Top 5 Operational Impacts of CaCPA: Part 1 — Determining if you’re a business collecting or selling consumers’ personal information

(Jul 23, 2018) The California Consumer Privacy Act of 2018 was conceived and born in record time — two days — resulting in a comprehensive consumer privacy law that occasionally suffers from redundancy, drafting errors, and lack of clarity. This five-part series is intended to help privacy professionals make operational sense of the law in its current form, understanding that the California legislature has time before the law takes effect in January 2020 to clarify and amend the statute. Part one of the serie... Read More

DPO liability and potential insurance coverage

(Jun 19, 2018) The data protection officer role is a new feature for many organizations now subject to the EU General Data Protection Regulation, which specifies the criteria for designating a DPO, describes the position, and enumerates its responsibilities. Critically, for many companies, designating a DPO is not optional. In any case, the Article 29 Working Party’s guidance makes it clear that, once chosen, both mandatorily and voluntarily designated DPOs have the same responsibilities. The Working Party (no... Read More

What FTC Enforcement Actions Teach Us About the Makings of Reasonable Privacy and Data Security Practices: A Follow-Up Study

(Jun 11, 2018) In this report, we update our September 2014 study, “What FTC Enforcement Actions Teach Us About the Features of Reasonable Privacy and Data Security Practices,” originally written by IAPP Westin Fellow Patricia Bailin, CIPP/US, CIPM, CIPT, now head of privacy at Datavant. The initial study analyzed organizational failures on issues of privacy, security, software/product review, service providers, risk assessments, unauthorized access/disclosure, and employee training. Moreover, the study descri... Read More

What’s new in WP29's final guidelines on transparency?

(Apr 18, 2018) The Article 29 Data Protection Working Party has published its “last revised” guidelines on transparency under the General Data Protection Regulation. When the WP29 released its proposed guidelines last December offering “practical guidance and interpretive assistance” regarding transparency obligations, IAPP analyzed the key issues. In addition to a brief summary of the transparency requirements, IAPP’s analysis of the proposed guidelines focused on the meaning of phrases such as “concise, tran... Read More

Top 10 Operational Responses to the GDPR - Part 10: Communicating with supervisory authorities

(Mar 15, 2018) In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation. This final installment in the 10-part series addresses why and h... Read More

Top 10 Operational Responses to the GDPR – Part 9: Vetting and contracting with processors

(Mar 14, 2018) In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion 10-part series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation. Although the GDPR accommodates modern business practices... Read More

Top 10 Operational Responses to the GDPR – Part 8: Data breach and the GDPR

(Mar 12, 2018) In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation.  This eighth installment in the 10-part series explores how the ... Read More

Top 10 Operational Responses to the GDPR - Part 7: Accommodating data subjects’ rights

(Mar 8, 2018) In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation. This seventh installment in the 10-part series addresses data su... Read More

Top 10 Operational Responses to the GDPR – Part 6: Transparency and privacy notices

(Feb 28, 2018) In 2016, the Westin Research Center published a series of articles identifying our analysis of the top 10 operational impacts of the European Union’s General Data Protection Regulation. Now, with the May 25, 2018, GDPR implementation deadline looming, the IAPP is releasing a companion series discussing the common practical organizational responses that our members report they are undertaking in anticipation of GDPR implementation. This sixth installment in the 10-part series explores the transp... Read More

US Supreme Court hears arguments in United States v. Microsoft

(Feb 27, 2018) Today, the United States Supreme Court hears arguments in a case with major implications for the privacy profession. The dispute between Microsoft and the United States government has spanned several years and will determine whether the U.S. can compel Microsoft to turn over data stored on a server located outside of the United States via a warrant issued by a U.S. court under the Stored Communications Act. The case has attracted considerable international attention, eliciting the submission of... Read More