The International Association of Privacy Professionals

The world’s largest information privacy community. Read on or Learn More

One Cryptographer’s Solution to the Anonymity Paradox

(Mar 30, 2015) How many cryptographers do you know were influenced by their grandmothers? It all started 20 years ago in a picturesque Swiss village where I was supporting a citizen initiative related to animal rights. In Switzerland, as in other democratic societies, initiatives can reach the highest levels of government by collecting signatures. I started with my closest relatives. Showing a keen sense of awareness before signing the form, my grandmother asked me if anyone else would have access to the sig... Read More

Data Security and Breach Notification Legislation Gaining Traction in Congress

(Mar 30, 2015) The Hogan Lovells Privacy Team writes for Privacy Tracker about the Data Security and Breach Notification Act of 2015 (DSBN), which recently passed the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade. “The DSBN is intended to create a single national security and breach notification standard for most private-sector organizations that handle personal information in electronic form,” the authors write, providing an analysis of five key provisions that are “likely to be at issue as the legislation moves forward.” Read More

How To Advise Tech Start-Ups in Practice, Not Theory

(Mar 24, 2015) "How, I regularly find myself asking, can I help my client side-step a privacy issue?" writes Matthew Lawless, CIPP/US. CIPM. "Time and again I return to two answers: avoid or outsource." In this feature, Lawless discusses the practical realities of advising a start-up on privacy. Read More

IAPP Canada Privacy Symposium 2015

The premier event in Canadian privacy will return to Toronto, but don’t expect the same old same old—think even bigger and better than the last. Canadian privacy pros, this is your must-attend event of the year. Read More

Global News Roundup—March 23-30, 2015

(Mar 30, 2015) After months of contentious debate, Australia has passed its data retention law. Meanwhile, the Dutch justice minister to the Parliament has told communications providers that nation’s retention law no longer applies to them. Also in this week’s Privacy Tracker roundup, read about movement on U.S. bills including the Driver Privacy Act, Arkansas’ Personal Rights Protection Act, California’s CalECPA and Maine’s drone privacy bills. Also read about a surprising move by Virginia’s governor to change a legislature-approved license-plate reader bill and New Mexico’s failure to pass a breach notification bill. Read More

Court Rules Safari Users Can Sue Google

(Mar 27, 2015) In what some are calling a landmark decision, the UK Court of Appeals has ruled that a group of claimants have the right to sue Google for bypassing the privacy settings on the Safari browser to install cookies to track clicks online, BBC News reports. Google said it is “disappointed with the court’s decision,” while one of the claimants described it as a “David and Goliath victory.” In its judgement, the UK court said, “These claims raise serious issues which merit a trial.” According to the re... Read More

IAPP Asia Privacy Forum 2015

Don’t miss out on the only conference that brings globally recognized IAPP programming to Asia. If you’re looking for exclusive networking and intensive education on data protection trends and challenges in Asia, the Forum is for you. Register now to save your seat. Read More

Monitoring Third-Party Vendors Means Managing Your Own Risk: Chapter Seven

(Mar 24, 2015) In chapter seven of this ongoing series, K Royal, CIPP/E, CIPP/US discusses the stage in the third-party vendor process in which the chosen vendor has been contracted and the spend has been made. That’s not where diligence ends, however. Now it’s time to make some management decisions, like the timing and frequency, scope and level of monitoring, and who’ll be responsible for that. Read More

Oregon AG Seeks Tougher State Breach Law

(Mar 24, 2015) Oregon Attorney General Ellen Rosenblum wants her state’s data breach notification law strengthened. She says that since the law was written in 2007, there’s been a dramatic increase in the retention of biometric information, which “presents a particularly serious kind of breach.” Back then, you only needed your fingerprint scanned for jobs such as working at the Pentagon. Now, we use the same scans to unlock our phones. Divonne Smoyer, CIPP/US, and Christine Czuprynski talk to Rosenblum about her efforts. Read More

Videre's Oren Yakobovich on Empowering People With Surveillance

Videre founder Oren Yakobovich is a former Israeli soldier who decided, upon service, that he was more interested in "breaking the traditional power structures between citizens and government" by empowering oppressed people through the use of video documentation. By quite literally watching the watchers, civil rights abuses have been documented and change has been enacted. He used his keynote address at the IAPP Global Privacy Summit to talk about his efforts and explore the ways in which surveillance can be a force for good. 

A Privacy Engineer’s Analysis of Bitcoin

(Mar 26, 2015) If you’re not familiar with Bitcoin, then you should probably at least review this quick video intro before proceeding. Simply put, Bitcoin is a peer-to-peer protocol that allows for the maintenance of a transaction ledger using a consensus algorithm designed to ensure ledger integrity. Too much of a mouthful? How about Bitcoin is an Internet-based currency with cash-like qualities? At least that is how it was introduced when it was launched into the world in 2009 by its pseudonymous creator.... Read More

The FCC's New Rule Means Changes ... But For Whom?

(Mar 24, 2015) This week, Alamo Broadband and USTelecom each sued to block the Federal Communications Commission from enforcing its February order reclassifying broadband providers as “common carriers," or a public utility of sorts, and therefore subject to the same rules that regulate telecommunications companies. The suits exemplify a panicked stakeholder reaction to a potentially disruptive change: Some personal data Internet service providers currently use to generate revenue is now considered Consumer Pro... Read More

With the Internet of Things in Full Force, Will Congress Act?

(Mar 24, 2015) Several witnesses appeared before the House Energy and Commerce subcommittee on Tuesday to testify about the rapidly growing Internet-of-Things (IoT) ecosystem. With approximately 25 billion connected devices in existence, and counting, the economic benefits and job opportunities in IoT appears to be eclipsing any significant Congressional motivation to regulate this landscape. In fact, the hearing followed an IoT showcase hosted by the subcommittee to demonstrate many of the technological inno... Read More

Commission Says It Cannot Guarantee EU Privacy in U.S. Data Transfers

(Mar 25, 2015) In a hearing on Tuesday at the European Court of Justice (ECJ), counsel for the European Commission conceded that the U.S. was under no legal obligation to comply with EU data protection standards, specifically under the EU-U.S. Safe Harbor Agreement, The Irish Times reports. European Commission Counsel Bernhard Schima said, “Under Safe Harbour as it is currently applied in the U.S., there is no guarantee that fundamental rights of EU data subjects will be respected.” The verdict on the case cou... Read More

The Future of Tech and Democracy, and How Privacy Pros Can Help

(Mar 26, 2015) Last month in San Francisco, tech leaders and CEOs met with federal regulators to do something rather unexpected: facilitate the use of new technology in the democratic process. Along the way, participants gave serious thought on how to build safeguards to ensure the protection of consumer privacy. Inspiration for the event came from conversations Federal Elections Commission (FEC) Chair Ann Ravel, in which she shared with me her fervent belief that new technology has the potential to bring mor... Read More

Benchmarking Privacy Management and Investments of the Fortune 1000

Over the summer of 2014, the IAPP embarked on the first of what will be an annual effort to research and benchmark the privacy programs of the Fortune 1000. In partnership with third-party research firm Fondulas Strategic Research, we queried roughly 275 privacy leads at Fortune 1000 companies, all of them large, private, for-profit firms operating from a base in the United States, and got a 23-percent response rate, providing us with one of the most comprehensive samples of corporate privacy le... Read More

Avepoint Privacy Impact Assessment System (APIA)

APIA can help you automate the process of evaluating, assessing and reporting on the privacy implications of your enterprise IT systems. Exclusively available through the IAPP, the APIA System allows you to select questions from the prepopulated bank of PIA questions or create your own, meaning you can build and save PIA templates to be reused and reported out. Learn More

Become a member

IAPP members get access to tons of great benefits

Learn More


Find out what’s making headlines today. In the rapid changes in data protection, we make it easy to stay in the know with daily news updates, expert analysis, original reporting, legislative alerts and opinion pieces from the influencers making the news.Find out more


There are lots of ways to connect with fellow members and the privacy community. From local chapter meetings to virtual networks to social media, you’ll find networking opportunities to help you get involved.Find out more


From privacy training to web conferences to books and beyond, you’ll find the resources you need to build your knowledge, power up your staff and be more effective at your job.Find out more


Looking for a way to stand out? Add an IAPP credential after your name. Whether you want to distinguish yourself from others in your field or to advance your skills, a globally recognized IAPP certification is the edge you’re looking for.Find out more


The IAPP offers all the tools and information you need to get your job done. We’ve collected templates, forms, charts and checklists to help you with everything you can think of, from privacy notices to data breach response to cybersecurity and beyond.Find out more


There’s no better way to experience the IAPP community. Whether you’re looking for education, networking or access to privacy experts and regulators, IAPP conferences are where it’s at. We host eight premier conferences around the world each year.Find out more