How Do I Measure My Privacy by Design Program’s Success?

April 22, 2014
To evaluate the success of a Privacy by Design program, there are objective and subjective guideposts available to organizations. When used together, these tools can help privacy professionals and managers determine whether a Privacy by Design program is meeting its initial goals. Libbie Canter and Jeff Kosseff, CIPP/US, describe how to do just that.

Book Review—Privacy Governance: A Guide to Privacy Risk and Opportunity for Directors and Boards

April 22, 2014
“I first became aware of Malcolm Crompton, CIPP/US, after seeing him speak at an IAPP conference several years ago. I was impressed with his passion for privacy and the warm way in which he engaged the audience,” writes Microsoft’s JC Cannon, CIPP/US, CIPP/IT, in this book review. “Crompton’s passion for privacy and warm, engaging style can be felt in his new book, Privacy Governance: A Guide to Privacy Risk and Opportunity for Directors and Boards,” Cannon writes, describing the book as “a must-read for company directors and boards who want to become serious about privacy compliance.”

Government’s Domestic Use of Drones Poses Privacy Questions for Congress and the Courts

April 22, 2014
While government use of drones has been underway for years, the privacy laws governing those activities remain uncertain. The sophistication and capabilities of these aircraft, already being deployed in a wide variety of settings—from disaster relief to law enforcement—is certain to create an increased demand for their use by government agencies. Given the lack of direct legal precedent, it is certain that the U.S. Congress and Supreme Court will be challenged in the coming years to define the privacy boundaries governing the use of UAS technology. In part three of this three-part series, David Young, CIPP/US, reports. Editor’s Note: See parts one and two.

Woman to Woman: A Q&A on the Marriage of Insurance Brokerage and Privacy Pro

April 22, 2014
Gamelah Palagonia, CIPP/US, CIPP/G, CIPP/IT, CIPM, the founder of Privacy Professionals, has been in the insurance industry for more than 30 years. Recently, she sat down with the IAPP Publications Advisory Board’s Carly Huth, CIPP/IT, for a Q&A on her career and how she became part of “the first generation of insurance brokers who are privacy professionals.”

Security Questions Don’t Protect You: Here’s Why

April 22, 2014
We have online accounts for everything these days: banking, e-mail, social networking, shopping, you name it. But when we find ourselves locked out of our accounts, the security question comes into the picture. Relying on such questions—which commonly ask for such easily-guessable answers as, “What year did you graduate high school?” or “What town did you grow up in?”—means the questions fail at their essential purpose. Jordan Holz of the Association of American Medical Colleges discusses how users can bolster protections for their online accounts.

Ten Steps to a Quality Privacy Program, Part Nine: Create a Written Plan for Addressing Known Issues

April 22, 2014
If there are issues at your organization that haunt you, and you’re aware of them, it’s time to lay out a plan for addressing them. “Besides helping your case should a regulator come knocking, documenting your action plan for known issues and risks is extremely important for all organizations because following this simple model will help ensure that you are focused on the right things, that you are applying your resources to the right projects and that leadership stays informed about the important work that you are doing within your organization,” writes Deidre Rodriguez, CIPP/US, in the latest installment of her 10-part series on creating a quality privacy program. Editor’s Note: Did you miss the first installments of this series? See them here.

The Case that Slipped Beneath the Cracks on Federal Employee’s Expectation of Privacy

April 22, 2014
In the narrow cracks between these popular conversations on privacy within the last year was a nuanced legal decision that has the potential to impact a rarely discussed expectation of privacy for federal employees, while impacting transparency for U.S. government agencies. The outcome of the case? If employees avail themselves of their own personal e-mail accounts to communicate official government business, they cannot have a reasonable expectation of privacy over those contents when compared to purely personal communications, writes Orandi Koosh, CIPP/US.

What Did You Expect? The FTC’s Two Newest Settlements

April 16, 2014
The Federal Trade Commission (FTC) has recently announced settlements with both Fandango and Credit Karma, whose smartphone apps contained the same critical security flaw: a failure to validate Secure Socket Layer (SSL) certificates, one of the most basic and well-established security practices out there. To help businesses and practitioners minimize their own regulatory surprises, the IAPP Westin Research Center has compiled an in-depth overview of the cases.

Goodwin Procter Expands with Stegmaier

April 15, 2014
Gerry Stegmaier, CIPP/US, a longtime lawyer in the privacy space and current member of the IAPP Education Advisory Board, has moved from Wilson Sonsini Goodrich & Rosati to join the privacy practice at Goodwin Procter. “It means about 15 minutes more commuting time each way,” he joked, “further into the heart of DC, right across from the Renaissance Hotel,” which should be familiar to those who attended early versions of the IAPP Global Privacy Summit. Publications Director Sam Pfeifle talks with Stegmaier about what triggered the move, where the industry is headed in the next five years and why it’s a good time to be a privacy professional.

The Court Says FTC Can Punish Rulebreakers, but What Exactly Are the Rules?

April 9, 2014
If anyone was having a case of the Mondays this week it was Wyndham Hotels and Resorts, after a District Court of New Jersey judge denied the company’s motion to dismiss a Federal Trade Commission (FTC) lawsuit alleging Wyndham violated Section 5 of the FTC Act. Some say it’s a landmark decision that emboldens the FTC’s authority as a de facto privacy regulator and could even thwart national privacy legislation, while others say the decision simply gives the FTC the power to regulate concepts that aren’t well defined, as they haven’t been proscribed succinctly for companies aiming to comply with rules effectively created piecemeal via FTC consent decrees. In this exclusive, Angelique Carson, CIPP/US, rounds up reaction from industry, academia and activists regarding a case that may be closer to the starting line than the finish line.

Asian Regulators in Lock-Step with Global DPAs

April 9, 2014
With their respective keynote addresses at the inaugural IAPP Asia Privacy Forum, Hong Kong DPA Allan Chiang and Singapore Personal Data Protection Commission member Aileen Chia sent a cohesive message: Those companies making a good faith and concerted effort to respect their customers’ privacy have nothing to fear from regulators.

Court Ruling Moves FTC v Wyndham Forward; FTC Has Data Security Authority, Judge Rules

April 8, 2014
In what many are calling an important ruling, a federal court in New Jersey has shot down a challenge to the Federal Trade Commission (FTC) by Wyndham Hotels. In round one of the challenge, Wyndham argued the FTC overstepped its authority by suing companies for poor data security practices. The ruling by U.S. District Court Judge Esther Salas, however, denied the hotel chain’s motion to dismiss, saying the case can move forward. Salas noted her ruling “does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked” but added there is “binding and persuasive precedent” upholding the FTC’s authority.

With Big Data and Privacy, What Should the Regulators Know?

April 2, 2014
In the third and final series of meetings called for by the White House as part of its Big Data and privacy initiative, privacy experts, academics, industry representatives and government regulators convened to hash out the benefits and challenges posed by the Big Data ecosystem. Hosted by the White House Office of Science and Technology Policy, the UD Berkeley School of Information and the Berkeley Center for Law and Technology, the day featured panels covering privacy values, the challenges of health and education, algorithms and transparency and privacy governance. Jedidiah Bracy, CIPP/US, CIPP/E, sums up the key points.

The Evolving Nature of Consumer Privacy Harm

April 1, 2014
In the privacy world, few questions are as fundamental and pervasive as “what constitutes privacy harm?” Scholars continue to debate what it means to suffer a privacy injury, but high-profile data breaches hit the newsstands seemingly every day, and class-action lawsuits follow. Meanwhile; the Federal Trade Commission and state attorneys general launch enforcement actions, and consumers complain in record numbers to federal and state legislators. IAPP Westin Fellow Kelsey Finch examines the case of Curry v. AvMed, Inc., and the question of what breaches are actionable and which harms are compensable.

UMaryland President: Breach Would Have Bankrupted Many Institutions

March 27, 2014
Representatives from the University of Maryland and Target—organizations that have both suffered large data breaches in recent months—along with the Federal Trade Commission (FTC), Visa and others, testified before the Senate Commerce, Science & Transportation Committee March 26 on protecting consumer data and fighting cyberattacks. Jedidiah Bracy, CIPP/US, CIPP/E, reports on the testimony and the FTC’s calls for jurisdiction over nonprofits.

Page 1 of 45 pages  1 2 3 >  Last ›