Data Protection Authority. Read More

William Baker and Anthony Matyjaszewski explore the changing meaning of “personal data” in this article, which includes a compendium of definitions outlining how the term is defined within data protection laws worldwide. Read More

IAPP Canada has detailed the success of its expanded KnowledgeNet program in a report to the Office of the Privacy Commissioner, highlighting how the assistance of a grant from the OPC has helped the program offer eight times as many events. Read More