If you are a startup or just a privacy or security officer with a lean budget, please check out our list of publicly available privacy and security resources.
We update this from time to time for presentations we give to companies just starting to build their privacy and security programs and always welcome input on any "free" resources you find helpful.
Publicly Available Privacy and Data Security Resources
The following is a list of publicly available resources, most at no cost, which privacy professionals may find helpful in obtaining information and tools for developing their privacy and data security programs.
International Association of Privacy Professionals ("IAPP") Resources
Privacy links, job listings, and links to all of the world's data protection authority websites.
Collection of FAQs and white papers prepared by Microsoft pertaining to user privacy protection, data governance, ad-serving, EU privacy compliance, and more.
Generally Accepted Privacy Principles ("GAPP")
Principles for designing and implementing privacy practices and policies from the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants.
Surveys, whitepapers, guidance, including a behavioral targeting checklist, security guidelines etc.
Privacy and security webcasts available with registration.
Country by country summaries of data protection laws and privacy rights.
National Conference of State Legislatures: Privacy & Security
Charts of state privacy and security laws. Also includes articles, briefs, and newsletters discussing state regulation of privacy and security issues.
Organisation for Economic Co-Operation and Development: Information Security and Privacy
Homepage for OECD working party on Information Security and Privacy.
Privacy Exchange: Legal Library
Index of privacy laws from around the world with links to statutory texts.
Newsletter, privacy interviews, privacy breach analysis, links to privacy studies.
Paid subscription service offering database of privacy compliance information.
The Data Governance Institute
Free data governance program documents, processes, templates and tools.
The Ponemon Institute
Source of independent research on privacy, data protection and information security policy.
Privacy – U.S.
Federal Trade Commission: Privacy Initiatives
Information on the FTC's privacy initiatives: unfairness and deception, the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and the Children's Online Privacy Protection Act.
FCC Proposed Broadband Consumer Privacy Rules
Proposed privacy guidelines for broadband Internet Service Providers (ISPs)
FCC Customer Proprietary Network Information (CPNI) Small Business Compliance Guide
Privacy guidance for small entity telecommunications carriers and VOIP service providers
California Office of Privacy Protection
Guidance on California privacy laws, general privacy links, and links to other privacy laws.
Privacy – Rest of the World
European Commission Data Protection Site
- General Data Protection Regulation (GDPR)
- Factsheets and other EC documents
- Documents adopted by the Data Protection Working Party
- Links to Websites of National Data Protection Authorities
Data Transfers from Europe
· Eu model Contracts for Transfer of Personal Data to Third Countries
· EU – U.S. Privacy Shield
UK Information Commissioner's Office
Resources include handbook for conducting Privacy Impact Assessments.
Australian Government Office of the Privacy Commissioner
Information sheets, privacy impact assessment guide, personal information security breach guide.
Canadian Office of the Privacy Commissioner
Reports, publications, guidelines, research, tools, videos, privacy illustrations, privacy impact assessments.
Privacy in Product Development / Privacy by Design
Privacy by Design (Ontario Information and Privacy Commissioner)
Publications and resources on the concept of Privacy by Design
Microsoft’s Privacy Guidelines for Developing Software Products and Services http://www.microsoft.com/en-us/download/details.aspx?id=16048
Protecting Personal Information: A Guide for Business
FTC guide for implementing data security principles, with public domain security training materials.
Fighting Fraud with the Red Flag Rules: the FTC's How-to Guide for Businesses
Guide for organizations that are building Identity Theft Prevention programs with compliance tips, information about the Rule's applicability, and a guided four-step process.
National Institute of Standards and Technology: Computer Security Resource Center
Provides a range of information technology security standards and guidelines.
PCI DSS: Standards, Self-Assessment, and Compliance
Website for payment card industry standards, guidelines, and compliance tips.
Microsoft’s Security Development Lifecycle ("SDL")
Secure coding guidelines developed by Microsoft but generally applicable to all platforms.
Microsoft’s Security Development Lifecycle ("SDL") training
PowerPoint training modules that cover secure design, implementation, and verification.
Free security trainings on a variety of technology or process-specific topics including mobile security.
Android Security Guidelines
Google’s security best practices for developing on the Android platform.
iOS Security Coding Guidelines
Apple’s secure coding practices guidelines.
Data Breach Response
National Conference of State Legislatures: State Data Breach Laws
Charts of state security breach notification laws.
Data Loss db – Primary Source Archive of Data Breach Notification Letters
Searchable archive of breach notification letters submitted to various U.S. jurisdictions.
Massachusetts: Sample Letter for Notifying State Attorney General About a Breach
Vermont: Security Breach Guidance and Sample Notification Letter
Privacy Rights Clearinghouse’s Chronology of Data Breaches
For questions and input contact:
Susan Lyon- Hintze – firstname.lastname@example.org, 206-601-3233
Mike Hintze – email@example.com, 206-719-6934
Jared Friend – firstname.lastname@example.org, 206-325-3277
Hintze Law PLLC
505 Broadway E. #151
Seattle, WA 98102