Privacy Research

A Brief History of Safe Harbor

On 24 March 2015: The European Court of Justice has started to hear the case referred by the Irish High Court on the NSA/PRISM spy scandal which may have major implications for the Safe Harbor Framework and US internet companies operating in Europe (case number: C-362/14). The plaintiff, the Austrian Facebook user Max Schrems, argues that the United States does not provide the “adequate protection” and even claims that the NSA’s PRISM program and other forms of US surveillance are the exact an... Read More

Data Security Breaches: Incident Preparedness and Response

Jena Valdetero, CIPP/US, and David Zetoony of Bryan Cave authored this Washington Legal Foundation Monograph, which provides a basic framework to assist in-house legal departments with handling a security incident. The handbook explains security incidents, outlines ways in-house counsel can help prepare for an incident and offers steps that should be taken in responding to an incident as well as costs involved. Read Now... Read More

2014 Information Security Breaches Survey

This survey conducted by PricewaterhouseCoopers for the UK Department for Business, Innovation and Skills demonstrates the continuing risks associated with doing business in cyberspace, as well as the encouraging steps some businesses are taking to improve their information security. Read Now (PDF 1.1M)... Read More

Privacy and Children's Data - An Overview of the Children’s Online Privacy Protection Act and the Family Educational Rights and Privacy Act

The purpose of this paper by Dalia Topelson, Christopher Bavitz, Ritu Gupta and Irina Oberman of the Berkman Center for Internet & Society’s Cyberlaw Clinic is to provide schools, parents and students alike with an overview of some of the laws that may apply as schools begin to use cloud computing tools to help educate students. Read Now (PDF 1.67M)... Read More

Full Report: Benchmarking Privacy Management and Investments of the Fortune 1000

Over the summer of 2014, the IAPP embarked on the first of what will be an annual effort to research and benchmark the privacy programs of the Fortune 1000. In partnership with third-party research firm Fondulas Strategic Research, we queried roughly 275 privacy leads at Fortune 1000 companies, all of them large, private, for-profit firms operating from a base in the United States, and got a 23-percent response rate, providing us with one of the most comprehensive samples of corporate privacy le... Read More

Benchmarking Privacy Management and Investments of the Fortune 1000

Over the summer of 2014, the IAPP embarked on the first of what will be an annual effort to research and benchmark the privacy programs of the Fortune 1000. In partnership with third-party research firm Fondulas Strategic Research, we queried roughly 275 privacy leads at Fortune 1000 companies, all of them large, private, for-profit firms operating from a base in the United States, and got a 23-percent response rate, providing us with one of the most comprehensive samples of corporate privacy le... Read More

No silver bullet: De-identification still doesn't work

Arvind Narayanan and Edward W. Felten of Princeton University rebut past articles indicating de-identification is a valid tool for protecting privacy. The authors claim there is no evidence that de-identification works and “attempts to quantify its efficacy are unscientific and promote a false sense of security by assuming unrealistic, artificially constrained models of what an adversary might do.” Read Now (PDF 299K)... Read More