+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

IAPP CIPM Certified Information Privacy Manager Study Guide. Edition No. 1

  • Book

  • 288 Pages
  • February 2023
  • John Wiley and Sons Ltd
  • ID: 5838111
An essential resource for anyone preparing for the CIPM certification exam and a career in information privacy

As cybersecurity and privacy become ever more important to the long-term viability and sustainability of enterprises in all sectors, employers and professionals are increasingly turning to IAPP’s trusted and recognized Certified Information Privacy Manager qualification as a tried-and-tested indicator of information privacy management expertise.

In IAPP CIPM Certified Information Privacy Manager Study Guide, a team of dedicated IT and privacy management professionals delivers an intuitive roadmap to preparing for the CIPM certification exam and for a new career in the field of information privacy. Make use of pre-assessments, the Exam Essentials feature, and chapter review questions with detailed explanations to gauge your progress and determine where you’re proficient and where you need more practice.

In the book, you’ll find coverage of every domain tested on the CIPM exam and those required to succeed in your first - or your next - role in a privacy-related position. You’ll learn to develop a privacy program and framework, as well as manage the full privacy program operational lifecycle, from assessing your organization’s needs to responding to threats and queries.

The book also includes: - A head-start to obtaining an in-demand certification used across the information privacy industry - Access to essential information required to qualify for exciting new career opportunities for those with a CIPM credential - Access to the online Sybex learning environment, complete with two additional practice tests, chapter review questions, an online glossary, and hundreds of electronic flashcards for efficient studying

An essential blueprint for success on the CIPM certification exam, IAPP CIPM Certified Information Privacy Manager Study Guide will also ensure you hit the ground running on your first day at a new information privacy-related job.

Table of Contents

Introduction xvii

Assessment Test xxvii

Chapter 1 Developing a Privacy Program 1

Introduction to Privacy 3

What Is Privacy? 4

What Is Personal Information? 5

What Isn’t Personal Information? 5

Why Should We Care about Privacy? 8

Generally Accepted Privacy Principles 9

Management 10

Notice 11

Choice and Consent 11

Collection 12

Use, Retention, and Disposal 12

Access 13

Disclosure to Third Parties 14

Security for Privacy 14

Quality 15

Monitoring and Enforcement 16

Developing a Privacy Program 16

Crafting Vision, Strategy, Goals, and Objectives 17

Structuring the Privacy Team 20

Creating a Program Scope and Charter 22

Privacy Roles 25

Building Inventories 25

Conducting a Privacy Assessment 26

Implementing Privacy Controls 27

Ongoing Operation and Monitoring 27

Data Governance 28

Data Governance Approaches 28

Data Governance Roles 29

Access Requirements 29

Governing Information Processing 31

Managing the Privacy Budget 31

Organizational Budgeting 32

Expense Types 32

Budget Monitoring 33

Communicating about Privacy 34

Creating Awareness 34

Building a Communications Plan 35

Privacy Program Operational Life Cycle 36

Summary 36

Exam Essentials 37

Review Questions 38

Chapter 2 Privacy Program Framework 43

Develop the Privacy Program Framework 44

Examples of Privacy Frameworks 44

Develop Privacy Policies, Procedures, Standards, and Guidelines 51

Define Privacy Program Activities 52

Implement the Privacy Program Framework 57

Communicate the Framework 57

Aligning with Applicable Laws and Regulations 58

Develop Appropriate Metrics 78

Identify Intended Audience for Metrics 79

Define Privacy Metrics for Oversight and Governance per Audience 80

Summary 83

Exam Essentials 84

Review Questions 86

Chapter 3 Privacy Operational Life Cycle: Assess 91

Document Your Privacy Program Baseline 93

Education and Awareness 94

Monitoring and Responding to the Regulatory Environment 94

Assess Policy Compliance against Internal and External Requirements 94

Data, Systems, and Process Assessment 95

Risk Assessment Methods 96

Incident Management, Response, and Remediation 97

Perform Gap Analysis against an Accepted Standard or Law 97

Program Assurance 97

Processors and Third- Party Vendor Assessment 98

Evaluate Processors and Third- Party Vendors 99

Understand Sources of Information 99

Risk Assessment 100

Contractual Requirements and Ongoing Monitoring 102

Physical Assessments 102

Mergers, Acquisitions, and Divestitures 103

Privacy Assessments and Documentation 105

Privacy Threshold Analyses (PTAs) 105

Define a Process for Conducting Privacy Assessments 105

Summary 108

Exam Essentials 108

Review Questions 110

Chapter 4 Privacy Operational Life Cycle: Protect 115

Privacy and Cybersecurity 117

Cybersecurity Goals 117

Relationship between Privacy and Cybersecurity 118

Cybersecurity Controls 119

Security Control Categories 120

Security Control Types 120

Data Protection 121

Data Encryption 121

Data Loss Prevention 122

Data Minimization 123

Backups 124

Policy Framework 125

Cybersecurity Policies 126

Cybersecurity Standards 128

Cybersecurity Procedures 129

Cybersecurity Guidelines 130

Exceptions and Compensating Controls 131

Developing Policies 133

Identity and Access Management 133

Least Privilege 134

Identification, Authentication, and Authorization 134

Authentication Techniques 135

Provisioning and Deprovisioning 137

Account and Privilege Management 138

Privacy by Design 139

Privacy and the SDLC 140

System Development Phases 141

System Development Models 142

Integrating Privacy with Business Processes 146

Vulnerability Management 146

Vulnerability Scanning 147

Vulnerability Remediation 147

Data Policies 149

Data Sharing 149

Data Retention 149

Data Destruction 150

Summary 151

Exam Essentials 151

Review Questions 153

Chapter 5 Privacy Operational Life Cycle: Sustain 157

Monitor 158

Monitoring the Environment 159

Monitor Compliance with Privacy Policies 160

Monitor Regulatory Changes 160

Compliance Monitoring 161

Audit 162

Aligning with Audits 163

Audit Focus 164

Summary 167

Exam Essentials 168

Review Questions 170

Chapter 6 Privacy Operational Life Cycle: Respond 175

Data Subject Rights 176

Access 177

Managing Data Integrity 178

Right of Erasure 178

Right to Be Informed 180

Control over Use 180

Complaints 181

Handling Information Requests 181

Incident Response Planning 182

Stakeholder Identification 182

Building an Incident Oversight Team 183

Building the Incident Response Plan 184

Integrating the Plan with Other Functions 187

Incident Detection 187

Security and Privacy Incidents 187

Security Events and Incidents 188

Privacy Incidents 188

Reporting Privacy Incidents 189

Coordination and Information Sharing 190

Internal Communications 191

External Communications 191

Breach Notification 192

Incident Handling 192

Risk Assessment 193

Containment Activities 193

Remediation Measures 194

Ongoing Communications 195

Post- Incident Activity 196

Planning for Business Continuity 198

Project Scope and Planning 200

Business Impact Analysis 204

Continuity Planning 211

Plan Approval and Implementation 213

Summary 218

Exam Essentials 219

Review Questions 221

Appendix Answers to Review Questions 225

Chapter 1: Developing a Privacy Program 226

Chapter 2: Privacy Program Framework 228

Chapter 3: Privacy Operational Life Cycle: Assess 229

Chapter 4: Privacy Operational Life Cycle: Protect 231

Chapter 5: Privacy Operational Life Cycle: Sustain 233

Chapter 6: Privacy Operational Life Cycle: Respond 235

Index 239

Authors

Mike Chapple University of Notre Dame. Joe Shelley