ACI-001 Online Ad Campaign r7_response 728x90
ACI-001 Online Ad Campaign r7_CPO 728x90_15_05_04
Certification_CIPT_300x250final-01
CS15_300x250_Banner_FINAL

(May 4, 2015) Michael Hamilton, CIPP/E, CIPP/US, and Patrick Curry, CIPP/US, work for McKesson, a large healthcare services company. Because the company frequently needs to transfer protected health information from one department in the company to another, it has developed a privacy impact assessment to mitigate risk. Doing so has helped the company stay privacy-smart in a number of ways. While its model is aimed at internal data transfers in healthcare, it's easily applicable more broadly. This exclusive for The Privacy Advisor gives some practical tips on how to operationalize a privacy impact assessment at your company. Read More

Daily Dashboard

Video: Max Schrems on Facebook and the ECJ at DPC

(May 4, 2015) On the keynote stage at the 2014 IAPP Europe Data Protection Congress, journalist Jennifer Baker interviewed Max Schrems, the man behind the class-action lawsuit against Facebook in the EU—and the case that may finally undo Safe Harbor. In this video from the event in Brussels in November, you can get a feel for the motivations behind some of the most closely watched developments on the European privacy landscape. Read More

Daily Dashboard

As Breaches Abound, What To Do?

(May 4, 2015) A breach at the White House plus others involving a university, hotel and health system are among the most recent to make headlines. And amidst the weekly litany of data loss reports and cybersecurity incidents, myriad headlines recommend what organizations should be doing to keep their data—and their customers—safe. But the answers aren’t always easy. Publications Managing Editor Jennifer Saunders, CIPP/US, rounds up the latest news—including what one major U.S. company has been doing following a high-profile breach at another retailer—and highlights recent studies and recommendations as well as resources available to prepare for and respond to breaches in this report for The Privacy Advisor. Read More

Daily Dashboard

Roundup: U.S., EU, Australia and More

(May 4, 2015) In this week’s Privacy Tracker roundup, read about privacy law news from around the globe, including a bill introduced in the U.S. House of Representatives by Reps. Randy Neugebauer (R-TX) and John Carney (D-DE) that “would require companies to notify customers following a breach and set nationwide data security standards.” Read the latest on several proposed state laws in the U.S. as well as Oman’s draft information protection law. In Australia, the Office of the Privacy Commissioner has made a ruling related to metadata, and in Canada, a cyberbullying law continues to raise concerns. Plus, read why one expert believes the EU needs a “digital regulator.” (IAPP member login required.) Read More

Daily Dashboard

Privacy’s Shift to Profit-Driver

(May 4, 2015) Until recently, privacy protections and profits have largely been at odds with one another, but in the post-Snowden era, privacy is becoming a commodity, reports The Nation. Speaking at an event in February, Apple CEO Tim Cook warned of “dire consequences” if tech companies failed to protect their customers’ privacy, and while companies still make billions from data collection, “lately the profit motive has been making appearance on the other side of the aisle,” the report states. Meanwhile, SC Magazine reports on two recent studies indicating companies are in fact changing their approaches to privacy in response to public backlash over widespread surveillance. Read More

Daily Dashboard

Fagan: Let’s Not Give Up on the Cookie Just Yet

(May 4, 2015) In an article for iMediaConnection, Keith Fagan writes that while consumers deserve to have their privacy respected, the third-party cookie might still be relevant. While it’s not perfect, many medium- and small-sized publications make a living by delivering targeted ads—enabled by the cookie. It’s such revenue-generation that allows the Internet to still appear “free” to consumers. While the idea of a universal single unique identifier has been introduced as an alternative to the cookie, it would limit the choice of partners with whom publishers could work, he notes. Until a better solution is found, he writes, “let’s celebrate the third-party cookie for what it has done to help democratize the web.” Read More

Daily Dashboard

Privacy Pro Talks Industry’s Future, Team Structure, Collaboration

(May 4, 2015) In a Q&A with Inside Counsel, Judith Beach, global chief privacy officer of Quintiles, discusses her path to a career in privacy, the structure of her privacy team and the skills and personality traits that make great chief privacy officers, among other topics. Beach says she sees the privacy industry growing through creating qualified professionals via certifications like the IAPP’s CIPP and CIPM, and she encourages privacy pros to work with adjacent professionals. “Have an expert monitor your privacy and security practices and conduct breach simulations and consider lining up more than one firm for support of a potential breach response in case there are capacity issues at a particular firm,” Beach advises. Read More

Daily Dashboard

SEC Publishes Cybersecurity Guidance

(May 4, 2015) The Securities and Exchange Commission (SEC) Division of Investment Management has published a guidance update setting forth cybersecurity concerns and advice for the investment companies and advisers it regulates, JD Supra reports. The SEC specifically suggests conducting a periodic assessment of the nature, sensitivity and location of information collected and the security controls and processes in place, and recommends creating and implementing a comprehensive strategy to prevent, detect and respond to cybersecurity threats, the report states, noting the strategy could include data encryption, an incident-response plan and data backup and retrieval. The SEC recommends implementing the cybersecurity strategy “through written policies and procedures and training programs,” the report states. Read More

Daily Dashboard

Researchers Find Android Apps Sharing Tracking Data

(May 4, 2015) A security team has found that thousands of free Android apps are sharing user data by connecting with advertising and tracking sites without users’ knowledge, Slash Gear reports. As detailed in a report from MIT Technology Review, Luigi Vigneri and his team created an automatic method to scan apps and used more than 2,000 free Android apps in their research. In some cases, a single app connected to 2,000 unique URLs, the report states. The team reportedly has a potential solution on the way called NoSuchApp that will monitor which URLs Android apps could be sharing tracking data with, the report states. Read More

Daily Dashboard

DOJ Reviewing Use of Stingrays, Aiming for More Transparency

(May 4, 2015) The Department of Justice (DOJ) has begun a review of the secretive use of Stingrays, or cell-phone surveillance technology that mimics cell-phone towers, PCWorld reports. Stingrays trick mobile phones into believing they are communicating with legitimate cell-phone towers while harvesting data from the phones including identity, location and phone content, the report states. The FBI for years used the technology without warrants. But senior government officials have said they want to be more open about the surveillance, though the DOJ hasn’t revealed what that will look like yet in terms of how little or how much it shares. Read More

Daily Dashboard