CIPP Certification from IAPP is Ahead of the Privacy Curve

The International Association of Privacy Professionals (IAPP) has been around since 2000, but it's only been since the European Union stepped to the forefront of the information privacy struggle with its GDPR legislation that privacy protection certification has been in the vogue. GDPR forced businesses and organizations to get serious about protecting consumer data.

Over the past several years, corporate IT departments have both upgraded data protection measures and rushed to hire privacy protection personnel. As a result of all this heightened activity, IAPP's Certified Information Privacy Professional (CIPP) credential has gained a great deal of attention thanks to its location- and sector-focused iterations (one of which is presently inactive).

In general, the CIPP focuses on data privacy laws and regulations, as well as best practices for their application, related controls, monitoring, audit, and compliance regimes. What makes the CIPP so very interesting and applicable is its aforementioned specializations, each of which is tailored for the specific rules, regulations, and compliance regimes in its respective area of coverage or interest:

Asia (CIPP/A) — Covers fundamental privacy principles, laws and practices with emphasis on Singapore, Hong Kong and India and common themes among frameworks.

Canada (CIPP/C) — Covers Canadian privacy fundamentals, Canadian government and legal system, enforcement agencies and their powers, and how laws and practices apply in the public and private sectors.

Europe (CIPP/E) — Introduction European data protection and regulatory institutions, legislative framework, compliance with GDPR and other applicable law and regulation, plus international data transfers.

United States Private Sector (CIPP/US) — ANSI/ISO accredited, regularly updated to remain current on US privacy laws and topics. Includes introduction to US privacy environment, limits on private sector collection and use of data, government and court access to private-sector information, workplace privacy, and state privacy laws (e.g. California).

United States Government (CIPP/G) — Inactive, as of Sept. 30, 2018, owing to insufficient uptake to justify ongoing updates and continued development.

CIPP Program Characteristics

Across all coverage domains, CIPP certifications are each built around a Common Body of Knowledge (CBK). This outlines the concepts and topics candidates need to learn and master to earn a specific CIPP credential (A, C, E, or US). The IAPP also offers an exam blueprint for each exam that specifies the general number of questions for each topic area on the exam, organized by CBK topic domains.

Each of the CIPP certifications has a set of resources available on that version's Resources page (check links above for pointers to these actual items). That set includes:

? Authoritative Resource List: a list of relevant resources compiled to further candidate's education in information privacy, broken down into primary (United States: 1), secondary (United States: 4), and supplemental resources (United States: 8). Taken together these define a recommended reading list for those preparing for their particular CIPP exam.
? Glossary of Privacy Terms: a lexicon of terms related to information privacy that candidate must learn and understand in pursuing their CIPP version.
? CBK Document: an organized collection of topic areas, each with numerous specific sub-topics, that define the topical and conceptual focus for their CIPP version.
? Exam Blueprint: a description of the CBK domains and topics that will appear on the exam, and the approximate number of questions to expect in each domain.

CIPP/US Exam Info and Details

Starting in mid-May, 2020, the IAPP will begin offering "more convenient" online testing through Pearson VUE's proctored OnVUE service. CIPP exams cost $550 (or an equivalent amount in other local currencies, where applicable), plus a biannual $250 "certification maintenance fee" (renews every other year).

Continuing education is required to maintain the certification, or holders can choose to retake the exam upon its expiration date (two years after its date of grant). The exam can last up to a maximum of 150 minutes (2.5 hours) and includes 90 questions.

Individuals who hold another IAPP certification qualify for a discounted exam price of $375, which is the same price as an exam retake for those who do not pass on their first try.

Dig In, Look Around, See What's Available

I just finished an article this week about how businesses manage data protection and compliance for the SC Magazine Security News website. The CIPP showed up among the recommended certifications from the experts I interviewed, along with the ISACA's CISA, CRISC, and CGEIT, and, of course, (ISC)²'s CISSP.

I'm of the opinion that those who work (or want to work) in information security, policy, risk management, or governance and compliance would be well served by bagging themselves one or more CIPP credentials (depending on which geographies they work in and serve). Check out the CIPP program, and see for yourself!