Operationalizing the CCPA: Providing data access via 'accounts'

(Jun 13, 2019) "Companies find the California Consumer Privacy Act much more prescriptive than most other privacy laws," write Baker McKenzie Partner Lothar Determann and IAPP Westin Fellow Mitchell Noordyke, CIPP/E, CIPP/US, CIPM. "It contains a multitude of definitions, defined terms, and technical drafting errors and ambiguities, and the state legislature is considering numerous amendments. One term that is used multiple times in the statute and not defined in the current version of the CCPA or any of the a... Read More

White Paper – CCPA Compliance Operation: Delivering Data Access via Accounts

(Jun 13, 2019) (June 2019) – This white paper, authored by Baker & McKenzie Partner Lothar Determann and IAPP Westin Fellow Mitchell Noordyke, CIPP/E, CIPP/US, CIPM, outlines how businesses must develop a perspective on the definition of account as they work to operationalize their CCPA compliance programs with respect to data access requests.  Read More

CCPA Amendment Tracker

(Jun 6, 2019) There has been a flurry of state-level legislative activity in 2019 leading up to the implementation of the California Consumer Privacy Act Jan. 1, 2020. More than a dozen amendments addressing various parts of the comprehensive state law have surfaced in the California Legislature this year. To help keep track of all this activity, the IAPP has put together the "CCPA Amendment Tracker." The grid includes the bill number, a brief summary of the amendment, subject, lead author, status, and last l... Read More

GDPR compliance: Hits and misses

(May 30, 2019) Privacy professionals have now lived with EU General Data Protection Regulation compliance requirements for a full year. Many rebuilt, rewrote and revamped entire data protection programs. So as we reflect a year later, what were their hits and misses? The IAPP pulled together a group of GDPR thought leaders from law firms, companies and consultancies to seek their insight on what went well and what didn’t. What they shared offers a glimpse into the challenges and successes companies experienc... Read More

The GDPR, one year on: What about ePrivacy?

(May 29, 2019) The ePrivacy Regulation has been referred to as the EU General Data Protection Regulation’s “sister legislation.” But what kind of sister is it going to be? Will the ePR have an acrimonious love-hate relationship with the GDPR? Or, will it be loyal to the GDPR, satisfied with a pragmatic power-sharing arrangement? Or perhaps, leaving the GDPR behind, will ePR sit out on a revolutionary and bold pursuit of its own goals? In short: Will the ePrivacy Regulation be a Cersei, Sansa or Daenerys? Whe... Read More

GDPR one year later: Looking backward and forward

(May 24, 2019) Late May is a good time for privacy regulations to come into effect. Prior to May, short days, cold weather and rain typically keep us indoors anyway, so what better to do than work on data protection? But, after May, it’s helpful to have things mostly in order to allow for more time wandering in and thinking about nature instead of data. Isn’t it? Well (wistfully), for many data protection officers, May 25, 2018, was hardly an ending. At the IAPP, we kept working into the summer and beyond to ... Read More

IAPP releases interactive 'GDPR Genius' tool

(May 21, 2019) As we approach the one-year anniversary of the EU General Data Protection Regulation's implementation date, organizations are still grappling with the detailed framework and all its corresponding guidance and documentation. Keeping track of it all is no small task. That's why the IAPP has compiled the "GDPR Genius," an interactive tool that provides IAPP members with access to critical GDPR-related resources, including relevant recitals, European Data Protection Board guidance, member state guid... Read More

Notes from the IAPP, May 17, 2019

(May 17, 2019) Greetings from Portsmouth, New Hampshire! We’re finally coming out of a cold and wet weather pattern here in New England. I did not need a jacket on my way into work today, and if I squint just enough, I can convince myself the sun is peeking through the clouds. I hope your local weather has been more spring appropriate. Facial-recognition technology received a lot of attention this week. San Francisco banned it; Oakland, California, and Somerville, Massachusetts, are considering doing the sam... Read More

Study: An estimated 500K organizations have registered DPOs across Europe

(May 16, 2019) As the EU General Data Protection Regulation approaches its first birthday, hundreds of thousands of privacy professionals have jobs tied to the milestone. New IAPP research indicates that an estimated 500,000 organizations have registered data protection officers across Europe under the GDPR. The GDPR, which has been in force since May 2018, requires public authorities and companies monitoring individuals or processing special categories of their data on a large scale to register a DPO who has... Read More

Privacy pros’ salaries rise, yet pay gaps by gender persist

(May 9, 2019) This year’s IAPP salary survey has provided us with a detailed look at compensation trends in the privacy profession around the world. This piece highlights a few of the survey’s main findings, including the growth in salaries and additional compensation and regional disparities in pay. It also discusses ways that greater gender equality in pay for privacy professionals can be achieved. First and foremost, this type of research owes a debt of gratitude to those IAPP members and Daily Dashboard ... Read More