Information privacy has become a critical and central concern for small and large businesses across the United States. At the same time, the demand for talented professionals able to navigate the increasingly complex web of legislation and regulation regarding privacy continues to increase.
Written from the ground up to prepare you for the United States version of the Certified Information Privacy Professional (CIPP) exam, Sybex's IAPP CIPP/US Certified Information Privacy Professional Study Guide also readies you for success in the rapidly growing privacy field.
You'll efficiently and effectively prepare for the exam with online practice tests and flashcards as well as a digital glossary. The concise and easy-to-follow instruction contained in the IAPP/CIPP Study Guide covers every aspect of the CIPP/US exam, including the legal environment, regulatory enforcement, information management, private sector data collection, law enforcement and national security, workplace privacy and state privacy law, and international privacy regulation. - Provides the information you need to gain a unique and sought-after certification that allows you to fully understand the privacy framework in the US - Fully updated to prepare you to advise organizations on the current legal limits of public and private sector data collection and use - Includes 1 year free access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms, all supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questions
Perfect for anyone considering a career in privacy or preparing to tackle the challenging IAPP CIPP exam as the next step to advance an existing privacy role, the IAPP CIPP/US Certified Information Privacy Professional Study Guide offers you an invaluable head start for success on the exam and in your career as an in-demand privacy professional.
Table of Contents
Contents
Introduction xix
Assessment Test xxix
Chapter 1 Privacy in the Modern Era 1
Introduction to Privacy 2
What Is Privacy? 3
What Is Personal Information? 4
What Isn’t Personal Information? 5
Why Should We Care About Privacy? 7
Generally Accepted Privacy Principles 8
Management 9
Notice 9
Choice and Consent 10
Collection 10
Use, Retention, and Disposal 11
Access 11
Disclosure to Third Parties 12
Security for Privacy 12
Quality 14
Monitoring and Enforcement 14
Developing a Privacy Program 15
Crafting Strategy, Goals, and Objectives 15
Appointing a Privacy Official 16
Privacy Roles 17
Building Inventories 18
Conducting a Privacy Assessment 18
Implementing Privacy Controls 20
Ongoing Operation and Monitoring 20
Online Privacy 20
Privacy Notices 21
Privacy and Cybersecurity 21
Cybersecurity Goals 22
Relationship Between Privacy and Cybersecurity 23
Privacy by Design 24
Summary 25
Exam Essentials 25
Review Questions 27
Chapter 2 Legal Environment 31
Branches of Government 32
Legislative Branch 32
Executive Branch 33
Judicial Branch 34
Understanding Laws 36
Sources of Law 36
Analyzing a Law 41
Legal Concepts 43
Legal Liability 44
Torts and Negligence 45
Summary 46
Exam Essentials 46
Review Questions 48
Chapter 3 Regulatory Enforcement 53
Federal Regulatory Authorities 54
Federal Trade Commission 54
Federal Communications Commission 60
Department of Commerce 61
Department of Health and Human Services 61
Banking Regulators 62
Department of Education 63
State Regulatory Authorities 63
Self-Regulatory Programs 64
Payment Card Industry 65
Advertising 65
Trust Marks 66
Safe Harbors 66
Summary 67
Exam Essentials 68
Review Questions 69
Chapter 4 Information Management 73
Data Governance 74
Building a Data Inventory 74
Data Classification 75
Data Flow Mapping 77
Data Lifecycle Management 78
Workforce Training 79
Cybersecurity Threats 80
Threat Actors 81
Incident Response 86
Phases of Incident Response 86
Preparation 87
Detection and Analysis 88
Containment, Eradication, and Recovery 88
Post-incident Activity 88
Building an Incident Response Plan 90
Data Breach Notification 92
Vendor Management 93
Summary 94
Exam Essentials 95
Review Questions 97
Chapter 5 Private Sector Data Collection 101
FTC Privacy Protection 103
General FTC Privacy Protection 103
The Children’s Online Privacy Protection Act (COPPA) 104
Future of Federal Enforcement 107
Medical Privacy 110
The Health Insurance Portability and Accountability
Act (HIPAA) 111
The Health Information Technology for Economic and
Clinical Health Act 119
The 21st Century Cures Act 120
Confidentiality of Substance Use Disorder Patient
Records Rule 121
Financial Privacy 122
Privacy in Credit Reporting 122
Gramm-Leach-Bliley Act (GLBA) 125
Red Flags Rule 129
Consumer Financial Protection Bureau 130
Educational Privacy 131
Family Educational Rights and Privacy Act (FERPA) 131
Telecommunications and Marketing Privacy 132
Telephone Consumer Protection Act (TCPA) and
Telemarketing Sales Rule (TSR) 133
The Junk Fax Prevention Act (JFPA) 136
Controlling the Assault of Non-solicited Pornography
and Marketing (CAN-SPAM) Act 136
Telecommunications Act and Customer Proprietary
Network Information 138
Cable Communications Policy Act 139
Video Privacy Protection Act (VPPA) of 1988 140
Driver’s Privacy Protection Act (DPPA) 141
Digital Advertising and Data Ethics 142
Web Scraping 143
Summary 143
Exam Essentials 144
Review Questions 146
Chapter 6 Government and Court Access to Private Sector
Information 151
Law Enforcement and Privacy 152
Access to Financial Data 153
Access to Communications 157
National Security and Privacy 162
Foreign Intelligence Surveillance Act (FISA) of 1978 162
FISA Amendments Act Section 702 164
USA-PATRIOT Act 165
The USA Freedom Act of 2015 167
The Cybersecurity Information Sharing Act of 2015 168
Civil Litigation and Privacy 169
Compelled Disclosure of Media Information 170
Electronic Discovery 171
Summary 173
Exam Essentials 173
Review Questions 175
Chapter 7 Workplace Privacy 179
Introduction to Workplace Privacy 180
Workplace Privacy Concepts 180
U.S. Agencies Regulating Workplace Privacy Issues 181
U.S. Antidiscrimination Laws 182
Privacy Before, During, and After Employment 185
Automated Employment Decision Tools 186
Employee Background Screening 186
Employee Monitoring 190
Investigation of Employee Misconduct 194
Termination of the Employment Relationship 196
Summary 197
Exam Essentials 198
Review Questions 200
Chapter 8 State Privacy Laws 205
Federal vs. State Authority 206
Elements of State Privacy Laws 207
Applicability 207
Data Subject Rights 208
Privacy Notice Requirements 209
Data Protection 209
Enforcement 211
Data Breach Notification 212
Elements of State Data Breach Notification Laws 212
Key Differences Among States 214
Significant Developments 215
Other Recent Updates to State Breach Notification Laws 218
Comprehensive State Privacy Laws 220
California Consumer Privacy Act (2018) and
California Privacy Rights Act (2020) 220
Virginia Consumer Data Protection Act 223
Colorado Privacy Act 226
Connecticut Data Privacy Act 229
Utah 231
Florida 232
Oregon 234
Texas 237
Montana 239
Subject-Specific State Privacy Laws 241
Health and Genetic Information 241
Online Privacy 243
Biometric Information Privacy Regulations 247
AI and Automated Decision-Making 249
Data Brokers 250
Financial Privacy 251
California Financial Information Privacy Act 252
Recent Developments 253
Marketing Laws 254
Summary 255
Exam Essentials 256
Review Questions 258
Chapter 9 International Privacy Regulation 263
International Data Transfers 264
European Union General Data Protection Regulation 265
Adequacy Decisions 268
Binding Corporate Rules 272
Standard Contractual Clauses 273
Other Approved Transfer Mechanisms 273
APEC Privacy Framework 274
Cross-Border Enforcement Issues 276
Global Privacy Enforcement Network 276
Resolving Multinational Compliance Conflicts 276
Summary 277
Exam Essentials 277
Review Questions 279
Appendix Answers to Review Questions 283
Chapter 1: Privacy in the Modern Era 284
Chapter 2: Legal Environment 285
Chapter 3: Regulatory Enforcement 287
Chapter 4: Information Management 289
Chapter 5: Private Sector Data Collection 291
Chapter 6: Government and Court Access to Private Sector
Information 293
Chapter 7: Workplace Privacy 294
Chapter 8: State Privacy Laws 296
Chapter 9: International Privacy Regulation 298
Index 301
