What you need to know about China's new draft measures on cross-border data transfers

(Aug 27, 2019) Recently, the Cyberspace Administration of China released new draft "Measures on Security Assessment on Cross-border Transfer of Personal Data" for public consultation. The June 13 release presents another approach to cross-border data transfer under the China Cyber Security Law. These CAC New Draft Measures superseded the previous efforts of CAC on cross-border data transfer, i.e., CAC’s draft "Measures on Security Assessment on Cross-border Transfer of Personal Data and Important Data" and the... Read More

Facial-recognition software will be installed at Israeli checkposts

(Aug 23, 2019) Israel is adding facial-recognition technology to its West Bank checkpoints in an effort to expedite verifications for Palestinians to cross into the country, NPR reports. Israeli defense officials confirmed that AnyVision software will be at all checkpoints within the next few months. In a statement regarding the ethics of its software, AnyVision wrote that privacy "is of the utmost importance" and that privacy protection "is instrumental to both our business strategy and our own standard of et... Read More

A look at ISO's new privacy management standard

(Aug 20, 2019) When the International Standards Organization published earlier this month the world's first international standard to help organizations manage information privacy, it noted that digital privacy has "become a significant business concern." No doubt this has been demonstrated on the enforcement front in recent months. The new standard, ISO/IEC 27701, is an extension of ISO/IEC 27001 — the commonly adopted security standard — and "specifies the requirements for establishing, implementing, maintai... Read More

World's first global privacy management standard hits the mainstream

(Aug 20, 2019) When the International Standards Organization published earlier this month the world's first international standard to help organizations manage information privacy, it noted that digital privacy has "become a significant business concern."  No doubt this has been demonstrated on the enforcement front in recent months. The U.S. Federal Trade Commission fined Facebook a record $5 billion in the same week that it fined Equifax $575 million. Each settlement also included board-level requirements a... Read More

Why the CCPA's 'verified consumer request' is a business risk

(Aug 14, 2019) Sometimes it seems like all authenticators are compromised. Passwords, identity documents and even knowledge-based authentication — a plethora of these and other authenticators are readily available on the web or the dark web. The terrible beauty of the California Consumer Privacy Act is that innumerable companies will soon be required to undertake totally novel consumer-facing responsibilities. In the name of empowering consumers, the law is actually introducing threat vectors that can be mani... Read More

Perspective: Why the CCPA's 'verified consumer request' is a business risk

(Aug 14, 2019) One of the requirements in the California Consumer Protection Act gives consumers the right to access their data and those requests must be verified. Annie Bai, CIPP/US, CIPM, FIP, and Peter McLaughlin, CIPP/US, raise concerns the upcoming law does not clarify what "verified" means. “The terrible beauty of the California Consumer Privacy Act is that innumerable companies will soon be required to undertake totally novel consumer-facing responsibilities,” they write. “In the name of empowering con... Read More

2019 Privacy Tech Vendor Report

(Aug 14, 2019) The privacy tech vendor market continues to mature as more organizations around the world adopt products and services that help automate and streamline necessary functions for the privacy office and enterprise as a whole. Since the last iteration of the IAPP Privacy Tech Vendor Report at the end of 2018, dozens of new vendors have entered the marketplace. Many of these vendors are startups backed by angel or venture capital funding. Other more established organizations are also getting into th... Read More

IAPP infographic: FTC-Facebook vs. largest global privacy and security fines

(Aug 10, 2019) The U.S. Federal Trade Commission's fine of Facebook for $5 billion is the largest ever global enforcement fine for privacy violations to date, and according to the IAPP Westin Research Center, is more than twice the total number of global privacy and data security regulatory fines in history. This infographic compares the fine of Facebook to other global enforcement fines for privacy violations to date. Read More

Facebook White Paper: Data Portability and Privacy

(Aug 9, 2019) Facebook published this white paper covering the challenges of building portability products in a privacy-protective way while also helping keep competition vibrant amongst online services.(September 2019) Click To View (PDF)... Read More

The what, why and how of privacy engineering

(Aug 8, 2019) "Privacy engineering will be central to the privacy profession going forward," writes IAPP Senior Privacy Fellow Caitlin Fennessy, CIPP/US. "That is an easy assertion to make. Privacy professionals have long discussed the importance of building privacy in rather than bolting it on ... – But as technology has raced ahead, the need for privacy engineering has evolved and intensified." In this in-depth post for Privacy Tech, Fennessy discusses the IAPP's privacy engineering initiative — to better d... Read More