Discussing how privacy issues intersect with a company’s growth goals and how they permeate the organization is key to having a strong privacy policy and earning consumer trust, said TrustArc executives during a Tuesday webinar the compliance vendor hosted.
Compliance Techniques
Compliance techniques encompass the strategies, tools and processes organizations use to meet evolving privacy and data protection requirements. Privacy engineers, chief data protection officers and compliance teams deploy methods such as data mapping, privacy impact assessments and automated monitoring to align with new laws in the U.S. and abroad. These techniques help avoid costly enforcement actions and build trust by embedding privacy by design into products and operations.
Whether to use an internal or external auditor to comply with new California Privacy Protection Agency (CPPA) rules depends on the company, said Woods Rogers cybersecurity attorney Patrick Austin in an IAPP analysis posted Tuesday. “There is no one right choice that applies to all businesses.”
The variety in privacy laws and standards give companies some flexibility in how consent banners are displayed on their websites, said panelists during an IAPP webinar Tuesday. But they cautioned that teams throughout an organization must understand how trackers operate on the site and what data is collected.
Age assurance can be a crucial step in online safety for children, so long as it’s done carefully and in a privacy-preserving way, said experts during a Public Knowledge event Monday. However, they warned that age assurance should be part of a larger response.
Though using age assurance to access certain online platforms and websites is the route policymakers frequently take hoping to protect children online, it can end up doing more harm than good, multiple privacy organizations said in recent papers and blog posts.
Age-estimation technology and its role in reducing regulatory burden is gaining attention in industry and data privacy circles, an official with BBB National Programs said Friday.
The EU General Court ruling upholding the EU-U.S. Data Privacy Framework "is not the end of the story," IAPP Chief Knowledge Officer Caitlin Fennessy said Thursday during a webinar. Wednesday's decision can and likely will be appealed, said data protection lawyers, adding that the ruling has implications for frameworks beyond the EU.
The EU General Court threw out a challenge to the EU-U.S. Data Privacy Framework (DPF) on Wednesday, confirming that the U.S. adequately protects Europeans' personal data and that trans-Atlantic data flows can continue.
Successful privacy professionals make the most of limited resources, BlueSky Privacy CEO Teresa Troester-Falk said in an IAPP opinion piece Thursday.
Though boosting AI innovation is one of the EU’s top priorities for the next several years, member states are implementing and interpreting plans and rules differently from one another, said panelists during an IAPP webinar Wednesday. The session covered the European Commission's new mandate of priorities and policies, the EU AI Act, the AI Continent Action Plan and their impact on data governance programs.