An analysis of alternative dispute-resolution mechanisms

(Jun 15, 2018) The strong emphasis on the accountability principle in some regulations allows organizations to resolve complaints or disputes related to the data protection (or data privacy) provisions through alternate dispute-resolution mechanisms, such as conciliation, negotiation or mediation, or even arbitration. For instance, the Personal Data Protection Act 2012 of Singapore establishes the possibility that any complaint by an individual against an organization might be more appropriately resolved throu... Read More

Study examines data collection, protection efforts of Canadian businesses

(Jun 15, 2018) A survey commissioned by the Office of the Privacy Commissioner of Canada polled Canadian businesses about their data collection practices, Global News reports. Of the 1,014 predominantly small- to medium-sized businesses polled, 94 percent said they collect basic contact information, while 25 percent collect financial information and 21 percent gather identity documents. When asked about protecting the data, 94 percent of respondents said they use at least one security method such as a password... Read More

6 Ways Privacy Awareness Training Will Transform Your Staff

(Jun 14, 2018) Bob Siegel, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIPPrivacy Ref Part of the IAPP's Privacy 101 white paper series. As an organization, you have obligations to your customers and other stakeholders to protect their personal information. Some obligations are regulatory, some by statute, some by contract, and some simply due to public expectations. This white paper outlines six ways that establishing a privacy awareness training program will help your team to think about privacy and me... Read More

Canadian Privacy, Third Edition

(Jun 14, 2018) Third Edition The newly updated edition of Canadian Privacy: Data Protection Law and Policy for the Practitioner is crucial for anyone responsible for information risk management, information security, information auditing or legal compliance for clients or organizations based in Canada or subject to Canadian jurisdiction. It includes a new chapter on information security, Big Data and artificial intelligence, as well as the latest details of notable Canadian data protection laws, including: ... Read More

DPO Handbook: Data Protection Officers Under the GDPR

(Jun 14, 2018) DPO Handbook: Data Protection Officers Under the GDPR by Thomas Shaw, CIPP/E, CIPP/US, provides a comprehensive view of all aspects of the role of Data Protection Officers (DPOs) under the EU’s new General Data Protection Regulation (GDPR), starting with a look at how organizations determine whether they need a DPO, defining the skills required for the role, and discussing how to source this skillset. The book then describes in detail the various tasks a DPO performs starting from their first ... Read More

European Data Protection

(Jun 14, 2018) Eduardo Ustaran, CIPP/E, Executive Editor While the General Data Protection Regulation (GDPR) promises to unify the approaches of the EU member states, it brings forth challenges as organisations work toward compliance with this robust and comprehensive regulation. Based on the body of knowledge for the Certified Information Privacy Professional/Europe (CIPP/E) certification (ANSI accredited under ISO 17024:2012), European Data Protection is the essential text on the GDPR, pan-European, and n... Read More

Five Lessons I Learned Transitioning from Security to Privacy

(Jun 14, 2018) James Park, CIPTMicrosoft Part of the IAPP's Privacy 101 white paper series. With the ever-evolving privacy requirements changing the global landscape, many information security professionals are being tasked with adding to or leading information privacy programs. It may seem like a natural progression, but there are five lessons I had to learn when I made my transition from working in the security and audit (with a focus on security) fields to information privacy. In this white paper, lear... Read More

Data processors’ ISO and SOC 2 credentials explained for GDPR compliance

(Jun 14, 2018) Both ISO 27001 Certification and SOC2 reports can be incredibly useful tools for data controllers attempting to vet or manage data processors. However, they cannot simply be taken at face value to signify EU General Data Protection Regulation compliance. In this article for The Privacy Advisor, Timothy Dickens, CIPP/A, CIPP/E, CIPP/US, reports that in order to meet the GDPR’s requirements, controllers will need to dedicate the time and expertise of privacy and security professionals to the caref... Read More

Op-ed: Businesses need transparent data practices to regain consumer trust

(Jun 14, 2018) In an article for the Harvard Business Review, Kevin Cochrane wrote that to overcome the erosion of trust consumers hold in businesses, more work is needed to develop transparent and consistent data practices. Cochrane pointed to a study that showed 79 percent of consumers will leave a brand if they feel their personal data was used without their consent. “Moving forward,” he wrote, “consumers should (and will) have full visibility into how extensively their personal data is being monetized.” He... Read More

Guidelines on White-Box Development

(Jun 14, 2018) 1. A clear, documented design for development at the outset (covering the elements below). 2. Verification from the outset that the dataset applied for the training of the algorithm is: Representative (no missing information from particular populations and verification that there are no hidden unlawful biases that are having an unintended impact on certain populations). Accurate and up to date (data collected in another context may be up-to-date but still lead to inaccurate outcomes). Note ... Read More