Prudence the Privacy Pro Vol. 6 No. 1

(Jan 28, 2019) Blockhead makes his debut on the data theft circuit, but is it ... theft? Click on the image below if you would like to download a high-resolution pdf to print and hang in your office. (22.8 MB) ... Read More

Report: UK businesses with poor cybersecurity should be publicly named

(Jan 24, 2019) A report from the Cyber Security Research Group and the Policy Institute at King’s College London states the names of U.K. companies with poor cybersecurity measures should be named publicly, Computer Weekly reports. The groups argue companies will have more incentive to implement stronger cybersecurity should they be identified for their deficiencies. The report also states businesses, charities and other organizations would benefit from the adoption of the cybersecurity measures found within t... Read More

Comparison of Mobile Application Guidelines

(Jan 22, 2019) The IAPP has worked through a number of the leading privacy guides and standards created for mobile app developers and the parties who host those apps and pulled out the salient points for all of the stakeholders in the mobile app community who are looking to do everything from collect data from children to provide adequate notice and choice previous to data collection. ... Read More

Web con: Insight on managing privacy incident response

(Jan 15, 2019) The effectiveness of an organization's incident response process undergirds a successful privacy program. Despite its importance, implementing an effective program is challenging, even to the most experienced privacy professional. Difficulties in proper incident detection and escalation, the complexities of breach notification regulations, budget constraints, and process inefficiencies are the everyday realities of privacy pros across all industries. In this upcoming IAPP web conference Jan. 24,... Read More

Company introduces data breach discovery service

(Jan 9, 2019) Digital forensics and eDiscovery service provider BIA has released a new service designed to help identify personal and sensitive data compromised in a data breach, according to a news release. BIA President and CEO Brian Schrader said, "There’s a significant demand for data breach discovery, and it is a natural outgrowth of the services BIA offers and has honed over our 15 plus years in eDiscovery." The new release states the company combines "cybersecurity methodologies and electronic discover... Read More

Protenus, RADAR announce strategic partnership

(Jan 8, 2019) Health care compliance analytics company Protenus has announced it has formed a strategic partnership with incident response platform RADAR. According to a news release, the partnership aims to help health care organizations detect and assess risks associated with privacy and security events. "Protenus and RADAR share a commitment to applying advanced technology to solve complex problems related to patient data privacy and security," RADAR CEO Mahmood Sher-Jan said. Protenus Vice President of Bu... Read More

Congressional report says Equifax breach was 'preventable'

(Dec 10, 2018) The U.S. House Oversight Committee released a report Monday on last year's data breach of Equifax, saying the incident was "entirely preventable" and that the company mishandled its response, according to Politico. "Equifax failed to fully appreciate and mitigate its cybersecurity risks," the Congressional report states. Two factors led to the breach: The company's structure allowed gaps between IT policy development and operations, and the company grew too fast, creating a series of legacy syst... Read More

Privacy Risk Study 2018: Privacy law compliance and litigation deemed significant risk factors

(Dec 6, 2018) The U.S. Securities and Exchange Commission requires most publicly traded companies to annually disclose potential risk factors, including exposure to cybersecurity threats and violations of consumer privacy laws. The IAPP’s third annual study of these disclosures (part of Form 10-K) of 150 publicly traded companies shows that — like last year — effectively 100 percent identified concerns about cyberattacks in their 2017 10-K reports. New this year is a significantly higher concern about risks o... Read More

Introducing the DPO Report Template

(Nov 26, 2018) In this Privacy Perspectives post, IAPP Senior Content Manager Emily Leach, CIPP/E, CIPP/US, introduces a new tool in the Resource Center, called the DPO Report Template. Last month, a question was posed on the Privacy List: "Does anyone have a template of an annual [or quarterly or any similar] DPO report to management that they would be kind enough to share?" The question generated dozens of responses that went something like, "Yeah, I'd like to see that too!" and some others offering informat... Read More

ICO releases guidance on encryption

(Nov 20, 2018) The U.K. Information Commissioner's Office has published new guidance on encryption. The guidance outlines current forms of encryption in use and scenarios when encryption can help protect an entity's sensitive data. The resource covers encryption in the context of the EU General Data Protection Regulation's integrity and confidentiality principle, as well as under Article 32 on security processing. "This guidance will help you to understand the importance of encryption as an appropriate technic... Read More