Chief Privacy Officer Program

This module explores the ethical and professional obligations of privacy specialists under the ABA Model Rules and California Rules of Professional Conduct. Participants will examine duties of competence, confidentiality, and loyalty, as well as emerging ethical challenges posed by AI and new technologies. Practical strategies for safeguarding client data and managing conflicts will be emphasized, as well as data practices such as data mapping and minimization.

Key Topics:

• ABA Model Rules and California Rules of Professional Conduct
• Ethical duties in privacy and AI contexts
• Conflicts, confidentiality, and regulatory compliance

This module provides a deep dive into the foundational principles of privacy law and AI governance. It covers notice, transparency, fairness, and accountability, along with frameworks such as the EU AI Act and U.S. regulatory approaches. Participants will learn how to mitigate algorithmic bias and design ethical AI systems aligned with global standards.

Key Topics:

• Notice, transparency, fairness, and accountability
• AI governance under the EU AI Act and U.S. frameworks
• Ethical design and algorithmic bias mitigation

This module addresses legal and practical considerations in collecting personal data. Topics include different notice-at-collection requirements, including CCPA and GDPR, lawful bases for processing, and special protections for children’s data. Participants will also explore evolving consent standards, third-party data sourcing, new and emerging data broker laws, and enforcement trends impacting data collection practices.

Key Topics:

• Notice at collection (CCPA, GDPR)
• Data minimization and lawful basis for processing
• Special rules for children’s data (COPPA, UK’s Appropriate Design Code)

This module examines how organizations use personal information within legal and ethical boundaries. It covers controller versus processor roles, purpose limitation, and opt-out rights, as well as restrictions on automated decision-making and profiling. Participants will gain insights into balancing legitimate business purposes with privacy protections and explore the complex interconnections between privacy rights and freedom of speech.

Key Topics:

• Controller vs. processor roles
• Purpose limitation, right to correct, and opt-out rights
• Automated decision-making and profiling restrictions

This module focuses on safeguarding sensitive data and ensuring compliance with security regulations such as HIPAA, GLBA, and state breach notification laws. Participants will learn best practices for encryption, access control, incident response,
and cybersecurity governance, including strategies for preventing and managing data breaches.

Key Topics:

• Sensitive data handling (HIPAA, GLBA, DOJ Cybersecurity Program)
• Breach notification laws and incident response
• Critical infrastructure and government data protections

This module explores the complex landscape of data sharing and monetization. It addresses sale and share definitions under new U.S. state laws, such as CCPA/CPRA, opt-out mechanisms, and universal preference signals, as well as compliance with data broker laws. Participants will also examine cross-border data transfers and obligations when sharing data with government agencies or third parties, including the new DOJ Data Security Program with prohibitions on data sharing with Countries of Concern.

Key Topics:

• Sale/share definitions under CCPA and CPRA
• Opt-out mechanisms and universal preference signals
• Data broker laws in Vermont and California
• DOJ Data Security Program

This module surveys emerging technologies and their privacy implications, including AI, biometrics, blockchain, and decentralized systems. Participants will analyze legal frameworks governing these technologies, platform liability issues, and strategies for mitigating risks associated with innovation. The discussion will include practical considerations for privacy compliance in rapidly evolving tech environments.

Key Topics:

• Privacy challenges in decentralized systems
• Biometric and genetic privacy laws (BIPA, GINA)
• AI model governance and risk tiering under EU AI Act
• Specific legal issues relating to platform liability
• Unfair and Deceptive Practices Relating to Technology GTM