If you are a startup or just a privacy or security officer with a lean budget, please check out our list of publicly available privacy and security resources.

We update this from time to time for presentations we give to companies just starting to build their privacy and security programs and always welcome input on any "free" resources you find helpful.

Publicly Available Privacy and Data Security Resources

The following is a list of publicly available resources, most at no cost, which privacy professionals may find helpful in obtaining information and tools for developing their privacy and data security programs.
Privacy General

International Association of Privacy Professionals ("IAPP") Resources

https://www.privacyassociation.org/

Privacy links, job listings, and links to all of the world's data protection authority websites.

Microsoft: Privacy

http://www.microsoft.com/privacy/

Collection of FAQs and white papers prepared by Microsoft pertaining to user privacy protection, data governance, ad-serving, EU privacy compliance, and more.

Cooley Privacy Policy Generator

http://generator.cooley.com/sites/privacy/Privacy/PQ2/Pre-PRIVACY-Start.aspx

Generally Accepted Privacy Principles ("GAPP")

http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/Privacy/GenerallyAcceptedPrivacyPrinciples/Pages/default.aspx

Principles for designing and implementing privacy practices and policies from the American Institute of Certified Public Accountants and the Canadian Institute of Chartered Accountants.

Truste Resources

www.truste.com/resources

Surveys, whitepapers, guidance, including a behavioral targeting checklist, security guidelines etc.

BrightTALK

http://www.brighttalk.com/

Privacy and security webcasts available with registration.

Privacy International

https://www.privacyinternational.org/

Country by country summaries of data protection laws and privacy rights.

National Conference of State Legislatures: Privacy & Security

http://www.ncsl.org/Default.aspx?TabID=756&tabs=951,71,539#951

Charts of state privacy and security laws. Also includes articles, briefs, and newsletters discussing state regulation of privacy and security issues.

Organisation for Economic Co-Operation and Development: Information Security and Privacy

www.oecd.org/sti/security-privacy

Homepage for OECD working party on Information Security and Privacy.

Privacy Exchange: Legal Library

http://www.privacyexchange.org/legal/index.html

Index of privacy laws from around the world with links to statutory texts.

Nymity

http://www.nymity.com/Free_Privacy_Resources/Latest_Privacy_Studies.aspx?sort=RefPercent&order=d

Newsletter, privacy interviews, privacy breach analysis, links to privacy studies.

DataGuidance.com

http://www.dataguidance.com/index.asp

Paid subscription service offering database of privacy compliance information.

The Data Governance Institute

http://datagovernance.com/index.html

Free data governance program documents, processes, templates and tools.

The Ponemon Institute

http://www.ponemon.org

Source of independent research on privacy, data protection and information security policy.

Privacy – U.S.

Federal Trade Commission: Privacy Initiatives

http://www.ftc.gov/privacy/index.html

Information on the FTC's privacy initiatives: unfairness and deception, the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and the Children's Online Privacy Protection Act.

FCC Proposed Broadband Consumer Privacy Rules

https://www.fcc.gov/document/fcc-proposes-broadband-consumer-privacy-rules

Proposed privacy guidelines for broadband Internet Service Providers (ISPs)

FCC Customer Proprietary Network Information (CPNI) Small Business Compliance Guide

https://apps.fcc.gov/edocs_public/attachmatch/DA-08-1321A1.pdf

Privacy guidance for small entity telecommunications carriers and VOIP service providers

California Office of Privacy Protection

http://www.privacy.ca.gov/

Guidance on California privacy laws, general privacy links, and links to other privacy laws.

Privacy – Rest of the World

European Commission Data Protection Site

http://ec.europa.eu/justice/data-protection/index_en.htm

General Data Protection Regulation (GDPR)

http://ec.europa.eu/justice/data-protection/reform/index_en.htm

Factsheets and other EC documents
http://ec.europa.eu/justice/data-protection/article-29/documentation/index_en.htm
Documents adopted by the Data Protection Working Party
http://ec.europa.eu/justice/data-protection/article-29/documentation/index_en.htm

Links to Websites of National Data Protection Authorities
http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm

Data Transfers from Europe

· Eu model Contracts for Transfer of Personal Data to Third Countries
http://ec.europa.eu/justice/data-protection/document/international-transfers/transfer/index_en.htm

· EU – U.S. Privacy Shield

https://www.privacyshield.gov/

UK Information Commissioner's Office

http://www.ico.gov.uk/

http://www.ico.gov.uk/upload/documents/pia_handbook_html_v2/html/0-advice.html

Resources include handbook for conducting Privacy Impact Assessments.

Australian Government Office of the Privacy Commissioner

http://www.privacy.gov.au/

Information sheets, privacy impact assessment guide, personal information security breach guide.

Canadian Office of the Privacy Commissioner

http://www.priv.gc.ca/index_e.cfm

Reports, publications, guidelines, research, tools, videos, privacy illustrations, privacy impact assessments.

Privacy in Product Development / Privacy by Design

Privacy by Design (Ontario Information and Privacy Commissioner)

http://www.privacybydesign.ca/

Publications and resources on the concept of Privacy by Design

Microsoft’s Privacy Guidelines for Developing Software Products and Services http://www.microsoft.com/en-us/download/details.aspx?id=16048

Data Security

Protecting Personal Information: A Guide for Business

http://www.ftc.gov/bcp/edu/multimedia/interactive/infosecurity/index.html

FTC guide for implementing data security principles, with public domain security training materials.

Fighting Fraud with the Red Flag Rules: the FTC's How-to Guide for Businesses

www.ftc.gov/bcp/edu/microsites/redflagsrule/index.shtml

Guide for organizations that are building Identity Theft Prevention programs with compliance tips, information about the Rule's applicability, and a guided four-step process.

National Institute of Standards and Technology: Computer Security Resource Center

http://www.nist.gov/itl/csd/index.cfm

Provides a range of information technology security standards and guidelines.

PCI DSS: Standards, Self-Assessment, and Compliance

https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml

Website for payment card industry standards, guidelines, and compliance tips.

Secure Coding

Microsoft’s Security Development Lifecycle ("SDL")

http://www.microsoft.com/security/sdl/default.aspx

Secure coding guidelines developed by Microsoft but generally applicable to all platforms.

Microsoft’s Security Development Lifecycle ("SDL") training

https://www.microsoft.com/en-us/SDL/process/training.aspx