Data Privacy Law: A Practical Guide


If you answered multimillion-dollar fines for data privacy violations, you’d be right.

But you don’t have to be Google to face a crippling lawsuit that could threaten the future of your business.

Second Edition released in October 2017 and written in accessible language by experienced US and internationally-qualified professionals, DATA PRIVACY LAW: A Practical Guide  (ISBN: 978-0-9995127-1-5, US$49) enables practitioners to develop a quick and comprehensive understanding of your company’s legal obligations to protect client data.

Data Privacy Law: A Practical Guide answers questions like

  • Which are the key data privacy law standard-setting bodies in the US and internationally?
  • Does cross-border selling expose you to data privacy compliance risks in foreign countries?
  • Can you effectively offload your legal responsibilities to protect customer data to outsourced third-party service providers like web hosts and payment processors?
  • How do online marketing strategies like re-targeting affect your exposure to data privacy laws?
  • What are your legal obligations after discovering a data privacy breach?
  • What legal risks are involved in Web-based file sharing services like Dropbox?
  • At what stage must you appoint a Data Protection Officer?
  • How to document your company’s compliance with its data privacy policy?
  • … and many more

CONCRETE EXAMPLES are introduced throughout the text and are annotated to illustrate the implications of applicable laws on data privacy policies.

ESSENTIAL SUMMARIES ensure that key applicable data privacy laws of the US, Canada, EU, Australia and key emerging markets, are taken into account when designing your company’s data protection policies.

We also provide specific recommended courses of action to follow to mitigate liability following a data privacy breach.

We cover both CONSUMER and COMPANY data privacy and protection rules.

If you are creating, managing or complying with data privacy policy in an organization, this book was written for you.


Data Privacy Law: A Practical Guide is co-written by

Gwen “Wendy” Kennedy BA, JD, LLM (Cantab). Wendy is an international attorney specializing in assisting multinational enterprises in managing their global risks, particularly in relation to compliance, data privacy, and taxation. She is a former university lecturer in international law and is a qualified attorney in the US and a solicitor in the UK.

Leighton Peter Prabhu BCom MPhil (Cantab) CA CPA. Peter is a public accountant, auditor and financial advisor who has worked with clients in more than 25 countries. Peter is particularly experienced in the cross-border e-commerce sector and has worked with both startups and some of the largest international financial institutions.

Content Overview

Chapter One provides an overview of data privacy. Answering a few of the more frequently asked questions, including, who needs a data privacy policy, what is the difference between data privacy and data security and where liability may arise. 

Chapter Two examines data privacy laws in both the U.S. and Canada. 

In Chapter Three the EU General Data Protection Regulation is introduced. The GDPR, when implemented, will be the most stringent data privacy laws in the world and will form the basic tenets for most data privacy laws around the world. 

Chapter Four outlines regional trends around the globe and discusses how data privacy laws differ from country to country, in some cases causing multijurisdictional conflicts. 

Chapter Five examines outsourcing, business-to-business (“B2B”) issues and data breach insurance. 

In Chapter Six you will find information on what to do in the case of a data privacy breach, how to prevent incidences and reduce risks. 

Chapter Seven sets out what substantive provisions should be included in a data privacy policy and how to draft a policy that conforms with the strictest data privacy laws that might be applicable to your business. It includes suggestions on how to streamline your data privacy policy to maximize the compliance in jurisdictions with less rigorous laws.


DATA PRIVACY LAW: A Practical Guide
Table of Contents

Content Overview
About the Authors

Chapter One: Who Needs a Data Privacy Policy?

What is the Difference Between Data Privacy and Data Security?
Why Do Businesses Collect Personal Information?
Is the Need for a Data Privacy Policy Urgent?
Two Case Studies: Toysmart and DoubleClick
Use of Third-Party Vendors
Who’s in Charge?
What is a Data Protection Officer?
Who Needs a Data Protection Officer?

Chapter Two: Compliance with Data Privacy Laws: A Survey of U.S. and Canadian Law

United States Data Privacy Laws
Canadian Data Privacy Laws

Chapter Three: EU Data Protection Legislation

EU Historical Concern for Data Privacy and Protection
The General Data Protection Regulation (“GDPR”)
The Governing Principles
Data Transfers Outside the EU

Chapter Four: Regional Trends and Multijurisdictional Conflicts

Regional Trends
Multijurisdictional Conflicts in Data Privacy Laws

Chapter Five: Outsourcing

Use of a Cloud Service Provider to Collect, Store and Transfer Information
Data Breach Insurance

Chapter Six: Responding to an Incident

Incidence Response Timing and Process
Data Retention and Disposal
Enforcement Actions

Chapter Seven: The Data Privacy Policy

What Should Be Included in a Data Privacy Policy?
Data Classification
Combining Personal Information from Multiple Sources
Collecting and Processing Personal Information
Required Provisions
Sample Privacy Policy Template


How to Stay Updated

Additional readings relating to data privacy from our blog



Leave a Reply

Your email address will not be published. Required fields are marked *