Ace the Certified Information Privacy Professional Exam

Certified Information Privacy Professional Exam

In today's digital age, data is more valuable than ever before. With the European Union's General Data Protection Regulation (EU GDPR) setting a global precedent, and stringent regulations like those in the US and Canada, the need to protect sensitive information has taken center stage.

As professionals dealing with financial matters, you're entrusted with not only numbers but also the confidential data behind them. A breach of privacy can lead to financial losses, legal complications, and a tarnished reputation.

Throughout this course, we delve into the core principles of privacy protection, arming you with the knowledge and strategies needed to excel in the Certified Information Privacy Professional (CIPP) Exam.

Our goal is to not only help you pass the exam but also to equip you with real-world insights that can be immediately applied to your professional endeavors.

To truly understand the significance of these regulations, we'll explore various case studies that highlight the consequences of privacy breaches and the impact they have on individuals and organizations. These case studies offer a tangible grasp of the potential pitfalls and underline the urgency of privacy compliance.

In one instance, we'll delve into the aftermath of a data breach that exposed sensitive customer information. This led to hefty legal fines, loss of consumer trust, and a damaged reputation that took years to rebuild. By examining such scenarios, you'll grasp the tangible repercussions of inadequate privacy measures.

Furthermore, we'll examine the evolution of privacy laws across different regions. The EU General Data Protection Regulation (GDPR) has set a global standard for data protection. We'll unravel its intricate articles, ensuring you not only memorize them but also comprehend their practical implications.

Moving across the Atlantic, we'll learn the multifaceted landscape of privacy regulations in the US. With a patchwork of laws such as HIPAA, CCPA, and more, the US presents a unique challenge. Our course will break down these laws and elucidate how they interplay.

Canada's privacy landscape, too, holds its own complexities with the Personal Information Protection and Electronic Documents Act (PIPEDA). Understanding its nuances is vital, especially for professionals working with Canadian entities or data.

In an era where personal information has become one of the most valuable commodities, protecting individuals' privacy rights is not only ethically crucial but also a legal obligation.

The European Union's General Data Protection Regulation (EU GDPR) has set a precedent for data protection standards worldwide. Simultaneously, countries like the US and Canada have introduced their own privacy regulations that demand experts who can interpret and implement these laws effectively.

Our Executive Certificate Course is meticulously designed to demystify the intricacies of data privacy regulations.

We understand that complex legal jargon can be intimidating, so we've tailored our content to be accessible and engaging for professionals in the US Accounting and Bookkeeping field.

You'll gain a deep understanding of the EU GDPR, as well as the privacy regulations specific to the US and Canada.

What to Expect

No prior legal expertise? No problem. Our course breaks down the concepts into bite-sized, understandable modules. From understanding the key principles of data protection to comprehending cross-border data transfers, we'll guide you step by step.

Our industry-experienced instructors bring real-world scenarios into the virtual classroom, ensuring you grasp not only the theory but also its practical application.

Learning doesn't happen in isolation. Engage with fellow US Accounting and Bookkeeping professionals who share your goals. Collaborate on projects, participate in discussions, and exchange insights that go beyond the textbooks.

Our instructors are committed to your success, offering personalized support to address your queries and concerns.

The pinnacle of our course is preparing you to conquer the CIPP exam with confidence. We provide comprehensive resources, practice tests, and mock scenarios that mirror the exam environment. Our goal is not just to help you pass the exam, but to empower you with the expertise to excel in your career.

Our mission is to empower you with a comprehensive understanding of these regulations, using real cases and practical insights. We want you not only to succeed in the CIPP exam but also to enter the professional world as a confident and adept privacy professional.

Get ready to embark on a journey that merges theoretical knowledge with practical application, equipping you with the skills to champion privacy and data protection.

Your success in this course and, eventually, in the CIPP exam, is the first step toward shaping a future where privacy is a paramount concern

Who should take this course?

Privacy Enthusiasts: If you're fascinated by the world of data protection and privacy regulations, this course will help you dive deeper. Whether you're new to the field or have some experience, our comprehensive material will enhance your understanding and expertise.
Legal Professionals: For lawyers and legal practitioners, understanding privacy laws like the EU GDPR, US privacy regulations, and Canada's data protection laws is paramount. This course will provide the necessary insights to navigate these complex legal frameworks.
Data Handlers: If your job involves managing, processing, or storing personal data, this course is crucial. Learn the best practices to handle data responsibly and in compliance with the law, reducing the risk of breaches and legal issues.
Business Owners: As a business owner, ensuring that your company complies with privacy regulations is not just about avoiding fines—it's about building trust with your customers. This course will guide you in establishing privacy-conscious practices within your organization.
IT Professionals: Data security and privacy are integral parts of IT operations. This course will equip IT professionals with the knowledge to implement robust technical measures and contribute to their company's overall privacy strategy.
Compliance Officers: If your role involves ensuring your organization follows privacy laws, this course offers a comprehensive overview of key regulations. You'll gain insights into how to develop and manage effective compliance programs.
Risk Managers: Understanding the risks associated with mishandling personal data is crucial. This course will help risk managers assess privacy-related risks and implement strategies to mitigate them effectively.

What will you learn from this course?

Dive deep into the EU GDPR, the gold standard of data protection regulations, and gain a clear understanding of its principles, requirements, and implications for businesses operating within the EU.
Explore how data can flow across borders while staying compliant with various privacy laws.
Learn the complexities of international data transfers and how to ensure the protection of personal information.
Understand the multifaceted privacy landscape in the United States, encompassing regulations like HIPAA, CCPA, and more.
Analyze case studies to see how organizations navigate these regulations while safeguarding consumer data.
Gain insights into the Canadian privacy regime, including the Personal Information Protection and Electronic Documents Act (PIPEDA). Examine real-world scenarios to grasp how Canadian businesses maintain privacy standards.
Through engaging case studies, dissect real privacy challenges faced by organizations. Learn how they tackled these issues while adhering to relevant regulations, and develop practical problem-solving skills.
Delve into risk assessment methodologies and compliance strategies. Explore how to identify, assess, and mitigate privacy-related risks to ensure your organization's data practices align with legal requirements.
Understand the ethical dimensions of handling personal data. Learn about the importance of transparency, consent, and the responsible use of data in today's digital landscape.
By the end of this course, you'll have honed your skills in effective study strategies and exam-taking techniques to confidently approach the CIPP exam. Review sample questions and practice scenarios to solidify your grasp of the material.
Connect with fellow participants who share your career aspirations. Engage in discussions, share experiences, and expand your professional network in the privacy domain.

What is the CIPP exam?

The CIPP exam is the exam for a certification i.e. Certified Information Privacy Professional offered by the International Association of Privacy Professionals (IAPP).

The International Association of Privacy Professionals (IAPP) is a not-for-profit organization and is the largest and most comprehensive global information privacy community.

The IAPP offers four concentrations for this certification, based on different regions:

CIPP/A - covering Asia
CIPP/E - covering Europe
CIPP/US - covering the United States, and
CIPP/C - covering Canada

All four certifications have different exams of their own, different syllabus and different study resources.

Training Methodology

Online 24/7 access

Access study materials via our online portal & via our anroid & iOS apps.

Practical Exercises

Two practical exercises every week, each followed by written feedback.

Live Online Classes

Live online classes based on exercises, allowing questions and feedback.

Convenient Class timings

Classes held after work hours, typically on Sundays or after 8 PM on weekdays.

Live Doubt Clearing

Live doubt clearing for support and one-on-one sessions with mentors.

What are the career benefits of cracking the exam? What kind of opportunities can you secure?

The CIPP certification is one of the most recognized certifications by the industry for hiring privacy professionals. Its popularity can be witnessed in the growth of the certifications and membership numbers of the IAPP.

The IAPP hit the numbers of 25000 certifications and 50000 members, both in 2019. While they took 12 years to hit their first 10000 certifications, they increased by 15000 in the next seven years.

While the current numbers are unknown, it is very likely that they will hit their next landmark much faster.

This is not surprising, considering the salary levels of professionals who hold the Certified Information Privacy Professional (CIPP) certification. When the demand for some skills is higher than the supply, this is what happens.

screenshot

The variety of positions that you can secure includes privacy managers, compliance managers, privacy counsel, privacy analyst, data privacy consultant, privacy specialist, data privacy advisor, etc.

Multinational companies and tech startups that are expanding out of the country can be highly interested in hiring lawyers who can understand Canadian data privacy laws such as the PIPEDA and the CIPP certification can go a long way in convincing them that you have knowledge in this area.

The IAPP itself has many jobs listed on its portal in the Career Central area.

Who can be your employers / clients?

Large multinationals which have a privacy and data protection department, looking to hire employees who have a greater understanding of multi-jurisdictional data protection laws;
Startup entities looking to expand to multiple countries which become subject to global data protection regulations but cannot afford to hire large teams to ensure compliance;
Tech law firms around the world which are small or medium-sized, looking to build their capacity at lower cost by outsourcing paralegal work remotely
Small businesses around the world, looking for guidance on compliance with data protection laws for their websites and agreements;

What are the challenges faced by candidates attempting the exam?

Here are some of the issues that the candidates face while attempting this exam:

The first issue that candidates face is that the syllabus isn’t fixed. The body of knowledge available on the IAPP website is basically an outline. It doesn’t mean that those are the only things that will be asked. It is essential for students to buy the textbook which costs USD75 and the textbooks are often not updated to the latest year.
The questions asked are situational. The available resources train people on law, but there’s no guidance on how to apply it to specific situations.
There are not many live classes and sessions available and where they are available, they are concentrated within 2-4 days and are prohibitively expensive.
One of the biggest challenges that candidates face is the unavailability of mentoring and handholding sessions for any doubts that they may have or any gaps that they face in understanding the legal concepts. They do not know whom to reach out to, to get the gaps sorted or doubts cleared. If they do find someone, they aren’t sure the person will guide them correctly.
The laws in this domain are updated fairly frequently. It is very difficult to keep track of the changes in developments and often textbooks do not take care of the changes. There is also a lack of clarity on what can be the correct resources to use, to keep a tab of the changes and a complete lack of a system on how to do this.

How much does CIPP training cost from different providers?

CIPP online training from IAPP will cost you from USD 1195 to 2390 (approximately INR 88,000 to 1,78,500).
Pembroke Privacy provides live online training (only for CIPP) (see here) and this includes four full day sessions as well as the textbook and course notes (but no sample questions) and is priced at EUR1,295 (approximately INR1,32,500). Again, there are no mentoring and handholding sessions available.
AllNet Law provide live online instructor led sessions for CIPP, concentrated over 4 days (14 hours) including the IAPP textbook, one year membership, course notes, sample course exam questions, online mock exam, revision flashcards and free refresher classes, but it is priced at GBP1,395 (approximately INR 1,43,180).

How much preparation does the certification require?

Although IAPP states that the required preparation hours are 30, most candidates find it difficult to grasp the entire syllabus in that much time. If you are totally new to this area, the required time can be almost double for you.

If you space out your learning over 2 months and put in 8 hours in a week (1.5 hours per day for 5 days + time for mock tests), this will add up to 64 hours, which can be sufficient.

Testimonial

Dear LawSikho team,
I am delighted to inform you that I have passed the CIPP/E exam on 16th February 2022. I am thankful to the faculty and the entire lawsikho team behind the CiPP/E preparation group, which I was part of. I am mostly greatful for the material which was provided for the preparation of the exam.
Thanks,
Vasudha Arora

Vasudha Arora Student

How can LawSikho help?

LawSikho is the only organisation providing live online training for all three certifications. We are also the only organisation providing 60 mock tests . Further, we will provide you the material in hard copy - all other providers will provide you with a digital textbook and notes.

The live sessions will explain the concepts in a very simplified manner and clear any gaps in understanding that you have.

On top of it, there is constant mentoring and doubt clearing available as required.

Most course providers are charging over INR 1 lakh for one certification, while with LawSikho, the training for one certification can be completed at INR 36,600.

You will have access to the class recordings and the material upto the point when you clear the exams and not just up to the first attempt.

We also provide placement support for people who have cleared the exams, which no other provider does.

No other training provider provides handholding to the extent LawSikho does. At LawSikho, we have your back.

What is unique about this course?

In this course, we don't just skim the surface of privacy regulations; we immerse you in real-world scenarios. We present you with case studies inspired by actual privacy challenges faced by organizations in the EU, US, and Canada. Through these cases, you'll learn to apply your knowledge to practical situations, developing the skills needed to excel in the exam and your professional career.
We will also guide you in developing your online presence through various freelancing platforms such as Upwork, Fiverr, People Per Hour, etc. and through social media networks such as Linked In, Facebook, etc.
By the end of this course, you can expect to have secured enough skills to be able to take up paralegal work assignments from small and medium sized companies in the US,EU and Canada as well as law firms / business firms in the US looking to outsource work.
You will also be equipped to help small entrepreneurs outside the US establish a presence in the US by incorporating entities.
The course is tough and intensive, you will not be awarded the certificate unless you complete the required number of assignments. You will have to invest 4-5 hours per week in developing your skills, in addition to the classes on this course.
You will have interactive classes with high-quality discussions which will be taken by the experts of this course. You can get all the doubts resolved in the classes or even outside the classes through course groups and email.
You will get personal attention and coaching from our trainers who will be assigned to you, and have access to a dedicated course anchor who will help you with submissions or any guidance or issues you may have as you progress through the course.
You will receive in-line feedback for the assignments you submit, which will improve your performance to a significant extent.
You will have access to other doubt clearing mechanisms also, in addition to the online classes such as a discussion forum where queries are responded to within a period of 48 hours, a WhatsApp group that will include your peers and batchmates as well as the course anchor, evaluator and support team from LawSikho.
You will be trained in writing for six writing assignments during the term of the course and if these are of publishable quality, these shall be published on the iPleaders blog which sees a footfall of more than a million visitors a month.

What kind of recruitment and placement support will I get?

Unique Training Method: We're the sole organization in India offering comprehensive, exercise-based courses.
Employer Recognition: Many leading employers, law firms, and companies actively seek our high-performing students.
Career Opportunities: Success in our courses can lead to job placements, internships, and assessment internships in esteemed law firms, with renowned lawyers, and various companies.
Empowering Learners: We focus on empowering learners with not just knowledge and skills, but also real-world opportunities.
Dedicated Support Team: Our dedicated team is here to assist you with placements, internships, and freelance opportunities.
Proven Success: Between April 2021 and June 2023, we've helped over 21,000 students secure job and internship opportunities.
Media Recognition: Our achievements have been featured in respected media outlets like The Hindu, Business World, and India Education Diary.
Impressive Value: Our students have secured over Rs. 2.7 Crore (USD 330,000) worth of work, with records of INR 30 LPA (USD 37,500) domestically and INR 50 LPA (USD 62,500) internationally.
Comprehensive Support: From day one, our placement team guides you in setting goals, crafting standout CVs, enhancing interview skills, and supporting your critical first month on the job or during an internship.
Trusted Recruiters: We've built strong collaborations with recruiters who prefer hiring our well-trained students.
Competitive Edge: Partnering with us gives you an edge in the job market and opens doors to exciting career prospects.

How will you clear my doubts and help me if I am struggling to understand or learn a concept?

In our live classes, you can ask questions, share your screen, receive personal feedback, and have your doubts cleared.
If you need more help after getting feedback on an assignment or want career advice, you can schedule a private one-on-one call. Our evaluators and mentors are here to assist you and give you advice that's tailored to your needs.

Money back guarantee

If you take this course, follow it diligently for a month, attend all classes and do all the exercises but still do not find value in it, or are not able to understand or follow it or not find it good for any reason, we will refund the entire course fee to you. It is a 100% money-back guarantee with only one condition, you must pursue it properly for a month. If you don’t find it valuable after that, get your entire money back.

View Refund Policy

Specific learning objectives

You will learn the core principles of the European Union General Data Protection Regulation (EU GDPR), the US privacy framework, and Canada's privacy laws.
You will analyze the differences and commonalities between these regulations to establish a comprehensive understanding.
Dive deep into the key principles of GDPR, such as lawful processing, consent, data subject rights, and accountability.
Explore real-world case studies showcasing organizations' adherence to GDPR principles and their consequences for non-compliance.
Gain insights into the varied landscape of US privacy laws, including CCPA, HIPAA, and sector-specific regulations.
Examine case studies illustrating data breaches, penalties, and the importance of compliant data handling.
Learn about Canada's PIPEDA and provincial privacy laws, comprehending distinctions and obligations for businesses.
Review instances where companies faced legal action due to mishandling of personal data, emphasizing the significance of privacy compliance.
Explore the intricacies of cross-border data transfers under GDPR's adequacy requirements and mechanisms like Privacy Shield.
Investigate real cases of data transfer challenges and their implications for multinational organizations.
Understand the purpose and methodology of conducting PIAs as per privacy regulations.
Analyze case studies involving successful and flawed PIAs, illustrating their impact on risk mitigation and compliance.
Grasp the protocols for managing data breaches and adhering to notification timelines across different regulations.
Delve into real incidents where organizations managed breaches effectively or faced legal consequences for delays.
Explore ethical dilemmas surrounding data privacy, surveillance, and consent in modern society.
Discuss case studies involving privacy breaches, highlighting the ethical implications and potential ways to address them.
Develop effective study techniques, time management, and exam-taking strategies tailored for the CIPP exam.
Engage in mock tests featuring scenario-based questions to apply knowledge and enhance preparedness.

Syllabus

CIPP EUROPE

Introduction to European Data Protection Law

Origins and Historical Context of Data Protection Law
- Rationale for data protection
- Human rights laws
- Early laws and regulations
- The need for a harmonized European approach
- The Treaty of Lisbon
- A modernized framework
- EU Member Nations

European Union Institutions
- Council of Europe
- European Court of Human Rights
- European Parliament
- European Commission
- European Council
- Court of Justice of the European Union

Legislative Framework
- The Council of Europe Convention for the Protection of Individuals with Regard to the Automatic Processing of Personal Data of 1981 (The CoE Convention)
- The EU Data Protection Directive (95/46/EC)
- The EU Directive on Privacy and Electronic Communications (2002/58/EC) (ePrivacy Directive) – as amended
- The EU Directive on Electronic Commerce (2000/31/EC)
- European data retention regimes
- The General Data Protection Regulation (GDPR) (EU) 2016/679 and related legislation
- Data Protection Acts of the Member States

European Data Protection Law and Regulation

Data Protection Concepts
- Personal data
- Sensitive personal data
- Pseudonymous and anonymous data
- Processing
- Cross-border processing
- Controller
- Processor
- Data subject

Territorial and Material Scope of the General Data Protection Regulation
- Establishment in the EU
- Non-establishment in the EU

Data Processing Principles
- Fairness and lawfulness
- Purpose limitation
- Proportionality
- Accuracy
- Storage limitation (retention)
- Integrity and confidentiality

Lawful Processing Criteria
- Consent
- Contractual necessity
- Legal obligation, vital interests, and public interest
- Legitimate interests
- Special categories of processing

Information Provision Obligations
- Transparency principle
- Privacy notices
- Layered notices

Data Subjects’ Rights
- Access
- Rectification
- Erasure and the right to be forgotten (RTBF)
- Restriction and objection
- Consent, including right of withdrawal
- Automated decision making, including profiling
- Data portability
- Restrictions

Security of Personal Data
- Appropriate technical and organizational measures
a.Protection mechanisms (encryption, access controls, etc.)

- Breach notification
a. Risk reporting requirements

- Vendor Management
- Data sharing

Accountability Requirements
- Responsibility of controllers and processors
a. joint controllers
- Data protection by design and by default
- Documentation and cooperation with regulators
- Data protection impact assessment (DPIA)
a. established criteria for conducting
- Mandatory data protection officers
- Auditing of privacy programs

International Data Transfers
- Rationale for prohibition
- Adequate jurisdictions
- Safe Harbor and Privacy Shield
- Standard Contractual Clauses
- Binding Corporate Rules (BCRs)
- Codes of Conduct and Certifications
- Derogations
- Transfer impact assessments (TIAs)

Supervision and enforcement
- Supervisory authorities and their powers
- The European Data Protection Board
- Role of the European Data Protection Supervisor (EDPS)

Consequences for GDPR violations
- Process and procedures
- Infringements and fines
- Class actions
- Data subject compensation

Compliance with European Data Protection Law and Regulation

Employment Relationship
- Legal basis for processing of employee data
- Storage of personnel records
- Workplace monitoring and data loss prevention
- EU Works councils
- Whistleblowing systems
- 'Bring your own device' (BYOD) programs
- Employee privacy notices

Surveillance Activities
- Surveillance by public authorities
- Interception of communications
- Closed-circuit television (CCTV)
- Geolocation
- Biometrics / facial recognition

Direct Marketing
- Telemarketing
- Direct marketing
- Online behavioural targeting

Internet Technology and Communications
- Cloud computing
- Web cookies
- Search engine marketing (SEM)
- Social networking services
- Artificial Intelligence (AI)
a. machine learning
b. ethical issues

CIPP Canada

Canadian Privacy Fundamentals

Legal Basics
- The Canadian government and legal system
i. Political structure
ii. Division of powers
iii. Role of courts and administrative tribunals

- Canadian laws and their interpretation
i. Civil versus common law
ii. Sources of law
iii. Scope and application of law
iv. Relationship to other laws
v. Enforcement

- Enforcement agencies and powers
i. Canada
1. Privacy commissioners
a. Office of the Federal Privacy Commissioner
b. Provincial and territorial privacy commissioners
2. Courts and remedies
a. Federal Court of Canada
b. Provincial courts

Privacy Basics
- Understand that definitions of personal information vary among Canadian jurisdictions and legislation
- Types of personal information
i. Employee and work-related information
ii. Public records
iii. Publicly available information
1. Office of the Privacy Commissioner of Canada, Interpretation Bulletin, Publicly available information
2. Provincial legislation

- Private/sensitive information
- Safeguarding personal information
- General concepts of fair information practice
i. Notice
ii. Consent (Opt out vs. Opt in)
iii. Access controls and accountability

Privacy Principles
- Canadian Standards Association (CSA)
i. Model Code for the Protection of Personal Information (CAN/CSA-Q830-96)
ii. CSA Principles in Canadian privacy law

- Model codes and cooperation
i. Organisation for Economic Co-operation and Development (OECD); American Institute of Certified Public Accountants/Canadian Institute of Chartered Accountants (AICPA/CICA); Generally Accepted Privacy Principles (GAPP)

Canadian Privacy Laws and Practices—Private Sector

Statutes
- Understand when to apply The Personal Information Protection and Electronic Documents Act of Canada (PIPEDA)
- Understand when to apply the private sector privacy legislation in BC, Alberta and Quebec.
- Understand when to apply Canada’s Anti-Spam Legislation (CASL)

Key Concepts and Practices
- Accountability
i. Under the Quebec Act
ii. Other Canadian statutes

- Openness
- Collection, use and disclosure
i. Commercial activity as it relates to PIPEDA
ii. Business transactions

- Enhanced and valid consent
i. Reasonableness
ii. Opt-out consent mechanisms, their use and limitations
iii. Consent to new purposes
iv. Installation of computer programs
v. Automatic downloads
vi. Documentation

- Notice requirements
- Data breach reporting
i. Record keeping
ii. PIPEDA
iii. Understand when to apply privacy legislation regarding data breach reporting (e.g., Ontario’s Personal Health Information Protection Act (PHIPA), Alberta’s Personal Information Protection Act (PIPA), New Brunswick’s Personal Health
Information Privacy and Access Act (PHIPAA))

- Managing privacy protection requirements of third parties (e.g. service providers)
- Access
i. Rights and obligations

- Compliance trends
i. Commissioner rulings (e.g., agreements, guidance and published positions, appealed decisions, expectations)
ii. Relevant Canadian court rulings

- Compliance issues

Canadian Privacy Laws and Practices—Public Sector

Statutes

- Understand when to apply the Privacy Act of Canada
- Understand when to apply the Freedom of Information and Protection of Privacy Acts of the different provinces and territories

Key Concepts
- Consent
i. Authority to collect
ii. Consistent use

- Disclosure and transfer
- Retention
- Openness and access
- Privacy implications of service delivery models
i. E-government initiatives

- Sub-contracting and Shared Services
- Research and Statistical use of Personal Information

Canadian Privacy Laws and Practices—Health Sector

Statutes

- Understand when to apply the various Health Information Acts of the provinces and territories

Application and scope

- Personal health information

i. Definitions

ii. Interaction with PIPEDA

iii. Substantially similar to PIPEDA

- The health information custodians and trustees

i. Custodians working for non-custodians

ii. When non-custodians receive personal health information from custodians

iii. Agents

Key concepts and issues

i. Consent and exceptions to consent

ii. Authorized purposes

iii. Disclosures to non-custodians

iv. Safeguarding and breach notification

1. Agents

2. Notice of loss

v. Integrity

vi. Accountability and openness

vii. Access and right to correct information

viii. Oversight

ix. Surveillance

Health Sector Information

i. Organisations

1. eHealth Ontario

2. Canadian Organisation for the Advancement of Computers in Health (COACH)

3. Canadian Institute for Health Information (CIHI)

Genetic testing

i. Canadian Life and Health Insurance Association Inc. (CLHIA)

ii. PIPEDA and OPC rulings

iii. The Genetic Non-Discrimination Act

CIPP US

Introduction to the U.S. Privacy Environment

Structure of U.S. Law

- Branches of government
- Sources of law
i. Constitution
ii. Legislation
iii. Regulations and rules
iv. Case law
v. Common law
vi. Contract law

- Legal definitions
i. Jurisdiction
ii. Person
iii. Preemption
iv. Private right of action

- Regulatory authorities
i. Federal Trade Commission (FTC)
ii. Federal Communications Commission (FCC)
iii. Department of Commerce (DoC)
iv. Department of Health and Human Services (HHS)
v. Banking regulators
1. Federal Reserve Board
2. Comptroller of the Currency
vi. State attorneys general
vii. Self-regulatory programs and trust marks

- Understanding laws
i. Scope and application
ii. Analyzing a law
iii. Determining jurisdiction
iv. Preemption

Enforcement of U.S. Privacy and Security Laws
- Criminal versus civil liability
- General theories of legal liability
i. Contract
ii. Tort
iii. Civil enforcement

- Negligence
- Unfair and deceptive trade practices (UDTP)
- Federal enforcement actions
- State enforcement (Attorneys General (AGs), etc.)
- Cross-border enforcement issues (Global Privacy Enforcement Network (GPEN)) - Self-regulatory enforcement (PCI, Trust Marks)

Information Management from a U.S. Perspective

- Data sharing and transfers
i. Data inventory
ii. Data classification
iii. Data flow mapping

- Privacy program development
- Managing User Preferences
- Incident response programs
i. Cyber threats (e.g., ransomware)

- Workforce Training
- Accountability
- Data retention and disposal (FACTA)
- Online Privacy
- Privacy notices
- Vendor management
i. Vendor incidents
ii. Cloud issues

- International data transfers
i. U.S. Safe Harbor and Privacy Shield
ii. Binding Corporate Rules (BCRs)
iii. Standard Contractual Clauses
iv. Other approved transfer mechanisms

- Other key considerations for U.S.-based global multinational companies
i. GDPR requirements
ii. APEC privacy framework

- Resolving multinational compliance conflicts
i. EU data protection versus e-discovery

Limits on Private-sector Collection and Use of Data

Cross-sector FTC Privacy Protection
- The Federal Trade Commission Act
- FTC Privacy Enforcement Actions
- FTC Security Enforcement Actions
- The Children’s Online Privacy Protection Act of 1998 (COPPA)
- Future of federal enforcement (Data brokers, Big Data, IoT, AI, unregulated data)

Medical
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
i. HIPAA privacy rule
ii. HIPAA security rule

- Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009
- The 21st Century Cures Act of 2016
- Confidentiality of Substance Use Disorder Patient Records Rule
i. 42 CFR Part 2

Financial
- The Fair Credit Reporting Act of 1970 (FCRA)
- The Fair and Accurate Credit Transactions Act of 2003 (FACTA)
- The Financial Services Modernization Act of 1999 (“Gramm-Leach-Bliley” or GLBA)
i. GLBA privacy rule
ii. GLBA safeguards rule

- Red Flags Rule
- Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010
- Consumer Financial Protection Bureau
- Online Banking

Education
- Family Educational Rights and Privacy Act of 1974 (FERPA)
- Education technology

Telecommunications and Marketing
- Telemarketing sales rule (TSR) and the Telephone Consumer Protection Act of 1991 (TCPA) i. The Do-Not-Call registry (DNC)
- Combating the Assault of Non-solicited Pornography and Marketing Act of 2003 (CAN-SPAM)
- The Junk Fax Prevention Act of 2005 (JFPA)
- The Wireless Domain Registry
- Telecommunications Act of 1996 and Customer Proprietary Network Information
- Cable Communications Privacy Act of 1984
- Video Privacy Protection Act of 1988 (VPPA)
i. Video Privacy Protection Act Amendments Act of 2012 (H.R. 6671)

- Digital advertising

Government and Court Access to Private-sector Information

Law Enforcement and Privacy
- Access to financial data
i. Right to Financial Privacy Act of 1978
ii. Bank Secrecy Act of 1970 (BSA)

- Access to communications
i. Wiretaps
ii. Electronic Communications Privacy Act (ECPA)
1. E-mails
2. Stored records
3. Pen registers

- The Communications Assistance to Law Enforcement Act (CALEA)

National Security and Privacy
- Foreign Intelligence Surveillance Act of 1978 (FISA)
i. Wiretaps
ii. E-mails and stored records
iii. National security letters

- Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA-Patriot Act)
- The USA Freedom Act of 2015
- The Cybersecurity Information Sharing Act of 2015 (CISA)

Civil Litigation and Privacy
- Compelled disclosure of media information
i. Privacy Protection Act of 1980

- Electronic discovery

Workplace Privacy

Introduction to Workplace Privacy
- Workplace privacy concepts
i. Human resources management

- U.S. agencies regulating workplace privacy issues
i. Federal Trade Commission (FTC)
ii. Department of Labor
iii. Equal Employment Opportunity Commission (EEOC)
iv. National Labor Relations Board (NLRB)
v. Occupational Safety and Health Act (OSHA)
vi. Securities and Exchange Commission (SEC)

U.S. Anti-discrimination laws
i. Civil Rights Act of 1964
ii. Americans with Disabilities Act (ADA)
iii. Genetic Information Nondiscrimination Act (GINA)

Privacy before, during and after employment
- Employee background screening
i. Requirements under FCRA
ii. Methods
1. Personality and psychological evaluations
2. Polygraph testing
3. Drug and alcohol testing
4. Social media

- Employee monitoring
i. Technologies
1. Computer usage (including social media)
2. Biometrics
3. Location-based services (LBS)
4. Wellness Programs
5. Mobile computing
6. E-mail and postal mail
7. Photography
8. Telephony
9. Video

ii. Requirements under the Electronic Communications Privacy Act of 1986 (ECPA)

iii. Unionized worker issues concerning monitoring in the U.S. workplace

- Investigation of employee misconduct
i. Data handling in misconduct investigations
ii. Use of third parties in investigations
iii. Documenting performance problems
iv. Balancing rights of multiple individuals in a single situation

- Termination of the employment relationship
i. Transition management
ii. Records retention
iii. References

State Privacy Laws

Federal vs. state authority

Marketing laws

Financial Data
- Credit history
- California SB-1

Data Security Laws
- SSN
- Data destruction
- Security procedures
- Recent developments
i. California Electronic Communications Privacy Act (2015)
ii. Delaware Online Privacy and Protection Act (2016)
iii. Nevada SB 538 (2017)
iv. Illinois Right to Know Act (2017)
v. New Jersey Personal Information and Privacy Protection Act (2017)
vi. Washington Biometric Privacy Law (H.B. 1493) (2017)
vii. NYDFS Cybersecurity Regulation (2017)
viii. California Consumer Privacy Act (CCPA) (2018)
ix. Other significant state acts and laws

Data Breach Notification Laws
- Elements of state data breach notification laws
i. Definitions of relevant terms (personal information, security breach)
ii. Conditions for notification (who, when, how)
iii. Subject rights (credit monitoring, private right of action)

- Key differences among states today
- Recent developments
i. Tennessee SB 2005
ii. Illinois HB 1260
iii. California AB 2828
iv. New Mexico HB 15
v. Massachusetts HB 4806
vi. Other significant state amendments

Course Plan

Above prices are inclusive of all applicable taxes and charges.

Standard

RS. 51000 incl. of all charges

View details

Join the waitlist

1 online live class/ week

60 mock test

2 practical or 1 drafting exercises per week

1 writing assignment

Get digital access to entire study material

Hardcopy study materials- available on additional charges.

Access on LMS, Android & iOS app

Instructor feedback on assignments

Unlimited doubt clearing sessions.

Instructor led course with online live classes

Online exams (give exams as per your convenience on given time slots)

CV enhancement

Coaching for professional networking

Training for writing and publishing articles

Internship & Job Support

Interview preparation guidance

Access to updated content online for 3 years

Top students are recommended to law firms and companies

Internship and job support available

Join the waitlist

Global Information Privacy Professional Certification Readiness Program (EU GDPR, US, Canada, Asia)

Acquire a profound understanding of privacy regulations within the EU, GDPR, US and Canada and develop the proficiency required to gain success in the Certified Information Privacy professional Exam.

Exposure to growing areas of law

Learn & master real skills by doing

Knowledge & mentors for success

Build an unmatched track record

Find global jobs & freelance work

Ride in the remote work revolution

Get opportunities with domestic law firms, MNCs, startups, as well as international recruiters

Prominent recruiters where our alumni are currently working

Learn from top lawyers, partners, international lawyers and our in-house experts

We are building a world where lawyers can work across borders, learn any skills they want very rapidly and don’t burn out from overwork

Remote work means better opportunities for you

Learn high-demand skills and specialise for immediate growth

Learn US laws and work as remote paralegal

Build an awesome track record to win prospective clients

Qualify as a lawyer in California, Canada or UK

LawSikho courses work best for:

Law graduates who are graduating or recerntly graduated without a job and need help

Lawyers who are not earning enough and want to grow their earning potential

Non-lawyers who want to learn the law in a way that they can benefit in their career

Key Highlights