Content Updates for Online Trainings
Between major releases of the IAPP’s online training programs, content updates and corrections will be listed below. Questions? Please contact firstname.lastname@example.org.
European Data Protection:
If you purchased the European Data Protection online training after January 16, 2017, your training will be automatically updated semiannually with content additions and/or revisions.
Fundamentals of Information Privacy:
- Safe Harbor has been found invalid by the European Court of Justice and replaced with Privacy Shield.
- The EU General Data Protection Regulation (GDPR) was adopted in 2016 and will replace the Data Protection Directive when it comes into force in 2018.
- Find comprehensive information on EU Data Protection Reform in the IAPP’s Resource Center.
- The Australian National Privacy Principles (NPPs) were replaced by the Australian Privacy Principles (APPs) in March of 2014. More information on the APPs can be found here
- Slide 21: Unit 1A Review Questions/Discussion
- Question 3 should read, “data processor,” not “data processot.”
- Slide 119: The second item in the diagram that reads “Sender encrypts the data with the recipient’s public key” should read, “Sender encrypts the data with the sender’s public key.”
- Section 4: Health Information Privacy Laws: Additional provinces that require notification to subjects when there’s a healthcare information breach are New Brunswick and Newfoundland and Labrador.
Privacy Program Management
These topics were added to the CIPM exam in 2017. Related articles and some additional detail on each topic are listed below:
- Privacy management in a GDPR context, including principles of Privacy by Design and by Default & The heightened importance of data mapping
- Changes in vendor management obligations
- Increased emphasis on incident response preparation, through tools such as table-top exercises
Privacy in Technology
These topics were added to the CIPT Body of Knowledge in 2017. Related articles and some additional detail on each topic are listed below:
- Common IT frameworks
- COBIT, ITIL, etc.
- Challenges presented by new regulations such as the GDPR
- Recent security incidents and enforcement actions
- Advances in authentication techniques
- Multi-factor authentication techniques (e.g., LaunchKey)
- Domain-Based Message Authentication, Reporting & Conformance (DMARC)
- Blockchain spreading rapidly in the first half of 2017
- Developments in cryptographic protocols (TLS 1.3)
- The Transport Layer Security (TLS) Protocol Version 1.3 (Internet Engineering Task Force)
- TLS 1.3 upgrade already advisable
- Concerns involving recent technologies (GPS tracking, drones, the Internet of Things)
- GPS tracking by apps when not in use (e.g., Uber tracking customer movements post-ride)
- Beacons, smart cars, etc.
- New online threats such as ransomware
U.S. Private-Sector Privacy
- Slide 1 narration update: Since this training was released, the CIPP/US exam has changed from 60 questions to 80-90 questions.
These topics were added to the CIPP/US Body of Knowledge in 2017. Related articles on each topic are listed below:
- Standard contractual clauses and other approved transfer mechanisms
- GDPR requirements [The GDPR and its effect on American organizations)
- The 21st Century Cures Act of 2016
- Confidentiality of Alcohol and Drug Abuse Patient Records
- Video Privacy Protection Act Amendments of 2012 (H.R. 6671)
- The USA Freedom Act of 2015
- The Cybersecurity Information Sharing Act of 2015 (CISA)
- Security procedures and data breach notification laws: recent developments
- Tennessee SB 2005
- Illinois HB 1260
- California AB 2828
- New Mexico HB 15