Enhanced CIPP/US Body of Knowledge
◈ Last edit: Apr 28, 2021
◈ 230 Nodes – CIPP/US Cert
◈ Study Aid for Privacy

Unique data. Hand-curated.
CIPP/US Cert Questions are Not Evenly Divided. Here’s How to Focus:

Ord | PctQs | Item | Cat | Subj1 | Subj2 | URL1 | URL2 | URL3 | Swire2E | Swire3E | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | 41% | I. Introduction to the U.S. Privacy Environment | U.S. Privacy environment | https://www.google.com/search?q=U.S.+Privacy+environment | 28 | 34 | 31 | |||||||||||
2 | 10% | - A. Structure of U.S. Law | Structure of U.S. Law | https://www.google.com/search?q=Structure+of+U.S.+Law | 2 | 2 | 6 | 9 | 7.5 | |||||||||
3 | - - a. Branches of government | Branches of Government | https://www.google.com/search?q=Branches+of+Government | https://www.usa.gov/branches-of-government | usa.gov | https://www.trumanlibrary.gov/education/three-branches/three-branches-of-government | trumanlibrary.gov | https://jefferson.kctcs.libguides.com/americangovernment | libguides.com | 2.1 | 2.1 | |||||||
4 | - - b. Sources of law | Sources of Law | https://www.google.com/search?q=Sources+of+Law | https://lawshelf.com/shortvideoscontentview/sources-of-law-in-the-united-states/ | lawshelf.com | https://lawshelf.com/coursewarecontentview/sources-of-law-judicial/ | lawshelf.com | https://en.wikipedia.org/wiki/Law_of_the_United_States | wikipedia.org | 2.2 | 2.2 | |||||||
5 | - - - i. Constitutions | Sources of law: Constitutions | https://www.google.com/search?q=Sources+of+law:+Constitutions | https://lawshelf.com/coursewarecontentview/sources-of-law-judicial/ | lawshelf.com | https://www.law.cornell.edu/wex/constitutional_law# | law.cornell.edu | https://ppp.worldbank.org/public-private-partnership/legislation-regulation/framework-assessment/legal-systems/sources-of-law | ppp.worldbank.org | 2.2.1 | 2.2.1 | |||||||
6 | - - - ii. Legislation | Sources of law: Legislation | https://www.google.com/search?q=Sources+of+law:+Legislation | https://www.law.cornell.edu/wex/legislation | law.cornell.edu | https://lawshelf.com/coursewarecontentview/sources-of-law-judicial/ | lawshelf.com | 2.2.2 | 2.2.2 | |||||||||
7 | - - - iii. Regulations and rules | Sources of law: Regulations and rules | https://www.google.com/search?q=Sources+of+law:+Regulations+and+rules | https://lawshelf.com/coursewarecontentview/sources-of-law-judicial/ | lawshelf.com | https://www.nyulawglobal.org/globalex/United_States.html#_B.__Administrative_Law%20Sources | nyulawglobal.org | 2.2.3 | 2.2.6 | |||||||||
8 | - - - iv. v. Common law / Case law | Sources of law: Case law | https://www.google.com/search?q=Sources+of+law:+Case+law | https://lawshelf.com/coursewarecontentview/sources-of-law-judicial/ | lawshelf.com | https://en.wikipedia.org/wiki/Common_law | wikipedia.org | https://courses.lumenlearning.com/wmopen-introbusiness/chapter/reading-criminal-versus-civil-law/ | lumenlearning.com | 2.2.4 | 2.2.3 | |||||||
9 | - - - vi. Contract law | Sources of law: Contract law | https://www.google.com/search?q=Sources+of+law:+Contract+law | https://study.com/academy/lesson/sources-of-contract-law-common-law-uniform-commercial-code.htm | study.com | 2.2.6 | 2.2.4 | |||||||||||
10 | - - - +. Tort Law | Sources of law: Tort Law | https://www.google.com/search?q=Sources+of+law:+Tort+Law | https://constitution.congress.gov/browse/essay/amdt1_2_3_3_2_1/ | congress.gov | https://www.law.cornell.edu/constitution-conan/amendment-1/invasion-of-privacy | law.cornell.edu | https://www.findlaw.com/injury/torts-and-personal-injuries/what-is-invasion-of-privacy-.html | findlaw.com | 2.2.5 | ||||||||
11 | - - - +. Consent Decrees | Sources of law: Consent Decrees | https://www.google.com/search?q=Sources+of+law:+Consent+Decrees | https://www.ftc.gov/enforcement | ftc.gov | https://www.ftc.gov/system/files/documents/reports/privacy-data-security-update-2019/2019-privacy-data-security-report-508.pdf | ftc.gov | https://www.ftc.gov/about-ftc/what-we-do/enforcement-authority | ftc.gov | 2.2.7 | ||||||||
12 | - - c. Legal definitions | U.S. Privacy: Legal definitions | https://www.google.com/search?q=U.S.+Privacy:+Legal+definitions | 2.3 | 2.3 | |||||||||||||
13 | - - - i. Jurisdiction | Legal definitions: Jurisdiction | https://www.google.com/search?q=Legal+definitions:+Jurisdiction | https://www.law.cornell.edu/wex/jurisdiction | law.cornell.edu | https://dictionary.law.com/Default.aspx?selected=1070 | dictionary.law.com | https://legal-dictionary.thefreedictionary.com/jurisdiction | thefreedictionary.com | 2.3 | 2.3 | |||||||
14 | - - - ii. Person | Legal definitions: Person | https://www.google.com/search?q=Legal+definitions:+Person | https://www.law.cornell.edu/wex/legal_person#:~:text=Overview,property%2C%20and%20enter%20into%20contracts. | law.cornell.edu | https://dictionary.law.com/Default.aspx?selected=1516 | dictionary.law.com | 2.3 | 2.3 | |||||||||
15 | - - - iii. Preemption | Legal definitions: Preemption | https://www.google.com/search?q=Legal+definitions:+Preemption | https://www.law.cornell.edu/wex/preemption | law.cornell.edu | https://fas.org/sgp/crs/misc/R45825.pdf | fas.org | https://en.wikipedia.org/wiki/Federal_preemption | wikipedia.org | 2.3 | 2.3 | |||||||
16 | - - - iv. Private right of action | Legal definitions: Private right of action | https://www.google.com/search?q=Legal+definitions:+Private+right+of+action | https://www.law.com/newyorklawjournal/2020/04/07/establishing-a-private-right-of-action-in-personal-injury-cases/ | law.com | https://www.brookings.edu/blog/techtank/2020/07/07/in-privacy-legislation-a-private-right-of-action-is-not-an-all-or-nothing-proposition/ | brookings.edu | https://iapp.org/news/a/private-right-of-action-shouldnt-be-a-yes-no-proposition-in-federal-privacy-legislation/ | iapp.org | 2.3 | 2.3 | |||||||
17 | - - d. Regulatory authorities | U.S. Privacy: Regulatory authorities | https://www.google.com/search?q=U.S.+Privacy:+Regulatory+authorities | 2.4 | 3 | |||||||||||||
18 | - - - i. Federal Trade Commission (FTC) | entity | Federal Trade Commission (FTC) | https://www.google.com/search?q=Federal+Trade+Commission+(FTC) | https://www.ftc.gov/about-ftc/what-we-do/enforcement-authority | ftc.gov | https://epic.org/privacy/internet/ftc/Authority.html | epic.org | https://en.wikipedia.org/wiki/Federal_Trade_Commission | wikipedia.org | 3.3-3.8 | |||||||
19 | - - - ii. Federal Communications Commission (FCC) | entity | Federal Communications Commission (FCC) | https://www.google.com/search?q=Federal+Communications+Commission+(FCC) | https://en.wikipedia.org/wiki/Federal_Communications_Commission | wikipedia.org | https://www.fcc.gov/ | fcc.gov | https://www.fcc.gov/enforcement/orders | fcc.gov | 3 | |||||||
20 | - - - iii. Department of Commerce (DoC) | entity | Department of Commerce (DoC) | https://www.google.com/search?q=Department+of+Commerce+(DoC) | https://en.wikipedia.org/wiki/United_States_Department_of_Commerce | wikipedia.org | https://www.commerce.gov/ | commerce.gov | https://www.privacyshield.gov/Program-Overview | privacyshield.gov | 3.2 | |||||||
21 | - - - iv. Department of Health and Human Services (HHS) | entity | healthcare | Department of Health and Human Services (HHS) | https://www.google.com/search?q=Department+of+Health+and+Human+Services+(HHS) | https://en.wikipedia.org/wiki/United_States_Department_of_Health_and_Human_Services | wikipedia.org | https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/index.html | hhs.gov | https://www.hhs.gov/ | hhs.gov | 8.1 | ||||||
22 | - - - v. Banking regulators | Banking regulators | https://www.google.com/search?q=Banking+regulators | 9 | ||||||||||||||
23 | - - - - 1. Federal Reserve Board | entity | Federal Reserve Board | https://www.google.com/search?q=Federal+Reserve+Board | https://en.wikipedia.org/wiki/Federal_Reserve | wikipedia.org | https://www.federalreserve.gov/aboutthefed.htm | federalreserve.gov | 9.3.1 | |||||||||
24 | - - - - 2. Comptroller of the Currency | entity | Comptroller of the Currency | https://www.google.com/search?q=Comptroller+of+the+Currency | https://www.occ.treas.gov/ | occ.treas.gov | https://en.wikipedia.org/wiki/Office_of_the_Comptroller_of_the_Currency | wikipedia.org | https://occ.gov/about/what-we-do/index-what-we-do.html | occ.gov | 9.3.1 | |||||||
25 | - - - vi. State attorneys general | State attorneys general | https://www.google.com/search?q=State+attorneys+general | http://ndlawreview.org/wp-content/uploads/2017/02/NDL205.pdf | ndlawreview.org | https://iapp.org/news/a/mass-ags-data-privacy-security-division-an-advocate-for-consumers/ | iapp.org | https://www.stateaginsights.com/2020/01/14/top-3-state-ag-trends-to-watch-in-2020/ | stateaginsights.com | 3.9 | ||||||||
26 | - - - vii. Self-regulatory programs and trust marks | Self-regulatory programs and trust marks | https://www.google.com/search?q=Self-regulatory+programs+and+trust+marks | https://iapp.org/news/a/a-milestone-for-privacy-self-regulation/ | iapp.org | 3.10 | ||||||||||||
27 | - - e. Understanding laws | U.S. Privacy: Regulatory authorities | https://www.google.com/search?q=U.S.+Privacy:+Regulatory+authorities | https://www.law.georgetown.edu/wp-content/uploads/2018/12/A-Guide-to-Reading-Interpreting-and-Applying-Statutes-1.pdf | law.georgetown.edu | 2.6 | 2.6 | |||||||||||
28 | - - - i. Scope and application | Understanding laws: Scope and application | https://www.google.com/search?q=Understanding+laws:+Scope+and+application | |||||||||||||||
29 | - - - ii. Analyzing a law | Understanding laws: Analyzing a law | https://www.google.com/search?q=Understanding+laws:+Analyzing+a+law | https://www.law.georgetown.edu/wp-content/uploads/2018/12/A-Guide-to-Reading-Interpreting-and-Applying-Statutes-1.pdf | law.georgetown.edu | https://www.nathenson.org/courses/civpro/resources/how-to-read-a-rule-or-statute/ | nathenson.org | |||||||||||
30 | - - - iii. Determining jurisdiction | Understanding laws: Determining jurisdiction | https://www.google.com/search?q=Understanding+laws:+Determining+jurisdiction | https://law-hawaii.libguides.com/c.php?g=992891&p=7189141 | libguides.com | https://www.law.cornell.edu/wex/jurisdiction# | law.cornell.edu | https://dictionary.law.com/Default.aspx?selected=1070 | dictionary.law.com | 2.3 | ||||||||
31 | - - - iv. Preemption | Understanding laws: Preemption | https://www.google.com/search?q=Understanding+laws:+Preemption | https://www.law.cornell.edu/wex/preemption | law.cornell.edu | https://fas.org/sgp/crs/misc/R45825.pdf | fas.org | https://en.wikipedia.org/wiki/Federal_preemption | wikipedia.org | 2.3 | ||||||||
32 | 5% | - B. Enforcement of U.S. Privacy and Security Laws | Enforcement of U.S. Privacy and Security Laws | https://www.google.com/search?q=Enforcement+of+U.S.+Privacy+and+Security+Laws | 3 | 3 | 3 | 5 | 4 | |||||||||
33 | - - a. Criminal versus civil liability | Criminal versus civil liability | https://www.google.com/search?q=Criminal+versus+civil+liability | https://criminal.findlaw.com/criminal-law-basics/the-differences-between-a-criminal-case-and-a-civil-case.html | criminal.findlaw.com | https://openstax.org/books/business-law-i-essentials/pages/5-2-civil-vs-criminal-liability | openstax.org | https://lawshelf.com/coursewarecontentview/civil-law-vs-criminal-law/ | lawshelf.com | 3.1 | 3.1 | |||||||
34 | - - b. General theories of legal liability | General theories of legal liability | https://www.google.com/search?q=General+theories+of+legal+liability | https://en.wikipedia.org/wiki/Legal_liability | wikipedia.org | https://legal-dictionary.thefreedictionary.com/Theories+of+Liability | thefreedictionary.com | https://lawshelf.com/coursewarecontentview/liability-for-intentional-torts-negligence-and-strict-liability/ | lawshelf.com | |||||||||
35 | - - - i. Contract | General theories of legal liability: Contract | https://www.google.com/search?q=General+theories+of+legal+liability:+Contract | https://www.law.cornell.edu/wex/contract | law.cornell.edu | https://davisbusinesslaw.com/what-three-elements-must-i-include-in-a-business-contract/ | davisbusinesslaw.com | 2.2.4 | ||||||||||
36 | - - - ii. Tort | General theories of legal liability: Tort | https://www.google.com/search?q=General+theories+of+legal+liability:+Tort | https://constitution.congress.gov/browse/essay/amdt1_2_3_3_2_1/ | congress.gov | https://www.law.cornell.edu/constitution-conan/amendment-1/invasion-of-privacy | law.cornell.edu | https://www.findlaw.com/injury/torts-and-personal-injuries/what-is-invasion-of-privacy-.html | findlaw.com | 2.2.7 | 2.2.5 | |||||||
37 | - - - iii. Civil enforcement | General theories of legal liability: Civil enforcement | https://www.google.com/search?q=General+theories+of+legal+liability:+Civil+enforcement | |||||||||||||||
38 | - - c. Negligence | Negligence privacy law | https://www.google.com/search?q=Negligence+privacy+law | |||||||||||||||
39 | - - d. Unfair and deceptive trade practices (UDTP) UDAP | Unfair and deceptive trade practices (UDTP) | https://www.google.com/search?q=Unfair+and+deceptive+trade+practices+(UDTP) | https://www.nclc.org/images/pdf/udap/report_50_states.pdf | nclc.org | https://www.brookings.edu/blog/techtank/2019/08/08/the-ftc-can-rise-to-the-privacy-challenge-but-not-without-help-from-congress/ | brookings.edu | https://medium.com/golden-data/the-ftc-act-4b7bde468e5f | medium.com | 3.6 | 3.6, 3.7 | |||||||
40 | - - e. Federal enforcement actions | Federal enforcement actions privacy security | https://www.google.com/search?q=Federal+enforcement+actions+privacy+security | 3.7 | 3.6, 3.7 | |||||||||||||
41 | - - - +. In re DesignerWare FTC | consent decree | In re DesignerWare FTC | https://www.google.com/search?q=In+re+DesignerWare+FTC | https://www.ftc.gov/enforcement/cases-proceedings/112-3151/designerware-llc-matter | ftc.gov | https://www.ftc.gov/news-events/press-releases/2012/09/ftc-halts-computer-spying | ftc.gov | https://www.wiley.law/newsletter-4397 | wiley.law | 3.7.4 | 3.7.5.3 | ||||||
42 | - - - +. In re GeoCities FTC | consent decree | privacy policy | In re GeoCities FTC | https://www.google.com/search?q=In+re+GeoCities+FTC | https://www.ftc.gov/enforcement/cases-proceedings/982-3015/geocities | ftc.gov | https://itlaw.wikia.org/wiki/In_re_GeoCities | itlaw.wikia.org | https://www.ftc.gov/news-events/press-releases/1998/08/internet-site-agrees-settle-ftc-charges-deceptively-collecting | ftc.gov | 3.5 | ||||||
43 | - - - +. In re LifeLock FTC | consent decree | financial | encryption | In re LifeLock FTC | https://www.google.com/search?q=In+re+LifeLock+FTC | https://www.ftc.gov/enforcement/cases-proceedings/072-3069-x100023/lifelock-inc-corporation | ftc.gov | https://medium.com/golden-data/case-study-lifelock-100m-fine-3d951dce2e30 | medium.com | https://www.huntonprivacyblog.com/2015/12/21/ftc-announces-largest-settlement-ever-with-lifelock/ | huntonprivacyblog.com | 3.13.2 | |||||
44 | - - - +. In re Nomi FTC | consent decree | adtech | In re Nomi FTC | https://www.google.com/search?q=In+re+Nomi+FTC | https://www.ftc.gov/enforcement/cases-proceedings/132-3251/nomi-technologies-inc-matter | ftc.gov | https://laweconcenter.org/resource/the-dark-side-of-the-ftcs-latest-privacy-case-in-the-matter-of-nomi-technologies/ | laweconcenter.org | https://www.forbes.com/sites/timsparapani/2015/05/26/privacy-and-security-innovation-the-cautionary-tale-of-nomi-technologies-and-the-ftc/#376bb4384a38 | forbes.com | |||||||
45 | - - - +. In re Snapchat FTC | consent decree | data breach | In re Snapchat FTC | https://www.google.com/search?q=In+re+Snapchat+FTC | https://www.ftc.gov/enforcement/cases-proceedings/132-3078/snapchat-inc-matter | ftc.gov | https://www.ftc.gov/news-events/press-releases/2014/05/snapchat-settles-ftc-charges-promises-disappearing-messages-were | ftc.gov | https://epic.org/privacy/ftc/EPIC-Snapchat-Complaint.pdf | epic.org | 3.6.3 | ||||||
46 | - - - +. In re TRUSTe FTC | consent decree | In re TRUSTe FTC | https://www.google.com/search?q=In+re+TRUSTe+FTC | https://www.ftc.gov/news-events/press-releases/2014/11/truste-settles-ftc-charges-it-deceived-consumers-through-its | ftc.gov | https://www.jdsupra.com/legalnews/federal-trade-commission-announces-settl-29398/ | jdsupra.com | https://www.ftc.gov/system/files/documents/cases/141117trustecmpt.pdf | ftc.gov | ||||||||
47 | - - - +. In re Wyndham Worldwide Corp. | consent decree | infosec | In re Wyndham Worldwide Corp. | https://www.google.com/search?q=In+re+Wyndham+Worldwide+Corp. | https://www.lexisnexis.com/community/casebrief/p/casebrief-ftc-v-wyndham-worldwide-corp | lexisnexis.com | https://harvardlawreview.org/2016/02/ftc-v-wyndham-worldwide-corp/ | harvardlawreview.org | https://www.ftc.gov/news-events/blogs/business-blog/2015/08/third-circuit-rules-ftc-v-wyndham-case | ftc.gov | 3.7.1 | 3.7.1 | |||||
48 | - - - +. In re LabMD | consent decree | healthcare | infosec | In re LabMD | https://www.google.com/search?q=In+re+LabMD | https://www.ftc.gov/enforcement/cases-proceedings/102-3099/labmd-inc-v-federal-trade-commission | ftc.gov | https://www.lexisnexis.com/community/casebrief/p/casebrief-labmd-inc-v-ftc | lexisnexis.com | https://www.wsgr.com/en/insights/eleventh-circuit-labmd-decision-significantly-restrains-ftc-s-remedial-powers-in-data-security-and-privacy-actions.html | wsgr.com | 3.7.2 | 3.7.2 | ||||
49 | - - - +. In re Eli Lilly | consent decree | healthcare | infosec | In re Eli LIlly FTC | https://www.google.com/search?q=In+re+Eli+LIlly+FTC | https://www.ftc.gov/enforcement/cases-proceedings/012-3214/eli-lilly-company-matter | ftc.gov | 3.5 | |||||||||
50 | - - f. State enforcement (Attorneys General (AGs), etc.) | Privacy State enforcement: Attorneys Generals | https://www.google.com/search?q=Privacy+State+enforcement:+Attorneys+Generals | https://www.nclc.org/images/pdf/udap/report_50_states.pdf | nclc.org | https://www.nclc.org/issues/how-well-do-states-protect-consumers.html | nclc.org | https://www.americanbar.org/groups/business_law/publications/blt/2019/09/abusive-acts/ | americanbar.org | 3.9 | 3.9 | |||||||
51 | - - g. Cross-border enforcement issues (GPEN) | data transfer | Privacy Cross-border enforcement issues | https://www.google.com/search?q=Privacy+Cross-border+enforcement+issues | https://globalinvestigationsreview.com/review/the-investigations-review-of-the-americas/2020/article/data-privacy-and-transfers-in-cross-border-investigations | globalinvestigations | https://media2.mofo.com/documents/171000-data-privacy-cross-border-investigations.pdf | media2.mofo.com | https://fas.org/sgp/crs/misc/R45584.pdf | fas.org | 3.11 | 3.11 | ||||||
52 | - - h. Self-regulatory enforcement (PCI, Trust Marks) | Privacy Self-regulatory enforcement | https://www.google.com/search?q=Privacy+Self-regulatory+enforcement | https://iapp.org/news/a/a-milestone-for-privacy-self-regulation/ | iapp.org | https://www.law.uchicago.edu/files/file/marotta-wurgler_understanding_privacy_policies.pdf | law.uchicago.edu | 3.10 | 3.1 | |||||||||
53 | 26% | - C. Information Management from a U.S. Perspective | Privacy Information Management from a U.S. Perspective | https://www.google.com/search?q=Privacy+Information+Management+from+a+U.S.+Perspective | 4 | 4 | 18 | 22 | 20 | |||||||||
54 | - - a. Data sharing and transfers | data transfer | Privacy Data sharing and transfers | https://www.google.com/search?q=Privacy+Data+sharing+and+transfers | 4.4 | 4.4 | ||||||||||||
55 | - - - i. Data inventory | Privacy Data inventory | https://www.google.com/search?q=Privacy+Data+inventory | https://iapp.org/news/a/top-10-operational-responses-to-the-gdpr-data-inventory-and-mapping/ | iapp.org | https://www.bclplaw.com/images/content/1/0/v2/102309/april3Gdpr.pdf | bclplaw.com | https://gbq.com/data-inventory-what-do-you-have/ | gbq.com | 4.4.1 | 4.4.1 | |||||||
56 | - - - ii. Data classification | Privacy Data classification | https://www.google.com/search?q=Privacy+Data+classification | https://www.cmu.edu/iso/governance/guidelines/data-classification.html | cmu.edu | https://www.varonis.com/blog/data-classification/ | varonis.com | https://blog.netwrix.com/2020/09/02/data-classification/ | blog.netwrix.com | 4.4.2 | 4.4.2 | |||||||
57 | - - - iii. Data flow mapping | Privacy Data flow mapping | https://www.google.com/search?q=Privacy+Data+flow+mapping | https://www.itgovernance.co.uk/gdpr-data-mapping | itgovernance.co.uk | https://brown.columbia.edu/mapping-data-flows/ | brown.columbia.edu | https://dataprivacyproject.org/learning-modules/mapping-data-flows/#internet | dataprivacyproject.org | 4.4.3 | ||||||||
58 | - - - +. Data Accountability | Privacy Data Accountability | https://www.google.com/search?q=Privacy+Data+Accountability | https://ico.org.uk/for-organisations/accountability-framework/ | ico.org.uk | https://medium.com/golden-data/what-does-accountability-mean-under-eu-data-protection-law-af630e40648b | medium.com | 4.4.4 | ||||||||||
59 | - - b. Privacy program development | Privacy Privacy program development | https://www.google.com/search?q=Privacy+Privacy+program+development | 4.3 | 4.5 | |||||||||||||
60 | - - c. Managing User Preferences | Privacy Managing User Privacy Preferences | https://www.google.com/search?q=Privacy+Managing+User+Privacy+Preferences | https://iapp.org/news/a/consent-and-preference-management-in-the-age-of-data-privacy/ | iapp.org | 4.6, 4.6.2 | 4.6 | |||||||||||
61 | - - d. Incident response programs | Privacy Incident response programs | https://www.google.com/search?q=Privacy+Incident+response+programs | https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business | ftc.gov | 6.4 | 7.4 | |||||||||||
62 | - - - i. Cyber threats (e.g., ransomware) | Privacy Cyber threats ransomware | https://www.google.com/search?q=Privacy+Cyber+threats+ransomware | https://www.proofpoint.com/us/blog/threat-protection/top-three-data-breach-vectors-and-how-combat-them | proofpoint.com | https://www.icaew.com/-/media/corporate/files/technical/business-and-financial-management/smes/bas-for-pba/top-five-cyber-risks.ashx | icaew.com | https://us.norton.com/internetsecurity-emerging-threats-cyberthreat-trends-cybersecurity-threat-review.html | us.norton.com | 5.2.1 | 5.2.1 | |||||||
63 | - - e. Workforce Training | Privacy Workforce Training: Data Privacy and Information Security | https://www.google.com/search?q=Privacy+Workforce+Training:+Data+Privacy+and+Information+Security | https://teachprivacy.com/security-awareness-training-requirements/ | teachprivacy.com | https://teachprivacy.com/privacy-training-and-data-security-training-requirements/ | teachprivacy.com | https://www.mediapro.com/blog/9-topics-privacy-awareness-training-program/ | mediapro.com | |||||||||
64 | - - f. Accountability | Privacy Accountability privacy principle | https://www.google.com/search?q=Privacy+Accountability+privacy+principle | 4.4.4 | ||||||||||||||
65 | - - g. Data retention and disposal (FACTA) | legislation | financial | infosec | Privacy Data retention and disposal (FACTA) | https://www.google.com/search?q=Privacy+Data+retention+and+disposal+(FACTA) | https://www.federalregister.gov/documents/2017/11/15/2017-24728/disposal-of-consumer-report-information-and-records | federalregister.gov | https://www.ftc.gov/tips-advice/business-center/guidance/disposing-consumer-report-information-rule-tells-how | ftc.gov | https://www.ncsl.org/research/telecommunications-and-information-technology/data-disposal-laws.aspx | ncsl.org | 9.2.1 | |||||
66 | - - h. Online Privacy | Privacy Online Privacy | https://www.google.com/search?q=Privacy+Online+Privacy | 5 | 5 | |||||||||||||
67 | - - i. Privacy notices | privacy policy | Privacy Privacy notices | https://www.google.com/search?q=Privacy+Privacy+notices | 4.5, 5.3 | 4.5 | ||||||||||||
68 | - - j. Vendor management | data transfer | Privacy Vendor management | https://www.google.com/search?q=Privacy+Vendor+management | 4.7 | 4.7 | ||||||||||||
69 | - - - i. Vendor incidents | data transfer | Privacy Vendor management: Vendor privacy incidents | https://www.google.com/search?q=Privacy+Vendor+management:+Vendor+privacy+incidents | https://www.darkreading.com/attacks-breaches/top-third-party-data-breaches-of-2020-lessons-learned-to-make-2021-more-secure/d/d-id/1339617 | darkreading.com | ||||||||||||
70 | - - - ii. Cloud issues | data transfer | Privacy Vendor management: Cloud privacy issues | https://www.google.com/search?q=Privacy+Vendor+management:+Cloud+privacy+issues | https://legal.thomsonreuters.com/en/insights/articles/understanding-data-privacy-and-cloud-computing | thomsonreuters.com | https://iapp.org/news/a/the-globalization-of-criminal-evidence/ | iapp.org | https://www.lawfareblog.com/why-cross-border-government-requests-data-will-keep-becoming-more-important | lawfareblog.com | 5.4.5, 8.1, 13.3.8 | |||||||
71 | - - k. International data transfers | data transfer | Privacy International data transfers | https://www.google.com/search?q=Privacy+International+data+transfers | 4.8.2 | 5.4.5, 14.7 | ||||||||||||
72 | - - - i.a U.S. Safe Harbor | legislation | data transfer | Privacy EU-US Safe Harbor | https://www.google.com/search?q=Privacy+EU-US+Safe+Harbor | https://en.wikipedia.org/wiki/International_Safe_Harbor_Privacy_Principles | wikipedia.org | https://www.ftc.gov/tips-advice/business-center/privacy-and-security/u.s.-eu-safe-harbor-framework | ftc.gov | https://iapp.org/resources/article/a-brief-history-of-safe-harbor/ | iapp.org | 14.7.2 | ||||||
73 | - - - i.b Privacy Shield | legislation | data transfer | Privacy EU-US Privacy Shield | https://www.google.com/search?q=Privacy+EU-US+Privacy+Shield | https://www.privacyshield.gov/welcome | privacyshield.gov | https://www.impact-advisors.com/security/eu-us-privacy-shield-framework/ | impact-advisors.com | https://www.privacyshield.gov/eu-us-framework | privacyshield.gov | 5.4.5 | ||||||
74 | - - - ii. Binding Corporate Rules (BCRs) | data transfer | Privacy Binding Corporate Rules (BCRs) | https://www.google.com/search?q=Privacy+Binding+Corporate+Rules+(BCRs) | https://iapp.org/resources/article/approved-binding-corporate-rules/ | iapp.org | http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2005/wp107_en.pdf | ec.europa.eu | http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2005/wp108_en.pdf | ec.europa.eu | 14.7.2 | |||||||
75 | - - - iii. Standard Contractual Clauses | data transfer | Privacy Standard Contractual Clauses | https://www.google.com/search?q=Privacy+Standard+Contractual+Clauses | https://europeanlawblog.eu/2020/11/13/schrems-iii-first-thoughts-on-the-edpb-post-schrems-ii-recommendations-on-international-data-transfers-part-1/ | europeanlawblog.eu | https://www.natlawreview.com/article/guidance-edpb-shrems-ii-and-future-changes-to-trans-border-data-flows-and-standard | natlawreview.com | 14.7.2 | |||||||||
76 | - - - iv. Other approved transfer mechanisms | data transfer | Privacy International Data Transfers: Other Approved Mechs | https://www.google.com/search?q=Privacy+International+Data+Transfers:+Other+Approved+Mechs | ||||||||||||||
77 | - - l. Other key considerations U.S.-based global multinationals | data transfer | Privacy U.S.-based global multinational companies | https://www.google.com/search?q=Privacy+U.S.-based+global+multinational+companies | ||||||||||||||
78 | - - - i. GDPR requirements | legislation | data transfer | Privacy GDPR requirements | https://www.google.com/search?q=Privacy+GDPR+requirements | https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/sensitive-data/what-personal-data-considered-sensitive_en | ec.europa.eu | https://www.dixonwilson.com/technical-updates/gdpr-key-provisions | dixonwilson.com | 4.8.1 | 14 | |||||||
79 | - - - ii. APEC privacy framework | data transfer | Privacy APEC privacy framework | https://www.google.com/search?q=Privacy+APEC+privacy+framework | https://www.apec.org/Publications/2005/12/APEC-Privacy-Framework | apec.org | https://iapp.org/media/pdf/resource_center/APEC_Privacy_Framework.pdf | iapp.org | https://itlaw.wikia.org/wiki/APEC_Privacy_Framework | itlaw.wikia.org | 1.4.5 | |||||||
80 | - - m. Resolving multinational compliance conflicts | data transfer | Privacy Resolving multinational compliance conflicts | https://www.google.com/search?q=Privacy+Resolving+multinational+compliance+conflicts | ||||||||||||||
81 | - - - i. EU data protection versus e-discovery | data transfer | eDiscovery | Privacy EU data protection versus e-discovery | https://www.google.com/search?q=Privacy+EU+data+protection+versus+e-discovery | https://technology.findlaw.com/electronic-discovery/ediscovery-and-the-eu-european-data-privacy-regulations-every.html | findlaw.com | https://www.foley.com/en/insights/publications/2018/06/gdpr-and-us-ediscovery--who-will-win-the-game-of-c | foley.com | 13 | ||||||||
82 | 29% | II. Limits on Private-sector Collection and Use of Data | Privacy Private-sector Collection and Use of Data | https://www.google.com/search?q=Privacy+Private-sector+Collection+and+Use+of+Data | 20 | 24 | 22 | |||||||||||
83 | 4% | - A. Cross-sector FTC Privacy Protection | FTC Privacy Protection | https://www.google.com/search?q=FTC+Privacy+Protection | 2 | 4 | 3 | |||||||||||
84 | - - a. The Federal Trade Commission Act | legislation | The Federal Trade Commission Act | https://www.google.com/search?q=The+Federal+Trade+Commission+Act | https://www.ftc.gov/enforcement/statutes/federal-trade-commission-act | ftc.gov | https://en.wikipedia.org/wiki/Federal_Trade_Commission_Act_of_1914 | wikipedia.org | https://epic.org/privacy/internet/ftc/Authority.html | epic.org | 3.3, 3.5, 3.7 | |||||||
85 | - - b. FTC Privacy Enforcement Actions | FTC Privacy Enforcement Actions | https://www.google.com/search?q=FTC+Privacy+Enforcement+Actions | https://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy/privacy-security-enforcement | ftc.gov | https://iapp.org/media/pdf/resource_center/Scully-FTC-Remedies2017.pdf | iapp.org | 3.6, 3.7 | 3.6, 3.7 | |||||||||
86 | - - c. FTC Security Enforcement Actions | infosec | FTC Security Enforcement Actions | https://www.google.com/search?q=FTC+Security+Enforcement+Actions | https://www.ftc.gov/enforcement/cases-proceedings/terms/249 | ftc.gov | https://www.lexology.com/library/detail.aspx?g=37fdf828-4a9a-4aa2-8f20-f8f6bb0e1ce0 | lexology.com | 3.6, 3.7 | 3.6, 3.7 | ||||||||
87 | - - d. The Children’s Online Privacy Protection Act of 1998 (COPPA) | legislation | The Children’s Online Privacy Protection Act of 1998 (COPPA) | https://www.google.com/search?q=The+Children’s+Online+Privacy+Protection+Act+of+1998+(COPPA) | https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule | ftc.gov | https://epic.org/privacy/kids/ | epic.org | https://www.ecfr.gov/cgi-bin/text-idx?SID=4939e77c77a1a1a08c1cbf905fc4b409&node=16%3A1.0.1.3.36&rgn=div5 | ecfr.gov | 5.2.5 | 5.2.5 | ||||||
88 | - - e. Future of federal enforcement | Privacy Data brokers, Big Data, IoT, AI, unregulated data | https://www.google.com/search?q=Privacy+Data+brokers,+Big+Data,+IoT,+AI,+unregulated+data | 3.8 | ||||||||||||||
89 | - - - +. Data Brokers & Privacy | adtech | Data Brokers & Privacy | https://www.google.com/search?q=Data+Brokers+&+Privacy | https://www.ftc.gov/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014 | ftc.gov | https://www.csoonline.com/article/3356458/landmark-laws-data-brokers-and-the-future-of-us-privacy-regulation.html | csoonline.com | https://iapp.org/news/a/at-senate-hearing-lawmakers-incredulous-data-brokers-a-no-show/ | iapp.org | 15.2.3.1 | |||||||
90 | - - - +. Big Data & Privacy | Big Data & Privacy | https://www.google.com/search?q=Big+Data+&+Privacy | 13.2 | 15.2 | |||||||||||||
91 | - - - +. IoT & Privacy | Internet of Things & Privacy | https://www.google.com/search?q=Internet+of+Things+&+Privacy | https://epic.org/privacy/internet/iot/ | epic.org | https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf | ftc.gov | https://www.internetsociety.org/policybriefs/iot-privacy-for-policymakers/ | internetsociety.org | 13.3 | 15.3 | |||||||
92 | - - - +. AI & Privacy | Artificial Intelligence & Privacy | https://www.google.com/search?q=Artificial+Intelligence+&+Privacy | https://www.brookings.edu/research/protecting-privacy-in-an-ai-driven-world/#:~:text=%E2%80%9CAs%20artificial%20intelligence%20evolves%2C%20it,the%20privacy%20issues%20that%20emerge. | brookings.edu | https://www.forbes.com/sites/davidteich/2020/08/10/artificial-intelligence-and-data-privacy--turning-a-risk-into-a-benefit/?sh=13a697d76a95 | forbes.com | https://iapp.org/media/pdf/resource_center/ai-and-privacy.pdf | iapp.org | 12.2.1.5, 15.1.2 | ||||||||
93 | - - - +. Unregulated Data | Privacy Unregulated Data | https://www.google.com/search?q=Privacy+Unregulated+Data | |||||||||||||||
94 | 8% | - B. Medical | healthcare | Medical Privacy Laws | https://www.google.com/search?q=Medical+Privacy+Laws | 7 | 8 | 5 | 7 | 6 | ||||||||
95 | - - a. The Health Insurance Portability and Accountability Act of 1996 | legislation | healthcare | The Health Insurance Portability and Accountability Act of 1996 (HIPAA) | https://www.google.com/search?q=The+Health+Insurance+Portability+and+Accountability+Act+of+1996+(HIPAA) | https://www.govinfo.gov/content/pkg/PLAW-104publ191/pdf/PLAW-104publ191.pdf | govinfo.gov | https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html | hhs.gov | https://www.atlantic.net/hipaa-compliant-hosting/hipaa-compliance-guide-what-is-hipaa/ | atlantic.net | 7.2 | 8.1 | |||||
96 | - - - i. HIPAA privacy rule | legislation | healthcare | HIPAA privacy rule | https://www.google.com/search?q=HIPAA+privacy+rule | https://www.hhs.gov/hipaa/for-professionals/privacy/index.html | hhs.gov | https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html | hhs.gov | https://www.upguard.com/blog/hipaa-privacy-rule | upguard.com | 7.2.1 | 8.1.1 | |||||
97 | - - - ii. HIPAA security rule | legislation | healthcare | infosec | HIPAA security rule | https://www.google.com/search?q=HIPAA+security+rule | https://www.hhs.gov/hipaa/for-professionals/security/index.html | hhs.gov | https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html | hhs.gov | https://www.unco.edu/hipaa/summary-of-security-rule/ | unco.edu | 7.2.2 | 8.1.2 | ||||
98 | - - b. HITECH Act of 2009 | legislation | healthcare | encryption | Health Information Technology for Economic and Clinical Health (HITECH) Act of 2010 | https://www.google.com/search?q=Health+Information+Technology+for+Economic+and+Clinical+Health+(HITECH)+Act+of+2010 | https://www.hhs.gov/hipaa/for-professionals/special-topics/hitech-act-enforcement-interim-final-rule/index.html | hhs.gov | https://www.hipaajournal.com/what-is-the-hitech-act/ | hipaajournal.com | 7.3 | 8.2 | ||||||
99 | - - c. The 21st Century Cures Act of 2016 | legislation | healthcare | Privacy The 21st Century Cures Act of 2016 | https://www.google.com/search?q=Privacy+The+21st+Century+Cures+Act+of+2016 | https://www.fda.gov/regulatory-information/selected-amendments-fdc-act/21st-century-cures-act | fda.gov | https://iapp.org/news/a/privacy-and-security-impacts-of-the-21st-century-cures-legislation/ | iapp.org | https://www.congress.gov/114/bills/hr34/BILLS-114hr34enr.pdf | congress.gov | 7.5 | 8.5 | |||||
100 | - - d. Confidentiality of Substance Use Disorder Patient Records Rule | legislation | healthcare | Privacy Confidentiality of Substance Use Disorder Patient Records Rule | https://www.google.com/search?q=Privacy+Confidentiality+of+Substance+Use+Disorder+Patient+Records+Rule | 8.3 | ||||||||||||
101 | - - - i. 42 CFR Part 2 | legislation | healthcare | Privacy 42 CFR Part 2 | https://www.google.com/search?q=Privacy+42+CFR+Part+2 | https://www.law.cornell.edu/uscode/text/42/290dd-2 | law.cornell.edu | https://www.ncsc.org/sitecore/content/microsites/future-trends-2012/home/privacy-and-technology/substance-abuse.aspx | ncsc.org | https://www.hhs.gov/about/news/2020/07/13/health-privacy-rule-42-cfr-part-2-revised-modernizing-care-coordination-americans-seeking-treatment.html | hhs.gov | 7.1 | 8.3 | |||||
102 | 8% | - C. Financial | financial | Financial Privacy Laws | https://www.google.com/search?q=Financial+Privacy++Laws | 8 | 9 | 5 | 7 | 6 | ||||||||
103 | - - a. The Fair Credit Reporting Act of 1970 (FCRA) | legislation | financial | Privacy Fair Credit Reporting Act of 1970 (FCRA) | https://www.google.com/search?q=Privacy+Fair+Credit+Reporting+Act+of+1970+(FCRA) | https://epic.org/privacy/fcra/ | epic.org | https://www.lexingtonlaw.com/credit/what-is-the-fair-credit-reporting-act | lexingtonlaw.com | 8.1 | 9.1 | |||||||
104 | - - b. The Fair and Accurate Credit Transactions Act of 2003 (FACTA) | legislation | financial | Privacy Fair and Accurate Credit Transactions Act of 2003 (FACTA) | https://www.google.com/search?q=Privacy+Fair+and+Accurate+Credit+Transactions+Act+of+2003+(FACTA) | https://www.ftc.gov/enforcement/statutes/fair-accurate-credit-transactions-act-2003 | ftc.gov | https://www.nclc.org/images/pdf/credit_reports/archive/analysis-facta.pdf | nclc.org | https://www.govinfo.gov/content/pkg/PLAW-108publ159/html/PLAW-108publ159.htm | govinfo.gov | 8.2 | 9.2 | |||||
105 | - - - +. The Disposal Rule | FACTA: Disposal Rule | https://www.google.com/search?q=FACTA:+Disposal+Rule | https://www.shrednations.com/2019/05/what-is-facta-disposal-rule/ | shrednations.com | https://www.govinfo.gov/content/pkg/PLAW-108publ159/html/PLAW-108publ159.htm | govinfo.gov | https://www.ftc.gov/news-events/press-releases/2016/09/ftc-seeks-comment-disposal-rule | ftc.gov | 9.2.1 | ||||||||
106 | - - - +. The Red Flags Rule | Red Flags Rule | https://www.google.com/search?q=Red+Flags+Rule | |||||||||||||||
107 | - - c. The Financial Services Modernization Act of 1999 (GLBA) | legislation | financial | Financial Services Modernization Act of 1999 (“Gramm-Leach-Bliley” or GLBA) | https://www.google.com/search?q=Financial+Services+Modernization+Act+of+1999+(“Gramm-Leach-Bliley”+or+GLBA) | https://www.ftc.gov/tips-advice/business-center/privacy-and-security/gramm-leach-bliley-act | ftc.gov | https://digitalguardian.com/blog/what-glba-compliance-understanding-data-protection-requirements-gramm-leach-bliley-act | digitalguardian.com | 8.3 | 9.3 | |||||||
108 | - - - i. GLBA privacy rule | legislation | financial | privacy policy | GLBA privacy rule | https://www.google.com/search?q=GLBA+privacy+rule | https://www.ftc.gov/tips-advice/business-center/guidance/how-comply-privacy-consumer-financial-information-rule-gramm | ftc.gov | 8.3.2 | 9.3.2 | ||||||||
109 | - - - ii. GLBA safeguards rule | legislation | financial | infosec | GLBA safeguards rule | https://www.google.com/search?q=GLBA+safeguards+rule | https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/safeguards-rule | ftc.gov | 8.3.3 | 9.3.3 | ||||||||
110 | - - d. Red Flags Rule | legislation | financial | Red Flags Rule | https://www.google.com/search?q=Red+Flags+Rule | https://en.wikipedia.org/wiki/Red_Flags_Rule | wikipedia.org | https://www.huntonprivacyblog.com/2010/12/20/president-obama-signs-red-flag-program-clarification-act/ | huntonprivacyblog.com | 8.2.2 | 9.2.2 | |||||||
111 | - - e. Dodd-Frank Wall Street Reform and Consumer Protection Act | legislation | financial | Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 | https://www.google.com/search?q=Dodd-Frank+Wall+Street+Reform+and+Consumer+Protection+Act+of+2010 | https://www.investopedia.com/terms/c/consumer-financial-protection-act.asp | investopedia.com | https://www.consumerfinance.gov/about-us/the-bureau/creatingthebureau/ | consumerfinance.gov | 8.4 | 9.4 | |||||||
112 | - - f. Consumer Financial Protection Bureau | entity | financial | Consumer Financial Protection Bureau | https://www.google.com/search?q=Consumer+Financial+Protection+Bureau | 9.4 | ||||||||||||
113 | - - g. Online Banking | financial | Privacy & Online Banking | https://www.google.com/search?q=Privacy+&+Online+Banking | 8.6 | 9.3.3 | ||||||||||||
114 | 1% | - D. Education | education | Education Privacy laws | https://www.google.com/search?q=Education+Privacy+laws | 9 | 10 | 0 | 2 | 1 | ||||||||
115 | - - a. Family Educational Rights and Privacy Act of 1974 (FERPA) | legislation | education | Privacy Family Educational Rights and Privacy Act of 1974 (FERPA) | https://www.google.com/search?q=Privacy+Family+Educational+Rights+and+Privacy+Act+of+1974+(FERPA) | https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html | www2.ed.gov | https://epic.org/privacy/student/ferpa/ | epic.org | 9.1 | 10.1 | |||||||
116 | - - b. Education technology | education | Privacy Privacy & Education technology | https://www.google.com/search?q=Privacy+Privacy+&+Education+technology | 9.4 | 10.4 | ||||||||||||
117 | 8% | - E. Telecommunications and Marketing | Privacy Telecommunications and Marketing | https://www.google.com/search?q=Privacy+Telecommunications+and+Marketing | 10 | 11 | 5 | 7 | 6 | |||||||||
118 | - - a. Telemarketing sales rule (TSR) and TCPA of 1991 | legislation | Privacy Telemarketing sales rule (TSR) and the Telephone Consumer Protection Act of 1991 (TCPA) | https://www.google.com/search?q=Privacy+Telemarketing+sales+rule+(TSR)+and+the+Telephone+Consumer+Protection+Act+of+1991+(TCPA) | https://en.wikipedia.org/wiki/Telemarketing_and_Consumer_Fraud_and_Abuse_Prevention_Act | wikipedia.org | https://www.ftc.gov/enforcement/statutes/telemarketing-consumer-fraud-abuse-prevention-act | ftc.gov | https://www.venable.com/-/media/files/events/2020/01/telemarketing-and-texting-slides-jan-2020.pdf | venable.com | 10.1 | 11.1 | ||||||
119 | - - - i. The Do-Not-Call registry (DNC) | legislation | Privacy Do-Not-Call registry (DNC) | https://www.google.com/search?q=Privacy+Do-Not-Call+registry+(DNC) | https://www.donotcall.gov/ | donotcall.gov | https://www.ftc.gov/tips-advice/business-center/guidance/qa-telemarketers-sellers-about-dnc-provisions-tsr | ftc.gov | 10.1.1 | 11.1.2 | ||||||||
120 | - - b. CAN-SPAM Act 2003 | legislation | Privacy Controlling the Assault of Non-solicited Pornography and Marketing Act of 2003 (CAN-SPAM) | https://www.google.com/search?q=Privacy+Controlling+the+Assault+of+Non-solicited+Pornography+and+Marketing+Act+of+2003+(CAN-SPAM) | https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business | ftc.gov | https://en.wikipedia.org/wiki/CAN-SPAM_Act_of_2003 | wikipedia.org | https://www.federalregister.gov/documents/2019/04/04/2019-06562/controlling-the-assault-of-non-solicited-pornography-and-marketing-rule | federalregister.gov | 10.3 | 11.3 | ||||||
121 | - - c. The Junk Fax Prevention Act of 2005 (JFPA) | legislation | Junk Fax Prevention Act of 2005 (JFPA) | https://www.google.com/search?q=Junk+Fax+Prevention+Act+of+2005+(JFPA) | https://www.congress.gov/bill/109th-congress/senate-bill/714 | congress.gov | https://www.fcc.gov/general/fax-advertising-policy | fcc.gov | https://en.wikipedia.org/wiki/Junk_Fax_Prevention_Act_of_2005 | wikipedia.org | 10.2 | 11.2 | ||||||
122 | - - d. The Wireless Domain Registry | The Wireless Domain Registry | https://www.google.com/search?q=The+Wireless+Domain+Registry | 10.3.3 | 11.3.3 | |||||||||||||
123 | - - e. Telecommunications Act of 1996 and CPNI | legislation | Telecommunications Act of 1996 and Customer Proprietary Network Information | https://www.google.com/search?q=Telecommunications+Act+of+1996+and+Customer+Proprietary+Network+Information | https://www.fcc.gov/general/telecommunications-act-1996 | fcc.gov | https://en.wikipedia.org/wiki/Telecommunications_Act_of_1996 | wikipedia.org | https://www.ntia.doc.gov/legacy/opadhome/overview.htm | ntia.doc.gov | 10.4 | 11.4 | ||||||
124 | - - f. Cable Communications Policy Act of 1984 | legislation | Cable Communications Policy Act of 1984 | https://www.google.com/search?q=Cable+Communications+Policy+Act+of+1984 | https://www.congress.gov/bill/98th-congress/senate-bill/66 | congress.gov | https://en.wikipedia.org/wiki/Cable_Communications_Policy_Act_of_1984 | wikipedia.org | https://www.mtsu.edu/first-amendment/article/1057/cable-communications-policy-act-of-1984 | mtsu.edu | 10.5 | 11.5 | ||||||
125 | - - g. Video Privacy Protection Act of 1988 (VPPA) | legislation | Video Privacy Protection Act of 1988 (VPPA) | https://www.google.com/search?q=Video+Privacy+Protection+Act+of+1988+(VPPA) | https://www.law.cornell.edu/uscode/text/18/2710 | law.cornell.edu | https://epic.org/privacy/vppa/ | epic.org | https://www.law.cornell.edu/uscode/text/18/2710 | law.cornell.edu | 10.6 | 11.6 | ||||||
126 | - - - i. Video Privacy Protection Act Amendments Act of 2012 | legislation | Video Privacy Protection Act Amendments Act of 2012 (H.R. 6671) | https://www.google.com/search?q=Video+Privacy+Protection+Act+Amendments+Act+of+2012+(H.R.+6671) | https://en.wikipedia.org/wiki/Video_Privacy_Protection_Act | wikipedia.org | https://www.whitecase.com/publications/article/social-sharing-and-us-video-privacy-protection-act-perilous-online-video | whitecase.com | 11.6 | |||||||||
127 | - - h. Digital advertising | adtech | Digital advertising | https://www.google.com/search?q=Digital+advertising | 5.5, 10.7 | 11.7 | ||||||||||||
128 | 9% | III. Government and Court Access to Private-sector Info | Government and Court Access to Private-sector Information | https://www.google.com/search?q=Government+and+Court+Access+to+Private-sector+Information | 12 | 13 | 6 | 8 | 7 | |||||||||
129 | 5% | - A. Law Enforcement and Privacy | Law Enforcement and Privacy | https://www.google.com/search?q=Law+Enforcement+and+Privacy | 12.3 | 13.3 | 3 | 5 | 4 | |||||||||
130 | - - a. Access to financial data | financial | Law Enforcement: Access to financial data | https://www.google.com/search?q=Law+Enforcement:+Access+to+financial+data | ||||||||||||||
131 | - - - i. Right to Financial Privacy Act of 1978 | legislation | financial | Right to Financial Privacy Act of 1978 | https://www.google.com/search?q=Right+to+Financial+Privacy+Act+of+1978 | https://www.fdic.gov/regulations/compliance/manual/8/viii-3.1.pdf | fdic.gov | https://epic.org/privacy/rfpa/ | epic.org | 12.3.6 | 13.3.6 | |||||||
132 | - - - ii. Bank Secrecy Act of 1970 (BSA) | legislation | financial | Bank Secrecy Act of 1970 (BSA) | https://www.google.com/search?q=Bank+Secrecy+Act+of+1970+(BSA) | https://www.occ.treas.gov/topics/supervision-and-examination/bsa/index-bsa.html | occ.treas.gov | https://www.investopedia.com/terms/b/bank_secrecy_act.asp | investopedia.com | 8.5.1 | 9.5.1 | |||||||
133 | - - b. Access to communications | Law Enforcement: Access to communications | https://www.google.com/search?q=Law+Enforcement:+Access+to+communications | |||||||||||||||
134 | - - - i. Wiretaps | Wiretaps: Law Enforcement Access to Data | https://www.google.com/search?q=Wiretaps:+Law+Enforcement+Access+to+Data | 12.3.3 | 13.3.3 | |||||||||||||
135 | - - - ii. Electronic Communications Privacy Act (ECPA) | legislation | Electronic Communications Privacy Act (ECPA) | https://www.google.com/search?q=Electronic+Communications+Privacy+Act+(ECPA) | https://epic.org/privacy/ecpa/ | epic.org | https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act | wikipedia.org | 13.3.3 | |||||||||
136 | - - - - 1. E-mails | ECPA: E-mails | https://www.google.com/search?q=ECPA:+E-mails | |||||||||||||||
137 | - - - - 2. Stored records | ECPA: Stored records | https://www.google.com/search?q=ECPA:+Stored+records | https://www.govinfo.gov/content/pkg/USCODE-2010-title18/html/USCODE-2010-title18-partI-chap121.htm | govinfo.gov | https://www.lexisnexis.com/lexis-practice-advisor/the-journal/b/lpa/posts/stored-communications-act-practical-considerations | lexisnexis.com | https://en.wikipedia.org/wiki/Stored_Communications_Act | wikipedia.org | 13.3.3.2 | ||||||||
138 | - - - - 3. Pen registers | ECPA: Pen registers | https://www.google.com/search?q=ECPA:+Pen+registers | https://www.law.cornell.edu/uscode/text/18/part-II/chapter-206 | law.cornell.edu | https://en.wikipedia.org/wiki/Pen_register#Pen_Register_Act | wikipedia.org | https://cyber.harvard.edu/privacy/Introduction%20to%20Government%20Investigations.htm | cyber.harvard.edu | 13.3.3.4 | ||||||||
139 | - - c. Communications Assistance to Law Enforcement Act (CALEA) | legislation | Communications Assistance to Law Enforcement Act (CALEA) | https://www.google.com/search?q=Communications+Assistance+to+Law+Enforcement+Act+(CALEA) | https://www.fcc.gov/public-safety-and-homeland-security/policy-and-licensing-division/general/communications-assistance | fcc.gov | https://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act | wikipedia.org | 12.3.4 | 13.3.4 | ||||||||
140 | 3% | - B. National Security and Privacy | search/surveil | National Security and Privacy | https://www.google.com/search?q=National+Security+and+Privacy | 12.4 | 13.4 | 1 | 3 | 2 | ||||||||
141 | - - a. Foreign Intelligence Surveillance Act of 1978 (FISA) | legislation | search/surveil | Foreign Intelligence Surveillance Act of 1978 (FISA) | https://www.google.com/search?q=Foreign+Intelligence+Surveillance+Act+of+1978+(FISA) | https://www.fisc.uscourts.gov/about-foreign-intelligence-surveillance-court | fisc.uscourts.gov | https://epic.org/privacy/surveillance/fisa/ | epic.org | 12.4.2 | 13.4.2 | |||||||
142 | - - - i. Wiretaps | search/surveil | FISA: Wiretaps | https://www.google.com/search?q=FISA:+Wiretaps | ||||||||||||||
143 | - - - ii. E-mails and stored records | search/surveil | FISA: E-mails and stored records | https://www.google.com/search?q=FISA:+E-mails+and+stored+records | ||||||||||||||
144 | - - - iii. National security letters | search/surveil | FISA: National security letters | https://www.google.com/search?q=FISA:+National+security+letters | https://www.eff.org/issues/national-security-letters/faq | eff.org | https://epic.org/privacy/nsl/ | epic.org | 12.4.5 | 13.4.5 | ||||||||
145 | - - b. USA Patriot Act | legislation | search/surveil | USA-Patriot Act | https://www.google.com/search?q=USA-Patriot+Act | https://epic.org/privacy/terrorism/hr3162.html | epic.org | https://en.wikipedia.org/wiki/Patriot_Act | wikipedia.org | 9.5, 13.4 | ||||||||
146 | - - c. The USA Freedom Act of 2015 | legislation | search/surveil | USA Freedom Act of 2015 | https://www.google.com/search?q=USA+Freedom+Act+of+2015 | https://en.wikipedia.org/wiki/USA_Freedom_Act | wikipedia.org | https://www.lawfareblog.com/nsa-and-usa-freedom-act | lawfareblog.com | https://www.lawfareblog.com/so-what-does-usa-freedom-act-do-anyway | lawfareblog.com | 13.4 | ||||||
147 | - - d. The Cybersecurity Information Sharing Act of 2015 (CISA) | legislation | infosec | search/surveil | Cybersecurity Information Sharing Act of 2015 (CISA) | https://www.google.com/search?q=Cybersecurity+Information+Sharing+Act+of+2015+(CISA) | https://en.wikipedia.org/wiki/Cybersecurity_Information_Sharing_Act | wikipedia.org | https://www.cisecurity.org/newsletter/cybersecurity-information-sharing-act-of-2015/ | cisecurity.org | https://www.nextgov.com/cybersecurity/2018/06/only-6-non-federal-groups-share-cyber-threat-info-homeland-security/149343/ | nextgov.com | 13.3.5 | |||||
148 | 1% | - C. Civil Litigation and Privacy | eDiscovery | Civil Litigation and Privacy | https://www.google.com/search?q=Civil+Litigation+and+Privacy | https://www.yalelawjournal.org/forum/data-rights-and-data-wrongs | yalelawjournal.org | https://iapp.org/news/a/how-the-ccpa-impacts-civil-litigation/ | iapp.org | 12.2 | 13.2 | 0 | 2 | 1 | ||||
149 | - - a. Compelled disclosure of media information | search/surveil | Compelled disclosure of media information | https://www.google.com/search?q=Compelled+disclosure+of+media+information | 13.1.1 | |||||||||||||
150 | - - - i. Privacy Protection Act of 1980 | legislation | search/surveil | Privacy Protection Act of 1980 | https://www.google.com/search?q=Privacy+Protection+Act+of+1980 | https://epic.org/privacy/ppa/ | epic.org | https://en.wikipedia.org/wiki/Privacy_Protection_Act_of_1980 | wikipedia.org | 13.3.7 | ||||||||
151 | - - b. Electronic discovery | eDiscovery | Privacy Electronic discovery | https://www.google.com/search?q=Privacy+Electronic+discovery | 12.2.2 | 13.2.2 | ||||||||||||
152 | 13% | IV. Workplace Privacy | Privacy Workplace Privacy | https://www.google.com/search?q=Privacy+Workplace+Privacy | 11 | 12 | 8 | 12 | 10 | |||||||||
153 | 5% | - A. Introduction to Workplace Privacy | Privacy | https://www.google.com/search?q=Privacy+ | 11.1 | 12.1 | 3 | 5 | 4 | |||||||||
154 | - - a. Workplace privacy concepts | Privacy Workplace privacy concepts | https://www.google.com/search?q=Privacy+Workplace+privacy+concepts++++++++ | 12.1 | ||||||||||||||
155 | - - - i. Human resources management | Privacy Workplace Privacy & Human resources management | https://www.google.com/search?q=Privacy+Workplace+Privacy+&+Human+resources+management | |||||||||||||||
156 | - - b. U.S. agencies regulating workplace privacy issues | Privacy U.S. agencies regulating workplace privacy issues | https://www.google.com/search?q=Privacy+U.S.+agencies+regulating+workplace+privacy+issues | 11.1.3.2 | 12.1.3.2 | |||||||||||||
157 | - - - i. Federal Trade Commission (FTC) | entity | Federal Trade Commission (FTC) | https://www.google.com/search?q=Federal+Trade+Commission+(FTC) | https://www.ftc.gov/about-ftc/what-we-do/enforcement-authority | ftc.gov | https://epic.org/privacy/internet/ftc/Authority.html | epic.org | https://en.wikipedia.org/wiki/Federal_Trade_Commission | wikipedia.org | 3.3-3.8 | |||||||
158 | - - - ii. Department of Labor | entity | employment | Department of Labor | https://www.google.com/search?q=Department+of+Labor | https://www.dol.gov/ | dol.gov | https://en.wikipedia.org/wiki/United_States_Department_of_Labor | wikipedia.org | https://www.dol.gov/sites/dolgov/files/WHD/legacy/files/FairLaborStandAct.pdf | dol.gov | 12.1.3.2, 13.1 | ||||||
159 | - - - iii. Equal Employment Opportunity Commission (EEOC) | entity | employment | Equal Employment Opportunity Commission (EEOC) | https://www.google.com/search?q=Equal+Employment+Opportunity+Commission+(EEOC) | https://www.eeoc.gov/ | eeoc.gov | https://en.wikipedia.org/wiki/Equal_Employment_Opportunity_Commission | wikipedia.org | https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws | eeoc.gov | 12.1.3.2, 12.2.1.2 | ||||||
160 | - - - iv. National Labor Relations Board (NLRB) | entity | employment | National Labor Relations Board (NLRB) | https://www.google.com/search?q=National+Labor+Relations+Board+(NLRB) | https://www.nlrb.gov/ | nlrb.gov | https://en.wikipedia.org/wiki/National_Labor_Relations_Act_of_1935 | wikipedia.org | https://btlaw.com/en/insights/blogs/have-an-employee-handbook-or-other-personnel-policies-heres-a-big-development-you-need-to-know | btlaw.com | 12.1.3.2 | ||||||
161 | - - - v. Occupational Safety and Health Act (OSHA) | entity | employment | healthcare | Occupational Safety and Health Act (OSHA) | https://www.google.com/search?q=Occupational+Safety+and+Health+Act+(OSHA) | https://www.osha.gov/ | osha.gov | https://en.wikipedia.org/wiki/Occupational_Safety_and_Health_Administration | wikipedia.org | 12.1.3.2, 13.1.1 | |||||||
162 | - - - vi. Securities and Exchange Commission (SEC) | entity | financial | Securities and Exchange Commission (SEC) | https://www.google.com/search?q=Securities+and+Exchange+Commission+(SEC) | https://www.sec.gov/spotlight/dodd-frank/derivatives.shtml | sec.gov | https://www.sec.gov/swaps-chart/swaps-chart.pdf | sec.gov | 9.3.1 | ||||||||
163 | - - c. U.S. Anti-discrimination laws | Privacy U.S. Anti-discrimination laws | https://www.google.com/search?q=Privacy+U.S.+Anti-discrimination+laws | 12.2.1.2 | ||||||||||||||
164 | - - - i. Civil Rights Act of 1964 | legislation | Privacy Civil Rights Act of 1964 | https://www.google.com/search?q=Privacy+Civil+Rights+Act+of+1964 | https://en.wikipedia.org/wiki/Civil_Rights_Act_of_1964 | wikipedia.org | https://www.lawfareblog.com/federal-privacy-legislation-should-protect-civil-rights | lawfareblog.com | https://www.supremecourt.gov/opinions/19pdf/17-1618_hfci.pdf | supremecourt.gov | 12.2.1.2 | |||||||
165 | - - - ii. Americans with Disabilities Act (ADA) | legislation | employment | healthcare | Privacy Americans with Disabilities Act (ADA) | https://www.google.com/search?q=Privacy+Americans+with+Disabilities+Act+(ADA) | https://www.eeoc.gov/publications/ada-your-employment-rights-individual-disability | eeoc.gov | https://www.dol.gov/general/topic/disability/ada | dol.gov | https://www.ada.gov/pubs/adastatute08.pdf | ada.gov | 11.2.1.3 | 12.1.3.2, 12.2.1.2 | ||||
166 | - - - iii. Genetic Information Nondiscrimination Act (GINA) | legislation | employment | healthcare | Genetic Information Nondiscrimination Act (GINA) | https://www.google.com/search?q=Genetic+Information+Nondiscrimination+Act+(GINA) | http://www.ginahelp.org/GINAhelp.pdf | ginahelp.org | https://en.wikipedia.org/wiki/Genetic_Information_Nondiscrimination_Act | wikipedia.org | https://www.eeoc.gov/eeoc/publications/fs-gina.cfm | eeoc.gov | 7.4 | 8.4, 12.2.1.2 | ||||
167 | 8% | - B. Privacy before, during and after employment | employment | Privacy Privacy before, during and after employment | https://www.google.com/search?q=Privacy+Privacy+before,+during+and+after+employment | 11.2 | 12.2 | 5 | 7 | 6 | ||||||||
168 | - - a. Employee background screening | employment | Privacy Employee background screening | https://www.google.com/search?q=Privacy+Employee+background+screening | 11.2.1.1 | |||||||||||||
169 | - - - i. Requirements under FCRA | employment | Privacy Employee background screening: Requirements under FCRA | https://www.google.com/search?q=Privacy+Employee+background+screening:+Requirements+under+FCRA | 11.2.1.4 | 12.2.1.4 | ||||||||||||
170 | - - - ii. Methods | employment | ||||||||||||||||
171 | - - - - 1. Personality and psychological evaluations | employment | Privacy Employee background screening: Personality and psychological evaluations | https://www.google.com/search?q=Privacy+Employee+background+screening:+Personality+and+psychological+evaluations | 12.2.2.1 | |||||||||||||
172 | - - - - 2. Polygraph testing | employment | Privacy Employee background screening: Polygraph testing | https://www.google.com/search?q=Privacy+Employee+background+screening:+Polygraph+testing | https://www.dol.gov/agencies/whd/polygraph | dol.gov | https://www.nolo.com/legal-encyclopedia/state-laws-polygraphs-lie-detector-tests.html | nolo.com | 11.2.2.1 | 12.2.2.1 | ||||||||
173 | - - - - 3. Drug and alcohol testing | employment | Privacy Employee background screening: Drug and alcohol testing | https://www.google.com/search?q=Privacy+Employee+background+screening:+Drug+and+alcohol+testing | https://www.samhsa.gov/workplace/legal/federal-laws | samhsa.gov | https://www.aclu.org/other/state-state-workplace-drug-testing-laws | aclu.org | 11.2.2.2 | 12.2.2.2 | ||||||||
174 | - - - - 4. Social media | employment | Privacy Employee background screening: Social media | https://www.google.com/search?q=Privacy+Employee+background+screening:+Social+media | https://hbr.org/2020/05/how-to-monitor-your-employees-while-respecting-their-privacy | hbr.org | https://allpryme.com/employee-privacy-laws/employee-privacy-laws/ | allpryme.com | 11.2.1.1 | |||||||||
175 | - - b. Employee monitoring | employment | Privacy Employee monitoring | https://www.google.com/search?q=Privacy+Employee+monitoring | 11.2.2.4 | 12.2.2.4 | ||||||||||||
176 | - - - i. Technologies | employment | Privacy Employment Technology | https://www.google.com/search?q=Privacy+Employment+Technology | ||||||||||||||
177 | - - - - 1. Computer usage | employment | Privacy Employee monitoring: Computer | https://www.google.com/search?q=Privacy+Employee+monitoring:+Computer | ||||||||||||||
178 | - - - - 1a. Social media | employment | Privacy Employee monitoring: Social Media | https://www.google.com/search?q=Privacy+Employee+monitoring:+Social+Media | https://hbr.org/2020/05/how-to-monitor-your-employees-while-respecting-their-privacy | hbr.org | https://allpryme.com/employee-privacy-laws/employee-privacy-laws/ | allpryme.com | 11.2.2.4.3 | |||||||||
179 | - - - - 2. Biometrics | employment | Privacy Employee monitoring: Biometrics | https://www.google.com/search?q=Privacy+Employee+monitoring:+Biometrics | https://www.bradley.com/insights/publications/2019/02/technology-at-a-price-risks-with-using-biometric-scanning-in-the-workplace | bradley.com | https://www.shrm.org/resourcesandtools/legal-and-compliance/employment-law/pages/regulation-employer-use-biometric-data.aspx | shrm.org | https://frostbrowntodd.com/collecting-biometric-data-what-you-need-to-know/ | frostbrowntodd.com | ||||||||
180 | - - - - 3. Location-based services (LBS) | employment | adtech | Privacy Employee monitoring: Location-based services (LBS) | https://www.google.com/search?q=Privacy+Employee+monitoring:+Location-based+services+(LBS) | 11.2.2.4.2 | ||||||||||||
181 | - - - - 4. Wellness Programs | employment | healthcare | Privacy Employee monitoring: Wellness Programs | https://www.google.com/search?q=Privacy+Employee+monitoring:+Wellness+Programs | https://www.consumerreports.org/health-privacy/are-workplace-wellness-programs-a-privacy-problem/ | consumerreports.org | https://www.healthaffairs.org/do/10.1377/hblog20200617.824130/full/ | healthaffairs.org | |||||||||
182 | - - - - 5. Mobile computing | employment | Privacy Employee monitoring: Mobile computing | https://www.google.com/search?q=Privacy+Employee+monitoring:+Mobile+computing | ||||||||||||||
183 | - - - - 6. E-mail and postal mail | employment | Privacy Employee monitoring: E-mail and postal mail | https://www.google.com/search?q=Privacy+Employee+monitoring:+E-mail+and+postal+mail | 11.2.2.4.2 | |||||||||||||
184 | - - - - 7. Photography | employment | Privacy Employee monitoring: Photography | https://www.google.com/search?q=Privacy+Employee+monitoring:+Photography | ||||||||||||||
185 | - - - - 8. Telephony | employment | Privacy Employee monitoring: Telephony | https://www.google.com/search?q=Privacy+Employee+monitoring:+Telephony | ||||||||||||||
186 | - - - - 9. Video | employment | Privacy Employee monitoring: Video | https://www.google.com/search?q=Privacy+Employee+monitoring:+Video | https://www.shrm.org/resourcesandtools/tools-and-samples/toolkits/pages/workplaceprivacy.aspx | shrm.org | https://www.michlaborlaw.com/workplace-video-surveillance-best-practices | michlaborlaw.com | 11.2.2.4.2 | |||||||||
187 | - - - ii. Requirements under ECPA of 1986 | employment | Privacy Employee monitoring: Requirements under ECPA | https://www.google.com/search?q=Privacy+Employee+monitoring:+Requirements+under+ECPA | 12.2.2.4.2 | |||||||||||||
188 | - - - iii. Unionized worker issues: monitoring in U.S. workplace | employment | Privacy Unionized worker issues concerning monitoring in the U.S. workplace | https://www.google.com/search?q=Privacy+Unionized+worker+issues+concerning+monitoring+in+the+U.S.+workplace | 12.2.2.4 | |||||||||||||
189 | - - c. Investigation of employee misconduct | employment | Privacy Investigation of employee misconduct | https://www.google.com/search?q=Privacy+Investigation+of+employee+misconduct | 11.2.2.5 | 12.2.2.5 | ||||||||||||
190 | - - - i. Data handling in misconduct investigations | employment | Privacy Employee Misconduct: Data handling in misconduct investigations | https://www.google.com/search?q=Privacy+Employee+Misconduct:+Data+handling+in+misconduct+investigations | ||||||||||||||
191 | - - - ii. Use of third parties in investigations | employment | Privacy Employee Misconduct: Use of third parties in investigations | https://www.google.com/search?q=Privacy+Employee+Misconduct:+Use+of+third+parties+in+investigations | ||||||||||||||
192 | - - - iii. Documenting performance problems | employment | Privacy Employee Misconduct: Documenting performance problems | https://www.google.com/search?q=Privacy+Employee+Misconduct:+Documenting+performance+problems | ||||||||||||||
193 | - - - iv. Balancing rights of multiple individuals in a single situation | employment | Privacy Employee Misconduct: Balancing rights of multiple individuals in a single situation | https://www.google.com/search?q=Privacy+Employee+Misconduct:+Balancing+rights+of+multiple+individuals+in+a+single+situation | ||||||||||||||
194 | - - d. Termination of the employment relationship | employment | Privacy Termination of the employment relationship | https://www.google.com/search?q=Privacy+Termination+of+the+employment+relationship | 11.2.3 | 12.2.3 | ||||||||||||
195 | - - - i. Transition management | employment | Privacy Employee Termination: Transition management | https://www.google.com/search?q=Privacy+Employee+Termination:+Transition+management | ||||||||||||||
196 | - - - ii. Records retention | employment | Privacy Employee Termination: Records retention | https://www.google.com/search?q=Privacy+Employee+Termination:+Records+retention | ||||||||||||||
197 | - - - iii. References | employment | Privacy Employee Termination: References | https://www.google.com/search?q=Privacy+Employee+Termination:+References | ||||||||||||||
198 | 8% | V. State Privacy Laws | Privacy State Privacy Laws | https://www.google.com/search?q=Privacy+State+Privacy+Laws | 6 | 7 | 5 | 7 | 6 | |||||||||
199 | 1% | - A. Federal vs. State authority | Privacy State Privacy Laws: Federal vs. state authority | https://www.google.com/search?q=Privacy+State+Privacy+Laws:+Federal+vs.+state+authority | 0 | 2 | 1 | |||||||||||
200 | 1% | - B. Marketing laws | Privacy State Privacy Laws: Marketing laws | https://www.google.com/search?q=Privacy+State+Privacy+Laws:+Marketing+laws | https://telemarketingregulations.com/state-regulations | telemarketingregs | https://casetext.com/analysis/7th-circuit-tcpa-doesnt-preempt-more-restrictive-state-robocall-law | casetext.com | 11.1.3 | 0 | 2 | 1 | ||||||
201 | 1% | - C. Financial Data | financial | Privacy State Privacy Laws: Financial Data | https://www.google.com/search?q=Privacy+State+Privacy+Laws:+Financial+Data | https://en.wikipedia.org/wiki/Financial_privacy_laws_in_the_United_States#State_laws | wikipedia.org | https://www.nafcu.org/system/files/files/NAFCU%20Data%20Privacy%20Issue%20Brief%20Dec2019.pdf | nafcu.org | 9.3.4 | 0 | 2 | 1 | |||||
202 | - - a. Credit history | financial | Privacy State Privacy Laws: Credit history | https://www.google.com/search?q=Privacy+State+Privacy+Laws:+Credit+history | https://www.demos.org/research/bad-credit-shouldnt-block-employment-how-make-state-bans-employment-credit-checks-more | demos.org | https://www.microbilt.com/Cms_Data/Contents/Microbilt/Media/Docs/MicroBilt-State-Laws-Limiting-Use-of-Credit-Information-For-Employment-Version-1-1-03-01-17-.pdf | microbilt.com | https://www.laborandemploymentlawcounsel.com/2018/06/using-credit-histories-in-employment-decisions-an-overview-of-divergent-state-local-requirements/ | laborandemployment | 11.2.1.4 | |||||||
203 | - - b. California SB-1 | legislation | financial | Privacy California SB-1 | https://www.google.com/search?q=Privacy+California+SB-1 | https://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?division=1.4.&lawCode=FIN | legislature.ca.gov | https://medium.com/golden-data/what-is-calfipa-ee7e48c88dd0 | medium.com | https://www.reedsmith.com/-/media/files/perspectives/2004/09/sb1--the-california-financial-information-privacy/files/sb1--the-california-financial-information-privacy/fileattachment/acf6c0d.pdf | reedsmith.com | 8.3.4 | 9.3.4.1 | |||||
204 | 1% | - D. Data Security Laws | infosec | Privacy Data Security Laws | https://www.google.com/search?q=Privacy+Data+Security+Laws | https://www.ncsl.org/research/telecommunications-and-information-technology/data-security-laws.aspx | ncsl.org | 6.2 | 7.2 | 0 | 2 | 1 | ||||||
205 | - - a. SSN | infosec | Privacy Data Security Laws: SSN | https://www.google.com/search?q=Privacy+Data+Security+Laws:+SSN | https://www.aclu.org/other/privacy-america-social-security-numbers | aclu.org | https://www.mofo.com/resources/insights/state-statutes-restricting-or-prohibiting-the-use-of-social-security-numbers.html | mofo.com | https://www.ftc.gov/sites/default/files/documents/reports/security-numbers-social-security-numbers-and-identity-theft-federal-trade-commission-report/p075414ssnreport.pdf | ftc.gov | 6 | 7.2.2 | ||||||
206 | - - b. Data destruction | infosec | Privacy Data Security Laws: Data destruction | https://www.google.com/search?q=Privacy+Data+Security+Laws:+Data+destruction | https://www.ncsl.org/research/telecommunications-and-information-technology/data-disposal-laws.aspx | ncsl.org | https://eridirect.com/ | eridirect.com | 6.7 | 7.7 | ||||||||
207 | - - c. Security procedures | infosec | Privacy Data Security Laws: Security procedures | https://www.google.com/search?q=Privacy+Data+Security+Laws:+Security+procedures | ||||||||||||||
208 | - - d. Recent developments | infosec | ||||||||||||||||
209 | - - - i. California Electronic Communications Privacy Act (2015) | legislation | infosec | California Electronic Communications Privacy Act (2015) | https://www.google.com/search?q=California+Electronic+Communications+Privacy+Act+(2015) | https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201520160SB178 | legislature.ca.gov | https://www.eff.org/deeplinks/2015/10/california-leads-way-digital-privacy | eff.org | https://www.zwillgen.com/general/8-things-to-know-about-calecpa/ | zwillgen.com | |||||||
210 | - - - ii. Delaware Online Privacy and Protection Act (2016) | legislation | infosec | privacy policy | Delaware Online Privacy and Protection Act (2016) | https://www.google.com/search?q=Delaware+Online+Privacy+and+Protection+Act+(2016) | https://privacylaw.proskauer.com/2015/11/articles/online-privacy/delaware-enacts-comprehensive-online-privacy-protection-law/#:~:text=On%20January%201%2C%202016%2C%20the,privacy%20protection%20for%20its%20residents.&text=The%20law%20grants%20the%20state's,prosecute%20violations%20of%20the%20law. | proskauer.com | https://www.winston.com/en/privacy-law-corner/delaware-s-online-privacy-and-protection-act-now-in-effect.html | winston.com | https://delcode.delaware.gov/title6/c012c/index.shtml | delcode.delaware.gov | 5.2.5 | |||||
211 | - - - iii. Nevada SB 538 (2017) | legislation | infosec | privacy policy | Nevada SB 538 (2017) | https://www.google.com/search?q=Nevada+SB+538+(2017) | https://www.ballardspahr.com/alertspublications/legalalerts/2017-08-01-nevada-becomes-the-third-state-to-enact-website-privacy-notification-law | ballardspahr.com | https://blog.zwillgen.com/2017/08/16/ready-nevadas-new-website-privacy-notice-law/ | zwillgen.com | https://www.leg.state.nv.us/Session/79th2017/Bills/SB/SB538.pdf | leg.state.nv.us | ||||||
212 | - - - iv. Illinois Right to Know Act (2017) | legislation | infosec | privacy policy | Illinois Right to Know Act (2017) | https://www.google.com/search?q=Illinois+Right+to+Know+Act+(2017) | https://www.jdsupra.com/legalnews/illinois-right-to-know-bill-passed-out-64580/ | jdsupra.com | https://www.termsfeed.com/blog/illinois-right-know-act/ | termsfeed.com | https://www.chicagotribune.com/business/ct-illinois-privacy-bill-passes-senate-0506-biz-20170505-story.html | chicagotribune.com | ||||||
213 | - - - v. New Jersey PIPPA (2017) | legislation | infosec | New Jersey Personal Information and Privacy Protection Act (2017) | https://www.google.com/search?q=New+Jersey+Personal+Information+and+Privacy+Protection+Act+(2017) | https://www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecurity-law/new-jerseys-personal-information-and-privacy-protection-act-signed-into-law | wilmerhale.com | https://www.faegredrinkerondata.com/2017/new-jersey-enacts-personal-information-and-privacy-protection-act/ | faegredrinkerondata.com | https://njbia.org/personal-information-privacy-act/ | njbia.org | |||||||
214 | - - - vi. Washington Biometric Privacy Law (H.B. 1493) (2017) | legislation | infosec | Washington Biometric Privacy Law (H.B. 1493) (2017) | https://www.google.com/search?q=Washington+Biometric+Privacy+Law+(H.B.+1493)+(2017) | https://www.huntonprivacyblog.com/2017/06/01/washington-becomes-third-state-enact-biometric-privacy-law/ | huntonprivacyblog | https://www3.swipeclock.com/blog/learn-washingtons-new-biometric-privacy-law-affects-businesses/ | swipeclock.com | https://www.insideprivacy.com/united-states/state-legislatures/washington-becomes-the-third-state-with-a-biometric-law/ | insideprivacy.com | |||||||
215 | - - - vii. NYDFS Cybersecurity Regulation (2017) | legislation | infosec | financial | NYDFS Cybersecurity Regulation (2017) | https://www.google.com/search?q=NYDFS+Cybersecurity+Regulation+(2017) | https://blog.ariacybersecurity.com/blog/what-is-23-nycrr-500-blog | ariacybersecurity.com | https://www.varonis.com/blog/nydfs-cybersecurity-regulation/ | varonis.com | https://www.dfs.ny.gov/industry_guidance/cybersecurity | dfs.ny.gov | 9.3.4.2 | |||||
216 | - - - viii. California Consumer Privacy Act (CCPA) (2018) | legislation | infosec | California Consumer Privacy Act (CCPA) (2018) | https://www.google.com/search?q=California+Consumer+Privacy+Act+(CCPA)+(2018) | https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act | wikipedia.org | https://www.caprivacy.org/ | caprivacy.org | 6 | ||||||||
217 | - - - ix. Other significant state acts and laws | infosec | Privacy state acts and laws | https://www.google.com/search?q=Privacy+state+acts+and+laws | ||||||||||||||
218 | 3% | - E. Data Breach Notification Laws | data breach | Privacy Data Breach Notification Laws | https://www.google.com/search?q=Privacy+Data+Breach+Notification+Laws | 6.6 | 7 | 1 | 3 | 2 | ||||||||
219 | - - a. Elements of state data breach notification laws | data breach | https://www.perkinscoie.com/en/news-insights/security-breach-notification-chart.html | perkinscoie.com | https://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx | ncsl.org | https://www.foley.com/-/media/files/insights/publications/2020/09/20mc29862-data-breach-chart-090120.pdf | foley.com | 6.6 | 7.6 | ||||||||
220 | - - - i. Definitions of relevant terms (personal infor, security breach) | data breach | https://www.bakerlaw.com/files/Uploads/Documents/Data%20Breach%20documents/Data_Breach_Charts.pdf | bakerlaw.com | https://www.irmi.com/articles/expert-commentary/state-breach-identification-laws-personal-information-definition | irmi.com | https://iapp.org/news/a/states-continue-to-expand-definition-of-personal-information/ | iapp.org | 6.6.1 | 7.6.1-7.6.3 | ||||||||
221 | - - - ii. Conditions for notification (who, when, how) | data breach | https://www.varonis.com/blog/data-breach-definition-by-state/ | varonis.com | https://www.itgovernanceusa.com/data-breach-notification-laws | itgovernanceusa.com | 6.6.4-7 | 7.6.4-7.6.10 | ||||||||||
222 | - - - iii. Subject rights (credit monitoring, private right of action) | data breach | 6.6.9 | 7.6.11 | ||||||||||||||
223 | - - b. Key differences among states today | data breach | ||||||||||||||||
224 | - - c. Recent developments | data breach | https://www.ncsl.org/research/telecommunications-and-information-technology/2019-security-breach-legislation.aspx | ncsl.org | https://www.ncsl.org/research/telecommunications-and-information-technology/2020-security-breach-legislation637299951.aspx | ncsl.org | ||||||||||||
225 | - - - i. Tennessee SB 2005 | legislation | data breach | encryption | Privacy Tennessee SB 2005 | https://www.google.com/search?q=Privacy+Tennessee+SB+2005 | https://iapp.org/news/a/tennessee-law-first-to-require-notification-regardless-of-information-encryption-status/ | iapp.org | https://www.dwt.com/blogs/privacy--security-law-blog/2016/04/tennessee-gives-businesses-45-days-for-data-breach | dwt.com | https://healthitsecurity.com/news/tn-updates-data-breach-notification-law-for-encrypted-data | healthitsecurity.com | ||||||
226 | - - - ii. Illinois HB 1260 | legislation | data breach | Privacy Illinois HB 1260 | https://www.google.com/search?q=Privacy+Illinois+HB+1260 | https://www.radarfirst.com/blog/illinois-personal-information-protection-act/#:~:text=Illinois%20HB%201260%3A,or%20security%20question%20and%20answer | radarfirst.com | https://www.ilga.gov/legislation/fulltext.asp?DocName=09900HB1260enr&GA=99&SessionId=88&DocTypeId=HB&LegID=85740&DocNum=1260&GAID=13&Session= | ilga.gov | |||||||||
227 | - - - iii. California AB 2828 | legislation | data breach | encryption | Privacy California AB 2828 | https://www.google.com/search?q=Privacy+California+AB+2828 | https://privacylaw.proskauer.com/2016/11/articles/california/california-amends-data-breach-notification-law-to-require-notification-of-breach-of-encrypted-personal-information-when-encryption-key-has-been-leaked/ | proskauer.com | https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201520160AB2828 | legislature.ca.gov | ||||||||
228 | - - - iv. New Mexico HB 15 | legislation | data breach | Privacy New Mexico HB 15 | https://www.google.com/search?q=Privacy+New+Mexico+HB+15 | https://www.huntonprivacyblog.com/2017/04/17/new-mexico-enacts-data-breach-notification-law/ | huntonprivacyblog | |||||||||||
229 | - - - v. Massachusetts HB 4806 | legislation | data breach | Privacy Massachusetts HB 4806 | https://www.google.com/search?q=Privacy+Massachusetts+HB+4806 | https://www.insideprivacy.com/data-security/data-breaches/massachusetts-amends-data-breach-notification-law-to-require-free-credit-monitoring/ | insideprivacy.com | https://malegislature.gov/Bills/190/H4806 | malegislature.gov | https://www.jdsupra.com/legalnews/updates-to-massachusetts-data-breach-35590/ | jdsupra.com | |||||||
230 | - - - vi. Other significant state amendments | data breach | Privacy state amendments | https://www.google.com/search?q=Privacy+state+amendments |