Federal Privacy Council launches hiring toolkit

(Jan 19, 2017) The U.S. Federal Privacy Council has launched a new toolkit aimed at assisting federal agency human resources staff and hiring managers in understanding the new world of U.S. government privacy, making decisions about which types of positions they should use in their privacy offices, designing federal privacy positions, and then conducting recruitment and selection activities. Access the toolkit through the IAPP's online Resource Center, along with many other U.S. government-focused tools like t... Read More

National Privacy Commission publishes five privacy 'commandments'

(Jan 19, 2017) Philippines' National Privacy Commission has released a list of five "commandments" to help organizations avoid a breach, Inquirer.net reports. The rules exhort companies and agencies to "appoint a data protection officer; conduct a privacy impact assessment; create your privacy management program; implement your privacy and data protection measures; and regularly exercise your breach reporting procedures," the report states. "These are very practical recommendations na hindi naman kailangang ga... Read More

Toolkit for Recruiting, Hiring, and Retaining Privacy Professionals in the Federal Government

(Jan 18, 2017) The U.S. Federal Privacy Council has launched a new toolkit on its career page aimed at assisting federal agency human resources staff and hiring managers in understanding the new world of federal government privacy, making decisions about which types of positions they should use in their privacy offices, designing federal privacy positions, then conducting recruitment and selection activities.  This toolkit contains hiring authorities and flexibilities, template position descriptions and job op... Read More

Signatu aims to be an all-purpose GDPR compliance tool

(Jan 17, 2017) The General Data Protection Regulation is coming in 2018. You know it, I know it, and Torgeir Hovden and Georg Philip Krog know it, too. Hovden and Krog are the co-founders of Signatu, a cloud service aiming to provide a range of solutions to help privacy pros, data protection officers, and lawyers ensure their organization will be in compliance with the GDPR once it comes into effect. “We would like to provide a toolset to enable companies to basically follow all the rules without hiring a lo... Read More

Web con: Ask the DPO - Preparing for the GDPR

(Jan 13, 2017) As most privacy professionals know by now, the GDPR will come into force in May of 2018. The list of data governance issues to be tackled is large, with many new requirements for anyone doing business with EU citizens. Many organizations, in fact, will have to appoint a data protection officer, with specific tasks and responsibilities. Given these new demands, the IAPP has arranged for DPOs and privacy leaders who run some of the world’s leading privacy programs at organizations in the EU and ar... Read More

The State of Data Sharing for Healthcare Analytics 2015 - 2016: Change, Challenges and Choice

(Jan 12, 2017) This report summarizes the key findings from a survey launched by Privacy Analytics, in collaboration with the Electronic Health Information Laboratory. The survey assessed the state of data sharing in healthcare and the challenges in disclosing data for secondary use. Secondary use of health data applies to protected health information that is used for reasons other than direct patient care, such as data analysis, research, safety measurement, public health, payment, provider certification or m... Read More

Resolutions for your health info privsec plan

(Jan 12, 2017) Kick off the new year with a health privacy and security plan with help from Davis Wright Tremaine's 2017 Health Information Privacy and Security New Year's Resolutions available in the IAPP Resource Center. The checklist maps out annual, quarterly and monthly tasks allowing you to set goals for completion and add completion dates for many important elements of a robust privacy and security program. Included are tasks like conducting a website privacy policy checkup, breach notification training... Read More

2017 Health Information Privacy and Security New Year's Resolutions

(Jan 11, 2017) Davis Wright Tremaine has created this checklist of potential health information privacy and security resolutions. It offers annual, quarterly and monthly lists to map out your privacy and security tasks for the year, and then you can check them off as you complete them. There are also empty rows for you to add your own resolutions.Read Now (PDF 1.45M)... Read More

Web con: Unlocking big data value while complying with the GDPR

(Jan 9, 2017) Big data has opened up vast opportunities in the commercial sector in terms of targeted marketing and business insights, but rapidly evolving big data algorithms have made re-identification a looming threat for individuals. Companies now have the challenge of figuring out how to use big data, while also ensuring they are in compliance with the upcoming General Data Protection Regulation. On Jan. 31, join the IAPP web conference, “How to Comply with the GDPR While Unlocking the Value of Big Data,... Read More

An Introduction to Privacy Engineering and Risk Management in Federal Systems

(Jan 6, 2017) This document from NIST provides an introduction to the concepts of privacy engineering and risk management for federal systems. These concepts establish the basis for a common vocabulary to facilitate better understanding and communication of privacy risk within federal systems, and the effective implementation of privacy principles. This publication introduces two key components to support the application of privacy engineering and risk management: privacy engineering objectives and a privacy ... Read More