The day’s top stories from around the world
Where the real conversations in privacy happen
Original reporting and feature articles on the latest privacy developments
Alerts and legal analysis of legislative trends
Exploring the technology of privacy
A roundup of the top Canadian privacy news
A roundup of the top European data protection news
A roundup of the top privacy news from the Asia-Pacific region
A roundup of the top privacy news from Latin America
A roundup of US privacy news
Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.
Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.
Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.
Locate and network with fellow privacy professionals using this peer-to-peer directory.
Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.
Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.
Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.
Develop the skills to design, build and operate a comprehensive data protection program.
Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.
Introductory training that builds organizations of professionals with working privacy knowledge.
Learn the legal, operational and compliance requirements of the EU regulation and its global influence.
Meet the stringent requirements to earn this American Bar Association-certified designation.
The global standard for the go-to person for privacy laws, regulations and frameworks
The first and only privacy certification for professionals who manage day-to-day operations
As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.
Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.
The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.
The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for GDPR readiness. Learn more today.
Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.
Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Use the Vendor Demo Center, Privacy Vendor List and Privacy Tech Vendor Report to easily identify privacy products and services to support your work.
On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to international data transfers.
The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.
This tracker organizes the privacy-related bills proposed in Congress to keep our members informed of developments within the federal privacy landscape.
Access all reports and surveys published by the IAPP.
Access all white papers published by the IAPP.
IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
The IAPP’s EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you’re meeting your obligations.
This chart maps several comprehensive data protection laws to assist our members in understanding how data protection is being approached around the world.
This interactive tool provides IAPP members access to critical GDPR resources — all in one location.
Join DACH-region data protection professionals for practical discussions of issues and solutions. Presented in German and English.
P.S.R. 2022 is the place for speakers, workshops and networking focused on the intersection of privacy and technology.
Europe’s top experts predict the evolving landscape and give insights into best practices for your privacy programme.
Gain exclusive insights about the ever-changing data privacy landscape in ANZ and beyond.
Explore the full range of U.K. data protection issues, from global policy to daily operational details.
Concentrated learning, sharing, and networking with all sessions delivered in parallel tracks — one in French, the other in English.
The world’s top privacy conference. Whether you work in the public or private sector, anywhere in the world, the Summit is your can’t-miss event.
View our open calls and submission instructions.
Increase visibility for your organization — check out sponsorship opportunities today.
Review upcoming IAPP conferences to see which need to be included in your schedule for the year ahead.
Start taking advantage of the many IAPP member benefits today
See our list of high-profile corporate members—and find out why you should become one, too
Don’t miss out for a minute—continue accessing your benefits
Review current member benefits available to Australia and New Zealand members
On Tuesday, June 14, the U.S. House Committee on Energy and Commerce held a hearing on the American Data Privacy and Protection Act discussion draft — a leading contender for a comprehensive federal privacy framework. The famed sticking points of individual redress mechanisms, preemption of state laws and the role of the U.S. Federal Trade Commission — the law’s likely federal enforcer — were among the slew of debated aspects. However, the cybersecurity provisions and data security requirements necessary to create a bill that not only guarantees a right to privacy but also creates a safer place for all Americans were not discussed extensively.
While these issues were not discussed at length, the bill addresses how to handle data security and cybersecurity directly and indirectly.
Data privacy cannot exist without a robust cybersecurity foundation. This draft would be the first comprehensive federal bill to require data security and the protection of covered data for most entities, including data security policies and reasonable administrative, technical, and physical practices and procedures with at least six specific requirements. The FTC would be responsible for providing compliance guidance, which must consider the entity size, sensitivity of data and the cost of tools because not all entities are the same. The bill would also establish corporate accountability for lost or stolen data with specific obligations for large data holders.
The bill improves cybersecurity through stronger and more secure ties to our international allies and partners. The United States is one of the only industrialized countries that lacks a single national privacy law, which affects our global competitiveness and creates barriers to common business practices like data transfers. This leaves the U.S. behind while other countries take steps to improve data security. As the Cyberspace Solarium Commission noted, the status quo “threaten[s] to splinter the digital economy, confuse[s] efforts to secure users’ personal data, and imperil[s] the ability of American companies to compete globally.” The draft bill would help resolve these deep international disconnects and put America back in a leadership position.
Notwithstanding broader connections to our allies, the bill also strengthens protections for American citizens against the collection of their personal information by our adversaries. The bill requires covered entities to inform individuals if their data is transferred, processed or made available to select countries like China or Russia. These countries work to gather our data and weaponize it against us, but our laws and policies should not tolerate — let alone be accustomed to — such behavior. The draft bill starts to take action to ensure the United States maintains its competitive advantage through the security of our data.
Situations will likely arise where exceptions need to be made to protect individuals or data, especially where cybersecurity and national security are concerned. This bill allows data to be used for limited purposes, if it is necessary and limited, such as detecting or responding to a security incident or protecting against fraudulent or illegal activity. This flexibility is important to ensure security incidents and illegal activity are appropriately addressed.
Some have suggested that “the ADPPA as drafted could create substantial headwinds for routine, enterprise-focused cybersecurity activity.” For example, some claim that the definition of sensitive covered data pertaining to online activities is too broad. They argue the breadth of the definition may limit the ability of companies to use unique identifiers for security functions. Conversely, others claim that the vague definition of covered data is necessary to account for the wide range of types of data. The exceptions in the bill for security incidents, protecting against illegal activity and comporting with warranties are sufficient to provide for the security needs of organizations while maintaining privacy requirements.
Laying a cybersecurity foundation, increasing competitiveness and international security, protecting Americans from adversaries, and accounting for data security and cybersecurity needs are among the most important aspects of the draft bill. There are parts of the discussion draft that could be improved, but in the aggregate, the bill is a substantial step forward. Our economy, consumer safety, and perhaps most importantly, national security hang in the balance of passing data security and privacy legislation. After all, there can be no privacy without security.
Photo by FLY:D on Unsplash
Submit for CPEs
If you want to comment on this post, you need to login.
The IAPP is the largest and most comprehensive global information privacy community and resource. Founded in 2000, the IAPP is a not-for-profit organization that helps define, promote and improve the privacy profession globally.
The IAPP is the only place you’ll find a comprehensive body of resources, knowledge and experts to help you navigate the complex landscape of today’s data-driven world. We offer individual, corporate and group memberships, and all members have access to an extensive array of benefits.
© 2022 International Association of Privacy Professionals.
All rights reserved.
Pease International Tradeport, 75 Rochester Ave.
Portsmouth, NH 03801 USA • +1 603.427.9200
