CIPP/US

Enroll

CIPP/E

Enroll

CIPM

Enroll

CIPT

Enroll

CIPP/US

0%

Table of Contents

TOC

Welcome

incomplete

I. Introduction to the Privacy Landscape

Section A: General Introduction to Privacy Concepts

+

0/5

1. Introduction to Privacy Itself as a Concept

incomplete

2. The Concept of Personal Information

incomplete

a. Identified vs. Identifiable Individuals

b. Sensitive Personal Information

c. The Role of Encryption, Anonymization, and Pseudonymization

d. The Source of Information

e. Data Subjects, Controllers, and Processors

3. Fair Information Practices

incomplete

a. FIPs in the United States

i. Early Adoption of FIPs

ii. The 2012 White House Report

iii. The 2012 FTC Report

b. Examples of FIPs in International Frameworks

i. The Organization of Economic Co-operation and Development (OECD) Guidelines (1980)

ii. The Council of Europe Convention for the Protection of Individuals With Regard to the Automatic Processing of Personal Data (1981)

iii. The Madrid Resolution (2009)

c. Common Themes

i. Individual Data Subject Rights

ii. Organizational Management

4. Sources of Privacy Protection and Privacy Protection Regimes

incomplete

a. Sources of Privacy Protection

b. Privacy Protection Regimes

Section I.A Review

incomplete

Section B: Structure of U.S. Law

+

0/6

1. Branches of the U.S. Government

incomplete

a. Three Branches: Legislative, Executive, and Judicial

b. Checks and Balances

2. Sources of Law

incomplete

a. Constitutional Law

b. Statutory Law

c. Regulations and Administrative Rulemaking

d. Common Law (a/k/a Case Law)

e. Contractual Law

f. International Law

3. Legal Terms and Definitions

incomplete

4. Regulatory Authorities

incomplete

a. Federal Regulatory Authorities

b. State Regulatory Authorities

c. Self-Regulatory Authorities

5. Understanding and Interpreting Laws

incomplete

Section I.B Review

incomplete

Section C: Enforcement of Privacy and Data Security Laws

+

0/6

1. Criminal vs. Civil Enforcement

incomplete

2. Theories of Legal Liability

incomplete

a. Contract Liability

b. Tort Liability

i. Types of Torts

ii. Privacy-Related Torts

c. Civil Enforcement of Statutory Law

d. The Concept of Negligences

3. Administrative Enforcement

incomplete

a. Federal Enforcement Actions

b. State Enforcement Actions

c. The California Privacy Protection Agency

4. Cross-Border Enforcement

incomplete

5. Self-Regulatory Enforcement

incomplete

Section I.C Review

incomplete

Section D: The U.S. Perspective on Information Management

+

0/14

1. Introduction

incomplete

2. Data Assessments

incomplete

a. Data Inventory

b. Data Flow Maps

c. Data Classification

3. Developing a Privacy Program

incomplete

a. Balancing Risks

b. Understanding Organizational Goals

c. Developing Policies

d. The Privacy Operational Life Cycle

4. Managing User Preferences

incomplete

a. Types of User Consent

i. Opt-in Consent

ii. Opt-out Consent

iii. “No Option” Consent

b. Managing User Consent

c. Consumer Access

5. Incident Response Programs

incomplete

a. Information Privacy vs. Information Security

b. The CIA Triad

c. Security Controls

i. Purpose of Controls: Preventative, Detective, and Corrective

ii. Types of Controls: Physical, Administrative, and Technical

d. Causes of Data Breaches

e. Data Breach Incident Response

i. Preliminary Step: Confirm the Breach

ii. Step 1: Secure Operations and Contain the Breach

iii. Step 2: Analyze and Fix Vulnerabilities

iv. Step 3: Notify Appropriate Parties

v. Step 4: Take Proactive Steps to Avoid Future Breaches

6. Workplace Training

incomplete

a. The Importance of Workforce Training

b. Legal Requirements

7. The Accountability Principle

incomplete

8. Data Retention and Destruction

incomplete

9. Online Privacy

incomplete

a. Introduction to Web-Based Concepts

i. How the Internet Works

ii. Internet Protocols and Communication

iii. IP Addresses and the Internet “Phonebook”

iv. Web Servers, Logging, Cache, and Other Concepts

b. Introduction to Web-Based Programming Languages

c. Online Data Collection

d. Third Party Website Interactions

e. Online Security and Cyber Threats

f. The Role of Human Error

g. Consumer Tracking and Online Advertising

i. Tracking Users Across the Internet

ii. Web Cookies

h. Children’s Online Privacy

10. Privacy Notices

incomplete

a. The Legal Implications of a Privacy Notice

b. Updating a Privacy Notice

c. Designing an Effective Privacy Notice

i. Common Elements

ii. Layered Notices

iii. Just-In-Time Notices

iv. Privacy Dashboards

v. Privacy Icons and Visualization Tools

vi. One or Multiple Privacy Notices?

11. Vendor Management

incomplete

a. Vendor Contracts

b. Vendor Selection

c. Vendor Incident Response

d. Cloud Computing Issues

e. Third-Party Data Sharing

12. International Data Transfers

incomplete

a. The Risks of International Data Transfers

b. The Surprise Minimization Rule

c. Data Transfers from the E.U. to the U.S. Under the GDPR

i. Adequacy Decisions with Respect to the U.S.

ii. Appropriate Safeguards

iii. Derogations

iv. The Implications of Schrems II and Transfer Impact Assessments

13. Other Considerations for U.S.-Based Multinational Companies

incomplete

a. Additional GDPR Requirements

i. Individual Data Subject Rights

ii. Organizational Obligations

iii. Breach Notification Requirements

b. The Asia-Pacific Economic Cooperation (APEC) Privacy Framework (2004)

c. Multinational Compliance Conflicts

Section I.D. Review

incomplete

Knowledge Review #1

incomplete

II. Limits on the Private Sector Use of Personal Information

Introduction

incomplete

Section A: Cross-Sector FTC Privacy Regulation

+

0/6

1. Federal Trade Commission Act

incomplete

a. FTC Authority

b. Enforcement Actions

c. Consent Decrees

2. FTC Privacy Enforcement Actions

incomplete

a. Deceptive Trade Practices

b. Unfair Trade Practices

c. Section 18(a)(1)(B) of the FTC Act

3. FTC Security Enforcement Actions

incomplete

4. Children's Online Privacy Protection Act of 1998 (COPPA)

incomplete

a. Scope of COPPA

b. Notice Requirements

c. “Verifiable Parental Consent”

d. Parental Access

e. Internal Procedures

f. Safe Harbor

g. Enforcement

5. The Future of Federal Enforcement

incomplete

Section II.A Review

incomplete

Section B: Healthcare Privacy

+

0/8

1. Introduction

incomplete

2. Health Insurance Portability and Accountability Act of 1996 (HIPAA)

incomplete

a. Scope of HIPAA’s Privacy and Security Rules

b. HIPAA Privacy Rule

i. Limits on Disclosure of PHI

ii. Privacy Notices

iii. Patient Access

iv. Right to Amend

v. Right to Accounting of Disclosures

vi. Administrative Requirements (i.e., Accountability)

c. HIPAA Security Rule

d. Enforcement of the Privacy and Security Rules

e. 2021 HIPAA Safe Harbor Bill

f. Online Tracking Technologies

g. Contact Tracing

3. Health Insurance Technology for Economic and Clinical Health Act of 2009 (HITECH)

incomplete

a. What Constitutes a Data Breach?

b. Data Breach Notice Requirements

c. Additional Amendments to HIPAA

4. Genetic Information Nondiscrimination Act of 2008 (GINA)

incomplete

5. The 21st Century Cures Act of 2016

incomplete

a. Compassionate Sharing of Mental Health and Substance Abuse Information

b. Exemptions for Disclosure from Biomedical Research and “Certificates of Confidentiality”

c. Remote Viewing of PHI by Researchers

d. Prohibition on “Information Blocking”

6. Confidentiality of Substance Use Disorder Patient Records Rule

incomplete

a. The Scope of Part 2

b. Disclosure Restrictions

c. Use Restrictions

d. Administrative Requirements

7. FTC Health Breach Notification Rule

incomplete

Section II.B Review

incomplete

Section C: Financial Privacy

+

0/7

1. Introduction

incomplete

2. Fair Credit Reporting Act of 1970 (FCRA)

incomplete

a. Who and What the FCRA Applies To

b. Regulation of Consumer Reporting Agencies (CRAs)

i. Permissible Purpose

ii. Report Accuracy

iii. Compliance Procedures

iv. Consumer Access

v. Consumer Disputes

c. Regulation of “Users” of Consumer Reports

i. Permissible Purpose

ii. Notice of Adverse Action

iii. Prohibition on Re-Selling

iv. Pre-Screened Lists

d. Regulation of “Furnishers” of Information Used in Consumer Reports

e. Regulation of Companies Extending Credit

f. Investigative Consumer Reports

g. Enforcement and Rulemaking

3. Fair and Accurate Credit Transactions Act of 2009 (FACTA)

incomplete

a. Disposal Rule

b. “Red Flags” Rule

i. Who It Applies To

ii. Developing a “Red Flags” Program

iii. Accountability Provisions

4. Financial Services Modernization Act of 1999 (Gramm-Leach-Bliley Act / GLBA)

incomplete

a. Scope of the GLBA

b. GLBA Privacy Rule

i. Notice Requirements

ii. Disclosure Restrictions and Consumer Choice

iii. Additional Restrictions

iv. Safe Harbor

v. Exceptions to the Privacy Rule

c. GLBA Safeguard Rule

i. Appointment of a Qualified Individual

ii. Conducting Risk Assessments

iii. Implementing Safeguards

iv. Additional Requirements

d. Enforcement and Rulemaking under the GLBA

e. Exemptions Under State Laws for Data Regulated Under the GLBA

5. Dodd-Frank and the Consumer Financial Protection Bureau (CFPB)

incomplete

a. Specific CFPB “Authorities”

i. “Unfair, Deceptive, and Abusive Acts or Practices”

ii. Disclosures

iii. Consumer Access

b. Enforcement Against Covered Persons and Service Providers

6. Online Banking

incomplete

Section II.C Review

incomplete

Section D: Education Privacy

+

0/5

1. Introduction

incomplete

2. Family Education Rights and Privacy Act of 1974 (FERPA)

incomplete

a. Education Records and Exceptions

b. Substantive Policies Under FERPA

i. Right to Access and Review Education Records

ii. Right to Contest Record Accuracy

iii. Rights Regarding Directory Information

iv. Disclosure Restrictions

v. Notice of Rights

c. FERPA Enforcement; Student and Parent Complaints

d. Interplay Between FERPA and HIPAA’s Privacy Rule

3. Protection of Pupil Rights Amendment of 1978 (PPRA)

incomplete

4. Education Technology

incomplete

a. Application of FERPA

b. Application of COPPA

c. Self-Regulation of EdTech

Section II.D Review

incomplete

Section E: Marketing and Telecommunications Privacy

+

0/11

1. Introduction

incomplete

2. Telemarketing Sales Rule (TSR), Telephone Consumer Protection Act of 1991, and the Do-Not-Call Registry

incomplete

a. To Whom and To What the TCPA and the TSR Apply

b. Who May Be Called?

i. Do-Not-Call Registry

ii. TCPA Prohibitions

c. How Calls Can Be Made

i. “Prompt” Oral Disclosures

ii. Required Disclosure of Material Terms

iii. Prohibition on Misrepresentations and Material Omissions

iv. “Express Verifiable Authorization”

v. Call Abandonment Prohibition

vi. Prohibition on Pre-Recorded Messages

vii. Prohibition on Unauthorized Billing

viii. Prohibition on Fraudulent Transactions

ix. Caller-ID Transmission

x. Credit Card Laundering Prohibited

xi. Assisting or Facilitating Violations of the TSR

d. Record-Keeping Requirements

e. Enforcement of Telemarketing Rules

i. Enforcement of the TSR

ii. Enforcement of TCPA

3. Junk Fax Protection Act of 2005 (JFPA)

incomplete

4. Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM) and the Wireless Domain Registry

incomplete

a. Scope of CAN-SPAM

b. Prohibitions Under CAN-SPAM

c. Enforcement

d. Wireless Message Rules

e. Wireless Domain Registry

5. Telecommunications Act of 1996 and Customer Proprietary Network Information (CPNI)

incomplete

a. Limitations on the Use of CPNI

b. Administrative and Technical Safeguards

c. Data Breach Notification Rules

d. Enforcement

6. Cable Communications Policy Act of 1984

incomplete

a. Privacy Notices

b. Prohibition on Collection

c. Prohibition on Disclosure

d. Subscriber Access

e. Data Destruction

f. Enforcement

7. Video Privacy Protection Act of 1998 (VPPA) and Video Privacy Protection Act Amendments of 2012 (H.R. 6671)

incomplete

a. Prohibition on Disclosure

b. Data Destruction

c. Enforcement

8. Driver’s Privacy Protection Act (DPPA)

incomplete

a. Prohibition on Disclosure

b. Exceptions to Disclosure

c. Enforcement

9. Digital Advertising

incomplete

a. Lack of Federal Regulation

b. Self-Regulation of Digital Advertising

10. Data Ethics

incomplete

Section II.E Review

incomplete

Knowledge Review #2

incomplete

III. Government Access to Personal Information

Introduction

incomplete

Section A: Law Enforcement and Privacy

+

0/8

1. Introduction

incomplete

2. Right to Financial Privacy Act of 1978

incomplete

a. When Disclosure is Permitted

i. Customer Authorization

ii. Administrative Subpoena or Summons

iii. Search Warrant

iv. Judicial Subpoena

v. Formal Written Request

b. Obligations Imposed on Financial Institutions

c. Enforcement

3. Bank Secrecy Act of 1970 (BSA)

incomplete

a. Record-Keeping Requirements

b. Reporting Requirements

i. Suspicious Activity Reports (“SARs”)

ii. Additional Reporting Requirements

iii. Enforcement of Reporting Requirements

c. The USA-PATRIOT Act Amendments and the Anti-Money Laundering Provisions

i. Anti-Money Laundering Program Development

ii. “Know Your Customer” Requirements

iii. Prohibition on Correspondent Accounts With Foreign Banks

iv. The Corporate Transparency Act

4. The Fourth Amendment

incomplete

5. The Wiretap Act

incomplete

a. Wire, Oral, and Electronic Communications

b. Court Order Requirement

c. One-Party vs. Two-Party Consent

d. Enforcement

6. Electronic Communications Privacy Act (ECPA)

incomplete

a. The Stored Communications Act (SCA)

i. Prohibition on Obtaining, Altering, or Blocking

ii. Remote Computing Services and Government Access

iii. The CLOUD Act

iv. Enforcement

b. The Pen Register and Trap and Trace Statute

7. Communications Assistance to Law Enforcement Act of 1994 (CALEA)

incomplete

a. Who It Applies To

b. Design Mandate

c. Enforcement

Section III.A Review

incomplete

Section B: National Security and Privacy

+

0/5

1. Introduction

incomplete

2. Foreign Intelligence Surveillance Act of 1978 (FISA)

incomplete

a. The History of FISA and Its Amendments

b. FISA Orders and the Foreign Intelligence Surveillance Court (FISC)

c. Section 215 Orders: Production of “Any Tangible Thing”

d. Section 217: Computer Trespassers

e. Section 702: Persons Outside the United States Other Than United States Persons

f. Secrecy and Transparency Under FISA

3. National Security Letters (NSLs)

incomplete

4. Cybersecurity Information Sharing Act of 2015 (CISA)

incomplete

Section III.B Review

incomplete

Section C: Civil Litigation and Privacy

+

0/4

1. Introduction

incomplete

2. Discovery and E-Discovery

incomplete

a. Discovery Devices

b. Privileges

c. E-Discovery Rules

d. Discovery Conflicts and Foreign Discovery

e. Public Access to Court Records

3. Privacy Protection Act of 1980

incomplete

Section III.C Review

incomplete

Knowledge Review #3

incomplete

IV. Privacy in the Workplace

Section A: Introduction to Workplace Privacy

+

0/4

1. Workplace Privacy Concepts

incomplete

2. U.S. Agencies Regulating Workplace Privacy

incomplete

a. Federal Trade Commission

b. Department of Labor

c. Occupational Safety and Health Administration

d. Equal Employment Opportunity Commission

e. National Labor Relations Board

3. Anti-Discrimination Laws

incomplete

a. Title VII of the Civil Rights Act of 1964

i. Prohibited Discrimination

ii. Enforcement and the EEOC

b. Americans With Disabilities Act (ADA)

i. When it Applies

ii. Congressional Clarification of “Disability”

iii. Determining What Constitutes a “Disability”

iv. Enforcement

c. Genetic Information Nondiscrimination Act of 2008 (GINA)

i. Prohibited Discrimination

ii. Enforcement

Section IV.A Review

incomplete

Section B: Privacy Before, During, and After Employment

+

0/7

1. Automated Employment Decision Tools

incomplete

a. Regulation of Automated Employment Decision Tools

i. Illinois’s Artificial Intelligence Video Interview Act

ii. Maryland HB 1202

iii. New York City Regulation

b. EEOC Guidance

i. ADA Guidance

ii. The iTutorGroup, Inc. Case

2. Employee Background Screening

incomplete

a. Restrictions Under the Fair Credit Reporting Act (FCRA)

b. Methods of Pre-Employment Screening

i. Personality and Psychological Evaluations

ii. Polygraph Testing

iii. Drug and Alcohol Testing

iv. Social Media and Lifestyle Discrimination

3. Employee Monitoring

incomplete

a. Requirements Under the Wiretap Act and the Electronic Communications Privacy Act of 1996 (“ECPA”)

i. Telephone Monitoring

ii. Video Monitoring

iii. Email Monitoring

b. Technology and Specific Types of Monitoring Activity

i. Postal Mail

ii. Location-Based Monitoring

iii. “Bring Your Own Device” and Remote Work

c. Unionized Workforce Issues Concerning Monitoring in the U.S. Workplace

4. Investigating Employee Misconduct

incomplete

a. The Importance of Written Policies

b. The Vail Letter and FACTA Amendments

5. Confidentiality of Employee Health Records

incomplete

a. HIPAA, ADA, and GINA

b. Family Medical Leave Act (“FMLA”)

6. Termination of Employment

incomplete

Section IV.B Review

incomplete

Knowledge Review #4

incomplete

V. State Privacy Laws

Section A: State Laws

+

0/10

1. Federal vs. State Authority

incomplete

a. State "Nexus"

b. State Law as a Compliment to Federal Law

c. Interaction Between State and Federal Law

d. California Privacy Protection Agency (CPPA)

i. The CPPA Board

ii. Agency Functions and Enforcement Actions

2. State Marketing Laws

incomplete

a. Telemarketing

b. Email Marketing

c. Do-Not-Track Mechanisms

3. Financial Data

incomplete

a. Credit History

b. California Financial Information Privacy Act (California SB-1)

c. New York Department of Financial Services (“NYDFS”) Cybersecurity Regulations

4. Data Privacy and Security Laws

incomplete

a. Overview of State Data Privacy and Security Laws

b. Minimum Security Standards

c. The Use of Social Security Numbers

d. Data Destruction Laws

e. Data Broker Laws

f. Cookie and Online Tracking Regulations

5. Data Breach Notification Laws

incomplete

a. Introduction to State Data Breach Notification Laws

b. Key Definitions

i. Covered Entities

ii. Personal Information

iii. Data Breach

c. Notification Requirements

i. Whom to Notify

ii. When to Notify

iii. Notice Contents

iv. How Notice is Provided

d. Exceptions to Notification

e. Penalties, Enforcement, and Data Subject Rights

6. California Data Privacy and Security Laws

incomplete

a. California’s Data Breach Notification Law (SB-1386)

b. California’s Data Security Law (AB-1950)

c. The California Consumer Privacy Act (“CCPA”) and The California Privacy Rights Act (“CPRA”)

i. The Scope of the CCPA

ii. Individual Data Subject Rights

iii. Controller Obligations

iv. California Privacy Protection Agency

v. Enforcement of the CCPA

vi. The Road Ahead

d. The California Age-Appropriate Design Code Act (AB-2273)

7. Additional State Comprehensive Privacy Laws

incomplete

a. Virginia Consumer Data Protection Act (“VCDPA”) (2021)

i. Scope of the VCDPA

ii. Responsibilities of Controllers and Processors

iii. Individual Consumer Rights

iv. Enforcement

b. Colorado Privacy Act (2021)

i. Scope of the CPA

ii. Responsibilities of Controllers and Processors

iii. Data Subject Rights and the Right to Appeal

iv. Enforcement

c. Utah Consumer Privacy Act (2022)

d. Connecticut Personal Data Privacy and Online Monitoring Act (2022)

e. Iowa Consumer Data Protection Act (2023)

8. Recent Developments: State Privacy and Data Security Laws

incomplete

a. Facial Recognition and Biometric Data Regulation

i. Illinois Biometric Information Privacy Act (BIPA)

ii. Texas Capture or Use of Biometric Identifier Act (CUBI)

iii. Washington Biometric Privacy Law (2017)

b. Additional State Privacy Laws

i. California Electronic Communications Privacy Act (2015)

ii. Delaware Online Personal Privacy Protection Act (2016)

iii. Nevada Privacy of Information Collected on the Internet From Consumers Act – SB 538 (2017), SB 220 (2019), and SB 260 (2021)

iv. Illinois Geolocation Privacy Protection Act and the Right to Know Act (2017)

v. New Jersey Personal Information and Privacy Protection Act (2017)

vi. New York’s SHIELD Act

vii. Illinois Student Online Personal Protection Act (“SOPPA”)

9. Recent Developments: State Data Breach Notification Laws

incomplete

a. Tennessee SB 2005 (2016)

b. Illinois HB 1260

c. New Mexico HB 15

d. South Dakota Data Breach Law

e. Massachusetts HB 4806

Section V.A Review

incomplete

Knowledge Review #5

incomplete

Conclusion

incomplete

Full Exam #1

incomplete

Full Exam #2

incomplete

Introduction to Privacy Itself as a Concept

The word “privacy” has many different meanings. It has been defined, for example, as “[t]he quality, state, or condition of being free from public attention to intrusion into or interference with one’s acts or decisions.”1 As far back as 1890, future Supreme Court Justice Louis D. Brandeis put it more succinctly: he said that privacy is, simply, the “right to be let alone.”2 Privacy can also be thought of in terms of the interests that it seeks to protect, including the individual interest in avoiding public disclosure of private matters and the interest in being afforded the ability to independently make certain kinds of decisions.3

The alternative ways in which one can define privacy are important for understanding how the concept of privacy is used throughout the legal and regulatory landscape. The protection of individual privacy is infused throughout American law; it is incorporated into a broad range of statutes and regulations, at both the state and federal levels. The State of California has even incorporated the protection of individual privacy into its state constitution. Article 1, Section 1 of the California Constitution reads: “All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy.”4

In the United States, legal protections over private information are commonly referred to as “data privacy” or “information privacy” laws. In other countries, and in particular throughout the European Union, legal protections are commonly referred to as “data protection” laws.

In order to understand privacy—and the various ways in which it is used in the law—it can be helpful to think in terms of four broad categories: (1) information privacy; (2) bodily privacy; (3) communication privacy; and (4) territorial privacy.5

Information Privacy

Information Privacy refers to the collection and handling of personal information.6

Bodily Privacy

Bodily Privacy refers to the protection of the physical body from intrusion.7

Communication Privacy

Communication Privacy includes the protection of written, oral, and electronic correspondence.8

Territorial Privacy

And, finally, Territorial Privacy refers to the protection of one’s environment, such as one’s home or place of employment.9

To some extent, each of these interests is protected under law. For example, the Employee Polygraph Protection Act of 1988 (“EPPA”)10 prohibits employers from forcing employees to take a lie detector test in most cases. This can be thought of as protecting an employee’s bodily privacy. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) protects information privacy by placing restrictions on the disclosure of “protected health information.”11 Both of these statutes, and many others, are discussed later in this study guide. For now, however, it is important to understand that the concept of privacy has many different components and many different meanings.

Exercise 1: Categories of Privacy Protection
Question 1

The Federal Wiretap Act's prohibition on intercepting wire or oral correspondence without the knowledge of the individuals being eavesdropped upon protects what type of privacy interest?

incorrect

A

Information Privacy

incorrect

B

Bodily Privacy

correct

C

Communication Privacy

incorrect

D

Territorial Privacy

Question 2

The Americans With Disabilities Act's prohibition on most forms of pre-employment medical examinations protects what type of privacy interest?

incorrect

A

Information Privacy

correct

B

Bodily Privacy

incorrect

C

Communication Privacy

incorrect

D

Territorial Privacy

Question 3

The Cable Communication Policy Act of 1984's prohibition on disclosing personally identifiable data on customers without consent protects what type of privacy interest?

correct

A

Information Privacy

incorrect

B

Bodily Privacy

incorrect

C

Communication Privacy

incorrect

D

Territorial Privacy

Question 4

The Children's Online Privacy Protection Act's requirement to obtain "verifiable parental consent" prior to processing the personal data of a child protects what type of privacy interest?

correct

A

Information Privacy

incorrect

B

Bodily Privacy

incorrect

C

Communication Privacy

incorrect

D

Territorial Privacy

Question 5

The Fourth Amendment's requirement that police obtain a warrant prior to searching a suspect's house protects what type of privacy interest?

incorrect

A

Information Privacy

incorrect

B

Bodily Privacy

incorrect

C

Communication Privacy

correct

D

Territorial Privacy

Question 6

The 21st Century Cures Act exempted from disclosure information related to biomedical research; this protects what type of privacy interest?

incorrect

A

Information Privacy

correct

B

Bodily Privacy

incorrect

C

Communication Privacy

incorrect

D

Territorial Privacy

Question 7

The prohibition on disclosing student records under the Family Education Rights and Privacy Act protects what type of privacy interest?

correct

A

Information Privacy

incorrect

B

Bodily Privacy

incorrect

C

Communication Privacy

incorrect

D

Territorial Privacy

Question 8

The Telemarketing Sales Rule's limitation on when telemarketing calls can be made protects what type of privacy interest?

incorrect

A

Information Privacy

incorrect

B

Bodily Privacy

correct

C

Communication Privacy

incorrect

D

Territorial Privacy

Question 9

Title II of the Genetic Information Nondiscrimination Act of 2008 prohibits employment discrimination on the basis of a person's genetic information. This protects what type of privacy interest?

incorrect

A

Information Privacy

correct

B

Bodily Privacy

incorrect

C

Communication Privacy

incorrect

D

Territorial Privacy

Question 10

The prohibition on the disclosure of personally identifiable information by video tape service providers under the Video Privacy Protection Act of 1988 protects what type of privacy interest?

correct

A

Information Privacy

incorrect

B

Bodily Privacy

incorrect

C

Communication Privacy

incorrect

D

Territorial Privacy

Submit

Next

Key Points
  • Privacy can have many meanings
  • There are four broad categories of privacy:
  • (1) Information privacy
  • (2) Bodily privacy
  • (3) Communication privacy
  • (4) Territorial privacy
Sources

+

1. Privacy, Black’s Law Dictionary (11th ed. 2019).

2. Samuel D. Warren & Louis D. Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890).

3. Whalen v. Roe, 429 U.S. 589, 599-600 (1977).

4. Cal. Const. art. I, § 1.

5. David Banisar and Simon Davies, Global Trends in Privacy Protection” An International Survey of Privacy, Data Protection, and Surveillance Laws and Developments, 18 J. Marshall J. Computer & Info. L. 1, 6 (1999).

6. David Banisar and Simon Davies, Global Trends in Privacy Protection” An International Survey of Privacy, Data Protection, and Surveillance Laws and Developments, 18 J. Marshall J. Computer & Info. L. 1, 6 (1999).

7. David Banisar and Simon Davies, Global Trends in Privacy Protection” An International Survey of Privacy, Data Protection, and Surveillance Laws and Developments, 18 J. Marshall J. Computer & Info. L. 1, 6 (1999).

8. David Banisar and Simon Davies, Global Trends in Privacy Protection” An International Survey of Privacy, Data Protection, and Surveillance Laws and Developments, 18 J. Marshall J. Computer & Info. L. 1, 6 (1999).

9. David Banisar and Simon Davies, Global Trends in Privacy Protection” An International Survey of Privacy, Data Protection, and Surveillance Laws and Developments, 18 J. Marshall J. Computer & Info. L. 1, 6 (1999).

10. 29 U.S.C. § 2002.

11. 45 C.F.R. §§ 160.103.45, 164.502(a).

Previous

Next