Security Industry

Association (SIA)
Privacy Profile References
GDPR References for Physical Security & Identity in the U.S.1

1 v.1 (please send all comments to [email protected])

 Table of Contents
USA
Privacy Act........................................................................................................................................... 7

European Union (EU)-U.S. Privacy Shield......................................................................................... 7

Federal Information Security Management Act (FISMA)................................................................. 7

National Conference of State Legislatures....................................................................................... 7

Children’s Online Privacy Protection Rule (COPPA)......................................................................... 7

U.S. Code of Federal Regulations (CFR) – 16 CFR Part 312............................................................. 7

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)..................................... 7

42 CFR Part 2 - Confidentiality of Substance Use Disorder Patient Records................................. 7

Gramm-Leach-Bliley Act (GLBA)........................................................................................................ 7

Fair Credit Reporting Act (FCRA)....................................................................................................... 7

California.............................................................................................................................................. 8

Assembly Bill No. 375 – Privacy: Personal Information: Businesses........................................ 8

California Consumer Privacy Act (CCPA)..................................................................................... 8

Privacy Journal.................................................................................................................................... 8

U.S. Privacy Laws by State.......................................................................................................... 8

Europe
EU......................................................................................................................................................... 8

The General Data Protection Regulation (GDPR)...................................................................... 8

EU Charter of Fundamental Rights............................................................................................. 8

Council of Europe: The Convention for the Protection of Individuals with

Regard to Automatic Processing of Personal Data (CETS No. 108).......................................... 8

The Data Protection Law Enforcement Directive....................................................................... 8

ePrivacy Directive......................................................................................................................... 8

Security Industry Association © 2018 Security Industry Association 1

Privacy Profile References
 European Court of Justice (ECJ)........................................................................................................ 8

CASE AT.39740 Google Search (Shopping)................................................................................ 8

Judgment in Case C-131/12

Google Spain SL, Google Inc. v Agencia Española de Protección de Datos............................ 8

Incorporation of the GDPR Into the European Economic Area (EEA) Agreement.................. 9

Article 29 Data Protection Working Party.......................................................................................... 9

Guidelines on Automated Individual Decision Making

and Profiling for the Purposes ofRegulation 2016/679.............................................................. 9

Guidelines on Transparency Under Regulation 2016/679......................................................... 9

Guidelines on Consent Under Regulation 2016/679................................................................. 9

International
International Standards Organization (ISO)..................................................................................... 9

ISO 27001 Information Security Management........................................................................... 9

ISO 27002 Code of Practice for Information Security Controls................................................ 9

ISO 2900 Privacy Framework....................................................................................................... 9

ISO 29184 Guidelines for Online Privacy Notices and Consent................................................ 9

United Kingdom
Data Protection Act (2018).................................................................................................................. 9

Protection of Freedoms (2012)........................................................................................................... 9

Police and Criminal Evidence Act (1984)......................................................................................... 10

The Privacy and Electronic Communications

(EC Directive) (Amendment) Regulations (2011)............................................................................ 10

UK Information Commissioner’s Office (ICO)................................................................................. 10

ICO Resources............................................................................................................................. 10

Guide to 12 Principles................................................................................................................ 10

Third Party Certification............................................................................................................. 10

Security Industry Association © 2018 Security Industry Association 2

Privacy Profile References
 UK Surveillance Commissioner....................................................................................................... 10

Surveillance Camera Code of Practice...................................................................................... 10

CCTV Checklist............................................................................................................................ 10

Surveillance Camera Commissioner’s Buyer’s Toolkit............................................................. 10

UK Sample Risk Assessments and Codes of Practice for CCTV................................................... 10

Nuneaton and Bedworth........................................................................................................... 10

Brent............................................................................................................................................ 10

National Security Inspectorate.................................................................................................. 10

Wigan Privacy Impact Assessment........................................................................................... 11

Self-Assessment Tools...................................................................................................................... 11

Automatic Number Plate Recognition...................................................................................... 11

Body-Worn Video........................................................................................................................ 11

Safeguarding Body-Worn Video Data....................................................................................... 11

CCTV Assessment Tool............................................................................................................... 11

Unmanned Aerial Vehicles and Drones..................................................................................... 11

Data Protection Self-Assessment............................................................................................. 11

Privacy Impact Assessment Template....................................................................................... 11

United Kingdom Home Office.......................................................................................................... 11

Covert Surveillance and Property Interference (2010) – Revised Code of Practice

Pursuant to Section 71 of the Regulation of Investigatory Powers Act (2000)..................... 11

British Standards Institute (BSI)...................................................................................................... 11

BSI CCTV Standards (Fees Apply)............................................................................................. 11

British Security Industry Association (BSIA)................................................................................. 12

BSIA Graded Requirements based on BS EN 62676 Standards for CCTV............................. 12

BSIA Maintenance of CCTV Surveillance Systems Code of Practice..................................... 12

Security Industry Association © 2018 Security Industry Association 3

Privacy Profile References
 BSIA Planning, Design, Installation and Operation of CCTV
Surveillance Systems Code of Practice and Associated Guidance........................................ 12

Cloud
ISO 27018........................................................................................................................................... 12

Protection of Personally Identifiable Information in Cloud..................................................... 12

Amazon ISO 27018 Compliance................................................................................................ 12

Amazon ISO 27018 Certificate................................................................................................... 12

ISO/International Electrotechnical Commission (IEC) 19086-3:2017 (en)..................................... 12

Information Technology – Cloud Computing – Service-Level Agreement (SLA)

Framework – Part 3: Core Conformance Requirements ......................................................... 12

Cloud Security Alliance..................................................................................................................... 12

Cloud Controls Matrix................................................................................................................ 12

STAR Certification...................................................................................................................... 12

Big Data Security and Privacy Handbook................................................................................. 12

Certificate of Cloud Security Knowledge................................................................................. 12

German Federal Office for Information Security

(Bundesamt fur Sicherheit in der Informationstechnik - BSI)....................................................... 13

Secure Use of Cloud Services................................................................................................... 13

International Federation of Accountants (IFA)................................................................................ 13

International Standard on Assurance Engagements (ISAE) 3402–

Assurance Reports on Controls at a Service Organization..................................................... 13

American Institute of Certified Public Accountants (AICPA)......................................................... 13

Statement on Standards for Attestation Engagements (SAE) #18........................................ 13

Guides
International Association of Privacy Professionals (IAPP)............................................................. 13

GDPR Awareness Guide............................................................................................................. 13

Security Industry Association © 2018 Security Industry Association 4

Privacy Profile References
 Microsoft............................................................................................................................................ 13

GDPR Assessment Guide........................................................................................................... 13

Axis..................................................................................................................................................... 13

Camera Hardening Guide........................................................................................................... 13

Milestone Video Management Systems......................................................................................... 13

Hardening Guide......................................................................................................................... 13

University of Michigan..................................................................................................................... 14

Standard Practice Guide – Proper Use of Security Cameras.................................................. 14

Hikvision (Leading Chinese Manufacturer)..................................................................................... 14

Network Camera Security Guide.............................................................................................. 14

Additional Resources
National Institute of Standards & Technology (NIST).................................................................... 14

Cybersecurity Framework.......................................................................................................... 14

Digital Identity Guidelines (SP 800-63-3, 800-63A, 800-63B, 800-63C)................................... 14

Security and Privacy Controls for Information Systems and Organizations

(SP 800-53 Rev.5 (DRAFT).......................................................................................................... 14

Security Industry Association (SIA)................................................................................................. 14

Open Supervised Device Protocol (OSDP)............................................................................... 14

International Association of Privacy Professionals (IAPP)............................................................. 14

Analysis: CCPA (2018)................................................................................................................. 14

International Electrotechnical Commission (IEC)........................................................................... 14

Video Surveillance Systems for Use in Security

Applications IEC 62676-1-1 Systems Requirements................................................................ 14

Cornell University............................................................................................................................. 14

Responsible Use of Video Surveillance Systems POLICY 8.1................................................. 14

Security Industry Association © 2018 Security Industry Association 5

Privacy Profile References
 International Data Commissioners.................................................................................................. 15

Home Page.................................................................................................................................. 15

Members List.............................................................................................................................. 15

Privacy Principles.............................................................................................................................. 15

Fair Information Practice Principles (FIPPs).............................................................................. 15

OECD Guidelines on the Protection of Privacy and the

Transboarder Flows of Personal Data....................................................................................... 15

APEC Privacy Framework (Including Principles)...................................................................... 15

New Zealand Privacy Commissioner Privacy Principles.......................................................... 15

IDESG Baseline Principles (including Privacy)......................................................................... 15

Codes of Practice............................................................................................................................... 15

Australian Security Industry Association Limited................................................................... 15

CCTV Code of Ethics............................................................................................................ 15

Australian Retailers Association................................................................................................ 15

Video Surveillance Code of Practice.................................................................................. 15

City of Perth................................................................................................................................ 15

CCTV Surveillance Operations Code of Practice............................................................... 15

Blogs.................................................................................................................................................. 16

Privacy 2.0, Economist............................................................................................................... 16

New California Privacy Law to Affect More Tthan Half a Million U.S. Companies................ 16

Security Industry Association © 2018 Security Industry Association 6

Privacy Profile References
References
United States
USA
Privacy Act
https://www.justice.gov/opcl/privacy-act-1974

European Union (EU)-U.S. Privacy Shield

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-priva-
cy-shield_en

Federal Information Security Management Act (FISMA)

In accordance with FISMA, NIST is responsible for developing standards, guidelines and asso-
ciated methods and techniques for providing adequate information security for all agency
operations and assets, excluding national security systems.
https://csrc.nist.gov/projects/risk-management/detailed-overview

National Conference of State Legislatures

http://www.ncsl.org/research/telecommunications-and-information-technology/state-laws-relat-
ed-to-internet-privacy.aspx

Children’s Online Privacy Protection Rule (COPPA)

https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-on-
line-privacy-protection-rule

U.S. Code of Federal Regulations (CFR) – 16 CFR Part 312

Children’s Online Privacy Protection Act of 1998, 15 U.S.C. 6501–6505

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/combined/hipaa-simplifi-
cation-201303.pdf

42 CFR Part 2 - Confidentiality of Substance Use Disorder Patient Records

https://www.law.cornell.edu/cfr/text/42/part-2

Gramm-Leach-Bliley Act (GLBA)

https://www.gpo.gov/fdsys/pkg/PLAW-106publ102/pdf/PLAW-106publ102.pdf

Fair Credit Reporting Act (FCRA)

https://www.ftc.gov/system/files/fcra_2016.pdf

Security Industry Association © 2018 Security Industry Association 7

Privacy Profile References
California
Assembly Bill No. 375 – Privacy: Personal Information: Businesses
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180AB375

California Consumer Privacy Act (CCPA)

https://oag.ca.gov/system/files/initiatives/pdfs/17-0039%20%28Consumer%20Privacy%20
V2%29.pdf

Privacy Journal
U.S. Privacy Laws by State
http://www.privacyjournal.net/_center_compilation_of_state_and_federal_privacy_laws__
center__3077.htm

Europe
EU
The General Data Protection Regulation (GDPR)
https://ec.europa.eu/info/files/regulation-eu-2016-679-protection-natural-persons-regard-process-
ing-personal-data-and-free-movement-such-data_en

EU Charter of Fundamental Rights

https://ec.europa.eu/info/aid-development-cooperation-fundamental-rights/your-rights-eu/
eu-charter-fundamental-rights_en

Council of Europe: The Convention for the Protection of Individuals With Regard to Automatic
Processing of Personal Data (CETS No. 108)
https://www.coe.int/en/web/data-protection/convention108-and-protocol

The Data Protection Law Enforcement Directive

http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv%3AOJ.L_.2016.119.01.0089.01.
ENG&toc=OJ%3AL%3A2016%3A119%3ATOC

ePrivacy Directive
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52017PC0010&from=EN

European Court of Justice (ECJ)

CASE AT.39740 Google Search (Shopping)
http://ec.europa.eu/competition/antitrust/cases/dec_docs/39740/39740_14996_3.pdf

Judgment in Case C-131/12 Google Spain SL, Google Inc. v Agencia Española de Protección de Datos
https://curia.europa.eu/jcms/upload/docs/application/pdf/2014-05/cp140070en.pdf

Security Industry Association © 2018 Security Industry Association 8

Privacy Profile References
Incorporation of the GDPR Into the European Economic Area (EEA) Agreement
http://www.efta.int/EEA/news/Incorporation-GDPR-EEA-Agreement-508041

Article 29 Data Protection Working Party

Guidelines on Automated Individual Decision Making and Profiling for the Purposes of
Regulation 2016/679
http://ec.europa.eu/newsroom/document.cfm?doc_id=47742

Guidelines on Transparency Under Regulation 2016/679

http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227

Guidelines on Consent Under Regulation 2016/679

http://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=51030

International
International Standards Organization (ISO)
ISO 27001 Information Security Management
https://www.iso.org/isoiec-27001-information-security.html

ISO 27002 Code of Practice for Information Security Controls

http://www.iso27001security.com/html/27002.html

ISO 2900 Privacy Framework

https://www.iso.org/standard/45123.html

ISO 29184 Guidelines for Online Privacy Notices and Consent

https://www.iso.org/standard/70331.html

United Kingdom
UK
Data Protection Act (2018)
http://www.legislation.gov.uk/ukpga/2018/12/pdfs/ukpga_20180012_en.pdf

Protection of Freedoms (2012)

http://www.legislation.gov.uk/ukpga/2012/9/contents/enacted

Security Industry Association © 2018 Security Industry Association 9

Privacy Profile References
Police and Criminal Evidence Act (1984)
https://www.legislation.gov.uk/ukpga/1984/60/contents

The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations (2011)
http://www.legislation.gov.uk/uksi/2011/1208/pdfs/uksi_20111208_en.pdf

UK Information Commissioner’s Office (ICO)

ICO Resources
https://ico.org.uk/for-organisations/resources-and-support/

Guide to 12 Principles
https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/
file/409290/12_principles_diagram_v3.pdf

Third Party Certification

https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/
file/504246/Cert_Policy_Document_-_FINAL__2_.pdf

UK Surveillance Commissioner
Surveillance Camera Code of Practice
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/282774/Surveil-
lanceCameraCodePractice.pdf

CCTV Checklist
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/
cctv-checklist/ (OpenConsent Spreadsheet Checklist version available upon request)

Surveillance Camera Commissioner’s Buyer’s Toolkit

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/711368/MVP_
v5.1_for_SCC_sign_off.pdf

UK Sample Risk Assessments and Codes of Practice for CCTV

Nuneaton and Bedworth
https://www.nuneatonandbedworth.gov.uk/download/downloads/id/2087/closed_circuit_televi-
sion_-_code_of_practice.pdf

Brent
https://www.brent.gov.uk/media/16409819/cctv_scc-brent-part-2-pia-v16.pdf

National Security Inspectorate

http://www.nsi.org.uk/wp-content/uploads/2012/10/NCP-104.3-Code-of-Practice-Design-Installa-
tion-and-Maintenance-CCTV-Nov-2017.pdf

Security Industry Association © 2018 Security Industry Association 10

Privacy Profile References
Wigan Privacy Impact Assessment
https://www.wigan.gov.uk/Docs/PDF/Resident/Crime-Emergencies/CCTV-Privacy-Impact-As-
sessment.pdf

Self-Assessment Tools
Automatic Number Plate Recognition
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/561633/ANPR_
SAT.pdf

Body-Worn Video
https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/549594/SAT_
BWV.pdf

Safeguarding Body-Worn Video Data

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/568195/safe-
guarding-body-worn-video-data-07616p.pdf

CCTV Assessment Tool

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/524525/Self_
assessment_tool_v3_WEB_2016.pdf

Unmanned Aerial Vehicles and Drones

https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/638140/Drones_
SAT.pdf

Data Protection Self-Assessment

https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/

Privacy Impact Assessment Template

https://www.gov.uk/government/publications/privacy-impact-assessments-for-surveillance-cameras

United Kingdom Home Office

Covert Surveillance and Property Interference (2010) – Revised Code of Practice Pursuant to
Section 71 of the Regulation of Investigatory Powers Act (2000)
http://amberhawk.typepad.com/files/code-of-practice-covert.pdf

British Standards Institute (BSI)

BSI CCTV Standards (Fees Apply)
https://shop.bsigroup.com/Browse-By-Subject/Security/Electronic-Security-Systems/cctvstandards/

British Security Industry Association (BSIA)

BSIA Graded Requirements based on BS EN 62676 Standards for CCTV
https://www.bsia.co.uk/Portals/4/Publications/218-CCTV-graded-requirements-02.pdf

Security Industry Association © 2018 Security Industry Association 11

Privacy Profile References
BSIA Maintenance of CCTV Surveillance Systems Code of Practice https://www.bsia.co.uk/
Portals/4/Publications/120-maintenance-cctv-surveillance-systems-cop.pdf

BSIA Planning, Design, Installation and Operation of CCTV Surveillance Systems Code of Prac-
tice and Associated Guidance
https://www.bsia.co.uk/Portals/4/Publications/109-installation-cctv-systems.pdf

Cloud
ISO 27018
Protection of Personally Identifiable Information in Cloud
https://www.iso.org/standard/61498.html

Amazon ISO 27018 Compliance

https://aws.amazon.com/compliance/iso-27018-faqs/

Amazon ISO 27018 Certificate

https://d1.awsstatic.com/certifications/iso_27018_certification.pdf

ISO/ International Electrotechnical Commission (IEC) 19086-3:2017(en)

Information Technology – Cloud Computing – Service-Level Agreement (SLA) Framework – Part
3: Core Conformance Requirements
https://www.iso.org/obp/ui/fr/#iso:std:iso-iec:19086:-3:ed-1:v1:en

Cloud Security Alliance

Cloud Controls Matrix
https://cloudsecurityalliance.org/group/cloud-controls-matrix/#_overview

STAR Certification
https://cloudsecurityalliance.org/star/certification/#_overview

Big Data Security and Privacy Handbook

https://cloudsecurityalliance.org/download/big-data-security-and-privacy-handbook/

Certificate of Cloud Security Knowledge

https://cloudsecurityalliance.org/education/ccsk/#_overview

Security Industry Association © 2018 Security Industry Association 12

Privacy Profile References
German Federal Office for Information Security (Bundesamt fur
Sicherheit in der Informationstechnik - BSI)
Secure Use of Cloud Services
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/CloudComputing/SecureUseOfCloud-
Services/SecureUseOfCloudServices.pdf?__blob=publicationFile&v=6

International Federation of Accountants (IFA)

International Standard on Assurance Engagements (ISAE) 3402 – Assurance Reports on
Controls at a Service Organization
http://www.ifac.org/system/files/downloads/b014-2010-iaasb-handbook-isae-3402.pdf

American Institute of Certified Public Accountants (AICPA)

Statement on Standards for Attestation Engagements (SAE) #18
https://www.aicpa.org/content/dam/aicpa/research/standards/auditattest/downloadabledocu-
ments/ssae-no-18.pdf

Guides
International Association of Privacy Professionals (IAPP)
GDPR Awareness Guide
https://iapp.org/media/pdf/resource_center/GDPR_AWARENESS_GUIDE._092717.pdf

Microsoft
GDPR Assessment Guide
https://assessment.microsoft.com/gdpr-compliance

Axis
Camera Hardening Guide
https://www.axis.com/files/manuals/gd_hardening_guide_70424_en_1704_lo.pdf

Milestone Video Management Systems

Hardening Guide
https://milestonedownload.blob.core.windows.net/files/XProtect%202018%20R1/Manuals%20
and%20guides/Advanced%20VMS/Guides%20and%20documents/Hardening%20Guide/Mile-
stone_HardeningGuide_en-US.pdf

Security Industry Association © 2018 Security Industry Association 13

Privacy Profile References
University of Michigan
Standard Practice Guide – Proper Use of Security Cameras
http://www.spg.umich.edu/policy/606.01

Hikvision (Leading Chinese Manufacturer)

Network Camera Security Guide
https://www.hikvision.com/ueditor/net/upload/2018-02-28/e8854c0d-0a40-40e8-9c79-2abff-
cea2e46.pdf

Additional Resources
National Institute of Standards & Technology (NIST)
Cybersecurity Framework
https://www.nist.gov/cyberframework/framework

Digital Identity Guidelines (SP 800-63-3, 800-63A, 800-63B, 800-63C)

https://pages.nist.gov/800-63-3/

Security and Privacy Controls for Information Systems and Organizations (SP 800-53 Rev.5
(DRAFT)
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft

Security Industry Association (SIA)

Open Supervised Device Protocol (OSDP)
https://www.securityindustry.org/industry-standards/open-supervised-device-protocol/

International Association of Privacy Professionals (IAPP)

Analysis: CCPA (2018)
https://iapp.org/news/a/analysis-the-california-consumer-privacy-act-of-2018/

International Electrotechnical Commission (IEC)

Video Surveillance Systems for Use in Security Applications IEC 62676-1-1 Systems Requirements
https://webstore.iec.ch/publication/7347#additionalinfo

Cornell University
Responsible Use of Video Surveillance Systems POLICY 8.1; Volume: 8, Risk Management and
Public Safety Chapter:1, Issued: April 2, 2009 Last updated: June 12, 2018
http://www.dfa.cornell.edu/sites/default/files/policy/vol8_1_0.pdf

Security Industry Association © 2018 Security Industry Association 14

Privacy Profile References
International Data Commissioners
Home Page
https://icdppc.org/

Members List
https://icdppc.org/participation-in-the-conference/list-of-accredited-members/

Privacy Principles
Fair Information Practice Principles (FIPPs)
https://www.ftc.gov/reports/privacy-online-fair-information-practices-electronic-marketplace-fed-
eral-trade-commission

OECD Guidelines on the Protection of Privacy and the Transborder Flows of Personal Data
http://www.oecd.org/sti/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflow-
sofpersonaldata.htm

APEC Privacy Framework (Including Principles)

https://www.apec.org/Publications/2005/12/APEC-Privacy-Framework

New Zealand Privacy Commissioner Privacy Principles

https://www.privacy.org.nz/news-and-publications/guidance-resources/a-quick-tour-of-the-priva-
cy-principles/

IDESG Baseline Principles (Including Privacy)

https://www.idesg.org/portals/0/documents/core/IDEF-Baseline-Requirements-v1.0-
FINAL-10152015_MOD-4.pdf

Codes of Practice
Australian Security Industry Association Limited
CCTV Code of Ethics
https://www.asial.com.au/resources/cctv-code-of-ethics

Australian Retailers Association

Video Surveillance Code of Practice
https://cdn2.hubspot.net/hubfs/2272858/Marketing/Codes%20Of%20Practices%20/ARA-Vid-
eo-Surveillance-code-of-practice.pdf

City of Perth
CTV Surveillance Operations Code of Practice
https://www.perth.wa.gov.au/sites/default/files/documents/cctv%20code%20of%20practice.pdf

Security Industry Association © 2018 Security Industry Association 15

Privacy Profile References
Blogs
Privacy 2.0, Economist
https://www.economist.com/node/15350984/print 2010

New California Privacy Law to Affect More Than Half a Million U.S. Companies
https://iapp.org/news/a/new-california-privacy-law-to-affect-more-than-half-a-million-us-companies/

Security Industry Association © 2018 Security Industry Association 16

Privacy Profile References