Resource Center / Reports and Research Articles
IAPP Reports and Research Articles
TOPIC PAGE
This page hosts a collection of reports, research articles, article series and white papers published by the IAPP.
Navigate Page
IAPP Reports and Research Articles
Reports
US State Comprehensive Privacy Laws Report
Organizational Digital Governance Report
Privacy Curricula in US Law Schools
Responsible AI Management: Evolving Practice, Growing Value
AI Governance in Practice Report 2024
IAPP-EY Professionalizing Organizational AI Governance Report
IAPP Privacy and Consumer Trust Report
Privacy and AI Governance Report
IAPP Privacy Tech Vendor Report
Privacy in M&A transactions: The playbook
Privacy in the Wake of COVID-19
Benefits, Attributes and Habits of Mature Privacy and Data Protection Programs
How Privacy Tech Is Bought and Deployed
Getting to GDPR Compliance: Risk Evaluation and Strategies for Mitigation
The Market for Data Privacy Legal Services
How IT and Infosec Value Privacy
The Top 10 Operational Impacts of the EU’s General Data Protection Regulation
View More
Research Articles
AI in every home: Analyzing the public comments behind the White House AI Action Plan
US state AI legislation: Reviewing the 2025 session
AI governance in the agentic era
UK data reform: Where have we landed?
Global AI Governance Law and Policy: Singapore
Global AI Governance Law and Policy: India
Emerging trends, insights from public enforcement of US state privacy laws
Global AI law and policy trends update
New threads in the patchwork: Key trends in US comprehensive state privacy law amendments
The final days of grace: Preparing for the U.S. sensitive data rule
Digital risk: Nothing ventured, nothing gained
The ethical use of AI in advertising
How different jurisdictions approach AI regulatory sandboxes
Compliance technology adoption: Navigating and overcoming challenges
Policy analysis: US House committee seeks moratorium on state AI rules
The increasing need to address digital governance
TAKE IT DOWN Act: The next bipartisan US federal privacy, AI law
New developments in global adequacy capabilities
US Data Privacy Litigation: Litigating accountability through shareholder action
US Data Privacy Litigation: Data brokers and judicial privacy litigation
Benchmarking salary for digital responsibility
US Data Privacy Litigation: Biometrics and consumer health data litigation
US Data Privacy Litigation: Security breach litigation
Peering through the US state privacy law kaleidoscope
US Data Privacy Litigation: Website tracking litigation
US Data Privacy Litigation: Breach of contract and warranties litigation
Data protection and privacy laws now in effect in 144 countries
IAPP Global Legislative Predictions 2025
Biden’s final order on cybersecurity represents evolution, not revolution
HHS proposes major overhaul of HIPAA security rule
How 119th US Congress committee leadership could shape digital policy
Ghost jobs: The phantom hiring trend with data privacy implications
New laws in California look to the future of privacy and AI
Tracking evolving policy paradigms in a hallmark year for AI governance
Top 10 operational impacts of the EU AI Act – Leveraging GDPR compliance
Council of Europe’s Framework Convention on AI and its global implications
Top operational impacts of reforms to the Australian Privacy Act
OMB seeks input on policies for commercially available data and AI
FTC adds right to delete to cybersecurity settlement
Workplace privacy in US laws and policies
Scrutiny continues as the AI Act reaches implementation
The FCC issues cybersecurity model for the mobile telecommunications industry
AI and digital governance: Exploring platform liability laws in the EU
Top 10 operational impacts of the EU AI Act – AI Assurance across the risk categories
Cybersecurity and the cloud: Lessons from FCC cloud breach enforcement
AI and digital governance: Platform liability laws in the US
The DNA of privacy and the privacy of DNA
Top 10 operational impacts of the EU AI Act – Governance: EU and national stakeholders
Top 10 operational impacts of the EU AI Act – Obligations for general-purpose AI models
Top 10 operational impacts of India’s DPDPA – Data breaches
Implementing kids’ privacy protections around the world
Top 10 operational impacts of the EU AI Act – Obligations on nonproviders of high-risk AI systems
Precision nutrition and biometric privacy in health tech
Top 10 operational impacts of India’s DPDPA – Data protection impact assessments
Top 10 operational impacts of the EU AI Act – Obligations on providers of high-risk AI systems
Top 10 operational impacts of India’s DPDPA – Data audits for significant fiduciaries
Top 10 operational impacts of the EU AI Act – Understanding and assessing risk
AI and digital governance: Exploring platform liability
Top 10 operational impacts of the EU AI Act – Subject matter, definitions, key actors and scope
Top 10 operational impacts of India’s DPDPA – Consent management
Global AI Governance Law and Policy: Canada
Ceiling or floor? State law preemption and preservation in U.S. federal privacy bills
Connected Cars: The legislative environment, potential reform and privacy issues
Understanding ‘sensitive covered data’ under the APRA discussion draft
How privacy and data protection laws apply to AI: Guidance from global DPAs
Global AI Governance Law and Policy: EU
Pay, OK or a third way: Context, analysis from the EDPB’s opinion
US state AI governance bills: Reflecting on the 2024 cycle with a new resource
The Colorado AI Act: What you need to know
The 2024 IAPP Governance Survey: What the data can show on AI
Private Rights of Action in US Privacy Legislation
Pursuit of app-iness: the legal considerations of SDKs
The American Privacy Rights Act’s definition of covered data
FTC enforcement trends: From straightforward actions to technical allegations
Luminos.AI wants to take on AI management woes
Global AI Governance Law and Policy: US
FISA Section 702’s Reauthorization Era
Major trends in US cybersecurity law and policy
Top takeaways from the draft American Privacy Rights Act
IAPP launches 2024 Governance Survey
EU elections explainer: Heading into the next term, reading the smoke signals
Global AI Governance Law and Policy: UK
EU elections explainer: 2024, a transition year into EU leadership overhaul
Checking in on proposed California privacy and AI legislation
OECD privacy, AI leaders come together to bridge gaps
Identifying global privacy laws, relevant DPAs
A new era of US privacy policy? National security restrictions on personal data transactions
Defining ‘comprehensive’: Florida, Washington and the scope of state tracking
Consumer Perspectives of Privacy and Artificial Intelligence
Opting In-n-Out: Five key analyses for adtech privacy law compliance
Amending Australia’s Privacy Act: Small businesses, bigger responsibilities
The truth about privacy: The FTC’s stance on accuracy as a privacy interest
Meta’s new digs: A deep dive into practical considerations of consent
Biased AI systems face the music: Analyzing the FTC’s Rite Aid enforcement
US federal AI governance: Laws, policies and strategies
UK GDPR reforms move forward in UK Parliament
Implications of the AI executive order for business
California privacy: 2022-23 legislative wrap-up
CPPA’s draft automated decision-making rules unpacked
Children’s privacy laws and freedom of expression: Lessons from the UK Age-Appropriate Design Code
Training AI on personal data scraped from the web
Data without borders: EU e-Evidence package facilitates access to private data across jurisdictions
Top 10 operational impacts of India’s DPDPA – Cross-border data transfers
Bipartisan consensus in US privacy lawmaking
Top 10 operational impacts of India’s DPDPA – Enforcement and the Data Protection Board
The CPPA’s upcoming rulemaking process
Top 10 operational impacts of India’s DPDPA – Obligations of data processing entities
Top 10 operational impacts of India’s DPDPA – Individual rights
The Kids Are All Rights: The Conflict between Free Speech and Youth Privacy Laws
UK-US Data Bridge becomes law, takes effect 12 Oct.
Top 10 operational impacts of India’s DPDPA – Scope, key definitions and lawful data processing
EU-US data adequacy litigation begins
Contentious areas in the EU AI Act trilogues
5 things to know about AI model cards
Addressing the duty of care in state privacy laws
AI regulatory enforcement around the world
Regulators’ rulebook for AI: Bit by bit
U.S. privacy legislation in 2023: Something old, something new?
The half-baked future of cookies and other tracking technologies
Privacy governance: A problem solved or an ongoing challenge?
The Snowden disclosures, 10 years on
What dancing taught me about privacy in the metaverse
What’s harm got to do with it?
A practical comparison of the EU, China and ASEAN standard contractual clauses
The Atlantic Declaration: Data bridges, privacy and AI
A trans-Atlantic comparison of a real struggle: Anonymized, deidentified or aggregated?
Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?
Aspiring privacy professionals compete in moot court
Indiana governor signs a comprehensive privacy act into law
Washington’s My Health, My Data Act
How should mobile apps prepare for California’s privacy scrutiny?
The latest in homomorphic encryption: A game-changer shaping up
Going back to basics for the EDPB’s year of the DPO
Iowa becomes sixth US state to enact comprehensive consumer privacy legislation
Filling the void? The 2023 state privacy laws and consumer health data
Generative AI: Privacy and tech perspectives
Standardization landscape for privacy: Part 3 — W3C and IEEE
Most consumers want data privacy and will act to defend it
California legislative wrap-up: CCPA amendments, children’s privacy and more
CNIL’s Secretary General rolls out plans for 2023 at DPI France
Top ten takeaways from the draft UK GDPR reform
Federated learning: Supporting data minimization in AI
The process behind the EDPB’s coordinated enforcement framework
Practical considerations from EU enforcement: One-stop shop
A healthy dose of consent: Takeaways from the FTC’s GoodRx case
Practical considerations from EU enforcement: legal bases and transparency
Cheering emerging PETs: Global privacy tech support on the rise
What the DPC-Meta decision tells us about the EU GDPR dispute resolution mechanism
Takeaways from Epic Games settlement: Teen privacy arrives at the FTC
The FTC’s rapidly evolving standards for MFA
Maximize your minimization and other takeaways from the FTC’s Drizly case
Is GPC the new ‘do not track’?
Privacy and digital health data: The femtech challenge
The EU-US Data Privacy Framework: A new era for data transfers?
A view from Brussels: The latest on the DSA, DMA and Privacy Shield
State views on proposed ADPPA preemption come into focus
The future of youth privacy is here
Reviewing the House Committee changes to the proposed ADPPA
The Sephora case: Do not sell – But are you selling?
Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?
Complying with the California Consumer Privacy Act’s consumer request process
FTC signals expanded breach notice obligations
Understanding the scope of the draft American Data Privacy and Protection Act
Distilling the essence of the American Data Privacy and Protection Act discussion draft
Exceptions in new US state privacy laws leave data without security coverage
Connecticut enacts comprehensive consumer data privacy law
Virginia amendment process complete, text finalized, ahead of Jan. 1 effective date
Utah becomes fourth US state to enact comprehensive consumer privacy legislation
Commission proposal for a regulation on the European health data space
Key data security insights from FTC CafePress settlement
Standardization landscape for privacy: Part 2 — ISO/IEC
Top 5 operational impacts of China’s PIPL — Part 5: International data transfers
Hidden privacy lessons in the FTC’s CafePress security enforcement
Top 5 operational impacts of China’s PIPL — Part 4: Penalties and enforcement mechanisms
Top 5 operational impacts of China’s PIPL: Part 3 — Personal information protection officer
What do the Google Analytics enforcement cases mean for privacy compliance?
Top-5 operational impacts of China’s PIPL: Part 2 — Obligations and rights
The Austrian Google Analytics decision: The race is on
An examination of the DPO requirements in India’s proposed Data Protection Bill
The origins and purpose of Data Protection/Privacy Day
CNIL sets parameters for processors’ reuse of data for product improvement
The way the third-party cookie crumbles: Part 1 – EU and UK developments
Status of the California Privacy Protection Agency’s work
Standardization landscape for privacy: Part 1 — The NIST Privacy Framework
The EU’s DMA and DSA: Why this should be of interest to privacy pros
New EDPB guidelines define international transfers: Dancing in place
A globalized CBPR framework: Peering into the future of data transfers
Quebec’s Bill 64: The first of many privacy modernization bills in Canada?
Privacy as code: A new taxonomy for privacy
Enhancing protections for children’s data
MOU between DPAs: Brazil, Spain to collaborate on data protection governance
Multiparty computation as supplementary measure and potential data anonymization tool
Vaccine credential systems: Considerations for US employers
China’s draft algorithm regulations: A first for consumer privacy
Privacy patchwork: Looking back at the 2021 legislative session
The UK’s new plans for data transfers: An interview with Joe Jones
UK announces independent adequacy decisions; Edwards named ICO top candidate
Privacy bills in the 117th Congress
Ransomware, data protection and compliance
Standing issues in U.S. privacy class actions
Will AI and algorithms truly dictate the future of content?
Local facial recognition bans begin to take hold
Colorado Privacy Act becomes law
EU adequacy decision for South Korea
A look at the California Privacy Protection Agency inaugural meeting
EDPB’s data transfer recommendations adopt a risk-based approach with teeth
Van Buren: The implications of what is left unsaid
Schrems II DPA investigations and enforcement: Lessons learned
50 years and still kicking: An examination of FIPPs in modern regulation
ePrivacy Regulation — Q&A on select topics
The Irish High Court judgment on EU-US data flows
Opt-in vs. opt-out approaches to personal information processing
How Google and Apple are shaking up adtech
Information Technology Rules, 2021 suggest big changes for Big Tech in India
A look at what’s in the EU’s newly proposed regulation on AI
Why the Fifth Circuit HIPAA case doesn’t mean ‘game over’ for HHS data security enforcement
TikTok settlement highlights power of privacy class actions to shape US protections
The first but not last comprehensive US privacy bill of 2021
Top-10 operational impacts of the CPRA: Part 10 — Enforcement and potential penalties
Virginia passes the Consumer Data Protection Act
Top-10 operational impacts of the CPRA: Part 9 — The scope of the anticipated regulations
Draft UK adequacy decisions — A somewhat lukewarm embrace?
Next-gen privacy: Examining the EU’s ePrivacy Regulation
Data transfers: Questions and answers abound, yet solutions elude
Will there be federal facial recognition regulation in the US?
Top-10 operational impacts of the CPRA: Part 7 — Responding to consumers’ requests to know
How the lack of a federal privacy law is resulting in a problematic application of the CFAA
Top-10 operational impacts of the CPRA: Part 6: Service providers, contractors and third parties
Top-10 operational impacts of the CPRA: Part 5 — Notice obligations and right to opt out
How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs
Biden appoints Christopher Hoff to oversee Privacy Shield talks
Top-10 operational impacts of the CPRA: Part 4 — Other expanded rights and obligations
Proposal for an EU Data Governance Act — a first analysis
How might the 117th Congress approach privacy and cybersecurity?
FTC Zoom agreement highlights security, dissents foreshadow the importance of privacy in the future
Top-10 operational impacts of the CPRA: Part 1 – The California Privacy Protection Agency
Top-5 operational impacts of Brazil’s LGPD: Part 5 — Enforcement mechanisms and sanctions
New EU SCCs: A modernized approach
Top-5 operational impacts of Brazil’s LGPD: Part 4 — DPOs
A breakdown of EDPB’s recommendations for data transfers post-‘Schrems II’
How independent dispute resolution fosters the exercise of data subject rights
Top-5 operational impacts of Brazil’s LGPD: Part 3 — International transfers
BCRs after ‘Schrems II’ decision: A first analysis
Political and legal framework of German DPAs: The question of centralization
Top-5 operational impacts of Brazil’s LGPD: Part 1 — Processing, rights and DSARs
CCPA update: Calif. attorney general comments, new amendments signed into law
Study: LGPD likely to require at least 50K DPOs in Brazil alone
Israel’s Privacy Shield announcement: Tiptoeing between the EU and US
What to expect on revised standard contractual clauses
The Washington Privacy Act is back
Consolidating US privacy legislation: The SAFE DATA Act
Legal remedies to US surveillance after ‘Schrems II’
The role of data in the fight for social justice
Important commentary from Calif. OAG in proposed CCPA regulations package
The value of privacy research: The view from FTC’s PrivacyCon2020
Using SCCs post-‘Schrems II’: Guidance from DPAs
The ‘Schrems II’ decision: EU-US data transfers in question
Privacy and racial justice: Regulating facial recognition technology
Manual contact tracers and privacy: Building trust is a local effort
CCPA litigation: Shaping the contours of the private right of action
The evolution of the ‘reasonable security’ standard in the US context
With COVID-19, privacy is more central than ever before
GDPR’s second anniversary: A cause for celebration — and concern
Deja vu? The politics of privacy legislation during COVID-19
Privacy questions for COVID-19 testing and health monitoring
CPRA’s top-10 impactful provisions
Virtual justice and privacy: What does COVID-19 mean for due process?
Republican senators to introduce the COVID-19 Consumer Data Protection Act
A farewell to Joel Reidenberg: Mentor, scholar, mensch
Sharing COVID-19 data with government authorities: Guidance from DPAs
A timely resource: Updated guide to US government data sharing
How is COVID-19 affecting privacy programs? A call for research action
Should first responders know the addresses of those with COVID-19?
US Sen. Moran’s new privacy bill: Stacking up the federal proposals
Analyzing the second set of modifications to draft CCPA regulations
COVID-19 response and data protection law in the EU and US
A run down of US Sen. Gillibrand’s proposed Data Protection Act
Microsoft launches open-source privacy mapping tool
What is and what isn’t subject to a DPIA under GDPR? An update
EU representative on ‘How to operationalize Article 27’ of the GDPR
Comparing the new Washington Privacy Act to the CCPA
The advocate general’s ‘Schrems II’ opinion: What it says and means
Tracking the politics of US privacy legislation
US sens. unveil new federal privacy legislation
The Privacy Shield review and its potential to impact Schrems II
Book review: ‘Nobody’s Victim: Fighting Psychos, Stalkers, Pervs, and Trolls’
GDPR in the eyes of the member states
CJEU clarifies cookie consent requirements
A closer look at Carnegie Mellon’s privacy engineering program
A closer look at Carnegie Mellon’s privacy engineering program
Data scraping and the implications of the latest LinkedIn-hiQ court ruling
Inside the Privacy Shield annual review: Increasing common ground
The unique challenges CCPA poses for SMEs
Grazie maestro, ciao, Giovanni
In Memoriam: Giovanni Buttarelli, 1957–2019
Privacy engineering: The what, why and how
NIST Privacy Framework nearing completion
Could the CJEU upend the global framework for data flows by answering a different question?
GDPR compliance: Hits and misses
The GDPR, one year on: What about ePrivacy?
GDPR one year later: Looking backward and forward
Study: An estimated 500K organizations have registered DPOs across Europe
TheScore’s privacy notice analyzed against the CCPA
Privacy pros’ salaries rise, yet pay gaps by gender persist
Competing CCPA amendments sculpt law’s scope
State legislature debates CCPA ad-tech carve out amendment
US state comprehensive privacy law comparison
IAPP FAQs: Are GDPR-compliant companies prepared for CCPA?
The state Senate version of the Washington Privacy Act: A summary
NIST Privacy Framework recognizes critical need for workforce development
Washington state’s consumer privacy act takes next step toward passage
FTC issues its largest-ever COPPA fine
How opt-in consent really works
Creating meaningful data protection out of US privacy proposals
Privacy law and resolving ‘deepfakes’ online
CCPA offers minimal advantages for deidentification, pseudonymization, and aggregation
US Supreme Court case may have far-reaching privacy implications
Lawsuit against weather app sign of things to come?
Worse than negligent: Takeaways from Oath’s COPPA settlement with the NY AG
What’s subject to a DPIA under the GDPR? EDPB on draft lists of 22 supervisory authorities
American Bar Association issues ethics opinion on client-data breaches
Can Austria align ‘diverging views’ with proposed ePrivacy amendments?
Top 5 Operational Impacts of CCPA: Part 5 – Penalties and enforcement mechanisms
Cookies and consent at the IAPP
Top 5 Operational Impacts of the CCPA: Part 2 – Transparency and notice obligations
The ethical and legal ramifications of using ‘pseudo-AI’
Recap: Webinar looks at the exceptional nature of privacy harm
New California privacy law to affect more than half a million US companies
Constitution v Congress: Carpenter v United States
DPO liability and potential insurance coverage
Guidelines on White-Box Development
From Cambridge Analytica to GDPR: Enter digital supply chain management
The Irish DPC is fit: A response to Shaw
Update: Examining the Bulgarian presidency’s latest draft of the ePrivacy Regulation
What’s new in WP29’s final guidelines on transparency?
Why we’re releasing new WP29 document archives resource page
Top 10 Operational Responses to the GDPR – Part 10: Communicating with supervisory authorities
Top 10 Operational Responses to the GDPR – Part 8: Data breach and the GDPR
Top 10 Operational Responses to the GDPR – Part 7: Accommodating data subjects’ rights
Top 10 Operational Responses to the GDPR – Part 6: Transparency and privacy notices
US Supreme Court hears arguments in United States v. Microsoft
Guide to the Gramm–Leach–Bliley Act
Top 10 Operational Responses to the GDPR – Part 3: Build and maintain a data governance system
Top 10 operational responses to the GDPR – Part 2: Lawful bases for processing
Top 10 operational responses to the GDPR – Part 1: Data inventory and mapping
The top five contested issues in the EU’s developing ePrivacy Regulation
European Commission weighs in on Microsoft Ireland case
The Working Party guidance on consent is finally here
What’s in the WP29 update on transfers to third countries?
Reading the tea leaves in Carpenter v US
When the world’s DPAs get together: Resolutions of the ICDPPC
Can a cease-and-desist notice create CFAA liability? Scrapers beware
WP29 releases guidelines on profiling under the GDPR
Mass. weighs in on Equifax: Who else might?
Spokeo ruling means even ‘good’ errors are bad
Book Review: ‘Terms and Conditions’
WP29 proposes DPIA guidelines, shedding light on “high risk” processing
Book review: ‘Ctrl+Z: The Right to be Forgotten’
The Email Privacy Act: What happened and where we are now
The Ramirez legacy of enforcement at the FTC
Growing focus on privacy in Asia
Intangible Privacy Harms Post-Spokeo
The AT&T v. FTC common carrier ruling creates a regulatory ‘blind spot’
LabMD and the new definition of privacy harm
Not unfair may still be unreasonable: The ramifications of the SEC’s Morgan Stanley settlement
Can the U.S. legal system adapt to biometric technology?
How GDPR changes the rules for research
We’ve got a finalized Privacy Shield agreement: What’s new?
Rosen answers: What Would Brandeis Do?
We read Privacy Shield so you don’t have to
Top 10 operational impacts of the GDPR: Part 10 – Consequences for GDPR Violations
Top 10 operational impacts of the GDPR: Part 8 – Pseudonymization
Top 10 operational impacts of the GDPR: Part 7 – Vendor Management
A brief history of the General Data Protection Regulation (1981-2016)
Top 10 operational impacts of the GDPR: Part 6 – RTBF and data portability
Top 10 operational impacts of the GDPR: Part 4 – Cross-border data transfers
Top 10 operational impacts of the GDPR: Part 3 – consent
NIS + GDPR = A New Breach Regime in the EU
FTC Workshop Aims To Find Solutions to Pitfalls of Cross-Device Tracking
CalECPA: California’s New Privacy Law
What Place Do Search Engines Have Between Personal Data Law and Freedom of Speech?
The changing meaning of “personal data”
View More
Article Series
Top 10 operational impacts of India’s DPDPA
Standardization landscape for privacy
State Attorneys General on privacy, cybersecurity, enforcement and legislation
Top 5 Operational Impacts of China’s PIPL
Top 10 operational impacts of the CPRA
Top 5 operational impacts of Brazil’s LGPD
Guidance notes for responding to ‘Schrems II’
How to Build a Culture of Privacy
Top 5 Operational Impacts of the California Consumer Privacy Act
Top 10 operational responses to the GDPR
On Monetizing Personal Information
Benchmarking your Privacy Incident Management Program
The General Data Protection Regulation Matchup Series
How to Shop Smart for Cyberinsurance
Building a Program that Provides Value
For a Successful Privacy Program, Use these Three A’s
How the C-Suite Should Talk About Cybersecurity
Starting up privacy at a start-up
Monitoring Your Privacy Program
Third-Party Vendor Management Means Managing Your Own Risk
Ten Steps to a Quality Privacy Program
View More
White Papers
The Rise of Prescriptive Technical Safeguards in FTC Settlements
Self-sovereign identity as future privacy by design solution in digital identity?
Negotiating privacy: Bipartisan agreement on US privacy rights in the 117th Congress
Privacy Leaders’ Views – The Impact of COVID-19 on Privacy Priorities, Practices and Programs
The Skill Set Technologists Need to Implement a Privacy Risk Management Framework
An Overview of US Surveillance in Light of “Schrems II”
The Skill Set Needed to Implement the NIST Privacy Framework
Privacy Risks to Individuals in the Wake of COVID-19
Assessing the Right to Personal Data Portability in Mexico
COPRA and CDPA: Similarities, Gray Areas and Differences
Negotiating with Service Providers and Third Parties under CCPA
Privacy 2030: A New Vision for Europe
5 Steps You Must Take to Prepare for the CCPA
CCPA Compliance Operation: Delivering Data Access via Accounts
Timelines and budgets for GDPR compliance: A meta-analysis
Consensus and Controversy in the Debate Over US Federal Data Privacy Legislation
Building Ethics into Privacy Frameworks for Big Data and AI
Applying the Positive-Sum Principle for Successful Privacy by Design Outcomes
6 Ways Privacy Awareness Training Will Transform Your Staff
Five Lessons I Learned Transitioning from Security to Privacy
Getting Started with Privacy in Canada
Must-Have Privacy Training Features for Your Team
Privacy and Data Security is for Everyone
They Did What? Top Privacy Mistakes To Watch Out For (and How To Avoid Them)
Some Privacy Practices May Result in Under-Reporting of Breach Incidents
What the GDPR Requires of and Leaves to the Member States
Consent for the Collection, Use, and/or Disclosure of Children’s Personal Information
How DPA Budget and Staffing Levels Mirror National Differences in GDP and Population
How Privacy Awareness Builds Trust
IAPP Privacy 101 White Paper Series
The UX Guide to Getting Consent
Check or Mate? Strategic Privacy by Design
Applying VPPA to Online Video Privacy
Assessing Mobile App Data Privacy Risk
From Here to DPO: Building a Data Protection Officer
Preparing for the GDPR: DPOs, PIAs, and Data Mapping
The Risk-Based Approach in the GDPR: Interpretation and Implications
Top 45 Security and Privacy Blind Spots
Privacy, Security and Practical Considerations for Developing or Enhancing a BYOD Program
Privacy 101 for SMEs: The Best Defense is a Good Offense
Privacy Policies: How To Communicate Effectively with Consumers
A Call for Agility: The Next-Generation Privacy Professional
View More