Privacy Tech and Privacy By Design


Here, you can find the IAPP’s collection of coverage, analysis and resources related to privacy technology and privacy by design. The IAPP Resource Center includes separate topic pages for Artificial Intelligence and Cloud Computing, as well as a “Privacy Engineering Section,” which offers a range of programs, events, content and networking opportunities through which privacy pros working in IT and related fields can connect and advance.

Featured Resources

2022 IAPP Privacy Tech Vendor Report

This year’s “Privacy Tech Vendor Report” finds the industry at a crossroads of sorts. As privacy has shifted from an afterthought to a necessity within the last decade, the conversation today regarding its place in product development has evolved from the abstract to the technical implementation of an array of solutions.
Read More

Building the next gen of security and privacy pros

This white paper explores how the roles of privacy and cybersecurity professionals are becoming increasingly interdependent, and compares the challenges faced by both professions.
Read More

Strategic Privacy by Design

Designed for both the individual who knows privacy by design and the individual who is just starting on their privacy journey, this book presents a methodology for building privacy into a product, service, or business process, and takes an unconventional approach to privacy by design.
Read More

Latest News and Resources

Cybersecurity Law Fundamentals

Almost as swiftly as cybersecurity has emerged as a major corporate and public policy concern, a body of cybersecurity law has developed. The purpose of Cybersecurity Law Fundamentals is to give a coherent summary of this incoherent body of law. Read More

Privacy and responsible AI

Artificial intelligence and machine learning are advancing at an unprecedented speed. This raises the question: How can AI/ML systems be used in a responsible and ethical way that deserves the trust of users and society? Regulators, organizations, researchers and practitioners of various disciplines are all working toward answers. Privacy professionals, too, are increasingly getting involved in AI governance. They are challenged with the need to understand the complex interplay between privacy ... Read More

Where is my personal data bill of materials?

As privacy concerns mount — both cyber threats and legal requirements — a clear, formal, standard model of data components and their history has become necessary. Here, we introduce the concept of the data bill of materials or personal data bill of materials, a comprehensive inventory of personal data used in software systems. The DBoM records the ownership, sharing history, storage and collection purpose of a unit of data. The purpose of a DBoM is to identify personal data as an asset and an e... Read More

Non-Fungible Tokens – Privacy and Cybersecurity Risks
(Alan Moore, Keith Pham, Tylar Jaspan, September 2022)
Privacy with Microsoft Video Series – Episode 4: ISO/IEC 27701 for Privacy Information Management
(IAPP, August 2022)
Reed Smith – Guide to the Metaverse, Second Edition
(Reed Smith, August 2022)
Guide on Personal Data Protection Considerations for Blockchain Design
(Singapore PDPC, July 2022)
What does the newest U.S. privacy bill mean for cybersecurity?
(IAPP, June 2022)
Web Conference: Privacy Technology Evolution: From Point Solutions to Data Governance
(IAPP, May 2022)
Web Conference: Privacy Engineer Your Operations for Excellence
(IAPP, May 2022)
Standardization landscape for privacy: Part 1 — The NIST Privacy Framework
(IAPP, 2022)
Standardization landscape for privacy: Part 2 — ISO/IEC
(IAPP, 2022)
Exceptions in new US state privacy laws leave data without security coverage
(IAPP, May 2022)
Talking Strategic Privacy by Design with R. Jason Cronk
(IAPP, March 2022)
Successful adoption of mobile ID hinges largely on protection of citizen privacy
(IAPP, March 2022)
Information Security Management – An Executive View
(Marcos Sêmola, March 2022)
Perkins Coie – 2022 Emerging Technology Trends
(Perkins Coie, February 2022)
LinkedIn Live: ‘How To Build An Effective Privacy Engineering Team’
(IAPP, February 2022)
CDT — Responsible Technology Training Series for Education Practitioners
(CDT, January 2022)
iOS App Report: Surveillance Marketing Still Going Strong
(URL Genius, January 2022)
Age verification and data protection: Far more difficult than it looks
(IAPP, January 2022)
2022’s top-10 legal technology job market predictions
(IAPP, January 2022)
A look inside the robust privacy tech vendor market
(IAPP, January 2022)
Privacy as code: A new taxonomy for privacy
(IAPP, November 2021)
Brookings Glossary: Artificial intelligence and emerging technology
(Brookings Institution, October 2021)
The Privacy and Equity Implications of Using Self-Harm Monitoring Technologies: Recommendations for Schools
(Future of Privacy Forum, August 2021)
The Privacy and Equity Implications of Using Self-Harm Monitoring Technologies: Recommendations for Schools
(Future of Privacy Forum, August 2021)
Web Conference: More than Face Value: Facial Recognition Technology & Privacy
(IAPP, July 2021)
Web Conference: Understanding Machine Learning Technology and Developing A Risk-Based Approach
(IAPP, June 2021)
Web Conference: LBS — IAPP CIPT: Technology Innovation and the Need for the Privacy Technologist
(IAPP, June 2021)
KPMG — Privacy Technology: What’s next?
(KPMG, May 2021)
Privacy Tech’s Third Generation: A Review of the Emerging Privacy Tech Sector
(Future of Privacy Forum, Privacy Tech Alliance, May 2021)
Web Conference: Marketing Technology 101 for Privacy Officers
(IAPP, February 2021)
World Economic Forum — Future Series: Cybersecurity, emerging technology and systemic risk
(World Economic Forum, November 2020)
EY-NASCIO Report — How will the power of emerging technology help reframe your future?
(EY-NASCIO, October 2020)
White Paper – The Skill Set Technologists Need to Implement a Privacy Risk Management Framework
(IAPP, October 2020)
Infographic – How to get started in privacy engineering
(IAPP, August 2020)
White Paper – The Skill Set Needed to Implement the NIST Privacy Framework
(IAPP, August 2020)
ePrivacy and Data Protection: The Complex Web of Data Privacy and its Influence on AI Ethics, Competition and Tech Evolution
(Citi GPS, July 2020)
Privacy 2020: 10 Privacy Risks and 10 Privacy-Enhancing Technologies to Watch in the Next Decade
(Future of Privacy Forum, March 2020)
Enhancing Privacy Education with a Technical Emphasis in IT Curriculum
(Kennesaw State University, February 2020)
White Paper – The Skill Set Needed to Implement a Global Privacy Standard: ISO/IEC 27701 alignment with IAPP CIPM and CIPP/E certifications
(IAPP, November 2019)
White Paper – Talking Tech for Privacy Pros: The Organic Chemistry of Computer Science
(IAPP, November 2019)
White Paper – Talking Tech for Privacy Pros: Coming Down from the Cloud
(IAPP, October 2019)
How Privacy Tech Is Bought and Deployed
(IAPP, June 2019)
White Paper – Check or Mate? Strategic Privacy by Design
(IAPP, October 2017)
The Ransomware Epidemic – Article Series
(IAPP, September 2016)
View More Resources

Privacy Engineering

Web Conference: Privacy Engineer Your Operations for Excellence

Original broadcast date: 12 May 2022 In this web conference, panelists explain how to avoid ripple effects from immature privacy practices, but also clearly show how privacy controls can contribute to better data quality, lower storage costs, and an overall business strategy of trust. Founders, product managers, engineers, and legal privacy professionals alike will walk away from this web conference with a better understanding of the essential building blocks of applying privacy principles in practice, why it makes sense to invest in privacy-by-design when building and maintaining products and systems, and how to get one’s team up to speed. Read More

Infographic – How to get started in privacy engineering

Published: August 2020Click To View (PDF) Privacy engineering is a rapidly growing field in our increasingly data driven world. This infographic offers advice on how to jump start a career in this dynamic profession. It offers tips for pursuing a cross-disciplinary education, searching for career opportunities beyond Big Tech, writing about privacy issues, networking with other professionals, becoming an expert in your own privacy, earning privacy credentials, staying informed about privacy i... Read More

Privacy engineering is evolving daily: Join the conversation about its future

Regulations and policies alone won’t get us to a world that effectively respects privacy. To get there, we need multiple things: (1) systems we can trust to robustly implement policy, (2) technology that enables better choices than the ones we have today and (3) a deep understanding of the wide spectrum of humans who interact with our systems. In short, we need privacy engineering. Organizations’ understanding of privacy engineering and their need for it is evolving rapidly alongside new techno... Read More

Privacy engineering: Comprehensible access control lists

When a user is taking an action, they need to know who, what and where. But what happens once they’ve taken that action? When a user shares something with another user, like a photo or a document, they need to know who, why and how to make it stop. First, let me differentiate sharing and sending. Sending is when someone transmits data to another entity and that data passes into the possession of that entity. For example, if you were to send me an email, that email goes into my inbox. You can’t ... Read More