a. Branches of government

b. Sources of law

i. Constitutions

ii. Legislation

iii. Regulations and rules

iv. Case law

v. Common law

vi. Contract law

c. Legal definitions

i. Jurisdiction

ii. Person

iii. Preemption

iv. Private right of action

d. Regulatory authorities

i. Federal Trade Commission (FTC)

ii. Federal Communications Commission (FCC)

iii. Department of Commerce (DoC)

iv. Department of Health and Human Services (HHS)

v. Banking regulators

1. Federal Reserve Board

2. Comptroller of the Currency

vi. State attorneys general

vii. Self-regulatory programs and trust marks

e. Understanding laws

i. Scope and application

ii. Analyzing a law

iii. Determining jurisdiction

iv. Preemption

a. Criminal versus civil liability

b. General theories of legal liability

i. Contract

ii. Tort

iii. Civil enforcement

c. Negligence

d. Unfair and deceptive trade practices (UDTP)

e. Federal enforcement actions

f. State enforcement (Attorneys General (AGs), etc.)

g. Cross-border enforcement issues (Global Privacy Enforcement Network (GPEN))

h. Self-regulatory enforcement (PCI, Trust Marks)

a. Data sharing and transfers

i. Data inventory

ii. Data classification

iii. Data flow mapping

b. Privacy program development

c. Managing User Preferences

d. Incident response programs

i. Cyber threats (e.g. ransomware)

e. Workforce Training

f. Accountability

g. Data retention and disposal (FACTA)

h. Online Privacy

i. Privacy notices

j. Vendor management

i. Vendor incidents

ii. Cloud issues

k. International data transfers

i. U.S. Safe Harbor and Privacy Shield

ii.Binding Corporate Rules (BCRs)

iii. Standard Contractual Clauses

iv. Other approved transfer mechanisms

l. Other key considerations for U.S.-based global multinational companies

i. GDPR requirements

ii. APEC privacy framework

m. Resolving multinational compliance conflicts

i. EU data protection versus e-discovery