Privacy Guidelines

New Privacy Guidance From NIST and ISO

National Institute of Standards and Technology, ISO Release Privacy Guidance Companies seeking guidance about how to understand privacy risks and to implement measures to address them should be aware of two new resources – The National Institute of Standards and Technology’s (“NIST”) draft Privacy Framework and the International Organization for Standardization’s (“ISO”) International Standard for privacy information management. These tools are designed to work alongside existing guidelines for cybersecurity and the requirements of emerging law such as the General Data Protection Regulation and the California Consumer Privacy Act. The NIST Privacy Framework   In September, NIST, an agency of the U.S. Department of Commerce, released a preliminary draft of…


Australia Joins Asia Pacific Data Privacy Compliance System

Australia’s plan to participate in the APEC Cross Border Privacy Rules System signals growing importance of accountability-based data practices Companies planning to expand their market into the Asia Pacific region should pay close attention to Australia’s recent announcement that it intends to participate in the APEC Cross-Border Privacy Rules (CBPR) system. It signals that accountability and effective data governance now form the basis for lawful data use and transfer across the globe and should serve as the backbone of all companies’ information governance practices. The APEC CBPR system was developed by participating Asia Pacific Economic Cooperation countries (referred to in this context as “economies”) and designed to build consumer, business and regulator trust…


The Five Essential Elements of Accountability Under the GDPR Every Business Should Know

The General Data Protection Regulation (GDPR), which comes into effect in May 2018 (only six months from now) has been the subject of countless conference discussions, press stories, and company meetings about the challenges of compliance. The GDPR is a lengthy and complex read, and its requirements – ranging from detailed consent requirements to the need to conduct data protection impact assessments – can seem daunting. What is often lost in the concern about specifics is that the most important change the GDPR represents is the shift in thinking it requires. The GDPR provides that companies change their mindset from one of “check-box” compliance to accountability. It requires…


Achieved Compliance Participates in the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong

Last month, Achieved Compliance attended the 39th International Conference of Data Protection and Privacy Commissioners in Hong Kong. Stephen Kai-yi Wong, Privacy Commissioner for Personal Data, Hong Kong, hosted the event, which was attended by over 3,000 data protection authorities, privacy professionals, industry representatives and non-governmental organizations. The Commissioners’ Conference convenes annually and offers one of the best opportunities to learn not only about the current state of data protection law, but to understand what is top-of-mind for regulators and what new challenges they see on the horizon. Among its goals is to promote and enhance personal data protection and privacy rights around the world, and to provide a forum…

  • 1
  • 2