Information Management | by OCEG the Open Compliance and Ethics Group

Canada

Canadian Privacy Law Blog

Canada, Office of the Privacy Commissioner

Latin America, Multinational

Managing Data in Latin America (2007)

Multinational, Europe

Council of Europe's Data Protection Page

Multinational

ARMA International

ISACA

International Association of Privacy Professionals (IAPP)

SAS Institute, Inc.

Western Hemisphere Data Protection Laws (2010)

International Privacy and Data Protection Laws (2008)

Restrictions and solutions to transfers of personal data within the European Union and from the European Economic Area to other countries (2008 Ed.)

European Data Protection Digest (IAPP)

International Data Protection and Privacy Law (2009)

Making compliance real for those in the trenches (2010)

High Performers and Foundational Controls: Building a Strategy for Security and Risk Management (January 2011)

Regulatory Intelligence by Michael Rasmussen: an Axentis Thought Leadership White Paper

Multinational, European Union

European Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries, under Directive 95/46/EC (2001)

Commission of the European Communities, Commission Staff Working Document on the implementation of the Commission decisions on standard contractual clauses for the transfer of personal data to third countries (2001/497/EC and 2002/16/EC) (2006)

EU 1995 Data Protection Directive

EU, Working Document: Transfers of personal data to third countries: Applying Article 26 (2) of the EU Data Protection Directive to Binding Corporate Rules for International Data Transfers (2003)

Multinational, United States

Global Privacy Handbook (2008 Ed.)

Asia-Pacific

Privacy Guide - Asia and the Pacific (2007)

Asia-Pacific Region at the Privacy Crossroads (2008)

APEC Privacy Framework (2005)

Australia

DIRKS

Federal Court of Australia, Document Management, eDiscovery and eTrial Toolkit

ALRC Discussion Paper 72: Review of Australian Privacy Law

Mexico

ISM

Europe, European Union

European Data Protection Law: Corporate Compliance and Regulation (Oxford University Press, April 2008)

After the deadline: a status review of the implementation of the new European cookies rules (2011)

United States

HHS, Office for Civil Rights: Health Information Privacy

Business.Gov: Computer and Information Security

45 CFR Part 164.500 et seq., Subpart E, Privacy of Individually Identifiable Health Information (As amended)

Seeing the Future of Search in E-Discovery (2008)

NIST, An Introductory Resource Guide For Implementing the Health Insurance Portability and Accountability (HIPAA) Security Rule (2008)

NIST, Information Security Handbook: A Guide for Managers (2006)

NIST, Performance Measurement Guide for Information Security (2008)

NIST, Guidelines on Electronic Mail Security (2007)

NIST, Computer Security Division, Computer Security Resource Center, Special Publications

UK, Use and Disclosure of Health Data (ICO, 2002)

Data retention: Selected requirements by data type

eDiscovery for Structured Data

Landmark Federal Discovery Rules Amendments Have Become Effective. Are You Ready? (2006)

Electronic Discovery Institute

Standard of Good Practice for Information Security, The (ISF)

Governing for Enterprise Security Implementation Guide (GES)

NIST: Risk Management Guide for Information Technology Systems (2002)

NIST, International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management (2002)

NIST, Risk Management Framework

E-Discovery And Records Management: A Risk-Based Approach (July 2007)

GAO, Information Security Risk Assessment: Practices of Leading Organizations (1999)

Convergence of Physical and Information Security in the Context of Enterprise Risk Management, The (2007)

Insider Risk Management Guide (2006)

NIST, Federal Information Security Management Act (FISMA) Implementation Project

Creating a Computer Security Incident Response Team: A Process for Getting Started (2002, Last Updated 2006)

Eight easy ways to protect your company data - and reputation (2008)

Beyond the Password: Tackling the challenge of data security for the global supply chain (2007)

Early Warning Signs of IT Project Failure: The Dominant Dozen (2006)

Security Matters, Software Engineering Institute, Carnegie Mellon University

IT Sentinel (UK)

Federal Information Security Management Act of 2002

Government of Canada Publications: IT Security Guidance (ITSG)

IT Compliance Institute (ITCi)

Information Security Forum

ISO Catalog Page: Information technology

IT Security Portal

Information Security and Data Breach Notification Safeguards (CRS, Rev January 28, 2010)

DOC, Safe Harbor Workbook

OCEG Jurisdiction Survey: Privacy - State Laws Regarding Employee Access to Personnel Records

DOC, Safe Harbor Checklist for U.S. Companies

DHS, REAL ID Proposed Guidelines: Questions & Answers

Comptroller of the Currency, Privacy Laws and Regulations (2000)

DoED, Family Educational Rights and Privacy Act (FERPA) Regulations

UK, Data Protection Technical Guidance Determining What is Personal Data (2007)

DoED, Family Educational Rights and Privacy Act (FERPA)

California, Recommended Practices on Notice of Security Breach Involving Personal Information (2007)

DHS, Privacy Impact Assessment for the Department of Homeland Security General Contact Lists (2007)

DOC, Safe Harbor

FTC, Privacy Initiatives Home Page

FTC, Financial Privacy Rule: Interagency Notice Research Project Home Page

NIST, ITL Security Bulletins

SSL: The handshake that requires scrutiny (June 2007)

Should You Publish a Privacy Policy? (CSO Magazine, 2006)

Storage Technology News: New privacy rules may complicate records management (2007)

CongressLine - The EU Privacy Protection Directive and the U.S. Safe Harbor (2000)

Transferring Personal Data From Europe: Corporations Take Charge (2007)

Solving the Compliance vs. Mobile Dilemma (2006)

Data quality -- the forgotten privacy principle (2007)

Insider Threat (2007)

The ChoicePoint Dilemma: How Data Brokers Should Handle the Privacy of Personal Information (IEEE, 2007)

Compliance Provides Benefits Beyond The Obvious (2007)

Portable security: Full-disk encryption can take a lot of risk out of mobile computing (2007)

Internet Law: How to Transfer Electronic Personal Data from Europe to the United States

Personal data is not a bar to FOI disclosure, rules European court (2007)

Board Oversight of Information Technology - Data Privacy and Data Security: The New Imperative (2007)

EU approves minimal data protection standards (2007)

Data Breach Kit: Five Steps to Help You Survive the Inevitable

Tech Law Journal Online

Daily Tech

Guide to NIST Information Security Documents

All Access Pass

Related communities

Featured OCEG Programs

GRC Fundamentals on Demand