Determann appropriately notes in his introduction to the fourth edition of Field Guide to Data Privacy Law: the conscious omission of “[f]ootnotes with citations in ‘Bluebook format’ . . . this book is for use in the field, not in a library.” Indeed, Determann's work is far from academic in nature; rather, this small volume is filled with practical guidance and considerations for professionals tasked with guarding personal data.

Determann begins by defining key concepts and terms in data privacy law, carefully highlighting terms that are frequently misused or conflated, for example: what is the difference between a Privacy Officer and a Data Protection Officer or between a data processor and a data controller. He then offers a host of varied and important considerations for those tasked with establishing a compliance program, followed by a lengthy discussion of handling cross-border data transactions. Practicing attorneys will find the chapter describing the array of documents, such as notices, consent forms, agreements, protocols, and filings that their clients or institutions may need to locate, update, or draft anew to be particularly valuable. Despite the suggestion on the back cover that sample documents are included, there are none. Determann reminds the reader that once a successful compliance program is established, it must be maintained. He describes situations in which privacy professionals need to evaluate an existing program. Such situations could be: taking on a new position or role, conducting an audit, conducting due diligence in the context of a merger/acquisition, or evaluating a new service provider/vendor. Readers may find that, depending on the nature and timing of their work and their level of expertise, they may skip selected chapters and return to them when the need arises.

In keeping with the succinct nature of the guide, Determann covers, in brief subchapters, numbering only a few pages or paragraphs each, a variety of noteworthy topics in data privacy, assigned headings that align with the alphabet and arranged A to Z. This arrangement allows the reader to readily locate content on key issues, and to quickly identify legal issues and concerns regarding those topics. Some topics, namely cloud computing and employee data, receive deeper treatment, while others receive only passing mention. Surprisingly, Determann does not cover significant privacy regimes such as the European Union's General Data Protection Regulation in depth as stand-alone topics, though they are generally described and addressed when relevant to other topics throughout the work.

Determann avoids legal jargon, making the guide accessible to the many non-attorneys whose work involves protecting and processing data. Those working in areas such as human resources, information technology, and sales and marketing will find the work accessible. He sensibly acknowledges throughout that compliance is rarely perfect, especially in smaller organizations or those with limited resources. He acknowledges the need for privacy professionals to prioritize tasks based on both risk and business considerations. Likewise, he notes that enforcement, or lack thereof, of governing privacy policies is a relevant consideration and that, in certain instances, established best practices are simply lacking. Legal requirements may conflict as may competing business interests and contractual obligations. Overbroad efforts may raise consumer and employee expectations in ways that create confusion, or even generate new legal risks. Though Determann makes compliance recommendations, he cautions readers that there is no single best approach for organizations in terms of safeguarding data. He maintains a purely descriptive style in describing data privacy law amongst jurisdictions, and avoids making public policy recommendations.

The book includes several beneficial reader aids including a list of abbreviations and an index that points readers not just to relevant chapters and pages, but to individually numbered paragraphs therein. Determann provides a “checklist” for those managing compliance programs at the end of the book. That list neatly summarizes much of what he covers in greater detail in the preceding chapters. Throughout the weightier chapters, Determann also summarizes content in tables offering the reader a quick reference tool and reinforcing key points in a visually appealing manner. He also occasionally provides “action items” in a list format, for example: steps for outsourcing data processing activities.

Academic and attorney readers may be frustrated by Determann's aversion to footnotes. In fact, Determann avoids citing either primary or secondary sources, whether via footnotes/endnotes, or within the text. Instead, Determann suggests resources that provide more in-depth coverage. Determann avoids discussing the substantive law surrounding privacy in any one jurisdiction, except to highlight high-level distinctions between regional approaches. As such, legal readers should expect to supplement their understanding through additional research. To the extent that Determann discusses jurisdictional approaches, he does not attempt to discuss all nations or states, but focuses on jurisdictions most relevant to his readers and those with the most robust privacy regimes, namely the United States, the European Union, and California. Sometimes he highlights similar or differing approaches in other nations. It is also worth noting that the book does not extensively cover the related, but distinct, area of data security or cybersecurity, though Determann mentions security concerns where they are relevant throughout.

Though intended to be a professional handbook, students and researchers interested in the evolving field of data privacy will find that this volume provides invaluable context and establishes a framework within which the substantive law that they study operates. Non-lawyer professionals will appreciate the author's concise and plainspoken language, while for attorneys, the book provides insight into how they might operationalize their existing understanding of controlling law.