Introduction xxi
Assessment Test xxx
Chapter 1 Privacy in the Modern Era 1
Introduction to Privacy 2
What Is Privacy? 3
What Is Personal Information? 4
What Isn’t Personal Information? 5
Why Should We Care About Privacy? 7
Generally Accepted Privacy Principles 8
Management 9
Notice 10
Choice and Consent 10
Collection 10
Use, Retention, and Disposal 11
Access 11
Disclosure to Third Parties 12
Security for Privacy 13
Quality 14
Monitoring and Enforcement 14
Developing a Privacy Program 15
Crafting Strategy, Goals, and Objectives 15
Appointing a Privacy Official 17
Privacy Roles 18
Building Inventories 18
Conducting a Privacy Assessment 19
Implementing Privacy Controls 20
Ongoing Operation and Monitoring 20
Online Privacy 21
Privacy Notices 21
Privacy and Cybersecurity 22
Cybersecurity Goals 23
Relationship Between Privacy and Cybersecurity 24
Privacy by Design 25
Summary 26
Exam Essentials 26
Review Questions 27
Chapter 2 Legal Environment 31
Branches of Government 32
Legislative Branch 32
Executive Branch 33
Judicial Branch 34
Understanding Laws 36
Sources of Law 36
Analyzing a Law 41
Legal Concepts 43
Legal Liability 44
Torts and Negligence 45
Summary 46
Exam Essentials 46
Review Questions 48
Chapter 3 Regulatory Enforcement 53
Federal Regulatory Authorities 54
Federal Trade Commission 54
Federal Communications Commission 60
Department of Commerce 61
Department of Health and Human Services 61
Banking Regulators 62
Department of Education 63
State Regulatory Authorities 63
Self-Regulatory Programs 64
Payment Card Industry 64
Advertising 65
Trust Marks 66
Safe Harbors 67
Summary 67
Exam Essentials 68
Review Questions 69
Chapter 4 Information Management 73
Data Governance 74
Building a Data Inventory 74
Data Classification 75
Data Flow Mapping 77
Data Lifecycle Management 78
Workforce Training 79
Cybersecurity Threats 80
Threat Actors 80
Incident Response 85
Phases of Incident Response 86
Preparation 87
Detection and Analysis 87
Containment, Eradication, and Recovery 88
Post-incident Activity 88
Building an Incident Response Plan 90
Data Breach Notification 92
Vendor Management 93
Summary 94
Exam Essentials 94
Review Questions 96
Chapter 5 Private Sector Data Collection 101
FTC Privacy Protection 103
General FTC Privacy Protection 103
The Children’s Online Privacy Protection Act (COPPA) 104
Future of Federal Enforcement 107
Medical Privacy 110
The Health Insurance Portability and Accountability Act (hipaa) 110
The Health Information Technology for Economic and Clinical Health Act 118
The 21st Century Cures Act 120
Confidentiality of Substance Use Disorder Patient Records Rule 120
Financial Privacy 121
Privacy in Credit Reporting 121
Gramm–Leach–Bliley Act (GLBA) 125
Red Flags Rule 128
Consumer Financial Protection Bureau 129
Educational Privacy 130
Family Educational Rights and Privacy Act (FERPA) 130
Telecommunications and Marketing Privacy 132
Telephone Consumer Protection Act (TCPA) and Telemarketing Sales Rule (TSR) 132
The Junk Fax Prevention Act (JFPA) 135
Controlling the Assault of Non-solicited Pornography and Marketing (CAN-SPAM) Act 135
Telecommunications Act and Customer Proprietary Network Information 137
Cable Communications Policy Act 138
Video Privacy Protection Act (VPPA) of 1988 139
Summary 140
Exam Essentials 141
Review Questions 143
Chapter 6 Government and Court Access to Private Sector Information 147
Law Enforcement and Privacy 148
Access to Financial Data 149
Access to Communications 153
National Security and Privacy 157
Foreign Intelligence Surveillance Act (FISA) of 1978 157
USA-PATRIOT Act 159
The USA Freedom Act of 2015 162
The Cybersecurity Information Sharing Act of 2015 163
Civil Litigation and Privacy 164
Compelled Disclosure of Media Information 164
Electronic Discovery 166
Summary 168
Exam Essentials 168
Review Questions 170
Chapter 7 Workplace Privacy 175
Introduction to Workplace Privacy 176
Workplace Privacy Concepts 176
U.S. Agencies Regulating Workplace Privacy Issues 177
U.S. Antidiscrimination Laws 178
Privacy Before, During, and After Employment 181
Employee Background Screening 182
Employee Monitoring 185
Investigation of Employee Misconduct 189
Termination of the Employment Relationship 191
Summary 193
Exam Essentials 193
Review Questions 195
Chapter 8 State Privacy Laws 199
Federal vs. State Authority 200
Financial Data 200
Credit History 201
California Financial Information Privacy Act 201
Data Security 202
Recent Developments 204
Data Breach Notification Laws 212
Elements of State Data Breach Notification Laws 212
Key Differences Among States Today 214
Recent Developments 215
Marketing Laws 216
Summary 217
Exam Essentials 218
Review Questions 219
Chapter 9 International Privacy Regulation 223
International Data Transfers 224
European Union General Data Protection Regulation 225
Adequacy Decisions 228
U.S.- EU Safe Harbor and Privacy Shield 228
Binding Corporate Rules 230
Standard Contractual Clauses 230
Other Approved Transfer Mechanisms 231
APEC Privacy Framework 231
Cross- Border Enforcement Issues 233
Global Privacy Enforcement Network 233
Resolving Multinational Compliance Conflicts 234
Summary 234
Exam Essentials 235
Review Questions 236
Appendix Answers to Review Questions 241
Chapter 1: Privacy in the Modern Era 242
Chapter 2: Legal Environment 243
Chapter 3: Regulatory Enforcement 245
Chapter 4: Information Management 247
Chapter 5: Private Sector Data Collection 249
Chapter 6: Government and Court Access to Private Sector Information 251
Chapter 7: Workplace Privacy 252
Chapter 8: State Privacy Laws 254
Chapter 9: International Privacy Regulation 256
Index 259
