Important topics for the CIPP/US exam 2024

In this blog, we’ll cover essential topics for the CIPP/US exam, focusing on State Data Privacy & Security Laws, including the CCPA, as well as other key U.S. privacy developments. These areas are crucial for your exam preparation.

State Data Privacy and Security Laws

As part of the CIPP/US exam blueprint, our guide includes the following legislation:

California Consumer Privacy Act (CCPA) (2018):
The CCPA was one of the pioneering state privacy laws in the United States. It grants California residents certain rights over their personal information, such as the right to know what information is collected about them, the right to request deletion of their information, and the right to opt-out of the sale of their data.

California Privacy Rights Act (CPRA) (2020):
The CPRA builds upon the foundation established by the CCPA and enhances privacy rights for California residents. It introduces new provisions, such as the establishment of the California Privacy Protection Agency (CPPA), which is responsible for enforcing and implementing privacy regulations.

Virginia Consumer Data Protection Act (VCDPA) (2021):
The VCDPA is Virginia’s comprehensive privacy legislation that provides consumers with certain rights regarding their personal information. It requires businesses to implement data protection measures and grants consumers the right to access, correct, delete, and opt-out of the sale of their data.

Colorado Privacy Act (CPA) (2021):
The CPA is Colorado’s privacy law that imposes obligations on businesses handling personal data. It grants consumers the right to access, correct, delete, and opt-out of the sale of their personal information. The law also introduces requirements for businesses to conduct data protection assessments and obtain explicit consent for the processing of sensitive data.

Nevada Privacy Law & Amendment (SB260) (2019/2021):
Nevada’s privacy law and its subsequent amendment focus on providing consumers with the right to opt-out of the sale of their personal information. It requires businesses to establish processes for consumers to exercise their opt-out rights.

Utah Consumer Privacy Act (2022):
The Utah Consumer Privacy Act is Utah’s comprehensive privacy legislation, granting consumers certain rights over their personal information. It requires businesses to implement data protection measures and enables consumers to exercise rights such as access, correction, deletion, and opt-out.

Connecticut Data Privacy Act (CTDPA):
The CTDPA aims to enhance consumer data privacy by introducing comprehensive regulations governing the collection, use, and disclosure of personal information. It establishes individuals’ rights to access, delete, and correct their data, while also imposing data breach notification requirements on organizations. The inclusion of the CTDPA in the CIPP/US exam blueprint reflects the growing importance of privacy regulations in the state of Connecticut.

California Age-Appropriate Design Code Act (A.B. 2273) (2022):
This act focuses on protecting children’s online data and privacy. It mandates that online services designed for children comply with specific age-appropriate privacy standards. It emphasizes the importance of obtaining parental consent for the collection and processing of children’s personal information. The addition of this law highlights the significance of safeguarding the privacy of minors and aligns with the broader efforts to protect children’s data in the digital age.

US Privacy Developments Explored

Within the United States, the absence of overarching federal privacy legislation has given rise to a collection of privacy laws at the state level. This has elevated the importance of staying well-informed about the most recent developments in state-level legislation, particularly for professionals aiming to achieve the Certified Information Privacy Professional/United States (CIPP/US) certification. This article delves into recent shifts in state privacy laws, shedding light on key updates that hold significance for the forthcoming CIPP/US examination.

While not explicitly covered in the examination blueprint, these advancements warrant attention due to their potential relevance for exam readiness:

• California’s Enhanced CCPA Regulations:
  California has solidified additional regulations that expand upon the California Consumer Privacy Act (CCPA). These regulations offer clearer directives regarding compliance obligations, data entitlements, and mandates for businesses governed by CCPA. Remaining well-versed in these regulations proves crucial for privacy professionals operating within California and for entities that handle personal data of California residents.
• Iowa Introduces Comprehensive Consumer Privacy Legislation:
  Iowa has joined the ranks as the sixth state to enact comprehensive consumer privacy legislation. This law bestows certain rights upon consumers regarding their personal information, encompassing access, deletion, and rectification. It also imposes obligations on businesses, necessitating the adoption of reasonable security measures and the provision of privacy notifications. Although not part of the official exam outline, understanding the tenets of this legislation underscores the growing trend of states emphasizing consumer privacy rights.
• Texas Embraces Comprehensive Privacy Legislation:
  Texas has become the tenth state to ratify comprehensive privacy legislation. This law amplifies consumer rights by empowering individuals with control over their personal information. It mandates transparency in data practices, requisites consent for specific usages, and mandates the maintenance of sensible security measures by businesses. While not encompassed within the exam blueprint, this development underscores the escalating significance of privacy regulations spanning diverse states.

While currently not integrated into the exam outline, the following laws are anticipated to take effect in the future and may warrant vigilance:

• Indiana Consumer Data Protection Act (Effective January 1, 2026):
  Scheduled to become operative in 2026, the Indiana Consumer Data Protection Act ushers in comprehensive privacy regulations, demanding businesses to institute reasonable security measures, secure consent for data processing, and confer privacy rights to consumers. This forthcoming legislation exemplifies the sustained momentum of state-level privacy statutes.
• Montana Consumer Data Privacy Act (Effective October 1, 2024):
  Montana has sanctioned the Consumer Data Privacy Act, slated for enactment on October 1, 2024. This legislation confers consumers with rights to access, amend, erase, and opt-out of the sale of their personal information. It also mandates obligations for businesses to safeguard consumer data and to inform individuals of their privacy rights. Privacy experts should track the implementation of this legislation as it harmonizes with the escalating emphasis on consumer rights and data safeguarding.
• Tennessee Information Protection Act (Effective July 1, 2024):
  Effective as of July 1, 2024, the Tennessee Information Protection Act establishes requisites for businesses handling personal information. It mandates the implementation of security measures, stipulates protocols for data breach notifications, and mandates the dissemination of privacy policies to consumers. This act showcases Tennessee’s dedication to reinforcing privacy safeguards and has the potential to feature in future exam blueprints.

In the ever-evolving domain of US state-level privacy legislation, remaining abreast of developments is indispensable for professionals striving for the CIPP/US certification. Recent additions such as the Connecticut Data Privacy Act and the California Age-Appropriate Design Code Act underscore ongoing endeavors to fortify consumer privacy rights. Moreover, developments like the finalization of CCPA regulations in California and the enactment of comprehensive privacy laws in Iowa and Texas underscore the expanding sphere of state-level privacy protection. While not presently integrated into the exam outline, laws in Indiana, Montana, and Tennessee showcase the continuous emergence of fresh privacy legislation. By maintaining awareness of these changes, CIPP/US aspirants can augment their comprehension of the dynamic privacy landscape and aptly prepare for the examination.