The International Association of Privacy Professionals

The world’s largest information privacy community. Read on or Learn More

Don’t Change Your Pa$$w0rd!

(Feb 27, 2015) We’ve all heard the common password advice: Choose a random password with a lot of characters, include digits and symbols, don’t use a dictionary word, don’t write it down and change it often. While some of this advice is useful, some of it is counterproductive and probably even harmful. Next Friday I will be giving a Game Changer talk at the IAPP Global Privacy Summit in which I will discuss research results—from my own research group at Carnegie Mellon University as well as from others&... Read More

Behind the Scenes With the New DAA AppChoices Program

(Feb 27, 2015) On Wednesday, the Digital Advertising Alliance announced an extension of its AdChoices program beyond the desktop. AppChoices, an app consumers can download (with an attendant web page), allows consumers, for example, to choose not to allow advertisers to target them based on their location on mobile devices like phones and tablets. Now, why would a company like xAd, whose very business model involves targeting consumers by location, want to participate in such a program? IAPP Publications Direc... Read More

Web Conference: How To Regain Control of Your Digital Communications

(Feb 27, 2015) Email is used every day to deliver information and discuss private and sensitive issues, making it fertile ground for hackers and a treasure trove of information for potential litigation. In the last year, it has become increasingly clear to businesses, consumers and governments that the related problems of digital privacy and cyber theft must be solved, and email is at the heart of this problem. To help privacy pros learn about emerging technologies that can be used to help secure email communi... Read More

IAPP Canada Privacy Symposium 2015

The premier event in Canadian privacy will return to Toronto, but don’t expect the same old same old—think even bigger and better than the last. Canadian privacy pros, this is your must-attend event of the year. Read More

Does the RTBF Threaten U.S. Companies?

(Feb 27, 2015) Until recently, it seemed to be a concept that arose solely in the EU. However, late last year a French court, relying on the right to be forgotten, issued an injunction requiring Google to remove allegedly defamatory material linked to a Danish lawyer employed in France from its search engine worldwide. The French court's order raises a significant question of whether a U.S. court would enforce an order, John Stephens and Paul Pittman write in this exclusive for The Privacy Advisor.Full Story... Read More

The Semantics of PII

(Feb 26, 2015) Last year, Profs. Peter Swire and Annie Antón wrote a compelling piece in Privacy Perspectives about the need for privacy engineers and lawyers to get along. Establishing a common language in which to communicate will be essential to appropriately connect policy with technology. It’s probably safe to say that the most common terms used in privacy are personally identifiable information (PII) and personal data, depending upon whether you come from a U.S. or European background. I think these ter... Read More

First Data Snags a Combo BCR Win

(Feb 24, 2015) First Data began its effort to win approval for its binding corporate rules (BCRs) in 2007. This month, the UK Information Commissioner's Office (ICO) officially recognized the multinational payment solutions company's BCRs for data processors. Now able to boast it's been approved for both processors and controllers, it's also the first company to have done so under the purview of the ICO. Read More

Will Consumer Privacy Bill Undercut FCC?

(Feb 26, 2015) The White House is expected to propose legislation for a consumer privacy bill of rights, and The Hill reports that several House Democrats are raising concerns that the proposal could undermine online privacy. The bill could undercut Federal Communications Commission (FCC) authority in preventing Internet service providers “from using their position in the marketplace to do things like charging subscribers not to have their browsing history data monitored or setting ‘supercookies’ that allow us... Read More

Hulu Case Returns on February 26: What Is the Legal Lesson?

(Feb 24, 2015) For four years now, Hulu has been fighting allegations that it violated the Video Privacy Protection Act in sharing consumer data with third parties. In this Privacy Tracker post, Emily Yu, CIPP/US, provides an outline of the case, noting, “While this case focuses on a business engaged in online video streaming services, it also reveals trends in online consumer privacy concerns and the results of Hulu’s privacy practices … Any business that uses tracking technology and social networking on their websites should pay attention.” Read More

IAPP Asia Privacy Forum 2015

Don’t miss out on the only conference that brings globally recognized IAPP programming to Asia. If you’re looking for exclusive networking and intensive education on data protection trends and challenges in Asia, the Forum is for you. Register now to save your seat. Read More

Third-Party Vendor Management Means Managing Your Own Risk: Chapter Six, Contracting

(Feb 24, 2015) In the sixth chapter of this ongoing series, K Royal, CIPP/US, CIPP/E, writes about what might be the largest hurdle in a successful vendor management program: the contracting piece. "In this chapter, we will consider the actual contracting process, no matter the service that is being provided," she writes. "This is the point where you have already established your thresholds and the contract has reached your desk, either legal or privacy. This is applicable no matter the staffing model for how your privacy office works with the legal office." Read More

P.S.R. 2015 Call for Papers Now Open: Come Speak In Vegas!

(Feb 25, 2015) For the second year in a row, the IAPP is joining forces with the Cloud Security Alliance to provide a powerhouse conference that combines the CSA’s Congress and the IAPP’s Privacy Academy: Privacy. Security. Risk. 2015, and the call for speakers for the conference is now open. We’re looking for speaking proposals that are interactive, practical and hands-on. If you have the know-how to run a workshop-style session that includes case studies, exercises, real-life scenarios and all things how-to,... Read More

How Julie Brill Is Cultivating a Defense of the U.S. Privacy Framework

(Feb 24, 2015) U.S. Federal Trade Commissioner Julie Brill has been busy cultivating a defense of the U.S. privacy framework while also planting seeds for lasting and meaningful interoperability with Europe. Late last year at the IAPP Data Protection Congress 2014 in Brussels, Brill sat down with the CNIL's Isabelle Falque-Pierrotin to discuss the EU-U.S. privacy divide. Plus, late last month, she was part of a must-see panel discussion with the European Commission’s Paul Nemitz. At times friendly and colle... Read More

Citizenfour Wins Oscar for Best Documentary

(Feb 23, 2015) A film on Edward Snowden’s efforts to disclose National Security Agency (NSA) spy programs won an Academy Award last night for Best Documentary. Laura Poitras was present with a camera when Snowden first met investigative journalist Glenn Greenwald and others and documented the tense days leading up to the release to the media of NSA programs such as PRISM and Snowden’s attempts to find asylum. Poitras, together with Greenwald, Mathilde Bonnefoy, Dirk Wilutzky and Laura Mills—Snowden’s gir... Read More

50 Shades of the Privacy Profession

(Feb 18, 2015) I was asked the other day by a reporter to define "privacy professional." I provided some over-long response describing how those within an organization who touch personal data—regardless of their title—are considered privacy professionals. There is nothing incorrect about that answer but it’s so broad, so abstract and can be applied to so many roles that it’s essentially a useless response for anyone looking for guidance. I could have described a professional that interprets legal and regulato... Read More

Benchmarking Privacy Management and Investments of the Fortune 1000

Over the summer of 2014, the IAPP embarked on the first of what will be an annual effort to research and benchmark the privacy programs of the Fortune 1000. In partnership with third-party research firm Fondulas Strategic Research, we queried roughly 275 privacy leads at Fortune 1000 companies, all of them large, private, for-profit firms operating from a base in the United States, and got a 23-percent response rate, providing us with one of the most comprehensive samples of corporate privacy le... Read More

Privacy Is the New Antitrust: Launching the FTC Casebook

(Jan 15, 2015) On Monday, presaging his sixth State of the Union Address, U.S. President Barack Obama visited the Federal Trade Commission (FTC) bearing a message of sweeping privacy reform. Coincidentally, it was almost exactly 101 years ago that President Woodrow Wilson, in his January 20, 1914, State of the Union Address, announced his antitrust initiative to Congress, declaring, “We are all agreed that ‘private monopoly is indefensible and intolerable.’” The result of that speech was the passage of the FTC... Read More

Avepoint Privacy Impact Assessment System (APIA)

APIA can help you automate the process of evaluating, assessing and reporting on the privacy implications of your enterprise IT systems. Exclusively available through the IAPP, the APIA System allows you to select questions from the prepopulated bank of PIA questions or create your own, meaning you can build and save PIA templates to be reused and reported out. Learn More

Become a member

IAPP members get access to tons of great benefits

Learn More


Find out what’s making headlines today. In the rapid changes in data protection, we make it easy to stay in the know with daily news updates, expert analysis, original reporting, legislative alerts and opinion pieces from the influencers making the news.Find out more


There are lots of ways to connect with fellow members and the privacy community. From local chapter meetings to virtual networks to social media, you’ll find networking opportunities to help you get involved.Find out more


From privacy training to web conferences to books and beyond, you’ll find the resources you need to build your knowledge, power up your staff and be more effective at your job.Find out more


Looking for a way to stand out? Add an IAPP credential after your name. Whether you want to distinguish yourself from others in your field or to advance your skills, a globally recognized IAPP certification is the edge you’re looking for.Find out more


The IAPP offers all the tools and information you need to get your job done. We’ve collected templates, forms, charts and checklists to help you with everything you can think of, from privacy notices to data breach response to cybersecurity and beyond.Find out more


There’s no better way to experience the IAPP community. Whether you’re looking for education, networking or access to privacy experts and regulators, IAPP conferences are where it’s at. We host eight premier conferences around the world each year.Find out more