An Overview Of Changes In The 3rd Edition Of The Privacy Program Management Textbook
The previous post introduced the new structure of the CIPM textbook at the chapter level. In this post the specific additions and adjustments in each of the chapters of the textbook are elaborated. Below is the chapter organization comparison as a recap:
General updates include additional discussions/content added and new statistical data where new reports are available (Poneman, IAPP-EY Governance Report, Verizon Report, Wombat, etc.). New references were added that were largely removed in the last edition. As mentioned in the previous post, the chapters were reorganized to better support the BOK and privacy operational life cycle content. In some areas content was consolidated.
Chapter 1 – Introduction to Privacy Program Management
The section 1.6 – “Awareness, Alignment and Involvement” was renamed to “Championing Privacy”.
Chapter 2 – Privacy Governance
The section 2.1 Create an Organizational Privacy Vision and Mission Statement, has new examples for vision and mission statements.
Sections 2.3 through 2.6 have been reshuffled. 2.3 is now “Develop a Privacy Strategy”, which was section 2.6 in the 2nd edition. The smaller section 2.7 Structure the Privacy Team, and section 2.8 Governance Models were merged into one consolidated section 2.7. The following pictures depicts the changes in chapter 2.
2.4.3 Privacy Program Management Solutions which introduces the Privacy by Design (PbD) concept is now included in the 2.5.1 Principles and Standards section.
Chapter 3 – Applicable Privacy Laws and Regulations
References of new privacy regulations around the world added throughout the book where appropriate including LGPD, CCPA, CPRA, Colorado, Nevada, Canada, Latin America (LGPD), East Asia (including China, South Korea, Japan, Malaysia, Singapore, and Thailand), New Zealand and Australia.
The section “3.4 Commonalities of International Privacy Laws” has been removed but it is ideal to know the commonalities between each of these major laws. For instance, requirements for ensuring individual rights (i.e., access, correction and deletion), and obligations are common.
Chapter 4 – Data Assessments
Chapter 4 has three major additions – 4.1 Data Governance, 4.4.6 Assessing Artificial Intelligence, 4.6.1 Assessing Cloud Computing Vendors, and 4.6.3 Assessing Vendors under the CCPA. All these new additions are relevent to the changing privacy landscape.
Chapter 5 – Protecting Personal Information
This was the chapter 8 in the old version and covers the privacy by design concept. Under the section “5.4.4 Information Security Standards and Guidelines”, a list of NIST Guidelines were included in addition to the ISO standards that were previously there. No other major additions were made except for minor expansions to few sub-sections.
Chapter 6 – Policies
As discussed earlier, this chapter 5 in the 2nd edition is now chapter 6. As with other chapters, content was expanded in some sections with additional references. The sections 6.7.2 Developing a Vendor Contract, and 6.7.3 Vendor Risk Management now have additional content.
Chapter 7 – Monitoring and Auditing Program Performance
No major changes were made to this chapter. A new sub section 7.2.14 Training Data was added that discusses the importance of gathering data to boost employee engagement.
Chapter 8 – Training and Awareness
The chapter includes some additional content but notably revised the methods listed in section 8.8 Training and Awareness Methods.
Chapter 9 – Data Subject Rights
Sections on the CCPA, and Virginia’s CDPA and other recently enacted privacy laws have been included. These are sections 18.104.22.168 and 22.214.171.124 respectively. Section 9.5.7 Right to Restriction of Processing and section 9.5.8 Right to Data Portability has new content referencing GDPR articles. “Section 9.8.1 Data Subject Rights Outside the United States and Europe” has been expanded to cover additional country specific changes that occurred in the recent times.
Chapter 10 – Data Breach Incident Plans
This probably is the chapter with least number of changes overall.
Our team at Cyrvana created a two page document that provides and overview of the CIPM content. Many of our trainees find it very helpful and we call it “CIPM On A Page” (well two pages actually!). Please download it and good luck with your CIPM exam!