Privacy Risk Study 2018: Privacy law compliance and litigation deemed significant risk factors

(Dec 6, 2018) The U.S. Securities and Exchange Commission requires most publicly traded companies to annually disclose potential risk factors, including exposure to cybersecurity threats and violations of consumer privacy laws. The IAPP’s third annual study of these disclosures (part of Form 10-K) of 150 publicly traded companies shows that — like last year — effectively 100 percent identified concerns about cyberattacks in their 2017 10-K reports. New this year is a significantly higher concern about risks o... Read More

Introducing the DPO Report Template

(Nov 26, 2018) In this Privacy Perspectives post, IAPP Senior Content Manager Emily Leach, CIPP/E, CIPP/US, introduces a new tool in the Resource Center, called the DPO Report Template. Last month, a question was posed on the Privacy List: "Does anyone have a template of an annual [or quarterly or any similar] DPO report to management that they would be kind enough to share?" The question generated dozens of responses that went something like, "Yeah, I'd like to see that too!" and some others offering informat... Read More

ICO releases guidance on encryption

(Nov 20, 2018) The U.K. Information Commissioner's Office has published new guidance on encryption. The guidance outlines current forms of encryption in use and scenarios when encryption can help protect an entity's sensitive data. The resource covers encryption in the context of the EU General Data Protection Regulation's integrity and confidentiality principle, as well as under Article 32 on security processing. "This guidance will help you to understand the importance of encryption as an appropriate technic... Read More

The IAPP's new DPO Report Template

(Nov 20, 2018) Last month a question was posed on the Privacy List: "Does anyone have a template of an annual [or quarterly or any similar] DPO report to management that they would be kind enough to share?" The question generated dozens of responses that went something like, "Yeah, I'd like to see that too!," and some others offering information on what one would include in such a report. The IAPP's content and research teams noticed the overwhelming response and have created the DPO Report Template — a slide... Read More

DPO Report Template

(Nov 19, 2018) This slide deck created by the IAPP research team offers a customizable template for a report to organizational leadership to help Data Protection Officers show the activities of the data protection team as well as record compliance with the General Data Protection Regulation. Read More

Data Protection law compliance: Assessment for small business owners and sole traders

(Oct 22, 2018) This self-assessment tool, released by the U.K. Information Commissioner's Office, helps outline the level of data protection compliance your small business or organization adheres to. Also, after completing the self-assessment checklist, you are provided with a report suggesting practical actions you can take and providing links to additional guidance you could read that will help you improve your data protection compliance.View Now... Read More

Small and Mighty: How Small and Midmarket Businesses Can Fortify Their Defenses Against Today’s Threats

(Oct 22, 2018) This cybersecurity report, published by Cisco, outlines the risks, challenges and precautions involved with the cybersecurity surrounding small and midmarket businesses. The report gives an understanding of the risks smaller organizations face, offers an understanding of how smaller organizations stack up against their peers with respect to security, and shares a bit of guidance.View Now (2.2 MB)... Read More

NIST launches development of a privacy framework

(Oct 17, 2018) On Tuesday, the U.S. National Institute of Standards and Technology initiated its process for the development of a privacy framework to a room full of privacy professionals here in Austin, Texas. The first in a series of public workshops, officials from NIST described the framework as a "voluntary enterprise risk-management tool." The framework is intended to be a collaborative effort with public and private sectors to help organizations "better identify, assess, manage, and communicate privacy... Read More

NIST launches development of 'privacy framework' in Austin

(Oct 17, 2018) On Tuesday, the U.S. National Institute of Standards and Technology initiated its process for the development of a privacy framework to a room full of privacy professionals here in Austin, Texas. The first in a series of public workshops, officials from NIST described the framework as a "voluntary enterprise risk-management tool." In addition to laying out its goals for the project, NIST facilitated a robust and interactive conversation among a wide swath of industry stakeholders and privacy pro... Read More

Health care CISO: Start protecting patient privacy at home

(Oct 16, 2018) Health care professionals should think beyond merely protecting the organization and start protecting patients' privacy at home, HealthITSecurity reports. "At some point, I'm going to have [to] start thinking about how to protect patients in their home," Christiana Care Health System Chief Information Security Officer Anahi Santiago said. "My information security program is not going to just be about the data center or the cloud but an extension into the patients' homes. So, we can be responsibl... Read More