Chapter 1: Privacy Impact on Business

The Current State of Privacy Concerns
Privacy Incidents Are Increasing
Privacy is a Core Business Issue
Increasing Privacy and Security Threats and Breaches
Privacy Related Laws Impact Business
The Financial Impact of Privacy on Business
Why You Might Be At Risk
What this guide can do for you
Using this guide
Using the Sample Policies and Forms
Balancing Trade-Offs
Need For Competent Advice

Chapter 2: Creating a Privacy Governance Program

Defining Privacy Governance
Why is a Privacy Governance Program Necessary?
You Must Know What to Protect
Protect Your Business; Avoid Privacy Mistakes
Building Your Privacy Governance Program
Develop Your Privacy Governance Program
Establish Privacy Leadership
Protect Privacy within Customer Relationship Management
Establish Privacy Policies and Procedures
Educate all personnel and business partners on privacy requirements
Monitor Security and Privacy Related Laws
Define and document the PII your organization handles and map the data flows
Establish privacy incident response procedures
Create a sanctions policy for non-compliance with privacy policies
Determine Incident Financial Impact
Communicate Leading Practices to Executives

Chapter 3: Defining Personally Identifiable Information

What is Personally Identifiable Information?
Personal Information in the News
How Does the Definition Vary Across the Globe?
Regulatory and Legal Definitions
What Do YOU Consider As Personally Identifiable Information?
Summary of Steps to Identify PII within an Organization

Chapter 4: OECD Privacy Principles

OECD Background and Privacy Principles
The OECD Privacy Principle
Using this guide for OECD compliance
World-wide Laws Constructed Around the OECD Principles
Standard Contractual Requirements
Privacy Principle 1: Collection Limitation Principle
Privacy Principle 2: Data Quality
Privacy Principle 3: Purpose Specification Principle
Privacy Principle 4: Limiting Use, Disclosure and Retention Principle
Privacy Principle 5: Security Safeguards Principle
Privacy Principle 6: Openness Principle
Privacy Principle 7: Individual Participation Principle
Privacy Principle 8: Accountability Principle
Privacy Principle 9: Free Flow of Personal Information and Restrictions

Chapter 5: U.S. Privacy Related Laws

How to Use This Chapter
Background Discussion
Specific Laws to Consider
1) Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act)
2) Children's Internet Protection Act of 2001 (CIPA)
3) Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA)
4) Fair Credit Reporting Act of 1999 (FCRA)
5) Children's Online Privacy Protection Act of 1998 (COPPA)
6) Health Insurance Portability and Accountability Act of 1996 (HIPAA)
7) Telecommunications Act of 1996
8) Electronic Freedom of Information Act of 1996 (E-FOIA)
9) Family Education Rights and Privacy Act of 1974 (FERPA; also know as the Buckley Amendment)
10) Right to Financial Privacy Act of 1978 (RFPA)
11) Privacy Protection Act of 1980 (PPA)
12) Cable Communications Policy Act of 1984 (Cable Act)
13) Electronic Communications Privacy Act of 1986 (ECPA)
14) Computer Security Act of 1987
15) Video Privacy Protection Act of 1988
16) Telephone Consumer Protection Act of 1991 (TCPA)
17) Driver's Privacy Protection Act of 1994
18) Communications Assistance for Law Enforcement Act of 1994 (CALEA)
19) Computer Fraud and Abuse Act of 1986 (CFAA)
20) California Senate Bill 1386 (SB 1386)
21) Fair and Accurate Credit Transactions Act (FACTA) of 2003
22) Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act of 2003
23) Other U.S. Privacy Related Laws

Chapter 6: International Privacy Related Laws

How to Use This Chapter
Background Discussion on International Privacy Laws
Specific Laws to Consider
1) European Union Data Protection Directive of 1998
2) Canada: Personal Information Protection and Electronic Data Act (PIPEDA) of 2000 (Bill C-6)
3) Japan: Personal Information Protection Law
4) Australia: Privacy Act of 1988
5) New Zealand: Privacy Act, May 1993; Privacy Amendment Act, 1993; Privacy Amendment Act, 1994
Other International Laws

Chapter 7: Privacy Enhancing Technologies

How to Use This Chapter
Background
PET 1: Encryption
PET 2: Steganography
PET 3: Platform for Privacy Preferences (P3P)
PET 4: Privacy Seals
PET 5: Blind signatures
PET 6: Biometrics
PET 7: Pseudonymous and Anonymous systems
PET 8: Enterprise Privacy Authorization Language (EPAL)
PET 9: Message Filtering
PET 10: Pop-up Blockers
PET 11: Cookie Managers and Bug Zappers
PET 12: Spyware Management