Information Management

Order by:Group by:

Asia-Pacific

Privacy Guide - Asia and the Pacific (2007)
Asia-Pacific Region at the Privacy Crossroads (2008)
APEC Privacy Framework (2005)

Australia

DIRKS
Federal Court of Australia, Document Management, eDiscovery and eTrial Toolkit
ALRC Discussion Paper 72: Review of Australian Privacy Law

Canada

Canadian Privacy Law Blog
Canada, Office of the Privacy Commissioner

China

Privacy Protection in China – Latest Developments (August 2010)

Multinational, Europe

Council of Europe's Data Protection Page

Europe, European Union

European Data Protection Law: Corporate Compliance and Regulation (Oxford University Press, April 2008)
After the deadline: a status review of the implementation of the new European cookies rules (2011)

European Union

EU Parliament split over electronic data protection (2008)
European Commission: Proposed revision of the Directive on electronic data protection (2007)
European Parliament: Webpage on the legislative procedure on the Directive on electronic data protection
EU, FAQs on Binding Corporate Rules (BCR), Article 29 Working Party (2008)
DIRECTIVE 2006/24/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public ... (EU, 2006)
Privacy Meets Incident Reporting, Leaving Companies Reeling
EU, Documents adopted by the Data Protection Working Party
EU, Commission decisions on the adequacy of the protection of personal data in third countries
AGREEMENT between the European Union and the United States of America on the processing and transfer of Passenger Name Record (PNR) data by air carriers to the United States Department of Homeland Security (DHS) (2007 PNR Agreement)
EPIC's International Data Retention Page

Multinational, European Union

European Commission Decision on standard contractual clauses for the transfer of personal data to processors established in third countries, under Directive 95/46/EC (2001)
Commission of the European Communities, Commission Staff Working Document on the implementation of the Commission decisions on standard contractual clauses for the transfer of personal data to third countries (2001/497/EC and 2002/16/EC) (2006)
EU 1995 Data Protection Directive
EU, Working Document: Transfers of personal data to third countries: Applying Article 26 (2) of the EU Data Protection Directive to Binding Corporate Rules for International Data Transfers (2003)

United States, European Union

EU, Promoting data protection by privacy-enhancing technologies (PETS)
Agreement between the European Union and the United States of America on the processing and transfer of Financial Messaging Data from the European Union to the United States for purposes of the Terrorist Finance Tracking Program (2009)

France

France's Measures on Diversity and Data Protection: The Ten Recommendations of the CNIL (Littler, 2007)
France: Data Protection Act (CNIL)

Japan

Japan: Personal information privacy update (2007)
GRC-XML Work Group: December 16, 2008 Meeting
IT Executives Offered Japanese Compliance Rules (August 2, 2007)

Latin America, Multinational

Managing Data in Latin America (2007)

Multinational

ARMA International
International Association of Privacy Professionals (IAPP)
SAS Institute, Inc.
Western Hemisphere Data Protection Laws (2010)
International Privacy and Data Protection Laws (2008)
Restrictions and solutions to transfers of personal data within the European Union and from the European Economic Area to other countries (2008 Ed.)
European Data Protection Digest (IAPP)
International Data Protection and Privacy Law (2009)
Making compliance real for those in the trenches (2010)
High Performers and Foundational Controls: Building a Strategy for Security and Risk Management (January 2011)
Regulatory Intelligence by Michael Rasmussen: an Axentis Thought Leadership White Paper

Multinational, United States

Global Privacy Handbook (2008 Ed.)

Russia

Personal Data Protection (Privacy) Legislation in Russia (July 2010)

United Kingdom

Statutory Instrument 2003 No. 2426, The Privacy and Electronic Communications (EC Directive) Regulations 2003
United Kingdom Data Retention Electronic Communications Regulations 2007
UK, Digital Switchover (Disclosure of Information) Act 2007
New UK E-Privacy Regulations (2003)
UK, Data Protection Act 1998
UK, Data Protection Act Enforcement Cases, Information Commissioner's Office (ICO)
UK, THE ICO's Data Protection Act Page
UK, Privacy Impact Assessment (PIA) (ICO, 2007)
UK, Ministry of Justice Consultation, Data Sharing Review Report (2008)
UK, Data Protection Audit Manual (ICO, 2001)
UK, Data Protection Act 1998: The Eighth Data Protection Principle and international data transfers (ICO, V 4.0, 2010)
UK, 2008 information security breaches survey: technical report (BERR, 2008)
UK, Information security: business assurance guidelines (BERR / DTI)
UK, Incident Management Guidelines (BERR)
UK data retention requirements: information data retention and disposal (2008)
UK, Retention of personnel and other related records (CIPD, 2008)
United Kingdom Data Retention Electronic Communications Regulations 2007
UK, A consultation paper: Transposition of Directive 2006/24/EC (Home Office, 2008)
Email archiving UK law, regulations and implications for business (2007)
The Data Retention (EC Directive) Regulations 2007
United Kingdom, The Information Commissioner’s response to the Ministry of Justice’s call for evidence on the current data protection legislative framework (October 2010)
United Kingdom, Compliance with the data protection framework decision (2011)
United Kingdom, Minstry of Justice Data Protection Web Site
United Kingdom, Guide to data protection – definitions, principles and practical examples

United States

HHS, Office for Civil Rights: Health Information Privacy
Business.Gov: Computer and Information Security
45 CFR Part 164.500 et seq., Subpart E, Privacy of Individually Identifiable Health Information (As amended)
Seeing the Future of Search in E-Discovery (2008)
NIST, An Introductory Resource Guide For Implementing the Health Insurance Portability and Accountability (HIPAA) Security Rule (2008)
NIST, Information Security Handbook: A Guide for Managers (2006)
NIST, Performance Measurement Guide for Information Security (2008)
NIST, Guidelines on Electronic Mail Security (2007)
NIST, Computer Security Division, Computer Security Resource Center, Special Publications
UK, Use and Disclosure of Health Data (ICO, 2002)
Data retention: Selected requirements by data type
eDiscovery for Structured Data
Landmark Federal Discovery Rules Amendments Have Become Effective. Are You Ready? (2006)
Electronic Discovery Institute
Standard of Good Practice for Information Security, The (ISF)
Governing for Enterprise Security Implementation Guide (GES)
NIST: Risk Management Guide for Information Technology Systems (2002)
NIST, International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management (2002)
NIST, Risk Management Framework
E-Discovery And Records Management: A Risk-Based Approach (July 2007)
GAO, Information Security Risk Assessment: Practices of Leading Organizations (1999)
Convergence of Physical and Information Security in the Context of Enterprise Risk Management, The (2007)
Insider Risk Management Guide (2006)
NIST, Federal Information Security Management Act (FISMA) Implementation Project
Creating a Computer Security Incident Response Team: A Process for Getting Started (2002, Last Updated 2006)
Eight easy ways to protect your company data - and reputation (2008)
Beyond the Password: Tackling the challenge of data security for the global supply chain (2007)
Early Warning Signs of IT Project Failure: The Dominant Dozen (2006)
Security Matters, Software Engineering Institute, Carnegie Mellon University
Related communities
Record Retention & Data Management
Preventing Identity Theft