Enhanced CIPP/US Body of Knowledge

◈ Last edit: Apr 28, 2021
◈ 230 Nodes – CIPP/US Cert
◈ Study Aid for Privacy

Unique data. Hand-curated.

CIPP/US Cert Questions are Not Evenly Divided. Here’s How to Focus:

OrdPctQsItemCatSubj1Subj2URL1URL2URL3Swire2ESwire3E
141%I. Introduction to the U.S. Privacy EnvironmentU.S. Privacy environmenthttps://www.google.com/search?q=U.S.+Privacy+environment283431
210% - A. Structure of U.S. LawStructure of U.S. Lawhttps://www.google.com/search?q=Structure+of+U.S.+Law22697.5
3 - - a. Branches of governmentBranches of Governmenthttps://www.google.com/search?q=Branches+of+Governmenthttps://www.usa.gov/branches-of-governmentusa.govhttps://www.trumanlibrary.gov/education/three-branches/three-branches-of-governmenttrumanlibrary.govhttps://jefferson.kctcs.libguides.com/americangovernmentlibguides.com2.12.1
4 - - b. Sources of lawSources of Lawhttps://www.google.com/search?q=Sources+of+Lawhttps://lawshelf.com/shortvideoscontentview/sources-of-law-in-the-united-states/lawshelf.comhttps://lawshelf.com/coursewarecontentview/sources-of-law-judicial/lawshelf.comhttps://en.wikipedia.org/wiki/Law_of_the_United_Stateswikipedia.org2.22.2
5 - - - i. ConstitutionsSources of law: Constitutionshttps://www.google.com/search?q=Sources+of+law:+Constitutionshttps://lawshelf.com/coursewarecontentview/sources-of-law-judicial/lawshelf.comhttps://www.law.cornell.edu/wex/constitutional_law#law.cornell.eduhttps://ppp.worldbank.org/public-private-partnership/legislation-regulation/framework-assessment/legal-systems/sources-of-lawppp.worldbank.org2.2.12.2.1
6 - - - ii. LegislationSources of law: Legislationhttps://www.google.com/search?q=Sources+of+law:+Legislationhttps://www.law.cornell.edu/wex/legislationlaw.cornell.eduhttps://lawshelf.com/coursewarecontentview/sources-of-law-judicial/lawshelf.com2.2.22.2.2
7 - - - iii. Regulations and rulesSources of law: Regulations and ruleshttps://www.google.com/search?q=Sources+of+law:+Regulations+and+ruleshttps://lawshelf.com/coursewarecontentview/sources-of-law-judicial/lawshelf.comhttps://www.nyulawglobal.org/globalex/United_States.html#_B.__Administrative_Law%20Sourcesnyulawglobal.org2.2.32.2.6
8 - - - iv. v. Common law / Case lawSources of law: Case lawhttps://www.google.com/search?q=Sources+of+law:+Case+lawhttps://lawshelf.com/coursewarecontentview/sources-of-law-judicial/lawshelf.comhttps://en.wikipedia.org/wiki/Common_lawwikipedia.orghttps://courses.lumenlearning.com/wmopen-introbusiness/chapter/reading-criminal-versus-civil-law/lumenlearning.com2.2.42.2.3
9 - - - vi. Contract lawSources of law: Contract lawhttps://www.google.com/search?q=Sources+of+law:+Contract+lawhttps://study.com/academy/lesson/sources-of-contract-law-common-law-uniform-commercial-code.htmstudy.com2.2.62.2.4
10 - - - +. Tort LawSources of law: Tort Lawhttps://www.google.com/search?q=Sources+of+law:+Tort+Lawhttps://constitution.congress.gov/browse/essay/amdt1_2_3_3_2_1/congress.govhttps://www.law.cornell.edu/constitution-conan/amendment-1/invasion-of-privacylaw.cornell.eduhttps://www.findlaw.com/injury/torts-and-personal-injuries/what-is-invasion-of-privacy-.htmlfindlaw.com2.2.5
11 - - - +. Consent DecreesSources of law: Consent Decreeshttps://www.google.com/search?q=Sources+of+law:+Consent+Decreeshttps://www.ftc.gov/enforcementftc.govhttps://www.ftc.gov/system/files/documents/reports/privacy-data-security-update-2019/2019-privacy-data-security-report-508.pdfftc.govhttps://www.ftc.gov/about-ftc/what-we-do/enforcement-authorityftc.gov2.2.7
12 - - c. Legal definitionsU.S. Privacy: Legal definitionshttps://www.google.com/search?q=U.S.+Privacy:+Legal+definitions2.32.3
13 - - - i. JurisdictionLegal definitions: Jurisdictionhttps://www.google.com/search?q=Legal+definitions:+Jurisdictionhttps://www.law.cornell.edu/wex/jurisdictionlaw.cornell.eduhttps://dictionary.law.com/Default.aspx?selected=1070dictionary.law.comhttps://legal-dictionary.thefreedictionary.com/jurisdictionthefreedictionary.com2.32.3
14 - - - ii. PersonLegal definitions: Personhttps://www.google.com/search?q=Legal+definitions:+Personhttps://www.law.cornell.edu/wex/legal_person#:~:text=Overview,property%2C%20and%20enter%20into%20contracts.law.cornell.eduhttps://dictionary.law.com/Default.aspx?selected=1516dictionary.law.com2.32.3
15 - - - iii. PreemptionLegal definitions: Preemptionhttps://www.google.com/search?q=Legal+definitions:+Preemptionhttps://www.law.cornell.edu/wex/preemptionlaw.cornell.eduhttps://fas.org/sgp/crs/misc/R45825.pdffas.orghttps://en.wikipedia.org/wiki/Federal_preemptionwikipedia.org2.32.3
16 - - - iv. Private right of actionLegal definitions: Private right of actionhttps://www.google.com/search?q=Legal+definitions:+Private+right+of+actionhttps://www.law.com/newyorklawjournal/2020/04/07/establishing-a-private-right-of-action-in-personal-injury-cases/law.comhttps://www.brookings.edu/blog/techtank/2020/07/07/in-privacy-legislation-a-private-right-of-action-is-not-an-all-or-nothing-proposition/brookings.eduhttps://iapp.org/news/a/private-right-of-action-shouldnt-be-a-yes-no-proposition-in-federal-privacy-legislation/iapp.org2.32.3
17 - - d. Regulatory authoritiesU.S. Privacy: Regulatory authoritieshttps://www.google.com/search?q=U.S.+Privacy:+Regulatory+authorities2.43
18 - - - i. Federal Trade Commission (FTC)entityFederal Trade Commission (FTC)https://www.google.com/search?q=Federal+Trade+Commission+(FTC)https://www.ftc.gov/about-ftc/what-we-do/enforcement-authorityftc.govhttps://epic.org/privacy/internet/ftc/Authority.htmlepic.orghttps://en.wikipedia.org/wiki/Federal_Trade_Commissionwikipedia.org3.3-3.8
19 - - - ii. Federal Communications Commission (FCC)entityFederal Communications Commission (FCC)https://www.google.com/search?q=Federal+Communications+Commission+(FCC)https://en.wikipedia.org/wiki/Federal_Communications_Commissionwikipedia.orghttps://www.fcc.gov/fcc.govhttps://www.fcc.gov/enforcement/ordersfcc.gov3
20 - - - iii. Department of Commerce (DoC)entityDepartment of Commerce (DoC)https://www.google.com/search?q=Department+of+Commerce+(DoC)https://en.wikipedia.org/wiki/United_States_Department_of_Commercewikipedia.orghttps://www.commerce.gov/commerce.govhttps://www.privacyshield.gov/Program-Overviewprivacyshield.gov3.2
21 - - - iv. Department of Health and Human Services (HHS)entityhealthcareDepartment of Health and Human Services (HHS)https://www.google.com/search?q=Department+of+Health+and+Human+Services+(HHS)https://en.wikipedia.org/wiki/United_States_Department_of_Health_and_Human_Serviceswikipedia.orghttps://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/index.htmlhhs.govhttps://www.hhs.gov/hhs.gov8.1
22 - - - v. Banking regulatorsBanking regulatorshttps://www.google.com/search?q=Banking+regulators9
23 - - - - 1. Federal Reserve BoardentityFederal Reserve Boardhttps://www.google.com/search?q=Federal+Reserve+Boardhttps://en.wikipedia.org/wiki/Federal_Reservewikipedia.orghttps://www.federalreserve.gov/aboutthefed.htmfederalreserve.gov9.3.1
24 - - - - 2. Comptroller of the CurrencyentityComptroller of the Currencyhttps://www.google.com/search?q=Comptroller+of+the+Currencyhttps://www.occ.treas.gov/occ.treas.govhttps://en.wikipedia.org/wiki/Office_of_the_Comptroller_of_the_Currencywikipedia.orghttps://occ.gov/about/what-we-do/index-what-we-do.htmlocc.gov9.3.1
25 - - - vi. State attorneys generalState attorneys generalhttps://www.google.com/search?q=State+attorneys+generalhttp://ndlawreview.org/wp-content/uploads/2017/02/NDL205.pdfndlawreview.orghttps://iapp.org/news/a/mass-ags-data-privacy-security-division-an-advocate-for-consumers/iapp.orghttps://www.stateaginsights.com/2020/01/14/top-3-state-ag-trends-to-watch-in-2020/stateaginsights.com3.9
26 - - - vii. Self-regulatory programs and trust marksSelf-regulatory programs and trust markshttps://www.google.com/search?q=Self-regulatory+programs+and+trust+markshttps://iapp.org/news/a/a-milestone-for-privacy-self-regulation/iapp.org3.10
27 - - e. Understanding lawsU.S. Privacy: Regulatory authoritieshttps://www.google.com/search?q=U.S.+Privacy:+Regulatory+authoritieshttps://www.law.georgetown.edu/wp-content/uploads/2018/12/A-Guide-to-Reading-Interpreting-and-Applying-Statutes-1.pdflaw.georgetown.edu2.62.6
28 - - - i. Scope and applicationUnderstanding laws: Scope and applicationhttps://www.google.com/search?q=Understanding+laws:+Scope+and+application
29 - - - ii. Analyzing a lawUnderstanding laws: Analyzing a lawhttps://www.google.com/search?q=Understanding+laws:+Analyzing+a+lawhttps://www.law.georgetown.edu/wp-content/uploads/2018/12/A-Guide-to-Reading-Interpreting-and-Applying-Statutes-1.pdflaw.georgetown.eduhttps://www.nathenson.org/courses/civpro/resources/how-to-read-a-rule-or-statute/nathenson.org
30 - - - iii. Determining jurisdictionUnderstanding laws: Determining jurisdictionhttps://www.google.com/search?q=Understanding+laws:+Determining+jurisdictionhttps://law-hawaii.libguides.com/c.php?g=992891&p=7189141libguides.comhttps://www.law.cornell.edu/wex/jurisdiction#law.cornell.eduhttps://dictionary.law.com/Default.aspx?selected=1070dictionary.law.com2.3
31 - - - iv. PreemptionUnderstanding laws: Preemptionhttps://www.google.com/search?q=Understanding+laws:+Preemptionhttps://www.law.cornell.edu/wex/preemptionlaw.cornell.eduhttps://fas.org/sgp/crs/misc/R45825.pdffas.orghttps://en.wikipedia.org/wiki/Federal_preemptionwikipedia.org2.3
325% - B. Enforcement of U.S. Privacy and Security LawsEnforcement of U.S. Privacy and Security Lawshttps://www.google.com/search?q=Enforcement+of+U.S.+Privacy+and+Security+Laws33354
33 - - a. Criminal versus civil liabilityCriminal versus civil liabilityhttps://www.google.com/search?q=Criminal+versus+civil+liabilityhttps://criminal.findlaw.com/criminal-law-basics/the-differences-between-a-criminal-case-and-a-civil-case.htmlcriminal.findlaw.comhttps://openstax.org/books/business-law-i-essentials/pages/5-2-civil-vs-criminal-liabilityopenstax.orghttps://lawshelf.com/coursewarecontentview/civil-law-vs-criminal-law/lawshelf.com3.13.1
34 - - b. General theories of legal liabilityGeneral theories of legal liabilityhttps://www.google.com/search?q=General+theories+of+legal+liabilityhttps://en.wikipedia.org/wiki/Legal_liabilitywikipedia.orghttps://legal-dictionary.thefreedictionary.com/Theories+of+Liabilitythefreedictionary.comhttps://lawshelf.com/coursewarecontentview/liability-for-intentional-torts-negligence-and-strict-liability/lawshelf.com
35 - - - i. ContractGeneral theories of legal liability: Contracthttps://www.google.com/search?q=General+theories+of+legal+liability:+Contracthttps://www.law.cornell.edu/wex/contractlaw.cornell.eduhttps://davisbusinesslaw.com/what-three-elements-must-i-include-in-a-business-contract/davisbusinesslaw.com2.2.4
36 - - - ii. TortGeneral theories of legal liability: Torthttps://www.google.com/search?q=General+theories+of+legal+liability:+Torthttps://constitution.congress.gov/browse/essay/amdt1_2_3_3_2_1/congress.govhttps://www.law.cornell.edu/constitution-conan/amendment-1/invasion-of-privacylaw.cornell.eduhttps://www.findlaw.com/injury/torts-and-personal-injuries/what-is-invasion-of-privacy-.htmlfindlaw.com2.2.72.2.5
37 - - - iii. Civil enforcementGeneral theories of legal liability: Civil enforcementhttps://www.google.com/search?q=General+theories+of+legal+liability:+Civil+enforcement
38 - - c. NegligenceNegligence privacy lawhttps://www.google.com/search?q=Negligence+privacy+law
39 - - d. Unfair and deceptive trade practices (UDTP) UDAPUnfair and deceptive trade practices (UDTP)https://www.google.com/search?q=Unfair+and+deceptive+trade+practices+(UDTP)https://www.nclc.org/images/pdf/udap/report_50_states.pdfnclc.orghttps://www.brookings.edu/blog/techtank/2019/08/08/the-ftc-can-rise-to-the-privacy-challenge-but-not-without-help-from-congress/brookings.eduhttps://medium.com/golden-data/the-ftc-act-4b7bde468e5fmedium.com3.63.6, 3.7
40 - - e. Federal enforcement actionsFederal enforcement actions privacy securityhttps://www.google.com/search?q=Federal+enforcement+actions+privacy+security3.73.6, 3.7
41 - - - +. In re DesignerWare FTCconsent decreeIn re DesignerWare FTChttps://www.google.com/search?q=In+re+DesignerWare+FTChttps://www.ftc.gov/enforcement/cases-proceedings/112-3151/designerware-llc-matterftc.govhttps://www.ftc.gov/news-events/press-releases/2012/09/ftc-halts-computer-spyingftc.govhttps://www.wiley.law/newsletter-4397wiley.law3.7.43.7.5.3
42 - - - +. In re GeoCities FTCconsent decreeprivacy policyIn re GeoCities FTChttps://www.google.com/search?q=In+re+GeoCities+FTChttps://www.ftc.gov/enforcement/cases-proceedings/982-3015/geocitiesftc.govhttps://itlaw.wikia.org/wiki/In_re_GeoCitiesitlaw.wikia.orghttps://www.ftc.gov/news-events/press-releases/1998/08/internet-site-agrees-settle-ftc-charges-deceptively-collectingftc.gov3.5
43 - - - +. In re LifeLock FTCconsent decreefinancialencryptionIn re LifeLock FTChttps://www.google.com/search?q=In+re+LifeLock+FTChttps://www.ftc.gov/enforcement/cases-proceedings/072-3069-x100023/lifelock-inc-corporationftc.govhttps://medium.com/golden-data/case-study-lifelock-100m-fine-3d951dce2e30medium.comhttps://www.huntonprivacyblog.com/2015/12/21/ftc-announces-largest-settlement-ever-with-lifelock/huntonprivacyblog.com3.13.2
44 - - - +. In re Nomi FTCconsent decreeadtechIn re Nomi FTChttps://www.google.com/search?q=In+re+Nomi+FTChttps://www.ftc.gov/enforcement/cases-proceedings/132-3251/nomi-technologies-inc-matterftc.govhttps://laweconcenter.org/resource/the-dark-side-of-the-ftcs-latest-privacy-case-in-the-matter-of-nomi-technologies/laweconcenter.orghttps://www.forbes.com/sites/timsparapani/2015/05/26/privacy-and-security-innovation-the-cautionary-tale-of-nomi-technologies-and-the-ftc/#376bb4384a38forbes.com
45 - - - +. In re Snapchat FTCconsent decreedata breachIn re Snapchat FTChttps://www.google.com/search?q=In+re+Snapchat+FTChttps://www.ftc.gov/enforcement/cases-proceedings/132-3078/snapchat-inc-matterftc.govhttps://www.ftc.gov/news-events/press-releases/2014/05/snapchat-settles-ftc-charges-promises-disappearing-messages-wereftc.govhttps://epic.org/privacy/ftc/EPIC-Snapchat-Complaint.pdfepic.org3.6.3
46 - - - +. In re TRUSTe FTCconsent decreeIn re TRUSTe FTChttps://www.google.com/search?q=In+re+TRUSTe+FTChttps://www.ftc.gov/news-events/press-releases/2014/11/truste-settles-ftc-charges-it-deceived-consumers-through-itsftc.govhttps://www.jdsupra.com/legalnews/federal-trade-commission-announces-settl-29398/jdsupra.comhttps://www.ftc.gov/system/files/documents/cases/141117trustecmpt.pdfftc.gov
47 - - - +. In re Wyndham Worldwide Corp.consent decreeinfosecIn re Wyndham Worldwide Corp.https://www.google.com/search?q=In+re+Wyndham+Worldwide+Corp.https://www.lexisnexis.com/community/casebrief/p/casebrief-ftc-v-wyndham-worldwide-corplexisnexis.comhttps://harvardlawreview.org/2016/02/ftc-v-wyndham-worldwide-corp/harvardlawreview.orghttps://www.ftc.gov/news-events/blogs/business-blog/2015/08/third-circuit-rules-ftc-v-wyndham-caseftc.gov3.7.13.7.1
48 - - - +. In re LabMDconsent decreehealthcareinfosecIn re LabMDhttps://www.google.com/search?q=In+re+LabMDhttps://www.ftc.gov/enforcement/cases-proceedings/102-3099/labmd-inc-v-federal-trade-commissionftc.govhttps://www.lexisnexis.com/community/casebrief/p/casebrief-labmd-inc-v-ftclexisnexis.comhttps://www.wsgr.com/en/insights/eleventh-circuit-labmd-decision-significantly-restrains-ftc-s-remedial-powers-in-data-security-and-privacy-actions.htmlwsgr.com3.7.23.7.2
49 - - - +. In re Eli Lillyconsent decreehealthcareinfosecIn re Eli LIlly FTChttps://www.google.com/search?q=In+re+Eli+LIlly+FTChttps://www.ftc.gov/enforcement/cases-proceedings/012-3214/eli-lilly-company-matterftc.gov3.5
50 - - f. State enforcement (Attorneys General (AGs), etc.)Privacy State enforcement: Attorneys Generalshttps://www.google.com/search?q=Privacy+State+enforcement:+Attorneys+Generalshttps://www.nclc.org/images/pdf/udap/report_50_states.pdfnclc.orghttps://www.nclc.org/issues/how-well-do-states-protect-consumers.htmlnclc.orghttps://www.americanbar.org/groups/business_law/publications/blt/2019/09/abusive-acts/americanbar.org3.93.9
51 - - g. Cross-border enforcement issues (GPEN)data transferPrivacy Cross-border enforcement issueshttps://www.google.com/search?q=Privacy+Cross-border+enforcement+issueshttps://globalinvestigationsreview.com/review/the-investigations-review-of-the-americas/2020/article/data-privacy-and-transfers-in-cross-border-investigationsglobalinvestigationshttps://media2.mofo.com/documents/171000-data-privacy-cross-border-investigations.pdfmedia2.mofo.comhttps://fas.org/sgp/crs/misc/R45584.pdffas.org3.113.11
52 - - h. Self-regulatory enforcement (PCI, Trust Marks)Privacy Self-regulatory enforcementhttps://www.google.com/search?q=Privacy+Self-regulatory+enforcementhttps://iapp.org/news/a/a-milestone-for-privacy-self-regulation/iapp.orghttps://www.law.uchicago.edu/files/file/marotta-wurgler_understanding_privacy_policies.pdflaw.uchicago.edu3.103.1
5326% - C. Information Management from a U.S. PerspectivePrivacy Information Management from a U.S. Perspectivehttps://www.google.com/search?q=Privacy+Information+Management+from+a+U.S.+Perspective44182220
54 - - a. Data sharing and transfersdata transferPrivacy Data sharing and transfershttps://www.google.com/search?q=Privacy+Data+sharing+and+transfers4.44.4
55 - - - i. Data inventoryPrivacy Data inventoryhttps://www.google.com/search?q=Privacy+Data+inventoryhttps://iapp.org/news/a/top-10-operational-responses-to-the-gdpr-data-inventory-and-mapping/iapp.orghttps://www.bclplaw.com/images/content/1/0/v2/102309/april3Gdpr.pdfbclplaw.comhttps://gbq.com/data-inventory-what-do-you-have/gbq.com4.4.14.4.1
56 - - - ii. Data classificationPrivacy Data classificationhttps://www.google.com/search?q=Privacy+Data+classificationhttps://www.cmu.edu/iso/governance/guidelines/data-classification.htmlcmu.eduhttps://www.varonis.com/blog/data-classification/varonis.comhttps://blog.netwrix.com/2020/09/02/data-classification/blog.netwrix.com4.4.24.4.2
57 - - - iii. Data flow mappingPrivacy Data flow mappinghttps://www.google.com/search?q=Privacy+Data+flow+mappinghttps://www.itgovernance.co.uk/gdpr-data-mappingitgovernance.co.ukhttps://brown.columbia.edu/mapping-data-flows/brown.columbia.eduhttps://dataprivacyproject.org/learning-modules/mapping-data-flows/#internetdataprivacyproject.org4.4.3
58 - - - +. Data AccountabilityPrivacy Data Accountabilityhttps://www.google.com/search?q=Privacy+Data+Accountabilityhttps://ico.org.uk/for-organisations/accountability-framework/ico.org.ukhttps://medium.com/golden-data/what-does-accountability-mean-under-eu-data-protection-law-af630e40648bmedium.com4.4.4
59 - - b. Privacy program developmentPrivacy Privacy program developmenthttps://www.google.com/search?q=Privacy+Privacy+program+development4.34.5
60 - - c. Managing User PreferencesPrivacy Managing User Privacy Preferenceshttps://www.google.com/search?q=Privacy+Managing+User+Privacy+Preferenceshttps://iapp.org/news/a/consent-and-preference-management-in-the-age-of-data-privacy/iapp.org4.6, 4.6.24.6
61 - - d. Incident response programsPrivacy Incident response programshttps://www.google.com/search?q=Privacy+Incident+response+programshttps://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-businessftc.gov6.47.4
62 - - - i. Cyber threats (e.g., ransomware)Privacy Cyber threats ransomwarehttps://www.google.com/search?q=Privacy+Cyber+threats+ransomwarehttps://www.proofpoint.com/us/blog/threat-protection/top-three-data-breach-vectors-and-how-combat-themproofpoint.comhttps://www.icaew.com/-/media/corporate/files/technical/business-and-financial-management/smes/bas-for-pba/top-five-cyber-risks.ashxicaew.comhttps://us.norton.com/internetsecurity-emerging-threats-cyberthreat-trends-cybersecurity-threat-review.htmlus.norton.com5.2.15.2.1
63 - - e. Workforce TrainingPrivacy Workforce Training: Data Privacy and Information Securityhttps://www.google.com/search?q=Privacy+Workforce+Training:+Data+Privacy+and+Information+Securityhttps://teachprivacy.com/security-awareness-training-requirements/teachprivacy.comhttps://teachprivacy.com/privacy-training-and-data-security-training-requirements/teachprivacy.comhttps://www.mediapro.com/blog/9-topics-privacy-awareness-training-program/mediapro.com
64 - - f. AccountabilityPrivacy Accountability privacy principlehttps://www.google.com/search?q=Privacy+Accountability+privacy+principle4.4.4
65 - - g. Data retention and disposal (FACTA)legislationfinancialinfosecPrivacy Data retention and disposal (FACTA)https://www.google.com/search?q=Privacy+Data+retention+and+disposal+(FACTA)https://www.federalregister.gov/documents/2017/11/15/2017-24728/disposal-of-consumer-report-information-and-recordsfederalregister.govhttps://www.ftc.gov/tips-advice/business-center/guidance/disposing-consumer-report-information-rule-tells-howftc.govhttps://www.ncsl.org/research/telecommunications-and-information-technology/data-disposal-laws.aspxncsl.org9.2.1
66 - - h. Online PrivacyPrivacy Online Privacyhttps://www.google.com/search?q=Privacy+Online+Privacy55
67 - - i. Privacy noticesprivacy policyPrivacy Privacy noticeshttps://www.google.com/search?q=Privacy+Privacy+notices4.5, 5.34.5
68 - - j. Vendor managementdata transferPrivacy Vendor managementhttps://www.google.com/search?q=Privacy+Vendor+management4.74.7
69 - - - i. Vendor incidentsdata transferPrivacy Vendor management: Vendor privacy incidentshttps://www.google.com/search?q=Privacy+Vendor+management:+Vendor+privacy+incidentshttps://www.darkreading.com/attacks-breaches/top-third-party-data-breaches-of-2020-lessons-learned-to-make-2021-more-secure/d/d-id/1339617darkreading.com
70 - - - ii. Cloud issuesdata transferPrivacy Vendor management: Cloud privacy issueshttps://www.google.com/search?q=Privacy+Vendor+management:+Cloud+privacy+issueshttps://legal.thomsonreuters.com/en/insights/articles/understanding-data-privacy-and-cloud-computingthomsonreuters.comhttps://iapp.org/news/a/the-globalization-of-criminal-evidence/iapp.orghttps://www.lawfareblog.com/why-cross-border-government-requests-data-will-keep-becoming-more-importantlawfareblog.com5.4.5, 8.1, 13.3.8
71 - - k. International data transfersdata transferPrivacy International data transfershttps://www.google.com/search?q=Privacy+International+data+transfers4.8.25.4.5, 14.7
72 - - - i.a U.S. Safe Harborlegislationdata transferPrivacy EU-US Safe Harborhttps://www.google.com/search?q=Privacy+EU-US+Safe+Harborhttps://en.wikipedia.org/wiki/International_Safe_Harbor_Privacy_Principleswikipedia.orghttps://www.ftc.gov/tips-advice/business-center/privacy-and-security/u.s.-eu-safe-harbor-frameworkftc.govhttps://iapp.org/resources/article/a-brief-history-of-safe-harbor/iapp.org14.7.2
73 - - - i.b Privacy Shieldlegislationdata transferPrivacy EU-US Privacy Shieldhttps://www.google.com/search?q=Privacy+EU-US+Privacy+Shieldhttps://www.privacyshield.gov/welcomeprivacyshield.govhttps://www.impact-advisors.com/security/eu-us-privacy-shield-framework/impact-advisors.comhttps://www.privacyshield.gov/eu-us-frameworkprivacyshield.gov5.4.5
74 - - - ii. Binding Corporate Rules (BCRs)data transferPrivacy Binding Corporate Rules (BCRs)https://www.google.com/search?q=Privacy+Binding+Corporate+Rules+(BCRs)https://iapp.org/resources/article/approved-binding-corporate-rules/iapp.orghttp://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2005/wp107_en.pdfec.europa.euhttp://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2005/wp108_en.pdfec.europa.eu14.7.2
75 - - - iii. Standard Contractual Clausesdata transferPrivacy Standard Contractual Clauseshttps://www.google.com/search?q=Privacy+Standard+Contractual+Clauseshttps://europeanlawblog.eu/2020/11/13/schrems-iii-first-thoughts-on-the-edpb-post-schrems-ii-recommendations-on-international-data-transfers-part-1/europeanlawblog.euhttps://www.natlawreview.com/article/guidance-edpb-shrems-ii-and-future-changes-to-trans-border-data-flows-and-standardnatlawreview.com14.7.2
76 - - - iv. Other approved transfer mechanismsdata transferPrivacy International Data Transfers: Other Approved Mechshttps://www.google.com/search?q=Privacy+International+Data+Transfers:+Other+Approved+Mechs
77 - - l. Other key considerations U.S.-based global multinationalsdata transferPrivacy U.S.-based global multinational companieshttps://www.google.com/search?q=Privacy+U.S.-based+global+multinational+companies
78 - - - i. GDPR requirementslegislationdata transferPrivacy GDPR requirementshttps://www.google.com/search?q=Privacy+GDPR+requirementshttps://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/sensitive-data/what-personal-data-considered-sensitive_enec.europa.euhttps://www.dixonwilson.com/technical-updates/gdpr-key-provisionsdixonwilson.com4.8.114
79 - - - ii. APEC privacy frameworkdata transferPrivacy APEC privacy frameworkhttps://www.google.com/search?q=Privacy+APEC+privacy+frameworkhttps://www.apec.org/Publications/2005/12/APEC-Privacy-Frameworkapec.orghttps://iapp.org/media/pdf/resource_center/APEC_Privacy_Framework.pdfiapp.orghttps://itlaw.wikia.org/wiki/APEC_Privacy_Frameworkitlaw.wikia.org1.4.5
80 - - m. Resolving multinational compliance conflictsdata transferPrivacy Resolving multinational compliance conflictshttps://www.google.com/search?q=Privacy+Resolving+multinational+compliance+conflicts
81 - - - i. EU data protection versus e-discoverydata transfereDiscoveryPrivacy EU data protection versus e-discoveryhttps://www.google.com/search?q=Privacy+EU+data+protection+versus+e-discoveryhttps://technology.findlaw.com/electronic-discovery/ediscovery-and-the-eu-european-data-privacy-regulations-every.htmlfindlaw.comhttps://www.foley.com/en/insights/publications/2018/06/gdpr-and-us-ediscovery--who-will-win-the-game-of-cfoley.com13
8229%II. Limits on Private-sector Collection and Use of DataPrivacy Private-sector Collection and Use of Datahttps://www.google.com/search?q=Privacy+Private-sector+Collection+and+Use+of+Data202422
834% - A. Cross-sector FTC Privacy ProtectionFTC Privacy Protectionhttps://www.google.com/search?q=FTC+Privacy+Protection243
84 - - a. The Federal Trade Commission ActlegislationThe Federal Trade Commission Acthttps://www.google.com/search?q=The+Federal+Trade+Commission+Acthttps://www.ftc.gov/enforcement/statutes/federal-trade-commission-actftc.govhttps://en.wikipedia.org/wiki/Federal_Trade_Commission_Act_of_1914wikipedia.orghttps://epic.org/privacy/internet/ftc/Authority.htmlepic.org3.3, 3.5, 3.7
85 - - b. FTC Privacy Enforcement ActionsFTC Privacy Enforcement Actionshttps://www.google.com/search?q=FTC+Privacy+Enforcement+Actionshttps://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy/privacy-security-enforcementftc.govhttps://iapp.org/media/pdf/resource_center/Scully-FTC-Remedies2017.pdfiapp.org3.6, 3.73.6, 3.7
86 - - c. FTC Security Enforcement ActionsinfosecFTC Security Enforcement Actionshttps://www.google.com/search?q=FTC+Security+Enforcement+Actionshttps://www.ftc.gov/enforcement/cases-proceedings/terms/249ftc.govhttps://www.lexology.com/library/detail.aspx?g=37fdf828-4a9a-4aa2-8f20-f8f6bb0e1ce0lexology.com3.6, 3.73.6, 3.7
87 - - d. The Children’s Online Privacy Protection Act of 1998 (COPPA)legislationThe Children’s Online Privacy Protection Act of 1998 (COPPA)https://www.google.com/search?q=The+Children’s+Online+Privacy+Protection+Act+of+1998+(COPPA)https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-ruleftc.govhttps://epic.org/privacy/kids/epic.orghttps://www.ecfr.gov/cgi-bin/text-idx?SID=4939e77c77a1a1a08c1cbf905fc4b409&node=16%3A1.0.1.3.36&rgn=div5ecfr.gov5.2.55.2.5
88 - - e. Future of federal enforcementPrivacy Data brokers, Big Data, IoT, AI, unregulated datahttps://www.google.com/search?q=Privacy+Data+brokers,+Big+Data,+IoT,+AI,+unregulated+data3.8
89 - - - +. Data Brokers & PrivacyadtechData Brokers & Privacyhttps://www.google.com/search?q=Data+Brokers+&+Privacyhttps://www.ftc.gov/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014ftc.govhttps://www.csoonline.com/article/3356458/landmark-laws-data-brokers-and-the-future-of-us-privacy-regulation.htmlcsoonline.comhttps://iapp.org/news/a/at-senate-hearing-lawmakers-incredulous-data-brokers-a-no-show/iapp.org15.2.3.1
90 - - - +. Big Data & PrivacyBig Data & Privacyhttps://www.google.com/search?q=Big+Data+&+Privacy13.215.2
91 - - - +. IoT & PrivacyInternet of Things & Privacyhttps://www.google.com/search?q=Internet+of+Things+&+Privacyhttps://epic.org/privacy/internet/iot/epic.orghttps://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdfftc.govhttps://www.internetsociety.org/policybriefs/iot-privacy-for-policymakers/internetsociety.org13.315.3
92 - - - +. AI & PrivacyArtificial Intelligence & Privacyhttps://www.google.com/search?q=Artificial+Intelligence+&+Privacyhttps://www.brookings.edu/research/protecting-privacy-in-an-ai-driven-world/#:~:text=%E2%80%9CAs%20artificial%20intelligence%20evolves%2C%20it,the%20privacy%20issues%20that%20emerge.brookings.eduhttps://www.forbes.com/sites/davidteich/2020/08/10/artificial-intelligence-and-data-privacy--turning-a-risk-into-a-benefit/?sh=13a697d76a95forbes.comhttps://iapp.org/media/pdf/resource_center/ai-and-privacy.pdfiapp.org12.2.1.5, 15.1.2
93 - - - +. Unregulated DataPrivacy Unregulated Datahttps://www.google.com/search?q=Privacy+Unregulated+Data
948% - B. MedicalhealthcareMedical Privacy Lawshttps://www.google.com/search?q=Medical+Privacy+Laws78576
95 - - a. The Health Insurance Portability and Accountability Act of 1996legislationhealthcareThe Health Insurance Portability and Accountability Act of 1996 (HIPAA)https://www.google.com/search?q=The+Health+Insurance+Portability+and+Accountability+Act+of+1996+(HIPAA)https://www.govinfo.gov/content/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdfgovinfo.govhttps://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.htmlhhs.govhttps://www.atlantic.net/hipaa-compliant-hosting/hipaa-compliance-guide-what-is-hipaa/atlantic.net7.28.1
96 - - - i. HIPAA privacy rulelegislationhealthcareHIPAA privacy rulehttps://www.google.com/search?q=HIPAA+privacy+rulehttps://www.hhs.gov/hipaa/for-professionals/privacy/index.htmlhhs.govhttps://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.htmlhhs.govhttps://www.upguard.com/blog/hipaa-privacy-ruleupguard.com7.2.18.1.1
97 - - - ii. HIPAA security rulelegislationhealthcareinfosecHIPAA security rulehttps://www.google.com/search?q=HIPAA+security+rulehttps://www.hhs.gov/hipaa/for-professionals/security/index.htmlhhs.govhttps://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.htmlhhs.govhttps://www.unco.edu/hipaa/summary-of-security-rule/unco.edu7.2.28.1.2
98 - - b. HITECH Act of 2009legislationhealthcareencryptionHealth Information Technology for Economic and Clinical Health (HITECH) Act of 2010https://www.google.com/search?q=Health+Information+Technology+for+Economic+and+Clinical+Health+(HITECH)+Act+of+2010https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.htmlhhs.govhttps://www.hipaajournal.com/what-is-the-hitech-act/hipaajournal.com7.38.2
99 - - c. The 21st Century Cures Act of 2016legislationhealthcarePrivacy The 21st Century Cures Act of 2016https://www.google.com/search?q=Privacy+The+21st+Century+Cures+Act+of+2016https://www.fda.gov/regulatory-information/selected-amendments-fdc-act/21st-century-cures-actfda.govhttps://iapp.org/news/a/privacy-and-security-impacts-of-the-21st-century-cures-legislation/iapp.orghttps://www.congress.gov/114/bills/hr34/BILLS-114hr34enr.pdfcongress.gov7.58.5
100 - - d. Confidentiality of Substance Use Disorder Patient Records RulelegislationhealthcarePrivacy Confidentiality of Substance Use Disorder Patient Records Rulehttps://www.google.com/search?q=Privacy+Confidentiality+of+Substance+Use+Disorder+Patient+Records+Rule8.3
101 - - - i. 42 CFR Part 2legislationhealthcarePrivacy 42 CFR Part 2https://www.google.com/search?q=Privacy+42+CFR+Part+2https://www.law.cornell.edu/uscode/text/42/290dd-2law.cornell.eduhttps://www.ncsc.org/sitecore/content/microsites/future-trends-2012/home/privacy-and-technology/substance-abuse.aspxncsc.orghttps://www.hhs.gov/about/news/2020/07/13/health-privacy-rule-42-cfr-part-2-revised-modernizing-care-coordination-americans-seeking-treatment.htmlhhs.gov7.18.3
1028% - C. FinancialfinancialFinancial Privacy Lawshttps://www.google.com/search?q=Financial+Privacy++Laws89576
103 - - a. The Fair Credit Reporting Act of 1970 (FCRA)legislationfinancialPrivacy Fair Credit Reporting Act of 1970 (FCRA)https://www.google.com/search?q=Privacy+Fair+Credit+Reporting+Act+of+1970+(FCRA)https://epic.org/privacy/fcra/epic.orghttps://www.lexingtonlaw.com/credit/what-is-the-fair-credit-reporting-actlexingtonlaw.com8.19.1
104 - - b. The Fair and Accurate Credit Transactions Act of 2003 (FACTA)legislationfinancialPrivacy Fair and Accurate Credit Transactions Act of 2003 (FACTA)https://www.google.com/search?q=Privacy+Fair+and+Accurate+Credit+Transactions+Act+of+2003+(FACTA)https://www.ftc.gov/enforcement/statutes/fair-accurate-credit-transactions-act-2003ftc.govhttps://www.nclc.org/images/pdf/credit_reports/archive/analysis-facta.pdfnclc.orghttps://www.govinfo.gov/content/pkg/PLAW-108publ159/html/PLAW-108publ159.htmgovinfo.gov8.29.2
105 - - - +. The Disposal RuleFACTA: Disposal Rulehttps://www.google.com/search?q=FACTA:+Disposal+Rulehttps://www.shrednations.com/2019/05/what-is-facta-disposal-rule/shrednations.comhttps://www.govinfo.gov/content/pkg/PLAW-108publ159/html/PLAW-108publ159.htmgovinfo.govhttps://www.ftc.gov/news-events/press-releases/2016/09/ftc-seeks-comment-disposal-ruleftc.gov9.2.1
106 - - - +. The Red Flags RuleRed Flags Rulehttps://www.google.com/search?q=Red+Flags+Rule
107 - - c. The Financial Services Modernization Act of 1999 (GLBA)legislationfinancialFinancial Services Modernization Act of 1999 (“Gramm-Leach-Bliley” or GLBA)https://www.google.com/search?q=Financial+Services+Modernization+Act+of+1999+(“Gramm-Leach-Bliley”+or+GLBA)https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-actftc.govhttps://digitalguardian.com/blog/what-glba-compliance-understanding-data-protection-requirements-gramm-leach-bliley-actdigitalguardian.com8.39.3
108 - - - i. GLBA privacy rulelegislationfinancialprivacy policyGLBA privacy rulehttps://www.google.com/search?q=GLBA+privacy+rulehttps://www.ftc.gov/tips-advice/business-center/guidance/how-comply-privacy-consumer-financial-information-rule-grammftc.gov8.3.29.3.2
109 - - - ii. GLBA safeguards rulelegislationfinancialinfosecGLBA safeguards rulehttps://www.google.com/search?q=GLBA+safeguards+rulehttps://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/safeguards-ruleftc.gov8.3.39.3.3
110 - - d. Red Flags RulelegislationfinancialRed Flags Rulehttps://www.google.com/search?q=Red+Flags+Rulehttps://en.wikipedia.org/wiki/Red_Flags_Rulewikipedia.orghttps://www.huntonprivacyblog.com/2010/12/20/president-obama-signs-red-flag-program-clarification-act/huntonprivacyblog.com8.2.29.2.2
111 - - e. Dodd-Frank Wall Street Reform and Consumer Protection ActlegislationfinancialDodd-Frank Wall Street Reform and Consumer Protection Act of 2010https://www.google.com/search?q=Dodd-Frank+Wall+Street+Reform+and+Consumer+Protection+Act+of+2010https://www.investopedia.com/terms/c/consumer-financial-protection-act.aspinvestopedia.comhttps://www.consumerfinance.gov/about-us/the-bureau/creatingthebureau/consumerfinance.gov8.49.4
112 - - f. Consumer Financial Protection BureauentityfinancialConsumer Financial Protection Bureauhttps://www.google.com/search?q=Consumer+Financial+Protection+Bureau9.4
113 - - g. Online BankingfinancialPrivacy & Online Bankinghttps://www.google.com/search?q=Privacy+&+Online+Banking8.69.3.3
1141% - D. EducationeducationEducation Privacy lawshttps://www.google.com/search?q=Education+Privacy+laws910021
115 - - a. Family Educational Rights and Privacy Act of 1974 (FERPA)legislationeducationPrivacy Family Educational Rights and Privacy Act of 1974 (FERPA)https://www.google.com/search?q=Privacy+Family+Educational+Rights+and+Privacy+Act+of+1974+(FERPA)https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.htmlwww2.ed.govhttps://epic.org/privacy/student/ferpa/epic.org9.110.1
116 - - b. Education technologyeducationPrivacy Privacy & Education technologyhttps://www.google.com/search?q=Privacy+Privacy+&+Education+technology9.410.4
1178% - E. Telecommunications and MarketingPrivacy Telecommunications and Marketinghttps://www.google.com/search?q=Privacy+Telecommunications+and+Marketing1011576
118- - a. Telemarketing sales rule (TSR) and TCPA of 1991legislationPrivacy Telemarketing sales rule (TSR) and the Telephone Consumer Protection Act of 1991 (TCPA)https://www.google.com/search?q=Privacy+Telemarketing+sales+rule+(TSR)+and+the+Telephone+Consumer+Protection+Act+of+1991+(TCPA)https://en.wikipedia.org/wiki/Telemarketing_and_Consumer_Fraud_and_Abuse_Prevention_Actwikipedia.orghttps://www.ftc.gov/enforcement/statutes/telemarketing-consumer-fraud-abuse-prevention-actftc.govhttps://www.venable.com/-/media/files/events/2020/01/telemarketing-and-texting-slides-jan-2020.pdfvenable.com10.111.1
119 - - - i. The Do-Not-Call registry (DNC)legislationPrivacy Do-Not-Call registry (DNC)https://www.google.com/search?q=Privacy+Do-Not-Call+registry+(DNC)https://www.donotcall.gov/donotcall.govhttps://www.ftc.gov/tips-advice/business-center/guidance/qa-telemarketers-sellers-about-dnc-provisions-tsrftc.gov10.1.111.1.2
120 - - b. CAN-SPAM Act 2003legislationPrivacy Controlling the Assault of Non-solicited Pornography and Marketing Act of 2003 (CAN-SPAM)https://www.google.com/search?q=Privacy+Controlling+the+Assault+of+Non-solicited+Pornography+and+Marketing+Act+of+2003+(CAN-SPAM)https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-businessftc.govhttps://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003wikipedia.orghttps://www.federalregister.gov/documents/2019/04/04/2019-06562/controlling-the-assault-of-non-solicited-pornography-and-marketing-rulefederalregister.gov10.311.3
121 - - c. The Junk Fax Prevention Act of 2005 (JFPA)legislationJunk Fax Prevention Act of 2005 (JFPA)https://www.google.com/search?q=Junk+Fax+Prevention+Act+of+2005+(JFPA)https://www.congress.gov/bill/109th-congress/senate-bill/714congress.govhttps://www.fcc.gov/general/fax-advertising-policyfcc.govhttps://en.wikipedia.org/wiki/Junk_Fax_Prevention_Act_of_2005wikipedia.org10.211.2
122 - - d. The Wireless Domain RegistryThe Wireless Domain Registryhttps://www.google.com/search?q=The+Wireless+Domain+Registry10.3.311.3.3
123 - - e. Telecommunications Act of 1996 and CPNIlegislationTelecommunications Act of 1996 and Customer Proprietary Network Informationhttps://www.google.com/search?q=Telecommunications+Act+of+1996+and+Customer+Proprietary+Network+Informationhttps://www.fcc.gov/general/telecommunications-act-1996fcc.govhttps://en.wikipedia.org/wiki/Telecommunications_Act_of_1996wikipedia.orghttps://www.ntia.doc.gov/legacy/opadhome/overview.htmntia.doc.gov10.411.4
124 - - f. Cable Communications Policy Act of 1984legislationCable Communications Policy Act of 1984https://www.google.com/search?q=Cable+Communications+Policy+Act+of+1984https://www.congress.gov/bill/98th-congress/senate-bill/66congress.govhttps://en.wikipedia.org/wiki/Cable_Communications_Policy_Act_of_1984wikipedia.orghttps://www.mtsu.edu/first-amendment/article/1057/cable-communications-policy-act-of-1984mtsu.edu10.511.5
125 - - g. Video Privacy Protection Act of 1988 (VPPA)legislationVideo Privacy Protection Act of 1988 (VPPA)https://www.google.com/search?q=Video+Privacy+Protection+Act+of+1988+(VPPA)https://www.law.cornell.edu/uscode/text/18/2710law.cornell.eduhttps://epic.org/privacy/vppa/epic.orghttps://www.law.cornell.edu/uscode/text/18/2710law.cornell.edu10.611.6
126 - - - i. Video Privacy Protection Act Amendments Act of 2012legislationVideo Privacy Protection Act Amendments Act of 2012 (H.R. 6671)https://www.google.com/search?q=Video+Privacy+Protection+Act+Amendments+Act+of+2012+(H.R.+6671)https://en.wikipedia.org/wiki/Video_Privacy_Protection_Actwikipedia.orghttps://www.whitecase.com/publications/article/social-sharing-and-us-video-privacy-protection-act-perilous-online-videowhitecase.com11.6
127 - - h. Digital advertisingadtechDigital advertisinghttps://www.google.com/search?q=Digital+advertising5.5, 10.711.7
1289%III. Government and Court Access to Private-sector InfoGovernment and Court Access to Private-sector Informationhttps://www.google.com/search?q=Government+and+Court+Access+to+Private-sector+Information1213687
1295% - A. Law Enforcement and PrivacyLaw Enforcement and Privacyhttps://www.google.com/search?q=Law+Enforcement+and+Privacy12.313.3354
130 - - a. Access to financial datafinancialLaw Enforcement: Access to financial datahttps://www.google.com/search?q=Law+Enforcement:+Access+to+financial+data
131 - - - i. Right to Financial Privacy Act of 1978legislationfinancialRight to Financial Privacy Act of 1978https://www.google.com/search?q=Right+to+Financial+Privacy+Act+of+1978https://www.fdic.gov/regulations/compliance/manual/8/viii-3.1.pdffdic.govhttps://epic.org/privacy/rfpa/epic.org12.3.613.3.6
132 - - - ii. Bank Secrecy Act of 1970 (BSA)legislationfinancialBank Secrecy Act of 1970 (BSA)https://www.google.com/search?q=Bank+Secrecy+Act+of+1970+(BSA)https://www.occ.treas.gov/topics/supervision-and-examination/bsa/index-bsa.htmlocc.treas.govhttps://www.investopedia.com/terms/b/bank_secrecy_act.aspinvestopedia.com8.5.19.5.1
133 - - b. Access to communicationsLaw Enforcement: Access to communicationshttps://www.google.com/search?q=Law+Enforcement:+Access+to+communications
134 - - - i. WiretapsWiretaps: Law Enforcement Access to Datahttps://www.google.com/search?q=Wiretaps:+Law+Enforcement+Access+to+Data12.3.313.3.3
135 - - - ii. Electronic Communications Privacy Act (ECPA)legislationElectronic Communications Privacy Act (ECPA)https://www.google.com/search?q=Electronic+Communications+Privacy+Act+(ECPA)https://epic.org/privacy/ecpa/epic.orghttps://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Actwikipedia.org13.3.3
136 - - - - 1. E-mailsECPA: E-mailshttps://www.google.com/search?q=ECPA:+E-mails
137 - - - - 2. Stored recordsECPA: Stored recordshttps://www.google.com/search?q=ECPA:+Stored+recordshttps://www.govinfo.gov/content/pkg/USCODE-2010-title18/html/USCODE-2010-title18-partI-chap121.htmgovinfo.govhttps://www.lexisnexis.com/lexis-practice-advisor/the-journal/b/lpa/posts/stored-communications-act-practical-considerationslexisnexis.comhttps://en.wikipedia.org/wiki/Stored_Communications_Actwikipedia.org13.3.3.2
138 - - - - 3. Pen registersECPA: Pen registershttps://www.google.com/search?q=ECPA:+Pen+registershttps://www.law.cornell.edu/uscode/text/18/part-II/chapter-206law.cornell.eduhttps://en.wikipedia.org/wiki/Pen_register#Pen_Register_Actwikipedia.orghttps://cyber.harvard.edu/privacy/Introduction%20to%20Government%20Investigations.htmcyber.harvard.edu13.3.3.4
139 - - c. Communications Assistance to Law Enforcement Act (CALEA)legislationCommunications Assistance to Law Enforcement Act (CALEA)https://www.google.com/search?q=Communications+Assistance+to+Law+Enforcement+Act+(CALEA)https://www.fcc.gov/public-safety-and-homeland-security/policy-and-licensing-division/general/communications-assistancefcc.govhttps://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Actwikipedia.org12.3.413.3.4
1403% - B. National Security and Privacysearch/surveilNational Security and Privacyhttps://www.google.com/search?q=National+Security+and+Privacy12.413.4132
141 - - a. Foreign Intelligence Surveillance Act of 1978 (FISA)legislationsearch/surveilForeign Intelligence Surveillance Act of 1978 (FISA)https://www.google.com/search?q=Foreign+Intelligence+Surveillance+Act+of+1978+(FISA)https://www.fisc.uscourts.gov/about-foreign-intelligence-surveillance-courtfisc.uscourts.govhttps://epic.org/privacy/surveillance/fisa/epic.org12.4.213.4.2
142 - - - i. Wiretapssearch/surveilFISA: Wiretapshttps://www.google.com/search?q=FISA:+Wiretaps
143 - - - ii. E-mails and stored recordssearch/surveilFISA: E-mails and stored recordshttps://www.google.com/search?q=FISA:+E-mails+and+stored+records
144 - - - iii. National security letterssearch/surveilFISA: National security lettershttps://www.google.com/search?q=FISA:+National+security+lettershttps://www.eff.org/issues/national-security-letters/faqeff.orghttps://epic.org/privacy/nsl/epic.org12.4.513.4.5
145 - - b. USA Patriot Actlegislationsearch/surveilUSA-Patriot Acthttps://www.google.com/search?q=USA-Patriot+Acthttps://epic.org/privacy/terrorism/hr3162.htmlepic.orghttps://en.wikipedia.org/wiki/Patriot_Actwikipedia.org9.5, 13.4
146 - - c. The USA Freedom Act of 2015legislationsearch/surveilUSA Freedom Act of 2015https://www.google.com/search?q=USA+Freedom+Act+of+2015https://en.wikipedia.org/wiki/USA_Freedom_Actwikipedia.orghttps://www.lawfareblog.com/nsa-and-usa-freedom-actlawfareblog.comhttps://www.lawfareblog.com/so-what-does-usa-freedom-act-do-anywaylawfareblog.com13.4
147 - - d. The Cybersecurity Information Sharing Act of 2015 (CISA)legislationinfosecsearch/surveilCybersecurity Information Sharing Act of 2015 (CISA)https://www.google.com/search?q=Cybersecurity+Information+Sharing+Act+of+2015+(CISA)https://en.wikipedia.org/wiki/Cybersecurity_Information_Sharing_Actwikipedia.orghttps://www.cisecurity.org/newsletter/cybersecurity-information-sharing-act-of-2015/cisecurity.orghttps://www.nextgov.com/cybersecurity/2018/06/only-6-non-federal-groups-share-cyber-threat-info-homeland-security/149343/nextgov.com13.3.5
1481% - C. Civil Litigation and PrivacyeDiscoveryCivil Litigation and Privacyhttps://www.google.com/search?q=Civil+Litigation+and+Privacyhttps://www.yalelawjournal.org/forum/data-rights-and-data-wrongsyalelawjournal.orghttps://iapp.org/news/a/how-the-ccpa-impacts-civil-litigation/iapp.org12.213.2021
149 - - a. Compelled disclosure of media informationsearch/surveilCompelled disclosure of media informationhttps://www.google.com/search?q=Compelled+disclosure+of+media+information13.1.1
150 - - - i. Privacy Protection Act of 1980legislationsearch/surveilPrivacy Protection Act of 1980https://www.google.com/search?q=Privacy+Protection+Act+of+1980https://epic.org/privacy/ppa/epic.orghttps://en.wikipedia.org/wiki/Privacy_Protection_Act_of_1980wikipedia.org13.3.7
151 - - b. Electronic discoveryeDiscoveryPrivacy Electronic discoveryhttps://www.google.com/search?q=Privacy+Electronic+discovery12.2.213.2.2
15213%IV. Workplace PrivacyPrivacy Workplace Privacyhttps://www.google.com/search?q=Privacy+Workplace+Privacy111281210
1535% - A. Introduction to Workplace PrivacyPrivacy https://www.google.com/search?q=Privacy+11.112.1354
154 - - a. Workplace privacy conceptsPrivacy Workplace privacy concepts https://www.google.com/search?q=Privacy+Workplace+privacy+concepts++++++++12.1
155 - - - i. Human resources managementPrivacy Workplace Privacy & Human resources managementhttps://www.google.com/search?q=Privacy+Workplace+Privacy+&+Human+resources+management
156 - - b. U.S. agencies regulating workplace privacy issuesPrivacy U.S. agencies regulating workplace privacy issueshttps://www.google.com/search?q=Privacy+U.S.+agencies+regulating+workplace+privacy+issues11.1.3.212.1.3.2
157 - - - i. Federal Trade Commission (FTC)entityFederal Trade Commission (FTC)https://www.google.com/search?q=Federal+Trade+Commission+(FTC)https://www.ftc.gov/about-ftc/what-we-do/enforcement-authorityftc.govhttps://epic.org/privacy/internet/ftc/Authority.htmlepic.orghttps://en.wikipedia.org/wiki/Federal_Trade_Commissionwikipedia.org3.3-3.8
158 - - - ii. Department of LaborentityemploymentDepartment of Laborhttps://www.google.com/search?q=Department+of+Laborhttps://www.dol.gov/dol.govhttps://en.wikipedia.org/wiki/United_States_Department_of_Laborwikipedia.orghttps://www.dol.gov/sites/dolgov/files/WHD/legacy/files/FairLaborStandAct.pdfdol.gov12.1.3.2, 13.1
159 - - - iii. Equal Employment Opportunity Commission (EEOC)entityemploymentEqual Employment Opportunity Commission (EEOC)https://www.google.com/search?q=Equal+Employment+Opportunity+Commission+(EEOC)https://www.eeoc.gov/eeoc.govhttps://en.wikipedia.org/wiki/Equal_Employment_Opportunity_Commissionwikipedia.orghttps://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-lawseeoc.gov12.1.3.2, 12.2.1.2
160 - - - iv. National Labor Relations Board (NLRB)entityemploymentNational Labor Relations Board (NLRB)https://www.google.com/search?q=National+Labor+Relations+Board+(NLRB)https://www.nlrb.gov/nlrb.govhttps://en.wikipedia.org/wiki/National_Labor_Relations_Act_of_1935wikipedia.orghttps://btlaw.com/en/insights/blogs/have-an-employee-handbook-or-other-personnel-policies-heres-a-big-development-you-need-to-knowbtlaw.com12.1.3.2
161 - - - v. Occupational Safety and Health Act (OSHA)entityemploymenthealthcareOccupational Safety and Health Act (OSHA)https://www.google.com/search?q=Occupational+Safety+and+Health+Act+(OSHA)https://www.osha.gov/osha.govhttps://en.wikipedia.org/wiki/Occupational_Safety_and_Health_Administrationwikipedia.org12.1.3.2, 13.1.1
162 - - - vi. Securities and Exchange Commission (SEC)entityfinancialSecurities and Exchange Commission (SEC)https://www.google.com/search?q=Securities+and+Exchange+Commission+(SEC)https://www.sec.gov/spotlight/dodd-frank/derivatives.shtmlsec.govhttps://www.sec.gov/swaps-chart/swaps-chart.pdfsec.gov9.3.1
163 - - c. U.S. Anti-discrimination lawsPrivacy U.S. Anti-discrimination lawshttps://www.google.com/search?q=Privacy+U.S.+Anti-discrimination+laws12.2.1.2
164 - - - i. Civil Rights Act of 1964legislationPrivacy Civil Rights Act of 1964https://www.google.com/search?q=Privacy+Civil+Rights+Act+of+1964https://en.wikipedia.org/wiki/Civil_Rights_Act_of_1964wikipedia.orghttps://www.lawfareblog.com/federal-privacy-legislation-should-protect-civil-rightslawfareblog.comhttps://www.supremecourt.gov/opinions/19pdf/17-1618_hfci.pdfsupremecourt.gov12.2.1.2
165 - - - ii. Americans with Disabilities Act (ADA)legislationemploymenthealthcarePrivacy Americans with Disabilities Act (ADA)https://www.google.com/search?q=Privacy+Americans+with+Disabilities+Act+(ADA)https://www.eeoc.gov/publications/ada-your-employment-rights-individual-disabilityeeoc.govhttps://www.dol.gov/general/topic/disability/adadol.govhttps://www.ada.gov/pubs/adastatute08.pdfada.gov11.2.1.312.1.3.2, 12.2.1.2
166 - - - iii. Genetic Information Nondiscrimination Act (GINA)legislationemploymenthealthcareGenetic Information Nondiscrimination Act (GINA)https://www.google.com/search?q=Genetic+Information+Nondiscrimination+Act+(GINA)http://www.ginahelp.org/GINAhelp.pdfginahelp.orghttps://en.wikipedia.org/wiki/Genetic_Information_Nondiscrimination_Actwikipedia.orghttps://www.eeoc.gov/eeoc/publications/fs-gina.cfmeeoc.gov7.48.4, 12.2.1.2
1678% - B. Privacy before, during and after employmentemploymentPrivacy Privacy before, during and after employmenthttps://www.google.com/search?q=Privacy+Privacy+before,+during+and+after+employment11.212.2576
168 - - a. Employee background screeningemploymentPrivacy Employee background screeninghttps://www.google.com/search?q=Privacy+Employee+background+screening11.2.1.1
169 - - - i. Requirements under FCRAemploymentPrivacy Employee background screening: Requirements under FCRAhttps://www.google.com/search?q=Privacy+Employee+background+screening:+Requirements+under+FCRA11.2.1.412.2.1.4
170 - - - ii. Methodsemployment
171 - - - - 1. Personality and psychological evaluationsemploymentPrivacy Employee background screening: Personality and psychological evaluationshttps://www.google.com/search?q=Privacy+Employee+background+screening:+Personality+and+psychological+evaluations12.2.2.1
172 - - - - 2. Polygraph testingemploymentPrivacy Employee background screening: Polygraph testinghttps://www.google.com/search?q=Privacy+Employee+background+screening:+Polygraph+testinghttps://www.dol.gov/agencies/whd/polygraphdol.govhttps://www.nolo.com/legal-encyclopedia/state-laws-polygraphs-lie-detector-tests.htmlnolo.com11.2.2.112.2.2.1
173 - - - - 3. Drug and alcohol testingemploymentPrivacy Employee background screening: Drug and alcohol testinghttps://www.google.com/search?q=Privacy+Employee+background+screening:+Drug+and+alcohol+testinghttps://www.samhsa.gov/workplace/legal/federal-lawssamhsa.govhttps://www.aclu.org/other/state-state-workplace-drug-testing-lawsaclu.org11.2.2.212.2.2.2
174 - - - - 4. Social mediaemploymentPrivacy Employee background screening: Social mediahttps://www.google.com/search?q=Privacy+Employee+background+screening:+Social+mediahttps://hbr.org/2020/05/how-to-monitor-your-employees-while-respecting-their-privacyhbr.orghttps://allpryme.com/employee-privacy-laws/employee-privacy-laws/allpryme.com11.2.1.1
175 - - b. Employee monitoringemploymentPrivacy Employee monitoringhttps://www.google.com/search?q=Privacy+Employee+monitoring11.2.2.412.2.2.4
176 - - - i. TechnologiesemploymentPrivacy Employment Technologyhttps://www.google.com/search?q=Privacy+Employment+Technology
177 - - - - 1. Computer usageemploymentPrivacy Employee monitoring: Computerhttps://www.google.com/search?q=Privacy+Employee+monitoring:+Computer
178 - - - - 1a. Social mediaemploymentPrivacy Employee monitoring: Social Mediahttps://www.google.com/search?q=Privacy+Employee+monitoring:+Social+Mediahttps://hbr.org/2020/05/how-to-monitor-your-employees-while-respecting-their-privacyhbr.orghttps://allpryme.com/employee-privacy-laws/employee-privacy-laws/allpryme.com11.2.2.4.3
179 - - - - 2. BiometricsemploymentPrivacy Employee monitoring: Biometricshttps://www.google.com/search?q=Privacy+Employee+monitoring:+Biometricshttps://www.bradley.com/insights/publications/2019/02/technology-at-a-price-risks-with-using-biometric-scanning-in-the-workplacebradley.comhttps://www.shrm.org/resourcesandtools/legal-and-compliance/employment-law/pages/regulation-employer-use-biometric-data.aspxshrm.orghttps://frostbrowntodd.com/collecting-biometric-data-what-you-need-to-know/frostbrowntodd.com
180 - - - - 3. Location-based services (LBS)employmentadtechPrivacy Employee monitoring: Location-based services (LBS)https://www.google.com/search?q=Privacy+Employee+monitoring:+Location-based+services+(LBS)11.2.2.4.2
181 - - - - 4. Wellness ProgramsemploymenthealthcarePrivacy Employee monitoring: Wellness Programshttps://www.google.com/search?q=Privacy+Employee+monitoring:+Wellness+Programshttps://www.consumerreports.org/health-privacy/are-workplace-wellness-programs-a-privacy-problem/consumerreports.orghttps://www.healthaffairs.org/do/10.1377/hblog20200617.824130/full/healthaffairs.org
182 - - - - 5. Mobile computingemploymentPrivacy Employee monitoring: Mobile computinghttps://www.google.com/search?q=Privacy+Employee+monitoring:+Mobile+computing
183 - - - - 6. E-mail and postal mailemploymentPrivacy Employee monitoring: E-mail and postal mailhttps://www.google.com/search?q=Privacy+Employee+monitoring:+E-mail+and+postal+mail11.2.2.4.2
184 - - - - 7. PhotographyemploymentPrivacy Employee monitoring: Photographyhttps://www.google.com/search?q=Privacy+Employee+monitoring:+Photography
185 - - - - 8. TelephonyemploymentPrivacy Employee monitoring: Telephonyhttps://www.google.com/search?q=Privacy+Employee+monitoring:+Telephony
186 - - - - 9. VideoemploymentPrivacy Employee monitoring: Videohttps://www.google.com/search?q=Privacy+Employee+monitoring:+Videohttps://www.shrm.org/resourcesandtools/tools-and-samples/toolkits/pages/workplaceprivacy.aspxshrm.orghttps://www.michlaborlaw.com/workplace-video-surveillance-best-practicesmichlaborlaw.com11.2.2.4.2
187- - - ii. Requirements under ECPA of 1986employmentPrivacy Employee monitoring: Requirements under ECPAhttps://www.google.com/search?q=Privacy+Employee+monitoring:+Requirements+under+ECPA12.2.2.4.2
188 - - - iii. Unionized worker issues: monitoring in U.S. workplaceemploymentPrivacy Unionized worker issues concerning monitoring in the U.S. workplacehttps://www.google.com/search?q=Privacy+Unionized+worker+issues+concerning+monitoring+in+the+U.S.+workplace12.2.2.4
189 - - c. Investigation of employee misconductemploymentPrivacy Investigation of employee misconducthttps://www.google.com/search?q=Privacy+Investigation+of+employee+misconduct11.2.2.512.2.2.5
190 - - - i. Data handling in misconduct investigationsemploymentPrivacy Employee Misconduct: Data handling in misconduct investigationshttps://www.google.com/search?q=Privacy+Employee+Misconduct:+Data+handling+in+misconduct+investigations
191 - - - ii. Use of third parties in investigationsemploymentPrivacy Employee Misconduct: Use of third parties in investigationshttps://www.google.com/search?q=Privacy+Employee+Misconduct:+Use+of+third+parties+in+investigations
192 - - - iii. Documenting performance problemsemploymentPrivacy Employee Misconduct: Documenting performance problemshttps://www.google.com/search?q=Privacy+Employee+Misconduct:+Documenting+performance+problems
193 - - - iv. Balancing rights of multiple individuals in a single situationemploymentPrivacy Employee Misconduct: Balancing rights of multiple individuals in a single situationhttps://www.google.com/search?q=Privacy+Employee+Misconduct:+Balancing+rights+of+multiple+individuals+in+a+single+situation
194 - - d. Termination of the employment relationshipemploymentPrivacy Termination of the employment relationshiphttps://www.google.com/search?q=Privacy+Termination+of+the+employment+relationship11.2.312.2.3
195 - - - i. Transition managementemploymentPrivacy Employee Termination: Transition managementhttps://www.google.com/search?q=Privacy+Employee+Termination:+Transition+management
196 - - - ii. Records retentionemploymentPrivacy Employee Termination: Records retentionhttps://www.google.com/search?q=Privacy+Employee+Termination:+Records+retention
197 - - - iii. ReferencesemploymentPrivacy Employee Termination: Referenceshttps://www.google.com/search?q=Privacy+Employee+Termination:+References
1988%V. State Privacy LawsPrivacy State Privacy Lawshttps://www.google.com/search?q=Privacy+State+Privacy+Laws67576
1991% - A. Federal vs. State authorityPrivacy State Privacy Laws: Federal vs. state authorityhttps://www.google.com/search?q=Privacy+State+Privacy+Laws:+Federal+vs.+state+authority021
2001% - B. Marketing lawsPrivacy State Privacy Laws: Marketing lawshttps://www.google.com/search?q=Privacy+State+Privacy+Laws:+Marketing+lawshttps://telemarketingregulations.com/state-regulationstelemarketingregshttps://casetext.com/analysis/7th-circuit-tcpa-doesnt-preempt-more-restrictive-state-robocall-lawcasetext.com11.1.3021
2011% - C. Financial DatafinancialPrivacy State Privacy Laws: Financial Datahttps://www.google.com/search?q=Privacy+State+Privacy+Laws:+Financial+Datahttps://en.wikipedia.org/wiki/Financial_privacy_laws_in_the_United_States#State_lawswikipedia.orghttps://www.nafcu.org/system/files/files/NAFCU%20Data%20Privacy%20Issue%20Brief%20Dec2019.pdfnafcu.org9.3.4021
202 - - a. Credit historyfinancialPrivacy State Privacy Laws: Credit historyhttps://www.google.com/search?q=Privacy+State+Privacy+Laws:+Credit+historyhttps://www.demos.org/research/bad-credit-shouldnt-block-employment-how-make-state-bans-employment-credit-checks-moredemos.orghttps://www.microbilt.com/Cms_Data/Contents/Microbilt/Media/Docs/MicroBilt-State-Laws-Limiting-Use-of-Credit-Information-For-Employment-Version-1-1-03-01-17-.pdfmicrobilt.comhttps://www.laborandemploymentlawcounsel.com/2018/06/using-credit-histories-in-employment-decisions-an-overview-of-divergent-state-local-requirements/laborandemployment11.2.1.4
203 - - b. California SB-1legislationfinancialPrivacy California SB-1https://www.google.com/search?q=Privacy+California+SB-1https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=1.4.&lawCode=FINlegislature.ca.govhttps://medium.com/golden-data/what-is-calfipa-ee7e48c88dd0medium.comhttps://www.reedsmith.com/-/media/files/perspectives/2004/09/sb1--the-california-financial-information-privacy/files/sb1--the-california-financial-information-privacy/fileattachment/acf6c0d.pdfreedsmith.com8.3.49.3.4.1
2041% - D. Data Security LawsinfosecPrivacy Data Security Lawshttps://www.google.com/search?q=Privacy+Data+Security+Lawshttps://www.ncsl.org/research/telecommunications-and-information-technology/data-security-laws.aspxncsl.org6.27.2021
205 - - a. SSNinfosecPrivacy Data Security Laws: SSNhttps://www.google.com/search?q=Privacy+Data+Security+Laws:+SSNhttps://www.aclu.org/other/privacy-america-social-security-numbersaclu.orghttps://www.mofo.com/resources/insights/state-statutes-restricting-or-prohibiting-the-use-of-social-security-numbers.htmlmofo.comhttps://www.ftc.gov/sites/default/files/documents/reports/security-numbers-social-security-numbers-and-identity-theft-federal-trade-commission-report/p075414ssnreport.pdfftc.gov67.2.2
206 - - b. Data destructioninfosecPrivacy Data Security Laws: Data destructionhttps://www.google.com/search?q=Privacy+Data+Security+Laws:+Data+destructionhttps://www.ncsl.org/research/telecommunications-and-information-technology/data-disposal-laws.aspxncsl.orghttps://eridirect.com/eridirect.com6.77.7
207 - - c. Security proceduresinfosecPrivacy Data Security Laws: Security procedureshttps://www.google.com/search?q=Privacy+Data+Security+Laws:+Security+procedures
208 - - d. Recent developmentsinfosec
209 - - - i. California Electronic Communications Privacy Act (2015)legislationinfosecCalifornia Electronic Communications Privacy Act (2015)https://www.google.com/search?q=California+Electronic+Communications+Privacy+Act+(2015)https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201520160SB178legislature.ca.govhttps://www.eff.org/deeplinks/2015/10/california-leads-way-digital-privacyeff.orghttps://www.zwillgen.com/general/8-things-to-know-about-calecpa/zwillgen.com
210 - - - ii. Delaware Online Privacy and Protection Act (2016)legislationinfosecprivacy policyDelaware Online Privacy and Protection Act (2016)https://www.google.com/search?q=Delaware+Online+Privacy+and+Protection+Act+(2016)https://privacylaw.proskauer.com/2015/11/articles/online-privacy/delaware-enacts-comprehensive-online-privacy-protection-law/#:~:text=On%20January%201%2C%202016%2C%20the,privacy%20protection%20for%20its%20residents.&text=The%20law%20grants%20the%20state's,prosecute%20violations%20of%20the%20law.proskauer.comhttps://www.winston.com/en/privacy-law-corner/delaware-s-online-privacy-and-protection-act-now-in-effect.htmlwinston.comhttps://delcode.delaware.gov/title6/c012c/index.shtmldelcode.delaware.gov5.2.5
211 - - - iii. Nevada SB 538 (2017)legislationinfosecprivacy policyNevada SB 538 (2017)https://www.google.com/search?q=Nevada+SB+538+(2017)https://www.ballardspahr.com/alertspublications/legalalerts/2017-08-01-nevada-becomes-the-third-state-to-enact-website-privacy-notification-lawballardspahr.comhttps://blog.zwillgen.com/2017/08/16/ready-nevadas-new-website-privacy-notice-law/zwillgen.comhttps://www.leg.state.nv.us/Session/79th2017/Bills/SB/SB538.pdfleg.state.nv.us
212 - - - iv. Illinois Right to Know Act (2017)legislationinfosecprivacy policyIllinois Right to Know Act (2017)https://www.google.com/search?q=Illinois+Right+to+Know+Act+(2017)https://www.jdsupra.com/legalnews/illinois-right-to-know-bill-passed-out-64580/jdsupra.comhttps://www.termsfeed.com/blog/illinois-right-know-act/termsfeed.comhttps://www.chicagotribune.com/business/ct-illinois-privacy-bill-passes-senate-0506-biz-20170505-story.htmlchicagotribune.com
213 - - - v. New Jersey PIPPA (2017)legislationinfosecNew Jersey Personal Information and Privacy Protection Act (2017)https://www.google.com/search?q=New+Jersey+Personal+Information+and+Privacy+Protection+Act+(2017)https://www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecurity-law/new-jerseys-personal-information-and-privacy-protection-act-signed-into-lawwilmerhale.comhttps://www.faegredrinkerondata.com/2017/new-jersey-enacts-personal-information-and-privacy-protection-act/faegredrinkerondata.comhttps://njbia.org/personal-information-privacy-act/njbia.org
214 - - - vi. Washington Biometric Privacy Law (H.B. 1493) (2017)legislationinfosecWashington Biometric Privacy Law (H.B. 1493) (2017)https://www.google.com/search?q=Washington+Biometric+Privacy+Law+(H.B.+1493)+(2017)https://www.huntonprivacyblog.com/2017/06/01/washington-becomes-third-state-enact-biometric-privacy-law/huntonprivacybloghttps://www3.swipeclock.com/blog/learn-washingtons-new-biometric-privacy-law-affects-businesses/swipeclock.comhttps://www.insideprivacy.com/united-states/state-legislatures/washington-becomes-the-third-state-with-a-biometric-law/insideprivacy.com
215 - - - vii. NYDFS Cybersecurity Regulation (2017)legislationinfosecfinancialNYDFS Cybersecurity Regulation (2017)https://www.google.com/search?q=NYDFS+Cybersecurity+Regulation+(2017)https://blog.ariacybersecurity.com/blog/what-is-23-nycrr-500-blogariacybersecurity.comhttps://www.varonis.com/blog/nydfs-cybersecurity-regulation/varonis.comhttps://www.dfs.ny.gov/industry_guidance/cybersecuritydfs.ny.gov9.3.4.2
216 - - - viii. California Consumer Privacy Act (CCPA) (2018)legislationinfosecCalifornia Consumer Privacy Act (CCPA) (2018)https://www.google.com/search?q=California+Consumer+Privacy+Act+(CCPA)+(2018)https://en.wikipedia.org/wiki/California_Consumer_Privacy_Actwikipedia.orghttps://www.caprivacy.org/caprivacy.org6
217 - - - ix. Other significant state acts and lawsinfosecPrivacy state acts and lawshttps://www.google.com/search?q=Privacy+state+acts+and+laws
2183% - E. Data Breach Notification Lawsdata breachPrivacy Data Breach Notification Lawshttps://www.google.com/search?q=Privacy+Data+Breach+Notification+Laws6.67132
219 - - a. Elements of state data breach notification lawsdata breachhttps://www.perkinscoie.com/en/news-insights/security-breach-notification-chart.htmlperkinscoie.comhttps://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspxncsl.orghttps://www.foley.com/-/media/files/insights/publications/2020/09/20mc29862-data-breach-chart-090120.pdffoley.com6.67.6
220 - - - i. Definitions of relevant terms (personal infor, security breach)data breachhttps://www.bakerlaw.com/files/Uploads/Documents/Data%20Breach%20documents/Data_Breach_Charts.pdfbakerlaw.comhttps://www.irmi.com/articles/expert-commentary/state-breach-identification-laws-personal-information-definitionirmi.comhttps://iapp.org/news/a/states-continue-to-expand-definition-of-personal-information/iapp.org6.6.17.6.1-7.6.3
221 - - - ii. Conditions for notification (who, when, how)data breachhttps://www.varonis.com/blog/data-breach-definition-by-state/varonis.comhttps://www.itgovernanceusa.com/data-breach-notification-lawsitgovernanceusa.com6.6.4-77.6.4-7.6.10
222 - - - iii. Subject rights (credit monitoring, private right of action)data breach6.6.97.6.11
223 - - b. Key differences among states todaydata breach
224 - - c. Recent developmentsdata breachhttps://www.ncsl.org/research/telecommunications-and-information-technology/2019-security-breach-legislation.aspxncsl.orghttps://www.ncsl.org/research/telecommunications-and-information-technology/2020-security-breach-legislation637299951.aspxncsl.org
225 - - - i. Tennessee SB 2005legislationdata breachencryptionPrivacy Tennessee SB 2005https://www.google.com/search?q=Privacy+Tennessee+SB+2005https://iapp.org/news/a/tennessee-law-first-to-require-notification-regardless-of-information-encryption-status/iapp.orghttps://www.dwt.com/blogs/privacy--security-law-blog/2016/04/tennessee-gives-businesses-45-days-for-data-breachdwt.comhttps://healthitsecurity.com/news/tn-updates-data-breach-notification-law-for-encrypted-datahealthitsecurity.com
226 - - - ii. Illinois HB 1260legislationdata breachPrivacy Illinois HB 1260https://www.google.com/search?q=Privacy+Illinois+HB+1260https://www.radarfirst.com/blog/illinois-personal-information-protection-act/#:~:text=Illinois%20HB%201260%3A,or%20security%20question%20and%20answerradarfirst.comhttps://www.ilga.gov/legislation/fulltext.asp?DocName=09900HB1260enr&GA=99&SessionId=88&DocTypeId=HB&LegID=85740&DocNum=1260&GAID=13&Session=ilga.gov
227 - - - iii. California AB 2828legislationdata breachencryptionPrivacy California AB 2828https://www.google.com/search?q=Privacy+California+AB+2828https://privacylaw.proskauer.com/2016/11/articles/california/california-amends-data-breach-notification-law-to-require-notification-of-breach-of-encrypted-personal-information-when-encryption-key-has-been-leaked/proskauer.comhttps://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201520160AB2828legislature.ca.gov
228 - - - iv. New Mexico HB 15legislationdata breachPrivacy New Mexico HB 15https://www.google.com/search?q=Privacy+New+Mexico+HB+15https://www.huntonprivacyblog.com/2017/04/17/new-mexico-enacts-data-breach-notification-law/huntonprivacyblog
229 - - - v. Massachusetts HB 4806legislationdata breachPrivacy Massachusetts HB 4806https://www.google.com/search?q=Privacy+Massachusetts+HB+4806https://www.insideprivacy.com/data-security/data-breaches/massachusetts-amends-data-breach-notification-law-to-require-free-credit-monitoring/insideprivacy.comhttps://malegislature.gov/Bills/190/H4806malegislature.govhttps://www.jdsupra.com/legalnews/updates-to-massachusetts-data-breach-35590/jdsupra.com
230 - - - vi. Other significant state amendmentsdata breachPrivacy state amendmentshttps://www.google.com/search?q=Privacy+state+amendments