CIPP US Privacy Study Part 2

Part 2 of my CIPP/US Privacy Materials

Introduction to U.S. Law and the U.S. Privacy Environment, BoK I

by John Bandler

This is Part 2 of my U.S. Privacy and CIPP/US and privacy learning materials.

Here we cover an introduction to U.S. law and U.S. privacy law, tracking CIPP/US Body of Knowledge (BoK) Domain I. This is the most heavily tested portion of the CIPP/US exam, and one of my favorites because of it's emphasis on basic U.S. law.

A nation of laws that is a democracy needs its citizens to understand basic law. In my years teaching cyberlaw and privacy, I have realized how many people need solid, simply presented materials on basic law, and have developed those over the years.

+ Please excuse some construction disruption as I revamp my webpages and update my CIPP/US privacy study courses. +

To navigate John's CIPP/US pages

• Main (parent) jump off page with links to each part https://johnbandler.com/cippus
  • Previous: Part 1 https://johnbandler.com/cippus/part1
  • This: Part 2
  • Next: Part 3 https://johnbandler.com/cippus/part3/

Topics covered

This is the biggest domain, covering the most ground, and is the most tested. It's one of my favorites because it is solidly at the intersection of cyber and law. Some call that privacy, others call that cyberlaw. Essentially it includes:

• U.S. Legal Framework
  • Branches of government, sources of law, legal concepts
• U.S. Enforcement of Privacy and Cybersecurity Laws
  • Our confusing array of regulators and enforcers, state and federal, liability theories, etc.
• U.S. Information Management
  • Data management principles, incident response, privacy programs and policies and notices, vendor management, international transfers and issues.

My courses

I have created two online courses to help people learn about privacy and prepare for this certification exam.

• My Udemy CIPP/US course was originally geared for lawyers and law students, but many non-lawyers have taken it too. It is on the Udemy learning platform, and you can purchase it for under $20, including with my coupon code.
  • Go direct to my Udemy CIPP/US landing page (don't buy until you check my coupon code)
  • Check here for a coupon code first (if expired ask me to generate another)
• Another course is geared for information security professionals on the Infosec Skills learning platform, a subscription based platform (Infosec Skills was bought by Cengage).

Overall references for CIPP/US

• See my Part 1 course for the overall references and additional reading (including IAPP resources)
• My courses provide priority coverage of important areas. If you want to dig deeper, I provide those resources on where to start.

Part 2 specific references

• See my Part 1 course for the overall references and additional reading (including IAPP resources)
• My courses provide priority coverage of important areas. If you want to dig deeper, I provide those resources on where to start.
• Introductory law, cyberlaw, data law, privacy law from John (I built companion videos which you can watch at bottom of each webpage, or directly at YouTube)
  • Rules, https://johnbandler.com/rules/
  • Law, https://johnbandler.com/law/
    • What is Law (YouTube), https://youtu.be/t0nBK26-5n4
  • Cyberlaw, https://johnbandler.com/cyberlaw/
    • What is Cyberlaw (YouTube), https://youtu.be/lLG3WhY6BHY
  • Data law, https://johnbandler.com/data-law/
    • What is Data law (YouTube), https://youtu.be/thyW3XoGrYg
  • Privacy, https://johnbandler.com/privacy/
    • What is Privacy (YouTube), https://youtu.be/xvdoZNULC-8

• More details on privacy law
  • Introduction to Law (an outline) https://johnbandler.com/introduction-to-law-outline/
  • Cybersecurity Laws and Regulations Part 1, (general legal overview), https://johnbandler.com/cybersecurity-laws-and-regulations-1/
  • Cybersecurity Laws and Regulations Part 2, (listing and brief summary of some laws and regulations),  https://johnbandler.com/cybersecurity-laws-and-regulations-2/
  • FTC Act, https://johnbandler.com/ftc-act/
  • Financial Sector Laws and Regulations, https://johnbandler.com/financial-sector-cyber-laws-regulations/
  • Health Sector Laws and Regulations, https://johnbandler.com/health-sector-laws-and-regulations/
  • Privacy, You, Your Organization, and the New NIST Privacy Framework, https://johnbandler.com/privacy-and-the-new-nist-privacy-framework/
  • Cybersecurity, https://johnbandler.com/cybersecurity/
  • Introduction to Cybersecurity, https://johnbandler.com/introduction-cybersecurity-information-security/
  • Cybersecurity, Privacy, You, and Your Organization, https://johnbandler.com/cybersecurity-privacy-you-and-your-organization/
  • Policies, Procedures, and Governance of an Organization, https://johnbandler.com/policies-procedures-and-governance-of-an-organization/
  • Cyberlaw book resources, https://johnbandler.com/cyberlawbook-resources/
  • Policy book resources, https://johnbandler.com/policiesbook-resources/
  • Policy Checklist, https://johnbandler.com/policy-checklist/
  • Five Components for Policy Work, https://johnbandler.com/five-components-for-policy-work/
  • CIPP/US Certification Privacy Law Compilation, https://johnbandler.com/cipp-us-certification-privacy-law-compilation/

This page is hosted at https://johnbandler.com/cippus/part2. Copyright John Bandler, all rights reserved. No claim to IAPP materials or legal references.

Page posted 3/22/2026, drawing upon my previous materials. This page updated 04/12/2026.