IAPP White Papers
This page hosts a collection of white papers published by the IAPP.
IAPP White Papers
Health care privacy on the ground
This white paper tackles some of the most pressing challenges in-house health care privacy teams face and describe concrete solutions.
Read More
The Alignment Problem with “Sale of Data”
This white paper provides insights on how privacy professionals responded to the Sephora enforcement action, and how they are updating their practices to account for the expansion of “sale.”
Read More
Building the next generation of security and privacy professionals
This LinkedIn Live discusses how privacy careers have evolved, the importance of mentors in the field, tips for those starting out or looking to advance, privacy roles in government and what is on the horizon.
Read More
Self-sovereign identity as future privacy by design solution
This white paper explores how identity has evolved and if SSI solutions provide increased hope for greater privacy protections now and in the future.
Read More
The Rise of Prescriptive Technical Safeguards in FTC Settlements
This white paper reviews U.S. Federal Trade Commission settlements that have required increasingly specific remedies, and if organizations should begin implementing technologies promoted by the commission.
Read More
Technologists and Privacy Risk Management Frameworks
This white paper maps U.S. National Institute of Standards and Technology Privacy Framework’s Core to the Body of Knowledge for a Certified Information Privacy Technologist.
Read More
Additional White Papers
Negotiating privacy: Bipartisan agreement on US privacy rights in the 117th Congress
Privacy Leaders’ Views — The Impact of COVID-19 on Privacy Priorities, Practices and Programs
An Overview of US Surveillance in Light of “Schrems II”
The Skill Set Needed to Implement the NIST Privacy Framework
Privacy Risks to Individuals in the Wake of COVID-19
Assessing the Right to Personal Data Portability in Mexico
The Skill Set Needed to Implement a Privacy Risk Management Framework
COPRA and CDPA: Similarities, Gray Areas and Differences
Negotiating with Service Providers and Third Parties under CCPA
Privacy 2030: A New Vision for Europe
5 Steps You Must Take to Prepare for the CCPA
CCPA Compliance Operation: Delivering Data Access via Accounts
Timelines and budgets for GDPR compliance: A meta-analysis
Consensus and Controversy in the Debate Over US Federal Data Privacy Legislation
Building Ethics into Privacy Frameworks for Big Data and AI
Applying the Positive-Sum Principle for Successful Privacy by Design Outcomes
Some Privacy Practices May Result in Under-Reporting of Breach Incidents
What the GDPR Requires of and Leaves to the Member States
Consent for the Collection, Use, and/or Disclosure of Children’s Personal Information
Top 10 operational responses to the GDPR
6 Ways Privacy Awareness Training Will Transform Your Staff
How DPA Budget and Staffing Levels Mirror National Differences in GDP and Population
How Privacy Awareness Builds Trust
IAPP Privacy 101 White Paper Series
Five Lessons I Learned Transitioning from Security to Privacy
Getting Started with Privacy in Canada
Must-Have Privacy Training Features for Your Team
Privacy and Data Security is for Everyone
They Did What? Top Privacy Mistakes To Watch Out For (and How To Avoid Them)
The UX Guide to Getting Consent
Check or Mate? Strategic Privacy by Design
Applying VPPA to Online Video Privacy
Assessing Mobile App Data Privacy Risk
From Here to DPO: Building a Data Protection Officer
Preparing for the GDPR: DPOs, PIAs, and Data Mapping
The Risk-Based Approach in the GDPR: Interpretation and Implications
Top 45 Security and Privacy Blind Spots
Privacy Policies: How To Communicate Effectively with Consumers
Privacy 101 for SMEs: The Best Defense is a Good Offense
A Call for Agility: The Next-Generation Privacy Professional