Cover
Title Page
Copyright Page
Contents at a Glance
Contents
Introduction
The CIPM Exam
What Does This Book Cover?
CIPM Exam Objectives
CIPM Certification Exam Objective Map
Assessment Test
Answers to Assessment Test
Chapter 1 Developing a Privacy Program
Introduction to Privacy
What Is Privacy?
What Is Personal Information?
What Isn’t Personal Information?
Why Should We Care about Privacy?
Generally Accepted Privacy Principles
Management
Notice
Choice and Consent
Collection
Use, Retention, and Disposal
Access
Disclosure to Third Parties
Security for Privacy
Quality
Monitoring and Enforcement
Developing a Privacy Program
Crafting Vision, Strategy, Goals, and Objectives
Structuring the Privacy Team
Creating a Program Scope and Charter
Privacy Roles
Building Inventories
Conducting a Privacy Assessment
Implementing Privacy Controls
Ongoing Operation and Monitoring
Data Governance
Data Governance Approaches
Data Governance Roles
Access Requirements
Governing Information Processing
Managing the Privacy Budget
Organizational Budgeting
Expense Types
Budget Monitoring
Communicating about Privacy
Creating Awareness
Building a Communications Plan
Privacy Program Operational Life Cycle
Summary
Exam Essentials
Review Questions
Chapter 2 Privacy Program Framework
Develop the Privacy Program Framework
Examples of Privacy Frameworks
Develop Privacy Policies, Procedures, Standards, and Guidelines
Define Privacy Program Activities
Implement the Privacy Program Framework
Communicate the Framework
Aligning with Applicable Laws and Regulations
Develop Appropriate Metrics
Identify Intended Audience for Metrics
Define Privacy Metrics for Oversight and Governance per Audience
Summary
Exam Essentials
Review Questions
Chapter 3 Privacy Operational Life Cycle: Assess
Document Your Privacy Program Baseline
Education and Awareness
Monitoring and Responding to the Regulatory Environment
Assess Policy Compliance against Internal and External Requirements
Data, Systems, and Process Assessment
Risk Assessment Methods
Incident Management, Response, and Remediation
Perform Gap Analysis against an Accepted Standard or Law
Program Assurance
Processors and Third-Party Vendor Assessment
Evaluate Processors and Third-Party Vendors
Understand Sources of Information
Risk Assessment
Contractual Requirements and Ongoing Monitoring
Physical Assessments
Mergers, Acquisitions, and Divestitures
Privacy Assessments and Documentation
Privacy Threshold Analyses (PTAs)
Define a Process for Conducting Privacy Assessments
Summary
Exam Essentials
Review Questions
Chapter 4 Privacy Operational Life Cycle: Protect
Privacy and Cybersecurity
Cybersecurity Goals
Relationship between Privacy and Cybersecurity
Cybersecurity Controls
Security Control Categories
Security Control Types
Data Protection
Data Encryption
Data Loss Prevention
Data Minimization
Backups
Policy Framework
Cybersecurity Policies
Cybersecurity Standards
Cybersecurity Procedures
Cybersecurity Guidelines
Exceptions and Compensating Controls
Developing Policies
Identity and Access Management
Least Privilege
Identification, Authentication, and Authorization
Authentication Techniques
Provisioning and Deprovisioning
Account and Privilege Management
Privacy by Design
Privacy and the SDLC
System Development Phases
System Development Models
Integrating Privacy with Business Processes
Vulnerability Management
Vulnerability Scanning
Vulnerability Remediation
Data Policies
Data Sharing
Data Retention
Data Destruction
Summary
Exam Essentials
Review Questions
Chapter 5 Privacy Operational Life Cycle: Sustain
Monitor
Monitoring the Environment
Monitor Compliance with Privacy Policies
Monitor Regulatory Changes
Compliance Monitoring
Audit
Aligning with Audits
Audit Focus
Summary
Exam Essentials
Review Questions
Chapter 6 Privacy Operational Life Cycle: Respond
Data Subject Rights
Access
Managing Data Integrity
Right of Erasure
Right to Be Informed
Control over Use
Complaints
Handling Information Requests
Incident Response Planning
Stakeholder Identification
Building an Incident Oversight Team
Building the Incident Response Plan
Integrating the Plan with Other Functions
Incident Detection
Security and Privacy Incidents
Security Events and Incidents
Privacy Incidents
Reporting Privacy Incidents
Coordination and Information Sharing
Internal Communications
External Communications
Breach Notification
Incident Handling
Risk Assessment
Containment Activities
Remediation Measures
Ongoing Communications
Post-Incident Activity
Planning for Business Continuity
Business Continuity Planning vs. Disaster Recovery Planning
Project Scope and Planning
Business Impact Analysis
Continuity Planning
Plan Approval and Implementation
Summary
Exam Essentials
Review Questions
Appendix: Answers to Review Questions
Chapter 1: Developing a Privacy Program
Chapter 2: Privacy Program Framework
Chapter 3: Privacy Operational Life Cycle: Assess
Chapter 4: Privacy Operational Life Cycle: Protect
Chapter 5: Privacy Operational Life Cycle: Sustain
Chapter 6: Privacy Operational Life Cycle: Respond
Index
Comprehensive Online Learning Environment
EULA