Changes to Federal Common Rule delayed

(Jan 22, 2018) Updates to the Federal Common Rule were slated to go into effect last Friday, but were put on hold for the next six months. According to a press release from the U.S. Department of Health and Human Services, the agency and 15 other federal departments announced an Interim Final Rule that delays the effective date of revisions to the "Federal Policy for the Protection of Human Subjects" until July 19. The press release did not explain why the changes were delayed. In comments provided to the Dail... Read More

The IAPP's Privacy List goes live with new web conference series

(Jan 22, 2018) The IAPP Privacy List has long been a place for privacy pros to share their thoughts, ask difficult questions, offer advice, and hammer out potential solutions to the difficult areas in privacy. Now the IAPP is bringing that vibrant forum to a live setting with a new IAPP Web Conference Series, called "Privacy List Live." For each show, the IAPP will identify two or three of the most vexing or interesting issues circulating on the Privacy List and put them in front of a rotating panel of privacy... Read More

Risk, High Risk, Risk Assessments and Data Protection Impact Assessments under the GDPR

(Jan 19, 2018) This paper from the Centre for International Policy Leadership is structured in two parts. Part 1 addresses the risk-based approach to data protection and privacy in general and identifies and explains the GDPR provisions on risk, high risk, risk assessments and DPIAs. Part 2 assesses the practical impacts and challenges associated with implementing these provisions in practice and makes suggestions on how these challenges can be resolved and where further guidance may be helpful.Read Now (PDF 5... Read More

Podcast: Ready, set, now go GDPR

(Jan 19, 2018) Gabe Maldoff is a young guy. He graduated law school in 2015, got himself a fellowship at the IAPP's Westin Center, and then immediately went to work at London's Bird & Bird. And just as he was adjusting to life in the real world, the world itself was adjusting to what would be expected of it under Europe's new privacy regime via the GDPR. In this episode of The Privacy Advisor Podcast, Maldoff talks to host Angelique Carson, CIPP/US, about how his early experiences working in Tanzania on an... Read More

Technical Requirements of the GDPR

(Jan 19, 2018) The purpose of this white paper from PrivacyCheq is to list in detail all the technological requirements mandated by the new General Data Protection Regulation with regard to providing notice and managing consent.Read Now (PDF 525KB)... Read More

Health orgs paying ransomware despite having backup systems

(Jan 19, 2018) CareersInfoSecurity reports on an Indiana hospital that paid $55,000 to access data during a ransomware attack despite having backup systems available. A spokeswoman for Hancock Health said the organization paid the ransom because it did not want to risk delaying treatment for patients. The spokeswoman said it also would have taken weeks to access and restore the affected data using the backup systems, making it a better financial decision to pay the ransom. "That is why you should have an incid... Read More

The Privacy Advisor Podcast: Ready, set, GDPR

(Jan 19, 2018) Gabe Maldoff is a young guy. He graduated law school in 2015, got himself a fellowship at the IAPP's Westin Center, and then immediately went to work at London's Bird & Bird. And just as he was adjusting to life in the real world, the world itself was adjusting to what would be expected of it under Europe's new privacy regime via the GDPR. In this episode of The Privacy Advisor Podcast, Maldoff talks to host Angelique Carson, CIPP/US, about how his early experiences in Tanzania shaped his fu... Read More

Research finds more password security is needed

(Jan 18, 2018) Google Security Engineer Grzegorz Milka recently spoke about research carried out in partnership with the University of California, Berkeley, concerning the process in which accounts become compromised, Gizmodo reports. The research, conducted between March 2016 and March 2017, found 67 million valid Google account credentials on black markets. While Google takes steps to ensure user safety, including two-factor authentication, the company estimates less than 10 percent of it’s users have this e... Read More

Web con: 'What's the Risk of Not Complying with the GDPR?'

(Jan 18, 2018) The IAPP and TrustArc released their “Getting to GDPR Compliance: Risk Evaluation and Strategies for Mitigation” report, an in-depth look at how organizations are prioritizing their compliance efforts prior to the May 2018 implementation date for the new rules. Join the IAPP Jan. 25 as IAPP Research Director and Data Privacy Officer Rita Heimes, CIPP/US, CIPM, and TrustArc Senior Privacy Consultant Janalyn Schreiber, CIPM, break down the results, while also discussing the ways organizations are ... Read More