Privacy Research    Human Resources

Data Protection Principles for the 21st Century

Technological advancements leading to more online interactions and cheaper data storage have contributed to this paper by Fred Cate, Peter Cullen and Viktor Mayer-Shönberger rethinking the original OECD guidelines that formed the basis of most information protection frameworks and most privacy legislation around the world.

2013 Annual Cost of Failed Trust Report: Threats & Attacks

The Ponemon Institute's First Annual Cost of Trust Report provides the first extensive examination of how failure to control trust in the face of new and evolving threats is placing all global enterprises at risk. Based on survey participant expectations, organizations are projected to lose $35 million over the next 24 months.

Standardizing Privacy Notices: An Online Study of the Nutrition Label Approach

This paper from Carnegie Mellon University’s CyLab by Patrick Gage Kelley, Lucian Cesca, Joanna Bresee and Lorrie Faith Cranor compares this standardized format and two short variants (one tabular, one text) with the current status quo of privacy notices: full text natural language policies and layered policies. The researchers conducted an online user study of 789 participants to test if these three more intentionally designed, standardized privacy policy formats, assisted by consumer education, can benefit consumers. Our results show that providing standardized privacy policy presentations can have significant positive effects on accuracy of information finding, overall speed and reader enjoyment with privacy policies.

Data Protection Review: Impact on EU Innovation and Competitiveness

This document from the European Parliament assesses the impacts of the proposed General Data Protection Regulation in terms of the effectiveness with which it is likely to attain its objectives, the efficiency with which it might do so and its consistency with other elements of European policy. It examines the likely impacts of the proposal and two alternative options on the competitiveness and innovation performance of the European data processing value network--those who control and process personal data and those who supply essential inputs or use the services provided. The assessment focuses on automated data processing and profiling; documenting and demonstrating compliance with the law, and data transfers to non-European jurisdictions. Whilst considering a variety of perspectives including big data, cloud computing and privacy-friendly technologies, it identifies a variety of impacts and areas for improvement.

Protection of Personal Data in Work-Related Relations

This European Parliament study looks at the possibilities to complement the general data protection framework with specific rules for employment relations. Data protection in employment relations clearly touches on labor law. The specific actors involved, the social partners and the strategies used in the past to harmonize labor law, are taken into account. The study evaluates the application of the existing general data protection framework in employment relations and considers possible options to improve it.


The infographics included here offer visual presentations of study results, statistics and commonly talked-about privacy issues.

The Costs, Causes and Consequences of Privacy Risk

This report from Edelman outlines the findings of a study analyzing theleading factors of privacy risk and how 6,400 privacy and security executives in 29 countries and regions across 20 industries manage these issues. The study was conducted using Edelman PrivacyRisk Index, developed in partnership with the Ponemon Institute.

An Updated Privacy Paradigm for the “Internet of Things”

This paper from the Future of Privacy Forum examines the appropriate privacy paradigm for the world of the Internet of Things. The paper was authored by Christopher Wolf and Jules Polonetsky co-chairs of the Future of Privacy Forum and released in conjunction with the November 2013 FTC workshop on the Internet of Things.

National Programmes for Mass Surveillance of Personal Data in EU Member States

In the wake of the disclosures surrounding PRISM and other U.S. surveillance programs, this study makes an assessment of the large-scale surveillance practices by a selection of EU member states: the UK, Sweden, France, Germany and the Netherlands.

Managing Legal Risks: Trends in Data Privacy & Security Class Action Litigation

This report from Liana Yung and David Zetoony of Bryan Cave LLP analyzes class-action complaints filed against private entities between January and June of 2013 to help companies better understand the scope, and frequency, of data-related litigation.

Anonymity, Privacy, and Security Online

This survey by the Pew Research Center’s Internet Project asked 1,002 adults about their Internet habits. It is laid out in five parts: the quest for anonymity online; concerns about personal information online; who internet users are trying to avoid, the information they want to protect; how users feel about the sensitivity of certain kinds of data; online identity theft, security issues and reputational damage. (2013)

How Identity Theft Services Measure Up To Best Practices

Created by the Consumer Federation of America (CFA), this paper analyzes how well identity theft services are providing key information to prospective customers. The study is based on CFA’s Best Practices for Identity Theft Services, voluntary guidelines that CFA developed with the help of identity theft service providers and consumer advocates.

A Public Policy Analysis of the European Union’s Data Protection Regulation Principles and the U.S.

This paper by Girard Kelly of Santa Clara University School of Law examines the European Commission’s recently proposed data protection reform of the 1995 EU Data Protection Regulation and the U.S Consumer Privacy Bill of Rights. The paper will elucidate the data protection framework expressed in the Regulation’s principles, within the context of their implications on the proposed policies of the U.S Consumer Privacy Bill of Rights. This analysis will explore the public policy and regulatory frameworks of both data protection perspectives and recommend legal harmonization between the U.S and the EU’s data protection principles by providing legislative guidance to policymakers.

40 Years of Experience with the Fair Credit Reporting Act

This report gives a brief overview of the FTC’s role in the enforcement and the interpretation of FCRA, followed by an FTC Staff Summary of Interpretations of the FCRA in a section-by-section format. It was created in 2011 to assist the CFPB as it took on many of the interpretive functions of FCRA.

ICO Data Breach Trends Study

This web page shows data breach incidents by incident type and sector for the year beginning April 1 to track trends.The UK Information Commissioner’s Office will update the data quarterly.

Page 2 of 6 pages  < 1 2 3 4 >  Last ›