Podcast: A journalist's view from the EU

(Mar 16, 2018) Jennifer Baker makes a career out of knowing the nuances of data protection and data privacy. But she's not advising clients or writing privacy policies. Rather, as a freelance journalist, she is reporting on the developments that often guide the decision-making of those who do. Baker has spent years developing sources inside European institutions and businesses, and, in this episode of The Privacy Advisor Podcast, host Angelique Carson, CIPP/US, talks with Baker about reporting on the privacy b... Read More

Op-Ed: Canada's revamped CIO role has potential to move past IT

(Mar 16, 2018) In an Op-Ed for iPolitics, Davide Cargnello and Karl Salgo write about the potential new duties of Canada’s chief information officer within Budget 2018. The government’s CIO will see a shift in responsibilities, but the specifics of what the revamped role will entail are still under wraps. Cargnello and Salgo hope the CIO will move away from simply being an IT-heavy position. “No doubt the toughest challenges of a government CIO often have more to do with institutional behaviours than with tech... Read More

ICO awareness campaign targets micro-businesses

(Mar 15, 2018) The U.K. Information Commissioner’s Office has launched an EU General Data Protection Regulation awareness campaign, called "Making data protection your business," designed to bring micro-businesses up to speed with future requirements of the GDPR. Through a series of radio ads, the campaign is designed to raise awareness among organizations that have less than 10 people. Information Commissioner Elizabeth Denham said, “All organisations have to be ready for the new data protection rules, but we... Read More

Communicating with your DPA

(Mar 15, 2018) If you are subject to the EU General Data Protection Regulation, you're going to find yourself communicating with data protection authorities. You might have a lead DPA. You might have several DPAs with which you'll need to keep in regular contact. Who is doing that communicating? When? What format are you using? These are questions IAPP Westin Fellow Müge Fazlioglu, CIPP/US, answers as part of the final installment of the "Top 10 Operational Responses to the GDPR" series in The Privacy Advisor.... Read More

Sample job description: Privacy engineer

(Mar 15, 2018) You may have heard, the IAPP is launching a new Privacy Engineering Section in recognition of the growth of the IT and privacy engineering fields within our member community. These professionals fill the gap between privacy laws and policies and the implementation of information technology, but what does this role look like, and what are the essential skills one needs to be an effective privacy engineer? The IAPP — with help from the Privacy Engineering Advisory Board —  has cobbled together a s... Read More

Privacy Engineer Sample Job Description

(Mar 15, 2018) As the job of privacy moves beyond law, policy, and compliance and into operations and the actualization of information technology, organizations have begun training, hiring, and generally seeking out "privacy engineers" to fill the gap left between policy and implementation. The job title has been around since at least 2001, but there remain few with that title active in the workforce and this year marks the IAPP's launch of a new Privacy Engineering Section to recognize and support the sizable... Read More

DPO job postings surge ahead of GDPR implementation date

(Mar 15, 2018) Research conducted by Joblift found 25 percent of job postings for data protection officers has been posted in 2018, IT Pro Portal reports. The surge of DPO postings comes months ahead of the implementation date of the EU General Data Protection Regulation. Joblift found 3,911 data protection officer jobs have been advertised over the past 12 months, with an average monthly increase of 11 percent. Over the past year, 50 percent of the DPO postings has come from London. The study found 356 vacanc... Read More

Top 10 Operational Responses to the GDPR - Part 10: Communicating with supervisory authorities

(Mar 15, 2018) In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation. This final installment in the 10-part series addresses why and h... Read More

GDPR's demands for vetting and contracting with vendors

(Mar 14, 2018) At the top of virtually every list of organizational privacy risks sits third-party vendors. Now, with the coming into force of the EU General Data Protection Regulation, your relationships and contracts with vendors are even more important. In this ninth installment of the "Top 10 Operational Responses to the GDPR" series, IAPP DPO and Research Director Rita Heimes, CIPP/E, CIPP/US, CIPM, offers practical advice for understanding the risks associated with vendors, how controllers and processors... Read More

Marketing tech companies preparing for GDPR

(Mar 14, 2018) AdExchanger reports on the steps marketing tech companies are taking and will need to take to prepare for the EU General Data Protection Regulation. IAPP VP and Chief Knowledge Officer Omer Tene said marketing tech companies insist all the personal data they handle is de-identified and anonymized. “But drill a bit deeper, and you’ll find that while they might not have direct identifiers, like a person’s name or Social Security number, they do collect, process and store personal data under GDPR,”... Read More