US Sen. Moran's new privacy bill: Stacking up the federal proposals

(Mar 20, 2020) On March 12, U.S. Sen. Jerry Moran, R-Kan., introduced the Consumer Data Privacy and Security Act, signaling that despite the political impasse on previous bills and focus on current pressing national health matters, privacy remains top of mind for the nation’s lawmakers. Moran is a member of the Senate Committee on Commerce, Science, and Transportation, from which several recent and similar bills have sprung, and chairs the Subcommittee on Consumer Protection. In his statement announcing the p... Read More

COVID-19 response and data protection law in the EU and US

(Mar 11, 2020) Managing the COVID-19 outbreak and stopping its spread is now a global challenge. In addition to the significant health and medical responses underway around the world, governments and public health officials are focused on how to monitor, understand and prevent the spread of the virus. Data protection and privacy laws, including the EU General Data Protection Regulation and various U.S. laws, are informing these responses. One major response to limiting the spread of infection is contact traci... Read More

Microsoft launches open-source privacy mapping tool

(Feb 21, 2020) Microsoft has launched a new open-source tool mapping ISO's global privacy standard, ISO/IEC 27701, to nine different privacy laws from around the world. The “Data Protection/Privacy Mapping Project,” as it is named, maps ISO/IEC 27701 to the EU General Data Protection Regulation, California Consumer Privacy Act, Brazil’s General Data Protection Law, Australia’s Privacy Act, Canada’s Personal Information Protection and Electronic Documents Act, Singapore’s Personal Data Protection Act, Hong Kon... Read More

An update to what authorities believe is and isn't subject to a DPIA under GDPR

(Feb 19, 2020) The European Data Protection Board offered its opinion on the draft lists submitted by 22 supervisory authorities of what activities need a data protection impact assessment back in 2018. Since then, the EDPB issued nine new opinions on draft lists submitted by countries such as Denmark, Iceland and Spain. In this piece for The Privacy Advisor, former IAPP Legal Extern Darya Balybina, CIPP/E, CIPP/US, breaks down the latest round of draft lists. Editor's note: IAPP Senior Westin Research Fellow ... Read More

IAPP white paper: 'How NIST Privacy Framework aligns with CIPM Body of Knowledge'

(Feb 18, 2020) The U.S. National Institute of Standards and Technology released the NIST Privacy Framework Version 1.0 earlier this year. The IAPP’s Westin Research Center has published a white paper to document how the Privacy Framework aligns with the Certified Information Privacy Manager Body of Knowledge. “This mapping serves the dual purpose of informing privacy professionals seeking to understand the skill set needed to implement the NIST Privacy Framework and IAPP’s ongoing work to ensure its certificat... Read More

What is and what isn't subject to a DPIA under GDPR? An update

(Feb 14, 2020) In 2018, IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, wrote about the European Data Protection Board’s opinions of the EU General Data Protection Regulation Article 35(4) draft lists submitted by 22 supervisory authorities. These so-called "blacklists" identify data-processing activities likely to result in a high risk to the rights and freedoms of natural persons and, therefore, obligate a data protection impact assessment. Since then, the European Data Protection Board ... Read More

Navigating the IAPP's 'CCPA Rights and Obligations Tool'

(Feb 6, 2020) The Westin Research Center released a tool to help IAPP members understand the California Consumer Privacy Act. The “CCPA Rights and Obligations Tool” organizes the act’s consumer rights and business obligations around the different phases of interaction with a consumer described in the act and is intended to help privacy professionals navigate the network of consumer rights, business obligations that flow from those rights, and independent obligations placed on a business that comprise the CCPA... Read More

Are privacy pros ready for Brexit?

(Jan 31, 2020) Brexit is becoming a reality as the European Parliament voted this week to end the U.K.’s membership with the EU. Ahead of this week's vote, former IAPP Legal Extern Chelsea Broomhall, CIPP/US, looked at the 2019 IAPP-EY Annual Governance Report to gauge the level of preparedness privacy professionals expressed with regard to Brexit. In this piece for the Westin Research Center, Broomhall reviews the results of the survey and looks at how privacy teams are preparing for withdrawal.Full Story... Read More

Preparing for Brexit: Are privacy pros ready?

(Jan 30, 2020) In June 2016, the United Kingdom narrowly voted to leave the European Union. After nearly three long years of negotiations, Brexit is becoming a reality. On Jan. 29, the European Parliament voted to end the U.K.'s membership in the EU. In response, the U.K. Information Commissioner's Office released a statement on Brexit implementation, noting that the transition period will run until the end of December 2020 and "it will be business as usual for data protection." But how prepared are privacy p... Read More

Seeking clarity on the role of the DPO

(Jan 28, 2020) An estimated 500,000 organizations registered a data protection officer as a result of the EU General Data Protection Regulation. The IAPP-EY Annual Governance Report 2019 revealed 72% of respondents work in an organization that appointed a DPO. The roles and responsibilities of the DPOs greatly varied among those organizations. As a response, the IAPP set out to seek clarity on the role of the DPO under the GDPR. In this piece for the Westin Research Center, former IAPP Legal Extern Chelsea Bro... Read More