u.s. corporate privacy certification · 2012. 2. 14. · preparation –in addition to other...

copyright © 2011, IAPP

92

U.S. Corporate Privacy Certification

Bibliography of Recommended Reading

Introduction

The IAPP and its certification advisory board compiled the following list of books, periodicals, white

papers, reports and Web sites for the purpose of furthering education in information privacy. These

selections support the Certified Information Privacy Professional (CIPP) credentialing program which

assesses candidates’ understanding of information privacy laws and practices that apply primarily to the

U.S. private sector.

The CIPP Bibliography is divided into three sections:

(1) Core Subject Matter Areas: Selections that address one or more of the topics covered under the

CIPP program;

(2) Supplemental Privacy Topics: Privacy and security-related publications that augment the core

study selections; and,

(3) Web-based Privacy Resources. General references for information privacy that are available

online.

Who Should Review

• Certification Candidates: The selections in the bibliography address a number of information

privacy and information security concepts and issues. They are not expressly required for your

CIPP exam preparation. However, they are recommended as supplements to your exam

preparation –in addition to other educational products such as the IAPP certification training

workshops (on-site and DVD versions). The IAPP strongly suggests that you incorporate

supplemental reading into your regimen for exam preparation based on your individual needs.

• Certified Professionals (current CIPP credential holders): Each of the items listed in this

bibliography may be applied toward the continuing privacy education (CPE) requirements

mandated under your credential. Upon submission to the IAPP for approval, credits will be

awarded based on a formula where 50 pages of written text = 1 CPE credit. Simply tally the

total number of pages from your selection and submit for approval using the authorization form

available at http://www.privacyassociation.org.

IMPORTANT: You must include photocopies of both the cover and inside table of contents of the

selection(s) you submit for CPE consideration.


93

Core Subject Matter Areas

ALL CIPP Course Sections

• Bermann, Sol and Swire, Peter P., Information Privacy: Official Reference for the Certified

Information Privacy Professional (CIPP) (IAPP Publications).

• Eisenhauer, Margaret P., The IAPP Information Privacy Case Book: A Global Survey of

Privacy and Security Enforcement Actions with Recommendations for Reducing Risks (IAPP

Publications)

(Please review the official CIPP curriculum outline for specific guidance on chapter selection

for these titles)

CIPP Section One: U.S. Corporate Privacy Law and Compliance

(See also: “U.S. Information Privacy Statutes”, “International Data Protection Laws” and

“Organizations” under Web-based Resources, listed further below)

• Cate, Fred H., Privacy in the Information Age (Brookings Institution Press)

• Everett-Church, Ray, Lawrence, David, Levine, John R. and Stebben, Gregg, Internet Privacy

for Dummies (Wiley)

• Feni, Lori and Jennings, Charles, The Hundredth Window: Protecting Your Privacy and

Security in the Age of the Internet (Free Press)

• Hancock, William A., Corporate Counsel’s Guide to Privacy (Business Laws Inc.)

• Schwartz, Paul M. and Solove, Daniel, Information Privacy: Statutes and Regulations

(Wolters Kluwer Law & Business)

• Serwin, Andrew B., Information Security and Privacy: A Practical Guide to Federal, State and

International Law (Thomson West)

• Smith, Robert Ellis, Compilation of State and Federal Privacy Laws (Privacy Journal)

• Wolf, Christopher, Proskauer on Privacy: A Guide to Privacy and Data Security Law in the

Information Age (Practicing Law Institute)

CIPP Section Two: U.S. Corporate Privacy Practices

• Cassilly, Lisa H. and Draper, Clare, Privacy in the Workplace: A Guide for Attorneys and HR

Professionals (Pike & Fischer, Inc.)

• Shilling, Dana, A Complete Guide to Human Resources and the Law (Aspen Publishers, Inc.)


94

Supplemental Privacy Topics

Privacy Fundamentals

• Cady, Glee Harrah and McGregor, Pat, Protect Your Digital Privacy: Survival Skills for the

Information Age (Que Press)

• Etzioni, Amitai, The Limits of Privacy (Basic Books)

• Smith, Derek, A Survival Guide in the Information Age (Longstreet Press)

• Smith, Robert Ellis, Ben Franklin's Web Site: Privacy and Curiosity from Plymouth Rock to

the Internet (Privacy Journal)

Children’s Privacy

• Aftab, Perry, The Parents Guide to Protecting Your Children in Cyberspace (McGraw Hill)

• Kehoe, Brendon and Mixon, Victoria, Children and the Internet (Prentice Hall)

Privacy and Financial Services

• The Competitive Enterprise Institute, The Future of Financial Privacy: Private Choices Versus

Political Rules (CEI)

• Litan, Robert, Staten, Michael and Wallison, Peter J, Financial Privacy, Consumer Prosperity

and the Public Good (AEI-Brookings Joint Center for Regulatory Studies)

Privacy and Marketing

• Brondmo, Hans-Peter, The Engaged Customer (Harper Business)

• Freeman, D. Reed, and Hughes, J. Trevor, Privacy Law and Marketing (CCH-Wolters Kluwer)

• Garfinkel, Simson, Database Nation: The Death of Privacy in the 21st Century (O’Reilly)

• Godin, Seth, Permission Marketing (Simon and Schuster)

• Peppers, Don and Rogers, Martha, The One to One Fieldbook (Currency/DoubleDay)


95

Privacy and Operations

• American Institute of Certified Public Accountants, Understanding and Implementing Privacy

Services (AICPA)

• Canadian Information and Privacy Office, Privacy Impact Assessment: A User’s Guide

(Information and Privacy Office, Ontario, Canada)

• Cavoukian, Ann, Ph.D. and Hamilton, Tyler J., The Privacy Payoff: How Successful Business

Build Customer Trust

• Frye, Curtis, Privacy-enhanced Business: Adapting to the Online Environment (Quorum

Books)

• Herold, Rebecca (Editor), The Privacy Papers: Managing Technology, Consumer, Employee

and Legislative Actions (Auerbach)

• Shaw, Paul, E-Business Privacy and Trust: Planning and Management Strategies (John Wiley

& Sons)

Privacy and Public Policy

• Alderman, Ellen and Kennedy, Caroline, The Right to Privacy (Vintage Books)

• Armacst, Michael H. and Cate, Fred H., Privacy in the Information Age (Brookings Institution

Press)

• Banisar, David and Schneier, Bruce, The Electronic Privacy Papers: Documents on the Battle

for Privacy in the Age of Surveillance (John Wiley & Sons)

• Banisar, David and Laurant, Cedric, Privacy and Human Rights 2003: An International

Survey of Privacy Laws and Developments (Electronic Privacy Information Center and

Privacy International)

• Harper, Jim, Identity Crisis: How Identification is Overused and Misunderstood (Cato

Institute)

• O’Harrow, Robert, No Place to Hide: Behind the Scenes of Our Emerging Surveillance Society

(Free Press)

• Ridley, Matt, The Origins of Virtue (Penguin)

• Rosen, Jeffrey, The Unwanted Gaze : The Destruction of Privacy in America (Random House)

• Rosen, Jeffrey, The Naked Crowd (Random House)

• Smith, Derek, Risk Revolution: Real Threats Facing America and the Promise of Technology

for a Safer Tomorrow (Longstreet Press)


96

Web-based Privacy Resources

Privacy and Infosecurity Organizations

• American Institute of Certified Public Accountants (“AICPA”):

http://infotech.aicpa.org/Resources/Privacy/

• Asia Pacific Economic Cooperation (“APEC”) Electronic Commerce Steering Group:

http://www.apec.org/apec/apec_groups/som_special_task_groups/electronic_commerce.ht

ml

• Better Business Bureau / BBB Online: www.bbbonline.org/privacy/index.asp

• Center for Democracy and Technology (“CDT”): www.cdt.org/resourcelibrary/Privacy/Misc/

• Center for Information Policy Leadership at Hunton & Williams (“CIPL”):

http://www.hunton.com/Resources/Sites/general.aspx?id=45

• Direct Marketing Association (“DMA”): www.the-dma.org

• Electronic Privacy Information Center (“EPIC”): www.epic.org

• Information Systems Audit and Control Association (“ISACA”): www.isaca.org

• International Association of Privacy Professionals (“IAPP”): www.privacyassociation.org

• Organization for Economic Development and Cooperation (“OECD”):

http://www.oecd.org/topic/0,2686,en_2649_34255_1_1_1_1_37441,00.html

• Network Advertising Initiative (“NAI”): www.networkadvertising.org

• Privacilla: www.privacilla.org

• Privacy Council: www.privacycouncil.com

• Privacy Exchange: www.privacyexchange.org

• Privacy Foundation: www.privacyfoundation.org

• Privacy International: www.privacyinternational.org

• Privacy Journal: www.privacyjournal.net

• Privacy Laws and Business: www.privacylaws.com/

• Privacy Law Institute (“PLI”): www.pli.org

• Privacy Rights Clearinghouse: www.privacyrights.org

• TRUSTe: www.truste.org

• World Wide Web Consortium (W3C): www.w3.org


97

Privacy Principles and Standards

• American Institute of Certified Public Accountants (“AICPA”) in collaboration with the

Canadian Institute of Chartered Accountants (“CICA”), “Generally Accepted Privacy

Principles (“GAPP”) – A Global Privacy Framework”:

http://infotech.aicpa.org/Resources/Privacy/Generally+Accepted+Privacy+Principles

• Asia Pacific Economic Cooperation (“APEC”), “The APEC Privacy Principles”:

http://www.apec.org/apec/apec_groups/som_special_task_groups/electronic_commerce.ht

ml

• Commission Nationale de l’Informatique et des Libertes (“CNIL”), guidelines on the

implementation of whistle-blowing systems:

http://www.cnil.fr/fileadmin/documents/uk/CNIL-recommandations-whistleblowing-VA.pdf

• Control Objectives for Information and Related Technology (“COBIT”): www.isaca.org/cobit

• National Institute for Standards and Technology (“NIST”): www.nist.gov

• The Network Advertising Initiative (“NAI”), “The NAI Self-regulatory Principles”:

http://www.networkadvertising.org/industry/principles.asp

• Open Web Application Security Project (“OWASP”): www.owasp.org

• Organization for Economic Cooperation and Development (“OECD”) “Guidelines on the

Protection of Privacy and Transborder Flows of Personal Data”:

http://www.oecd.org/document/20/0,2340,en_2649_34255_15589524_1_1_1_1,00.html

U.S. Information Privacy Statutes

• California’s data breach notification law; Senate Bill 1386 (“SB 1386”):

http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-

1400/sb_1386_bill_20020926_chaptered.html

• Children’s Internet Protection Act of 2001 (“CIPA”):

http://ftp.fcc.gov/cgb/consumerfacts/cipa.html

• Children’s Online Privacy Protection Act of 1998 (“COPPA”): www.ftc.gov/ogc/coppa1.htm

• Communications Assistance for Law Enforcement Act of 1994 (“CALEA”):

http://www.askcalea.net/calea.html

• Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (“CAN-

SPAM”): http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.htm

• Fair and Accurate Credit Transactions Act of 2003 (“FACTA”):

http://www.ftc.gov/os/statutes/fcrajump.htm

• Federal Trade Commission Act (“FTCA”): http://www.fda.gov/opacom/laws/ftca.htm (See:

Section 5 on unfair and deceptive trade practices)

• Driver’s Privacy Protection Act of 1994 (“DPPA”):

http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002721----000-.html

• Fair Credit Reporting Act of 1999 (“FCRA”): http://www.ftc.gov/os/statutes/031224fcra.pdf


98

• Family Education Rights and Privacy Act of 1974 (“FERPA”):

http://www.ed.gov/policy/gen/guid/fpco/ferpa/index.html

• Financial Services Modernization Act of 1999 (“Gramm-Leach-Bliley” or “GLBA”):

http://www.ftc.gov/privacy/privacyinitiatives/glbact.html

• Privacy Act of 1974: http://www.usdoj.gov/oip/privstat.htm

• Privacy Protection Act of 1980 (“PPA”):

http://www4.law.cornell.edu/uscode/html/uscode42/usc_sec_42_00002000--aa000-.html

• Safe Web Act of 2006, bill S.1608: http://thomas.loc.gov/cgi-bin/bdquery/z?d109:s.1608

• Telecommunications Act of 1996: http://www.fcc.gov/telecom.html

• Telephone Consumer Protection Act of 1981 (“TCPA”):

http://www.fcc.gov/cgb/consumerfacts/tcpa.html

• Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and

Obstruct Terrorism Act of 2001; H.R. 3162 (“USA-PATRIOT”): http://thomas.loc.gov/cgi-

bin/bdquery/z?d107:h.r.03162.

• Video Privacy Protection Act of 1988:

http://www4.law.cornell.edu/uscode/html/uscode18/usc_sec_18_00002710----000-.html