Prudence the Privacy Pro Vol. 4, No. 4

(Apr 24, 2017) Think robo-calling is in your company's future? Well Prudence and Opt-Out have a not-so-subtle reminder for you U.S. businesses. If you would like to download a high-resolution pdf to print and hang somewhere in your office, click here. ... Read More

Exploring the risk-based approach to de-identification

(Apr 19, 2017) As with so many things in this world, there is rarely, if ever, a silver-bullet solution to a complex problem in privacy. Perhaps the most glaring example of this is in defining the identifiability of an individual. Countless privacy laws and regulations around the world define personal information in different ways using varying definitions. Though not new, de-identification, or anonymization, is a useful tool to meet compliance and mitigate risk. "Identifiability is relative and contextual," M... Read More

Using metrics to demonstrate your program’s value

(Apr 19, 2017) It doesn't matter what it is you decide to track, but pick something, and then follow it. It's more about being able to show change over time than anything else. That was the advice Jennifer Garone, CIPP/US, CIPT, FIP, gave attendees in an Active Learning session yesterday on "Measuring and (Proving!) Privacy's Business Value," here at the Summit. In the end, "The number isn't so important," she said. "It's about showing change. It's about storytelling." Using the metrics you gather, she said, y... Read More

Exploring the risk-based approach to de-identification

(Apr 19, 2017) As with so many things in this world, there is rarely, if ever, a silver-bullet solution to a complex problem in privacy. Perhaps the most glaring example of this is in defining the identifiability of an individual. Countless privacy laws and regulations around the world define personal information in different ways using varying definitions. Though not new, de-identification, or anonymization, is a useful tool to meet compliance and mitigate risk. "Identifiability is relative and contextual," M... Read More

De-identification: Moving from the binary to a spectrum

(Apr 18, 2017) As with so many things in this world, there is rarely, if ever, a silver-bullet solution to a complex problem in privacy. Perhaps the most glaring example of this is in defining the identifiability of an individual.  Countless privacy laws and regulations around the world define personal information or personally identifiable information in different ways, using varying definitions and key terms. One jurisdiction may consider an IP address PII while another may not. The Federal Trade Commission... Read More

Companies: Don't forget to secure your physical data when GDPR prepping

(Apr 17, 2017) Jonathan Armstrong, author of "Managing Risk: Technology & Communications," has urged companies to view securing their pieces of hard-copy data with as much importance as digital data as they prepare for the General Data Protection Regulation, the Independent.ie reports. Securing physical data is currently frequently overlooked. "In many ways, records like this are harder to secure as you can encrypt files and emails — but you can't prevent employees from writing down what is in their head,"... Read More

2017 IAPP-OneTrust Privacy Professionals Salary Survey — Executive Summary

(Apr 14, 2017) Executive Summary Salaries are holding strong for privacy professionals in this tenth IAPP salary survey. With Europe’s General Data Protection Regulation (GDPR) looming and an increasing global appreciation for information privacy risks, new opportunities abound for privacy veterans and rookies alike. This report reveals wide variance in salaries, raises and bonuses among geographies, industries, and job titles, as well as among those with and without professional certifications. Who gets the ... Read More

2017 IAPP-OneTrust Privacy Professionals Salary Survey — Full Report

(Apr 14, 2017) The survey was sent to privacy professionals by email and via a link in the Daily Dashboard to its more than 30,000 subscribers. We focused specifically, as we have going back to 2003, on salaries, bonuses, and raises, and this year paid particular attention to pathways into the profession. Nearly 900 respondents from around the globe provided detailed information about pay in their own currency, which we converted to U.S. dollars for ease of comparison in this report. All responses were anonymo... Read More

Data Mapping Automation Tool

(Apr 14, 2017)   IAPP-OneTrust Data Mapping Automation Tool The IAPP-OneTrust Data Mapping Automation tool enables privacy teams to collaborate with business and IT stakeholders to systematically inventory and update personal data flows, applications, and processing activities. The tool helps organizations meet the record keeping obligations of Article 30 in GDPR, and other privacy frameworks, by enabling privacy professionals to: Featuring Select a pre-defined template, for example a GDPR Article... Read More

Healthcare privacy plans need to account for medical device security

(Apr 14, 2017) The world is becoming increasingly interconnected with networked enabled devices becoming pervasive with the explosive growth of the internet of things. This increased level of interconnectedness provides the potential for enhancements in convenience and utility, but at the same time it is also clear that such a level of interconnectedness comes with an increased attack surface that can be used to compromise devices.  Once compromised, devices can be used as a backdoor into your organization as... Read More