Description

Book Synopsis


Table of Contents

Introduction xvii

Assessment Test xxvii

Chapter 1 Developing a Privacy Program 1

Introduction to Privacy 3

What Is Privacy? 4

What Is Personal Information? 5

What Isn’t Personal Information? 5

Why Should We Care about Privacy? 8

Generally Accepted Privacy Principles 9

Management 10

Notice 11

Choice and Consent 11

Collection 12

Use, Retention, and Disposal 12

Access 13

Disclosure to Third Parties 14

Security for Privacy 14

Quality 15

Monitoring and Enforcement 16

Developing a Privacy Program 16

Crafting Vision, Strategy, Goals, and Objectives 17

Structuring the Privacy Team 20

Creating a Program Scope and Charter 22

Privacy Roles 25

Building Inventories 25

Conducting a Privacy Assessment 26

Implementing Privacy Controls 27

Ongoing Operation and Monitoring 27

Data Governance 28

Data Governance Approaches 28

Data Governance Roles 29

Access Requirements 29

Governing Information Processing 31

Managing the Privacy Budget 31

Organizational Budgeting 32

Expense Types 32

Budget Monitoring 33

Communicating about Privacy 34

Creating Awareness 34

Building a Communications Plan 35

Privacy Program Operational Life Cycle 36

Summary 36

Exam Essentials 37

Review Questions 38

Chapter 2 Privacy Program Framework 43

Develop the Privacy Program Framework 44

Examples of Privacy Frameworks 44

Develop Privacy Policies, Procedures, Standards, and Guidelines 51

Define Privacy Program Activities 52

Implement the Privacy Program Framework 57

Communicate the Framework 57

Aligning with Applicable Laws and Regulations 58

Develop Appropriate Metrics 78

Identify Intended Audience for Metrics 79

Define Privacy Metrics for Oversight and Governance per Audience 80

Summary 83

Exam Essentials 84

Review Questions 86

Chapter 3 Privacy Operational Life Cycle: Assess 91

Document Your Privacy Program Baseline 93

Education and Awareness 94

Monitoring and Responding to the Regulatory Environment 94

Assess Policy Compliance against Internal and External Requirements 94

Data, Systems, and Process Assessment 95

Risk Assessment Methods 96

Incident Management, Response, and Remediation 97

Perform Gap Analysis against an Accepted Standard or Law 97

Program Assurance 97

Processors and Third- Party Vendor Assessment 98

Evaluate Processors and Third- Party Vendors 99

Understand Sources of Information 99

Risk Assessment 100

Contractual Requirements and Ongoing Monitoring 102

Physical Assessments 102

Mergers, Acquisitions, and Divestitures 103

Privacy Assessments and Documentation 105

Privacy Threshold Analyses (PTAs) 105

Define a Process for Conducting Privacy Assessments 105

Summary 108

Exam Essentials 108

Review Questions 110

Chapter 4 Privacy Operational Life Cycle: Protect 115

Privacy and Cybersecurity 117

Cybersecurity Goals 117

Relationship between Privacy and Cybersecurity 118

Cybersecurity Controls 119

Security Control Categories 120

Security Control Types 120

Data Protection 121

Data Encryption 121

Data Loss Prevention 122

Data Minimization 123

Backups 124

Policy Framework 125

Cybersecurity Policies 126

Cybersecurity Standards 128

Cybersecurity Procedures 129

Cybersecurity Guidelines 130

Exceptions and Compensating Controls 131

Developing Policies 133

Identity and Access Management 133

Least Privilege 134

Identification, Authentication, and Authorization 134

Authentication Techniques 135

Provisioning and Deprovisioning 137

Account and Privilege Management 138

Privacy by Design 139

Privacy and the SDLC 140

System Development Phases 141

System Development Models 142

Integrating Privacy with Business Processes 146

Vulnerability Management 146

Vulnerability Scanning 147

Vulnerability Remediation 147

Data Policies 149

Data Sharing 149

Data Retention 149

Data Destruction 150

Summary 151

Exam Essentials 151

Review Questions 153

Chapter 5 Privacy Operational Life Cycle: Sustain 157

Monitor 158

Monitoring the Environment 159

Monitor Compliance with Privacy Policies 160

Monitor Regulatory Changes 160

Compliance Monitoring 161

Audit 162

Aligning with Audits 163

Audit Focus 164

Summary 167

Exam Essentials 168

Review Questions 170

Chapter 6 Privacy Operational Life Cycle: Respond 175

Data Subject Rights 176

Access 177

Managing Data Integrity 178

Right of Erasure 178

Right to Be Informed 180

Control over Use 180

Complaints 181

Handling Information Requests 181

Incident Response Planning 182

Stakeholder Identification 182

Building an Incident Oversight Team 183

Building the Incident Response Plan 184

Integrating the Plan with Other Functions 187

Incident Detection 187

Security and Privacy Incidents 187

Security Events and Incidents 188

Privacy Incidents 188

Reporting Privacy Incidents 189

Coordination and Information Sharing 190

Internal Communications 191

External Communications 191

Breach Notification 192

Incident Handling 192

Risk Assessment 193

Containment Activities 193

Remediation Measures 194

Ongoing Communications 195

Post- Incident Activity 196

Planning for Business Continuity 198

Project Scope and Planning 200

Business Impact Analysis 204

Continuity Planning 211

Plan Approval and Implementation 213

Summary 218

Exam Essentials 219

Review Questions 221

Appendix Answers to Review Questions 225

Chapter 1: Developing a Privacy Program 226

Chapter 2: Privacy Program Framework 228

Chapter 3: Privacy Operational Life Cycle: Assess 229

Chapter 4: Privacy Operational Life Cycle: Protect 231

Chapter 5: Privacy Operational Life Cycle: Sustain 233

Chapter 6: Privacy Operational Life Cycle: Respond 235

Index 239

IAPP CIPM Certified Information Privacy Manager

    Product form

    £38.00

    Includes FREE delivery

    RRP £47.50 – you save £9.50 (20%)

    Order before 4pm today for delivery by Fri 26 Jun 2026.

    A Paperback / softback by Mike Chapple, Joe Shelley

    1 in stock

      Trusted by thousands of customers. See 2,385+ Customer Reviews

      View other formats and editions of IAPP CIPM Certified Information Privacy Manager by Mike Chapple

      Publisher: John Wiley & Sons Inc
      Publication Date: 07/02/2023
      ISBN13: 9781394153800, 978-1394153800
      ISBN10: 1394153805
      Also in:
      Politics, Philosophy & Society Education / Educational sciences / Pedagogy

      Description

      Book Synopsis


      Table of Contents

      Introduction xvii

      Assessment Test xxvii

      Chapter 1 Developing a Privacy Program 1

      Introduction to Privacy 3

      What Is Privacy? 4

      What Is Personal Information? 5

      What Isn’t Personal Information? 5

      Why Should We Care about Privacy? 8

      Generally Accepted Privacy Principles 9

      Management 10

      Notice 11

      Choice and Consent 11

      Collection 12

      Use, Retention, and Disposal 12

      Access 13

      Disclosure to Third Parties 14

      Security for Privacy 14

      Quality 15

      Monitoring and Enforcement 16

      Developing a Privacy Program 16

      Crafting Vision, Strategy, Goals, and Objectives 17

      Structuring the Privacy Team 20

      Creating a Program Scope and Charter 22

      Privacy Roles 25

      Building Inventories 25

      Conducting a Privacy Assessment 26

      Implementing Privacy Controls 27

      Ongoing Operation and Monitoring 27

      Data Governance 28

      Data Governance Approaches 28

      Data Governance Roles 29

      Access Requirements 29

      Governing Information Processing 31

      Managing the Privacy Budget 31

      Organizational Budgeting 32

      Expense Types 32

      Budget Monitoring 33

      Communicating about Privacy 34

      Creating Awareness 34

      Building a Communications Plan 35

      Privacy Program Operational Life Cycle 36

      Summary 36

      Exam Essentials 37

      Review Questions 38

      Chapter 2 Privacy Program Framework 43

      Develop the Privacy Program Framework 44

      Examples of Privacy Frameworks 44

      Develop Privacy Policies, Procedures, Standards, and Guidelines 51

      Define Privacy Program Activities 52

      Implement the Privacy Program Framework 57

      Communicate the Framework 57

      Aligning with Applicable Laws and Regulations 58

      Develop Appropriate Metrics 78

      Identify Intended Audience for Metrics 79

      Define Privacy Metrics for Oversight and Governance per Audience 80

      Summary 83

      Exam Essentials 84

      Review Questions 86

      Chapter 3 Privacy Operational Life Cycle: Assess 91

      Document Your Privacy Program Baseline 93

      Education and Awareness 94

      Monitoring and Responding to the Regulatory Environment 94

      Assess Policy Compliance against Internal and External Requirements 94

      Data, Systems, and Process Assessment 95

      Risk Assessment Methods 96

      Incident Management, Response, and Remediation 97

      Perform Gap Analysis against an Accepted Standard or Law 97

      Program Assurance 97

      Processors and Third- Party Vendor Assessment 98

      Evaluate Processors and Third- Party Vendors 99

      Understand Sources of Information 99

      Risk Assessment 100

      Contractual Requirements and Ongoing Monitoring 102

      Physical Assessments 102

      Mergers, Acquisitions, and Divestitures 103

      Privacy Assessments and Documentation 105

      Privacy Threshold Analyses (PTAs) 105

      Define a Process for Conducting Privacy Assessments 105

      Summary 108

      Exam Essentials 108

      Review Questions 110

      Chapter 4 Privacy Operational Life Cycle: Protect 115

      Privacy and Cybersecurity 117

      Cybersecurity Goals 117

      Relationship between Privacy and Cybersecurity 118

      Cybersecurity Controls 119

      Security Control Categories 120

      Security Control Types 120

      Data Protection 121

      Data Encryption 121

      Data Loss Prevention 122

      Data Minimization 123

      Backups 124

      Policy Framework 125

      Cybersecurity Policies 126

      Cybersecurity Standards 128

      Cybersecurity Procedures 129

      Cybersecurity Guidelines 130

      Exceptions and Compensating Controls 131

      Developing Policies 133

      Identity and Access Management 133

      Least Privilege 134

      Identification, Authentication, and Authorization 134

      Authentication Techniques 135

      Provisioning and Deprovisioning 137

      Account and Privilege Management 138

      Privacy by Design 139

      Privacy and the SDLC 140

      System Development Phases 141

      System Development Models 142

      Integrating Privacy with Business Processes 146

      Vulnerability Management 146

      Vulnerability Scanning 147

      Vulnerability Remediation 147

      Data Policies 149

      Data Sharing 149

      Data Retention 149

      Data Destruction 150

      Summary 151

      Exam Essentials 151

      Review Questions 153

      Chapter 5 Privacy Operational Life Cycle: Sustain 157

      Monitor 158

      Monitoring the Environment 159

      Monitor Compliance with Privacy Policies 160

      Monitor Regulatory Changes 160

      Compliance Monitoring 161

      Audit 162

      Aligning with Audits 163

      Audit Focus 164

      Summary 167

      Exam Essentials 168

      Review Questions 170

      Chapter 6 Privacy Operational Life Cycle: Respond 175

      Data Subject Rights 176

      Access 177

      Managing Data Integrity 178

      Right of Erasure 178

      Right to Be Informed 180

      Control over Use 180

      Complaints 181

      Handling Information Requests 181

      Incident Response Planning 182

      Stakeholder Identification 182

      Building an Incident Oversight Team 183

      Building the Incident Response Plan 184

      Integrating the Plan with Other Functions 187

      Incident Detection 187

      Security and Privacy Incidents 187

      Security Events and Incidents 188

      Privacy Incidents 188

      Reporting Privacy Incidents 189

      Coordination and Information Sharing 190

      Internal Communications 191

      External Communications 191

      Breach Notification 192

      Incident Handling 192

      Risk Assessment 193

      Containment Activities 193

      Remediation Measures 194

      Ongoing Communications 195

      Post- Incident Activity 196

      Planning for Business Continuity 198

      Project Scope and Planning 200

      Business Impact Analysis 204

      Continuity Planning 211

      Plan Approval and Implementation 213

      Summary 218

      Exam Essentials 219

      Review Questions 221

      Appendix Answers to Review Questions 225

      Chapter 1: Developing a Privacy Program 226

      Chapter 2: Privacy Program Framework 228

      Chapter 3: Privacy Operational Life Cycle: Assess 229

      Chapter 4: Privacy Operational Life Cycle: Protect 231

      Chapter 5: Privacy Operational Life Cycle: Sustain 233

      Chapter 6: Privacy Operational Life Cycle: Respond 235

      Index 239

      Recently viewed products

      © 2026 Book Curl

        • American Express
        • Apple Pay
        • Diners Club
        • Discover
        • Google Pay
        • Maestro
        • Mastercard
        • PayPal
        • Shop Pay
        • Union Pay
        • Visa

        Login

        Forgot your password?

        Don't have an account yet?
        Create account