copyright 2011, IAPP

IT Privacy Certification
Outline of the Common Body of Knowledge (CBK) for The Certified Information Privacy Professional/Information Technology (CIPP/IT)

I.

System Activities that Impact End User Privacy

A. The Information Lifecycle a. Manual processes i. Interaction ii. Data entry Systems i. Operating and file ii. Database iii. Applications iv. Network and data transport v. Web services vi. Client services Data types i. Personally identifiable information (PII) ii. Regulated information (SOX, HIPAA) iii. Credit card information iv. Trade secrets (organization) v. Contractual information (partners, customers)

b.

c.

B. The IT Development Lifecycle a. Privacy i. ii. iii. iv. v. intersections in the development process Release planning Definition Development Validation Deployment

Pease International Tradeport 75 Rochester Avenue. Suite 4 Portsmouth, NH 03801 USA + 603.427.9200 certification@privacyassociation.org

copyright 2011, IAPP

C. Data collection and transfer a. b. Responsibilities of the IT professional Determining data accountability i. Ownership of data ii. Data inventory iii. Degree of data sensitivity Purpose and uses of PII i. PCI regulated data Employee data uses Onward transfers of data i. External parties ii. Storage/transfer media iii. Routine and non-routine transfers Employee data challenges i. Locations and modes ii. Business use of mobile services

c. d. e.

f.

D. Data Security a. Top 20 i. ii. iii. iv. v. Credit i. ii. security risks (SANS) Client-side Server-side Security policy and personnel Application 1. SQL injection Network card information Cardholder data types Application of Payment Card Industry Data Security Standards (PCI DSS)

b.

E.

Data Storage a. Types of storage i. Persistent ii. Transient Location of storage i. Systems ii. Location

b.

F.

Data Processing a. b. Internal processing i. Primary and secondary uses Relationships with third parties i. Global resourcing and outsourcing ii. Vendor management

G. Data Retention and Destruction a. b. c. Period of retention Duplication of records Consistency of policy and practice

Pease International Tradeport 75 Rochester Avenue. Suite 4 Portsmouth, NH 03801 USA + 603.427.9200 certification@privacyassociation.org

copyright 2011, IAPP

H. Data Access and redress a. b. c. d. I. Legal requirements Business rationale Access mechanisms Handling requests

Privacy and System Design a. Applying Fair Information Practice principles i. Collection limitation ii. Data quality iii. Purpose specification iv. Use limitation v. Security safeguards vi. Openness vii. Individual participation viii. Accountability

II.

Data Subject Privacy Expectations and Behaviors

A. Privacy Expectations a. b. The consumer perspective Organizational practices

B. Privacy Responsibility Framework a. b. c. d. User sphere Joint sphere Recipient sphere Engineering issues and responsibilities

C. E-commerce Personalization a. b. End user benefits End user privacy concerns i. Unsolicited marketing ii. Inaccurate inferences iii. Price discrimination iv. Unauthorized account access or data sharing

D. System Monitoring a. Phone-home software

Pease International Tradeport 75 Rochester Avenue. Suite 4 Portsmouth, NH 03801 USA + 603.427.9200 certification@privacyassociation.org

copyright 2011, IAPP

III.

Privacy Protection Mechanisms

A. Privacy by Architecture a. b. c. d. e. f. Addressing data protection gaps Separating profile and transaction data Granularity levels for data collection Limiting common attributes and identifiers Regular or forced deletion of profile data Decentralized privacy architecture

B. Privacy by policy a. b. c. d. Notice and choice Security safeguards Access Accountability i. Audits

C. Identifiability a. b. c. d. Labels that point to individuals Strong and weak identifiers Pseudonymous and anonymous data Degrees of identifiability i. Definition under the EU Directive ii. Privacy stages and system characteristics 1. Identifiable versus identified 2. Linkable versus linked

D. Privacy-enhancing Techniques a. Web security protocols i. Transport Security Layer (TLS) ii. Secure Sockets Layer (SSL) iii. Hypertext Transfer Protocol-Secure (HTTPS) Automated data retrieval Automated system audits Data masking and data obfuscation Data encryption i. Cryptography 1. Crypto design and implementation considerations 2. Application or field encryption 3. File encryption 4. Disk encryption

b. c. d. e.

Pease International Tradeport 75 Rochester Avenue. Suite 4 Portsmouth, NH 03801 USA + 603.427.9200 certification@privacyassociation.org

copyright 2011, IAPP

E.

Privacy-enhancing Tools a. b. c. Limiting or preventing automated data capture Combating threats and exploits Anonymity tools i. Anonymizers ii. Privacy-preserving data mining iii. Applications of anonymity tools 1. Communication and publishing 2. Payment processing 3. Voting and surveying 4. Credentialing 5. Anonymity by Web proxy a. The Tor Anonymity System

IV.

Providing Notice and Choice

A. Types of notice and choice a. b. c. Policy components Means of distribution Explicit and implicit consent

B. Software-based notice and consent a. b. c. Guidelines End user license agreement (EULA) Mechanisms i. Out-of-box ii. Installation time iii. First-run iv. Just-in-time v. Collections and/or transfers of data vi. Online services 1. Redirecting Internet searches and queries 2. Modifying Web browser settings 3. Activating a feature function with system impact 4. Online advertising 5. Software updates 6. Software removal 7. Location-based services vii. Machine-readable privacy policy languages 1. Platform for Privacy Preferences Project (P3P) a. User agents b. Policy assertions c. Deployment 2. Application Preference Exchange Language (APPEL) 3. Enterprise Privacy Authorization Language (EPAL)

Pease International Tradeport 75 Rochester Avenue. Suite 4 Portsmouth, NH 03801 USA + 603.427.9200 certification@privacyassociation.org

copyright 2011, IAPP

V.

Auditing and Enforcing IT Privacy Compliance

A. Data Governance a. Management, control and evaluation frameworks i. ISO/IEC 38500:2008 ii. Control Objectives for Information and Related Technology (COBIT) IT service management frameworks i. Information Technology Infrastructure Library (ITIL) ii. IBM Tivoli Unified Process (ITUP) Industry consortia security frameworks i. Payment Card Industry Data Security Standards (PCI DSS) ii. Health Information Trust Alliance (HITRUST) Security risk and compliance review (SRCR)

b.

c.

d.

B. Audits in the Context of Privacy a. b. Defining the audit Understanding the range of options i. Gap assessments (risk) ii. Legal reviews (compliance) iii. Attestation (third party) Generally Accepted Privacy Principles (GAPP) framework Role of the IT auditor i. Privacy impact assessments (PIA) ii. Control objectives iii. Evidence and documentation iv. Testing and verification IT internal audit i. Working with legal and compliance partners

c. d.

e.

VI.

Implementing Technologies with Privacy Impacts

A. Software as a Service (SaaS) a. Cloud Computing Platforms i. Location considerations ii. Impacts on privacy obligations and protections iii. Legal uncertainty

B. Wireless IDs a. b. Radio Frequency Identification (RFID) Bluetooth devices

C. Location-based services a. b. Global Positioning Systems (GPS) Geographic Information Systems (GIS)

Pease International Tradeport 75 Rochester Avenue. Suite 4 Portsmouth, NH 03801 USA + 603.427.9200 certification@privacyassociation.org

copyright 2011, IAPP

D. Identity and Access Management (IAM) a. b. c. Role-based access control (RBAC) User-based access controls Context of authority i. User to site ii. User to enterprise 1. Multiple enterprises Cross-enterprise authentication and authorization models i. Liberty Alliance Project ii. Open ID Federation iii. Identity Metasystem Architecture

d.

E.

Business Intelligence and Analytics a. b. c. Applications Demand among businesses and governments Risks

Pease International Tradeport 75 Rochester Avenue. Suite 4 Portsmouth, NH 03801 USA + 603.427.9200 certification@privacyassociation.org