IAPP Certified Information Privacy Professional/United States (CIPP-US) Exam Syllabus

CIPP-US PDF, CIPP-US Dumps, CIPP-US VCE, IAPP Certified Information Privacy Professional/United States Questions PDF, IAPP Certified Information Privacy Professional/United States VCE, IAPP Information Privacy Professional/United States Dumps, IAPP Information Privacy Professional/United States PDFUse this quick start guide to collect all the information about IAPP CIPP-US Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the IAPP Certified Information Privacy Professional/United States (CIPP-US) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual IAPP Certified Information Privacy Professional/United States (CIPP-US) certification exam.

The IAPP CIPP-US certification is mainly targeted to those candidates who want to build their career in Privacy Laws and Regulations domain. The IAPP Certified Information Privacy Professional/United States (CIPP-US) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of IAPP Information Privacy Professional/United States.

IAPP CIPP-US Exam Summary:

Exam Name IAPP Certified Information Privacy Professional/United States (CIPP-US)
Exam Code CIPP-US
Exam Price First Time Candidate: $550
Retake: $375
Duration 150 mins
Number of Questions 90
Passing Score 300 / 500
Books / Training CIPP/US Body of Knowledge
CIPP/US Exam Blueprint
Schedule Exam Pearson VUE
Sample Questions IAPP CIPP-US Sample Questions
Practice Exam IAPP CIPP-US Certification Practice Exam

IAPP Information Privacy Professional/United States Exam Syllabus Topics:

Topic Details

Introduction to the U.S. Privacy Environment

Structure of U.S. Law

- Branches of government
- Sources of law

  • Constitutions
  • Legislation
  • Regulations and rules
  • Case law
  • Common law
  • Contract law

- Legal definitions

  • Jurisdiction
  • Person
  • Preemption
  • Private right of action

- Regulatory authorities

  • Federal Trade Commission (FTC)
  • Federal Communications Commission (FCC)
  • Department of Commerce (DoC)
  • Department of Health and Human Services (HHS)
  • Banking regulators
    1. Federal Reserve Board
    2. Comptroller of the Currency
  • State attorneys general
  • Self-regulatory programs and trust marks

- Understanding laws

  • Scope and application
  • Analyzing a law
  • Determining jurisdiction
  • Preemption
Enforcement of U.S. Privacy and Security Laws

- Criminal versus civil liability
- General theories of legal liability

  • Contract
  • Tort
  • Civil enforcement

- Negligence
- Unfair and deceptive trade practices (UDTP)
- Federal enforcement actions
- State enforcement (Attorneys General (AGs), California Privacy Protection Agency (CPPA))
- Cross-border enforcement issues (Global Privacy Enforcement Network (GPEN))
- Self-regulatory enforcement (PCI, Trust Marks)

Information Management from a U.S. Perspective

- Data sharing and transfers

  • Data inventory
  • Data classification
  • Data flow mapping

- Privacy program development
- Managing User Preferences
- Incident response programs

  • Cyber threats (e.g., ransomware)

- Workforce Training
- Accountability
- Data and records retention and disposal (FACTA)
- Online Privacy
- Privacy notices
- Vendor management

  • Data processing agreements
  • Vendor incidents
  • Cloud issues
  • Third-party data sharing

- International data transfers

  • U.S. Safe Harbor, Privacy Shield, and the EU-U.S. Data Privacy Framework
  • Binding Corporate Rules (BCRs)
  • Standard Contractual Clauses (SCCs)
  • Other approved transfer mechanisms
  • Schrems decisions, implications of

- Other key considerations for U.S.-based global multinational companies

  • GDPR requirements
  • APEC privacy framework

- Resolving multinational compliance conflicts

  • EU data protection versus e-discovery

Limits on Private-sector Collection and Use of Data

Cross-sector FTC Privacy Protection

- The Federal Trade Commission Act
- FTC Privacy Enforcement Actions
- FTC Security Enforcement Actions
- The Children’s Online Privacy Protection Act of 1998 (COPPA)
- Future of federal enforcement (Data brokers, Big Data, IoT, AI, unregulated data)

Healthcare/Medical

- The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

  • HIPAA privacy rule
  • HIPAA security rule
  • Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates

- Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009
- The 21st Century Cures Act of 2016
- Confidentiality of Substance Use Disorder Patient Records Rule

  • 42 CFR Part 2
Financial

- The Fair Credit Reporting Act of 1970 (FCRA)
- The Fair and Accurate Credit Transactions Act of 2003 (FACTA)
- The Financial Services Modernization Act of 1999 (“Gramm-Leach-Bliley” or GLBA)

  • GLBA privacy rule
  • GLBA safeguards rule
  • Exemptions under state laws

- Red Flags Rule
- Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010
- Consumer Financial Protection Bureau
- Online Banking

Education

- Family Educational Rights and Privacy Act of 1974 (FERPA)
- Education technology

Telecommunications and Marketing

- Telemarketing sales rule (TSR) and the Telephone Consumer Protection Act of 1991 (TCPA)

  • The Do-Not-Call registry (DNC)

- Combating the Assault of Non-solicited Pornography and Marketing Act of 2003 (CAN-SPAM)
- The Junk Fax Prevention Act of 2005 (JFPA)
- The Wireless Domain Registry
- Telecommunications Act of 1996 and Customer Proprietary Network Information
- Cable Communications Policy Act of 1984
- Video Privacy Protection Act of 1988 (VPPA)

  • Video Privacy Protection Act Amendments Act of 2012 (H.R. 6671)

- Driver’s Privacy Protection Act (DPPA)
- Digital advertising
- Web scraping
- Data Ethics

Government and Court Access to Private-sector Information

Law Enforcement and Privacy

- Access to financial data

  • Right to Financial Privacy Act of 1978
  • Bank Secrecy Act of 1970 (BSA)

- Access to communications

  • Wiretaps
  • Electronic Communications Privacy Act (ECPA)
    1. E-mails
    2. Stored records
    3. Pen registers

- The Communications Assistance to Law Enforcement Act (CALEA)

National Security and Privacy

- Foreign Intelligence Surveillance Act of 1978 (FISA)

  • Wiretaps
  • E-mails and stored records
  • National security letters
  • Amendments Act: Section 702 (2008)

- Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA-Patriot Act)
- The USA Freedom Act of 2015
- The Cybersecurity Information Sharing Act of 2015 (CISA)

Civil Litigation and Privacy
- Compelled disclosure of media information
  • Privacy Protection Act of 1980
- Electronic discovery

Workplace Privacy

Introduction to Workplace Privacy

- Workplace privacy concepts

  • Human resources management

- U.S. agencies regulating workplace privacy issues

  • Federal Trade Commission (FTC)
  • Department of Labor
  • Equal Employment Opportunity Commission (EEOC)
  • National Labor Relations Board (NLRB)
  • Occupational Safety and Health Act (OSHA)
  • Securities and Exchange Commission (SEC)

- U.S. Anti-discrimination laws

  • Civil Rights Act of 1964
  • Americans with Disabilities Act (ADA)
  • Genetic Information Nondiscrimination Act (GINA)
Privacy before, during and after employment

- Automated employment decision tools and potential for bias
- Employee background screening

  • Requirements under FCRA
  • Methods
    1. Personality and psychological evaluations
    2. Polygraph testing
    3. Drug and alcohol testing
    4. Social media

- Employee monitoring

  • Technologies
    1. Computer usage (including social media)
    2. Biometrics
    3. Location-based services (LBS)
    4. Wellness Programs
    5. Mobile computing
    6. E-mail and postal mail
    7. Photography
    8. Telephony
    9. Video
  • Requirements under the Electronic Communications Privacy Act of 1986 (ECPA)
  • Unionized worker issues concerning monitoring in the U.S. workplace

- Investigation of employee misconduct

  • Data handling in misconduct investigations
  • Use of third parties in investigations
  • Documenting performance problems
  • Balancing rights of multiple individuals in a single situation

- Termination of the employment relationship

  • Transition management
  • Records retention
  • References

State Privacy Laws

Federal vs. state authority - State Attorneys General
- California Privacy Protection Agency (CPPA)
Data Privacy and Security Laws

- Applicability

  • Thresholds (e.g., number of state residents, annual revenue, etc.)
  • Available exemptions

- Data subject rights (e.g., access; deletion/correction; portability; opt-out)
- Privacy notice requirements (e.g. California Online Privacy Protection Act and similar laws)
- Data security requirements
- Data protection agreements
- Data protection assessments / risk assessments
- Health data rules

  • Geofencing bans and restrictions
  • Washington My Health, My Data (MHMD) Act (2023)
  • Nevada Consumer Health Data Privacy Law (SB 370) (2023)
  • Privacy class actions based on the Illinois Genetic Information Privacy Act (GIPA) (2023)

- Data retention and destruction
- Selling and Sharing of Personal Information (PI)
- Enforcement

  • Cure periods
  • Penalties

- Cookie and online tracking regulations
- Facial recognition use restrictions
- Biometric information privacy regulations

  • Illinois Biometric Information Privacy Act (BIPA) (2008)
  • Other biometric privacy laws (e.g. Washington, Texas)

- AI bias laws

  • Automated decision-making rules and regulations (e.g. California, Colorado)
  • NYC Automated Employment Decision Tool law
  • Colorado’s Protecting Consumers from Unfair Discrimination in Insurance Practices law

- Important comprehensive data privacy laws

  • California data privacy laws: California Consumer Privacy Act (CCPA) (2018) as amended by the California Privacy Rights Act (CPRA)(2020), California Age-Appropriate Design Code Act (A.B. 2273) (2022), Delete Act (SB 362) (2023)
  • Key provisions of other significant state acts and laws (Virginia, Colorado, Connecticut, Utah, Nevada, Florida, Oregon, Texas, Montana)
Data Breach Notification Laws

- Elements of state data breach notification laws

  • Definitions of relevant terms (personal information, security breach)
  • Conditions for notification (who, when, how)
  • Subject rights (credit monitoring, private right of action)

- Key differences among states today
- Significant developments

  • Utah S.B. 127 Cybersecurity Amendments
  • Pennsylvania SB 696
  • Other significant state amendments

To ensure success in IAPP Information Privacy Professional/United States certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for IAPP Certified Information Privacy Professional/United States (CIPP-US) exam.

Rating: 5 / 5 (70 votes)