Prepare for success on the IAPP CIPP/US exam and further your career in privacy with this effective study guide - now includes a downloadable supplement to get you up to date on the Autumn 2024 CIPP exam!
Information privacy has become a critical and central concern for small and large businesses across the United States. At the same time, the demand for talented professionals able to navigate the increasingly complex web of legislation and regulation regarding privacy continues to increase.
Written from the ground up to prepare you for the United States version of the Certified Information Privacy Professional (CIPP) exam, Sybex’s IAPP CIPP/US Certified Information Privacy Professional Study Guide also readies you for success in the rapidly growing privacy field.
You’ll efficiently and effectively prepare for the exam with online practice tests and flashcards as well as a digital glossary. The concise and easy-to-follow instruction contained in the IAPP/CIPP Study Guide covers every aspect of the CIPP/US exam, including the legal environment, regulatory enforcement, information management, private sector data collection, law enforcement and national security, workplace privacy and state privacy law, and international privacy regulation.
- Provides the information you need to gain a unique and sought-after certification that allows you to fully understand the privacy framework in the US
- Fully updated to prepare you to advise organizations on the current legal limits of public and private sector data collection and use
- Includes access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms
Perfect for anyone considering a career in privacy or preparing to tackle the challenging IAPP CIPP exam as the next step to advance an existing privacy role, the IAPP CIPP/US Certified Information Privacy Professional Study Guide offers you an invaluable head start for success on the exam and in your career as an in-demand privacy professional.
Table of Contents:
Introduction xxi
Assessment Test xxx
Chapter 1 Privacy in the Modern Era 1
Introduction to Privacy 2
What Is Privacy? 3
What Is Personal Information? 4
What Isn’t Personal Information? 5
Why Should We Care About Privacy? 7
Generally Accepted Privacy Principles 8
Management 9
Notice 10
Choice and Consent 10
Collection 10
Use, Retention, and Disposal 11
Access 11
Disclosure to Third Parties 12
Security for Privacy 13
Quality 14
Monitoring and Enforcement 14
Developing a Privacy Program 15
Crafting Strategy, Goals, and Objectives 15
Appointing a Privacy Official 17
Privacy Roles 18
Building Inventories 18
Conducting a Privacy Assessment 19
Implementing Privacy Controls 20
Ongoing Operation and Monitoring 20
Online Privacy 21
Privacy Notices 21
Privacy and Cybersecurity 22
Cybersecurity Goals 23
Relationship Between Privacy and Cybersecurity 24
Privacy by Design 25
Summary 26
Exam Essentials 26
Review Questions 27
Chapter 2 Legal Environment 31
Branches of Government 32
Legislative Branch 32
Executive Branch 33
Judicial Branch 34
Understanding Laws 36
Sources of Law 36
Analyzing a Law 41
Legal Concepts 43
Legal Liability 44
Torts and Negligence 45
Summary 46
Exam Essentials 46
Review Questions 48
Chapter 3 Regulatory Enforcement 53
Federal Regulatory Authorities 54
Federal Trade Commission 54
Federal Communications Commission 60
Department of Commerce 61
Department of Health and Human Services 61
Banking Regulators 62
Department of Education 63
State Regulatory Authorities 63
Self-Regulatory Programs 64
Payment Card Industry 64
Advertising 65
Trust Marks 66
Safe Harbors 67
Summary 67
Exam Essentials 68
Review Questions 69
Chapter 4 Information Management 73
Data Governance 74
Building a Data Inventory 74
Data Classification 75
Data Flow Mapping 77
Data Lifecycle Management 78
Workforce Training 79
Cybersecurity Threats 80
Threat Actors 80
Incident Response 85
Phases of Incident Response 86
Preparation 87
Detection and Analysis 87
Containment, Eradication, and Recovery 88
Post-incident Activity 88
Building an Incident Response Plan 90
Data Breach Notification 92
Vendor Management 93
Summary 94
Exam Essentials 94
Review Questions 96
Chapter 5 Private Sector Data Collection 101
FTC Privacy Protection 103
General FTC Privacy Protection 103
The Children’s Online Privacy Protection Act (COPPA) 104
Future of Federal Enforcement 107
Medical Privacy 110
The Health Insurance Portability and Accountability Act (hipaa) 110
The Health Information Technology for Economic and Clinical Health Act 118
The 21st Century Cures Act 120
Confidentiality of Substance Use Disorder Patient Records Rule 120
Financial Privacy 121
Privacy in Credit Reporting 121
Gramm–Leach–Bliley Act (GLBA) 125
Red Flags Rule 128
Consumer Financial Protection Bureau 129
Educational Privacy 130
Family Educational Rights and Privacy Act (FERPA) 130
Telecommunications and Marketing Privacy 132
Telephone Consumer Protection Act (TCPA) and Telemarketing Sales Rule (TSR) 132
The Junk Fax Prevention Act (JFPA) 135
Controlling the Assault of Non-solicited Pornography and Marketing (CAN-SPAM) Act 135
Telecommunications Act and Customer Proprietary Network Information 137
Cable Communications Policy Act 138
Video Privacy Protection Act (VPPA) of 1988 139
Summary 140
Exam Essentials 141
Review Questions 143
Chapter 6 Government and Court Access to Private Sector Information 147
Law Enforcement and Privacy 148
Access to Financial Data 149
Access to Communications 153
National Security and Privacy 157
Foreign Intelligence Surveillance Act (FISA) of 1978 157
USA-PATRIOT Act 159
The USA Freedom Act of 2015 162
The Cybersecurity Information Sharing Act of 2015 163
Civil Litigation and Privacy 164
Compelled Disclosure of Media Information 164
Electronic Discovery 166
Summary 168
Exam Essentials 168
Review Questions 170
Chapter 7 Workplace Privacy 175
Introduction to Workplace Privacy 176
Workplace Privacy Concepts 176
U.S. Agencies Regulating Workplace Privacy Issues 177
U.S. Antidiscrimination Laws 178
Privacy Before, During, and After Employment 181
Employee Background Screening 182
Employee Monitoring 185
Investigation of Employee Misconduct 189
Termination of the Employment Relationship 191
Summary 193
Exam Essentials 193
Review Questions 195
Chapter 8 State Privacy Laws 199
Federal vs. State Authority 200
Financial Data 200
Credit History 201
California Financial Information Privacy Act 201
Data Security 202
Recent Developments 204
Data Breach Notification Laws 212
Elements of State Data Breach Notification Laws 212
Key Differences Among States Today 214
Recent Developments 215
Marketing Laws 216
Summary 217
Exam Essentials 218
Review Questions 219
Chapter 9 International Privacy Regulation 223
International Data Transfers 224
European Union General Data Protection Regulation 225
Adequacy Decisions 228
U.S.- EU Safe Harbor and Privacy Shield 228
Binding Corporate Rules 230
Standard Contractual Clauses 230
Other Approved Transfer Mechanisms 231
APEC Privacy Framework 231
Cross- Border Enforcement Issues 233
Global Privacy Enforcement Network 233
Resolving Multinational Compliance Conflicts 234
Summary 234
Exam Essentials 235
Review Questions 236
Appendix Answers to Review Questions 241
Chapter 1: Privacy in the Modern Era 242
Chapter 2: Legal Environment 243
Chapter 3: Regulatory Enforcement 245
Chapter 4: Information Management 247
Chapter 5: Private Sector Data Collection 249
Chapter 6: Government and Court Access to Private Sector Information 251
Chapter 7: Workplace Privacy 252
Chapter 8: State Privacy Laws 254
Chapter 9: International Privacy Regulation 256
Index 259
About the Author :
Mike Chapple, PhD, CIPP/US, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business. He is a bestselling author of over 25 books and serves as the Academic Director of the University’s Master of Science in Business Analytics program. He holds multiple additional certifications, including the CISSP, CySA+, CISM, PenTest+, and Security+.
Joe Shelley, M.A., CIPP/US, is currently the Vice President for Libraries and Information Technology at Hamilton College in New York. Among other responsibilities he oversees information security and privacy programs, IT risk management, business intelligence and analytics, and data governance. He has also held certifications and certificates for ITIL, Project Management, and Scrum.
