For the first time, Sybex tackles the industry leading CIPP Certified Information Privacy Professional exam in the popular Sybex Study Guide format, with an emphasis on learning the real world applications of privacy that practitioners need to master for their jobs, this Study Guide provides the preparation for work in the privacy field. By being prepared to know how to do the job combined with references to the IAPP objectives for the CIPP exam, you'll be prepared for the exam as well. Like every Sybex Study Guide, this one includes online practice tests for additional exam preparation as well as an online glossary and flashcards so you can study and prepare any way you find useful.
Coverage includes:

• Legal Environment
• regulatory enforcement
• Information Management
• Private Sector Data Collection
• Law enforcement and national security
• workplace privacy
• state privacy law
• international privacy regulation

MIKE CHAPPLE, PHD, is associate teaching professor of information technology, analytics, and operations at Notre Dame’s Mendoza College of Business. Mike is a bestselling author of over 25 books including the bestselling (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide, 8th Edition. He currently serves as academic director of the University's Master of Science in Business Analytics program. He began his career as an information security research scientist with the US National Security Agency, served as CIO of the Brand Institute, and has earned multiple certifications including CISSP, CySA+, CISM, PenTest+ and Security+.

ED TITTEL has authored and contributed to more than 100 computer books including developing the popular Exam Cram certification series. Ed has worked as a network consultant and trainer for companies as well known as Novell and as specialized as NetQoS.

Introduction xxi

Assessment Test xxx

Chapter 1 Privacy in the Modern Era 1

Introduction to Privacy 2

What Is Privacy? 3

What Is Personal Information? 4

What Isn’t Personal Information? 5

Why Should We Care About Privacy? 7

Generally Accepted Privacy Principles 8

Management 9

Notice 10

Choice and Consent 10

Collection 10

Use, Retention, and Disposal 11

Access 11

Disclosure to Third Parties 12

Security for Privacy 13

Quality 14

Monitoring and Enforcement 14

Developing a Privacy Program 15

Crafting Strategy, Goals, and Objectives 15

Appointing a Privacy Official 17

Privacy Roles 18

Building Inventories 18

Conducting a Privacy Assessment 19

Implementing Privacy Controls 20

Ongoing Operation and Monitoring 20

Online Privacy 21

Privacy Notices 21

Privacy and Cybersecurity 22

Cybersecurity Goals 23

Relationship Between Privacy and Cybersecurity 24

Privacy by Design 25

Summary 26

Exam Essentials 26

Review Questions 27

Chapter 2 Legal Environment 31

Branches of Government 32

Legislative Branch 32

Executive Branch 33

Judicial Branch 34

Understanding Laws 36

Sources of Law 36

Analyzing a Law 41

Legal Concepts 43

Legal Liability 44

Torts and Negligence 45

Summary 46

Exam Essentials 46

Review Questions 48

Chapter 3 Regulatory Enforcement 53

Federal Regulatory Authorities 54

Federal Trade Commission 54

Federal Communications Commission 60

Department of Commerce 61

Department of Health and Human Services 61

Banking Regulators 62

Department of Education 63

State Regulatory Authorities 63

Self-Regulatory Programs 64

Payment Card Industry 64

Advertising 65

Trust Marks 66

Safe Harbors 67

Summary 67

Exam Essentials 68

Review Questions 69

Chapter 4 Information Management 73

Data Governance 74

Building a Data Inventory 74

Data Classification 75

Data Flow Mapping 77

Data Lifecycle Management 78

Workforce Training 79

Cybersecurity Threats 80

Threat Actors 80

Incident Response 85

Phases of Incident Response 86

Preparation 87

Detection and Analysis 87

Containment, Eradication, and Recovery 88

Post-incident Activity 88

Building an Incident Response Plan 90

Data Breach Notification 92

Vendor Management 93

Summary 94

Exam Essentials 94

Review Questions 96

Chapter 5 Private Sector Data Collection 101

FTC Privacy Protection 103

General FTC Privacy Protection 103

The Children’s Online Privacy Protection Act (COPPA) 104

Future of Federal Enforcement 107

Medical Privacy 110

The Health Insurance Portability and Accountability Act (HIPAA) 110

The Health Information Technology for Economic and Clinical Health Act 118

The 21st Century Cures Act 120

Confidentiality of Substance Use Disorder Patient Records Rule 120

Financial Privacy 121

Privacy in Credit Reporting 121

Gramm–Leach–Bliley Act (GLBA) 125

Red Flags Rule 128

Consumer Financial Protection Bureau 129

Educational Privacy 130

Family Educational Rights and Privacy Act (FERPA) 130

Telecommunications and Marketing Privacy 132

Telephone Consumer Protection Act (TCPA)

and Telemarketing Sales Rule (TSR) 132

The Junk Fax Prevention Act (JFPA) 135

Controlling the Assault of Non-solicited Pornography and Marketing (CAN-SPAM) Act 135

Telecommunications Act and Customer Proprietary Network Information 137

Cable Communications Policy Act 138

Video Privacy Protection Act (VPPA) of 1988 139

Summary 140

Exam Essentials 141

Review Questions 143

Chapter 6 Government and Court Access to Private Sector Information 147

Law Enforcement and Privacy 148

Access to Financial Data 149

Access to Communications 153

National Security and Privacy 157

Foreign Intelligence Surveillance Act (FISA) of 1978 157

USA-PATRIOT Act 159

The USA Freedom Act of 2015 162

The Cybersecurity Information Sharing Act of 2015 163

Civil Litigation and Privacy 164

Compelled Disclosure of Media Information 164

Electronic Discovery 166

Summary 168

Exam Essentials 168

Review Questions 170

Chapter 7 Workplace Privacy 175

Introduction to Workplace Privacy 176

Workplace Privacy Concepts 176

U.S. Agencies Regulating Workplace Privacy Issues 177

U.S. Antidiscrimination Laws 178

Privacy Before, During, and After Employment 181

Employee Background Screening 182

Employee Monitoring 185

Investigation of Employee Misconduct 189

Termination of the Employment Relationship 191

Summary 193

Exam Essentials 193

Review Questions 195

Chapter 8 State Privacy Laws 199

Federal vs. State Authority 200

Financial Data 200

Credit History 201

California Financial Information Privacy Act 201

Data Security 202

Recent Developments 204

Data Breach Notification Laws 212

Elements of State Data Breach Notification Laws 212

Key Differences Among States Today 214

Recent Developments 215

Marketing Laws 216

Summary 217

Exam Essentials 218

Review Questions 219

Chapter 9 International Privacy Regulation 223

International Data Transfers 224

European Union General Data Protection Regulation 225

Adequacy Decisions 228

U.S.-EU Safe Harbor and Privacy Shield 228

Binding Corporate Rules 230

Standard Contractual Clauses 230

Other Approved Transfer Mechanisms 231

APEC Privacy Framework 231

Cross-Border Enforcement Issues 233

Global Privacy Enforcement Network 233

Resolving Multinational Compliance Conflicts 234

Summary 234

Exam Essentials 235

Review Questions 236

Appendix Answers to Review Questions 241

Chapter 1: Privacy in the Modern Era 242

Chapter 2: Legal Environment 243

Chapter 3: Regulatory Enforcement 245

Chapter 4: Information Management 247

Chapter 5: Private Sector Data Collection 249

Chapter 6: Government and Court Access to Private Sector Information 251

Chapter 7: Workplace Privacy 252

Chapter 8: State Privacy Laws 254

Chapter 9: International Privacy Regulation 256

Index 259