How prepared is your organization for the CCPA?

(Aug 13, 2019) The IAPP and OneTrust recently released a second in a series of surveys to better understand how prepared businesses are for the California Consumer Privacy Act. The second CCPA readiness survey is still open. The first survey revealed that only about one in four businesses was highly prepared for the CCPA. As the January implementation date approaches, we are interested in whether organizations are more prepared now than before, the factors that influence readiness, and whether preparations for... Read More

CCPA Amendment Tracker

(Aug 6, 2019) There has been a flurry of state-level legislative activity in 2019 leading up to the implementation of the California Consumer Privacy Act Jan. 1, 2020. More than a dozen amendments addressing various parts of the comprehensive state law have surfaced in the California Legislature this year. To help keep track of all this activity, the IAPP has put together the "CCPA Amendment Tracker." The grid includes the bill number, a brief summary of the amendment, subject, lead author, status, and last l... Read More

IAPP infographic: FTC-Facebook vs. largest global privacy fines

(Jul 26, 2019) The U.S. Federal Trade Commission's fine this week of Facebook for $5 billion is the largest ever global enforcement fine for privacy violations, and according to the IAPP Westin Research Center, is more than twice the total number of global privacy and data security regulatory fines in history. The cumulative global fines estimate is based on a historical review of fines and settlements by the FTC, U.S. Securities & Exchange Commission, and other U.S. agency enforcement bodies, U.S. state a... Read More

White Paper – CCPA Compliance Operation: Delivering Data Access via Accounts

(Jul 20, 2019) (June 2019) – This white paper, authored by Baker & McKenzie Partner Lothar Determann and IAPP Westin Fellow Mitchell Noordyke, CIPP/E, CIPP/US, CIPM, outlines how businesses must develop a perspective on the definition of account as they work to operationalize their CCPA compliance programs with respect to data access requests.  Read More

IAPP-TrustArc release report on how privacy tech is bought, deployed

(Jun 27, 2019) For the second year running, the IAPP, together with TrustArc, surveyed 345 privacy professionals around the globe to gain an understanding of how privacy technology products are purchased and deployed within an organization. Since 2017, the IAPP has mapped out the privacy tech marketplace through the IAPP Privacy Tech Vendor Report, which identifies 10 categories of products. Like the 2018 survey, results this year shine a light on which products are in use and under whose budget privacy tech p... Read More

Operationalizing the CCPA: Providing data access via 'accounts'

(Jun 13, 2019) "Companies find the California Consumer Privacy Act much more prescriptive than most other privacy laws," write Baker McKenzie Partner Lothar Determann and IAPP Westin Fellow Mitchell Noordyke, CIPP/E, CIPP/US, CIPM. "It contains a multitude of definitions, defined terms, and technical drafting errors and ambiguities, and the state legislature is considering numerous amendments. One term that is used multiple times in the statute and not defined in the current version of the CCPA or any of the a... Read More

GDPR compliance: Hits and misses

(May 30, 2019) Privacy professionals have now lived with EU General Data Protection Regulation compliance requirements for a full year. Many rebuilt, rewrote and revamped entire data protection programs. So as we reflect a year later, what were their hits and misses? The IAPP pulled together a group of GDPR thought leaders from law firms, companies and consultancies to seek their insight on what went well and what didn’t. What they shared offers a glimpse into the challenges and successes companies experienc... Read More

The GDPR, one year on: What about ePrivacy?

(May 29, 2019) The ePrivacy Regulation has been referred to as the EU General Data Protection Regulation’s “sister legislation.” But what kind of sister is it going to be? Will the ePR have an acrimonious love-hate relationship with the GDPR? Or, will it be loyal to the GDPR, satisfied with a pragmatic power-sharing arrangement? Or perhaps, leaving the GDPR behind, will ePR sit out on a revolutionary and bold pursuit of its own goals? In short: Will the ePrivacy Regulation be a Cersei, Sansa or Daenerys? Whe... Read More

GDPR one year later: Looking backward and forward

(May 24, 2019) Late May is a good time for privacy regulations to come into effect. Prior to May, short days, cold weather and rain typically keep us indoors anyway, so what better to do than work on data protection? But, after May, it’s helpful to have things mostly in order to allow for more time wandering in and thinking about nature instead of data. Isn’t it? Well (wistfully), for many data protection officers, May 25, 2018, was hardly an ending. At the IAPP, we kept working into the summer and beyond to ... Read More