Continuing Privacy Education Policy
Effective April 11, 2016
All CIPP® (CIPP/A, CIPP/C®, CIPP/E®, CIPP/US®), CIPM™ and CIPT™ holders must meet two minimum requirements over the term of their certification in order to maintain credentialed status: (1) pay an annual certification maintenance fee (for members this fee is included in their membership fee) and (2) fulfill 20 hours of continuing privacy education (CPE) per two-year period for each credential, with a minimum of 10 hours from Group A and a maximum of 10 hours from Group B for each credential.
The intent of these requirements is to ensure that IAPP-certified professionals are pursuing privacy education that relates specifically to the credential for which they are certified, to recognize the importance of non-privacy related professional development, and to provide CPE opportunities to non-members whose jobs touch privacy and want to be a part of the broader IAPP community.
This CPE policy was developed by the IAPP in conjunction with its advisory boards. The various requirements of the policy have been reviewed and approved by the Certification Advisory Board of the IAPP. The IAPP and the certification advisory boards established the CPE program and policy and are solely responsible for reviewing, approving and issuing CPE credits. For any additional questions or needs relating to continuing privacy education, please contact the IAPP directly (see CPE Contact Information below).
Continuing Privacy Education
Group A CPE is defined as any program, event, forum, book or other published written material, presentation, course of instruction or speaking engagement that relates to specific content on the IAPP exam blueprints and bodies of knowledge, whether it is provided, published or hosted by the IAPP or other approved organizations.
Group B CPE is defined as any program, event, forum, book or other published written material, presentation, course of instruction or speaking engagement that does NOT correspond to IAPP exam blueprints and bodies of knowledge, but advances one’s professional development, advances one’s general privacy knowledge, or contributes to the strength of the privacy profession, whether it is provided, published or hosted by the IAPP or other approved organizations.
An individual is considered an IAPP-certified professional (CIPP/US, CIPP/C, CIPP/E, CIPM or CIPT) only in the event that the individual:
- Has completed and passed the appropriate certification examination as required under the IAPP credentialing program of choice (CIPP/US, CIPP/C, CIPP/E, CIPM or CIPT); and,
- Has satisfied a minimum number of 20 credit hours of CPE, with at least 10 Group A credits as required under the IAPP credentialing programs.
The IAPP credential (CIPP/US, CIPP/C, CIPP/E, CIPM or CIPT) is considered “active” (valid) beginning on the date that the individual credential holder has successfully completed the certification examination for that credential. The credential term is two years from the first day of the month following the date the credential was earned and each anniversary thereof.
To maintain the credential(s) in good standing, the holder must:
Meet the minimum requirement of 20 credit hours of CPE each term as well as pay the annual certification maintenance fee of $125 (this fee is included in payment of membership dues). If the credential holder fails in either of these obligations, the credential will be considered suspended and the individual may no longer represent the CIPP/US, CIPP/C, CIPP/E, CIPM or CIPT designation in person or on business cards in professional correspondence or other communications; furthermore, the IAPP Membership Directory will not represent the member as an IAPP credential holder.
Credentials expired for two years or less may be reinstated to active status by (a) paying any required certification maintenance or membership fee(s) (b) providing documentation of the CPEs needed to reach the bi-annual CPE requirement. Satisfying the 20 CPEs for the recertification period in arrears, does not preclude the certificant from earning the 20 CPEs required for the current term, which continues during the suspension period. Certificants with suspended credentials who do not meet the requirements to return their designation to active status will have their designation revoked and will be required to (a) retake and pass the certification designation(s) exams and (b) pay the certification maintenance fee (non-members) or restore active IAPP membership status.
Individuals who hold more than one IAPP credential must meet the group A CPEs requirements for each credential they hold per certification term. CPEs can cover multiple designations and individual CPE credits can be applied to multiple credentials. For example, a webinar on developing a privacy program framework could satisfy domain requirements for all designations because all designations have a privacy management component. Group B CPEs will apply to all of an individual’s credentials. Failure to meet the minimum biannual requirements may lead to the suspension, expiration and/or revocation of all credentials. Below is a representation of the CPE requirements for someone who holds three certifications.
|Group A||CIPM: At least 10 domain specific CPEs||CIPP/US At least 10 domain specific CPEs||CIPP/E At least 10 domain specific CPEs|
|Group B||10 CPEs maximum|
Surplus CPE Credits
In the event that an individual exceeds the 20 required CPEs in two-year period, that individual may carry over a maximum of 10 Group A credits as long as they were earned in the 6 months prior to the end of the recertification period. Group B credits cannot be carried over.
IAPP certificants must use the CPE Submission Form to self-report all non-IAPP activities but are not required to submit supporting documentation at this time; however, you must retain documentation in your own records in the event you are randomly selected for a CPE audit. You should retain these records each year for three months after your anniversary date.
The IAPP will conduct periodic random audits of CPE accounts and request documentation for events and activities not automatically credited to a certificant’s account (those submitted by the certificant). Certificants randomly selected for an audit will be notified by e-mail. Audits may result in any of the following findings:
- Acceptable documentation and verification of CPE credit hours submitted.
- Unacceptable documentation and request for further documentation. Such further documentation must be received by the IAPP with 30 days of the request.
- CPE credit hours will be denied for either (a) unacceptable documentation or (b) failure to respond within the specified period, and the credit hours will be subtracted from the certificant’s CPE account. If the reduction in credit hours results in the certificant being deficient in CPE credit hours, the certificant will have 90 days to bring the CPE account into good standing. Failure to do so will result in the suspension of the certificant’s IAPP credential(s).
If, in the course of an audit or by any other means, the IAPP determines that a certificant has submitted CPE credit hours for activities in which he or she did not participate, the certificant’s CIPP, CIPM or CIPT credential(s) will be immediately revoked.
Eligible Activities for Continuing Privacy Education Credit
Each year, the IAPP designates many non-IAPP privacy events as official CPE providers to give IAPP certificants opportunities to earn CPE credits for their certifications in addition to the ones the IAPP provides. All IAPP-approved CPE providers and events can be found on the Approved CPE Provider and Industry Events pages on the IAPP website with detailed information about CPE availability. This professional benefit is available to all IAPP certificants, members and non-members alike. We provide each approved organization with a CPE Provider logo; if you are unsure whether a course is IAPP approved, please use the Pre-Approval Request Form or contact the Certification department.
Group A: Exam Blueprint Specific Privacy Education
The following programs are eligible for Group A CPE. IAPP-certificants are responsible for reviewing the requirements for award of credit for these programs. Please note, CPEs awarded from IAPP conferences, web conferences and KnowledgeNets will be automatically applied to your IAPP certification account; you are not required to self-report for these activities.
IAPP CONFERENCES AND PARTNERED EVENTS = Up to 12 CPEs per event, per attendee
Includes the Global Privacy Summit, Privacy.Security.Risk (Formerly Privacy Academy), IAPP Canada Privacy Symposium, IAPP Europe Data Protection Congress, IAPP Europe Data Protection Intensive, Practical Privacy Series and IAPP Asia Privacy Forum. If you hold multiple credentials, the maximum allowed credits for pre-conference workshops, privacy training and/or the main conference attended will be automatically applied to each designation you hold. Note: As of September 1, 2015, IAPP conference attendees who become certified at the conference will be able to claim CPEs for that conference
SPEAKING OR PRESENTING AT AN IAPP EVENT OR ONLINE PROGRAM ON Body of Knowledge TOPICS = 3 CPEs per hour of speaking/presenting for the first delivery of the presentation; 1 CPE per hour for redelivery of the same material.
Awarded CPEs from speaking or presenting at an IAPP event or online program will be automatically applied for you to your IAPP account after the event has taken place.
IAPP KNOWLEDGENET MEETINGS = 1 CPE per hour per attendee
In order to receive credits for IAPP KnowledgeNet, each IAPP-certified professional must sign the attendance sheet at the meeting. Awarded CPEs for attending an IAPP KnowledgeNet will be automatically applied to your IAPP account two weeks after the event has taken place.
IAPP LIVE AND RECORDED AUDIO/VIDEO PROGRAMS = 1 CPE per hour per program per attendee, as long as content represents topics on the body of knowledge
Awarded CPE credits from an IAPP web conference, live or recorded, will be automatically applied to your IAPP account within 24 hours of purchase.
In the event that the audio conference phone line is used by multiple employees of the same organization (who also are IAPP-certified), each participating employee (other than the registered user) from that organization will need to complete and submit a CPE Submission Form, listing the name of the registered user, as soon after the audio conference as practicable.
IAPP CERTIFICATION TRAINING = 13 CPEs per program, per attendee
Includes both instructor-led and media-based training.
Note: because CPE activities must be completed after initial certification, only existing CIPPs, CIPMs and CIPTs and those who certify at an IAPP conference after taking IAPP training at that conference are eligible for CPE credit for certification training.
Only IAPP Certificants who are confirmed purchasers of the media-based training program will be awarded CPE credits. Please use the CPE Submission Form to report CPEs for media-based training.
NON-IAPP CERTIFICATION TRAINING =1 CPE per hour per program, per attendee
Group A CPE credits will be awarded for non-IAPP training programs that support credentialing programs (e.g., seminars for CISSP, SSCP, CISM, CISA, CPEHR, CPHIT and other certifications). To receive Group A CPE credits the training must cover content on the certification bodies of knowledge.
READING MATERIALS that cover domains from the certification bodies of knowledge = 1 CPE per 50 pages of text/max of 5 CPE credits per certification period
Includes selections from the IAPP’s Authoritative Resource List(s).
Group A CPE credits are awarded to CIPP, CIPM and CIPT holders in recognition of reading efforts and self-study activities based on a formula where 1 CPE credit is awarded for every 50 pages of written text that is read by the applicant. For example, a 300-page book on data privacy laws is eligible for the maximum of 5 CPE credits.
PRIVACY EVENTS NOT HOSTED OR SPONSORED BY THE IAPP = 1 CPE per hour, up to 12 CPEs per event, per attendee
Group A CPE credits are awarded to CIPP, CIPM and CIPT holders who attend events, forums and programs that are provided by other organizations and agencies. To be eligible for Group A CPE credit, programs must be specifically related to content on the certification bodies of knowledge.For your convenience we have a listing of approved privacy training and activities available on our website (see IAPP’s Industry Events page or IAPP’s Approved CPE Providers page).
ATTENDING ACADEMIC CLASSES = 3 CPEs per academic credit hour, up to 12 CPEs per class
Group A CPE credits are awarded to CIPP, CIPM and CIPT holders who successfully complete academic courses in privacy with a minimum C (or equivalent) grade. Only courses that relate specifically to content on the certification bodies of knowledgewill be considered for Group A credit. In the event of a CPE audit, the certificant must provide an official copy of the transcript issued by the academic institution.
PUBLISHED MATERIALS = 1 CPE per 500 words
Group A CPE credits are awarded to CIPP, CIPM and CIPT holders who produce publicly accessible writing that relates topically to the certification bodies of knowledge. The published materials should be research-based and reflect privacy knowledge or the dissemination of privacy knowledge. Eligible examples include white papers, articles, newsletters and blogs. In the event of a CPE audit, the certificant must provide access to the published materials. Materials published for purposes internal to a certificant’s organization are not eligible for CPE credit.
IAPP TRAINING FACULTY: 2 CPEs per session hour, 26 CPEs per recertification period.
IAPP training faculty will have awarded CPEs automatically applied to their IAPP account after the training has taken place. Upon reaching the maximum allowed CPEs for training with the IAPP, no more CPE credits will be applied.
SPEAKING ENGAGEMENTS (Non-IAPP Events) = 3 CPE per hour of speaking/presenting for the first delivery of the presentation; 1 CPE per hour for redelivery of the same material.
Group A CPE credits are awarded to CIPP, CIPM and CIPT holders who speak before an audience or present a program provided that such an appearance/presentation/course covers content in the certification bodies of knowledge.
The certificant should retain one or more of the following forms of documentation in the event of an audit: the program agenda, speaker profile and/or panel description.
TEACHING = 1 CPE – 2 CPEs per hour
CPE credits are awarded to CIPP, CIPM and CIPT holders who teach a course of instruction provided that such an appearance/presentation/course covers content in the IAPP certification bodies of knowledge.
- ACADEMIC INSTRUCTION
- The IAPP will award 2 CPEs per academic credit hour
- NON-ACADEMIC PRIVACY TRAINING OR TEACHING
Applies to daylong or hourly courses and workshops
- The IAPP will approve 3 CPE per hour of instruction, for the first-time delivery of the presentation; 1 CPE per hour for re-delivery of the same material.
- The certificant should retain a copy of the course syllabus/outline in the event of an audit.
Group B: General Privacy, Volunteer Activities, Giving Back to the Profession, and General Professional Development
General Privacy = 1 CPE per event hour
Some privacy activities and education approach privacy and data protection from a general perspective. Group B is the home for these CPEs that do not cover material in the IAPP certification exam blueprints. Group B CPEs can also be earned from non-privacy, professional development activity.
IAPP Volunteer Activities
IAPP BOARD OF DIRECTORS AND CERTIFICATION ADVISORY BOARD PARTICIPATION = 5 CPEs per year
ALL OTHER IAPP ADVISORY BOARD PARTICIPATION = 2 CPEs per year
CPE credits are awarded to individuals who serve as a member of an IAPP board for a length of one full term. Credits will be automatically awarded in December for service performed during that year. Active participation in board meetings is required to qualify for full credit. Eligible boards are the, Certification Advisory Board, Education Advisory Board, Exam Development Boards, Publications Advisory Board, Inside 1to1: Privacy Advisory Board, Canadian Advisory Board, European Advisory Board and Privacy Tracker Advisory Board.
IAPP KNOWLEDGE-NET CHAIR = 2 CPEs per year per chairperson
CPE credits are awarded to individuals who serve as a chairperson for IAPP KnowledgeNet locations. Credits will automatically be awarded in December for service performed during that year.
Giving Back to the Profession
- MEMBERSHIP IN THE IAPP AND OTHER PROFESSIONAL ORGANIZATIONS =1 CPE per recertification period
- MAINTAINING A JOB IN PRIVACY/DATA PROTECTION=1 CPE per recertification period
- In the event of a CPE audit, the certificant will need to provide a job description demonstrating their privacy/data protection responsibilities.
- PROCTORING IAPP EXAMS=1 CPE per proctoring session
- VOLUNTEERING AT AN IAPP TRAINING =2 CPEs per training day
- COACHING/MENTORING AN EMPLOYEE=3 CPEs per mentoring relationship
- In the event of a CPE audit, the certificant will need to provide evidence supporting their coaching or mentoring arrangement.
- Conferences and events that support an individual’s professional development but are not explicitly about privacy issues; require approval from the IAPP (1 CPE per hour)
- Taking academic courses in non-privacy disciplines (3 CPEs per academic credit hour)
- Teaching academic courses in non-privacy disciplines ( 3 CPEs per academic credit hour)
- Speaking engagements on non-privacy topics that enhance one’s professional development ( 3 CPE per hour of delivery)
- Books that address privacy in general (1 CPE per 50 pages, max of 5 CPEs per recertification period)
- General professional development (outside of work): public speaking classes, managerial workshops= 1 CPE per workshop/class
- Published material that supports an individual’s professional development but is not explicitly about privacy issues;= 1 CPE per 500 words
Submitting CPE Credits
It is the certificant’s responsibility to ensure that CPEs earned from IAPP and non-IAPP programming and events have been applied correctly to their accounts. CPE credits must be submitted online via the CPE Submission Form.
In the event of a dispute regarding certification status, CPE status or CPE credit value, concerned credential holders may contact the IAPP at firstname.lastname@example.org to resolve the matter informally. Formal complaint may be made by completing the IAPP Complaint Submission Form within 30 days of the incident’s occurrence and sending it to the IAPP Certification Director. The submission may be mailed, e-mailed or faxed. The submission shall include sufficient objective evidence to substantiate the claims and allow for a decision to be made and the appropriate action to be taken. The IAPP will acknowledge the complaint within 10-days of receipt, providing a description of the complaint process.
CPE Contact Information
Continuing Privacy Education Programs
Pease International Tradeport
75 Rochester Ave., Suite 4
Portsmouth, NH 03801 USA
CPE Credit Guide
|IAPP-sponsored or partnered events||1 CPE per hour||12/event||3 CPE per hour of speaking/presenting for the first delivery of the presentation; 1 CPE per hour for redelivery of the same material.||12/event|
|Privacy events not hosted or sponsored by the IAPP||1 CPE per hour||12/event||3 CPE per hour of speaking/presenting for the first delivery of the presentation; 1 CPE per hour for redelivery of the same material.||12/event|
|Reading||1 CPE per 50 pages||5 per certification period|
|Audiobooks, podcasts or web conferences||1 CPE per hour|
|Academic coursework||3 CPEs per academic credit hour||12/class||3 CPEs per academic credit hour|
|IAPP Certification Training||13 CPEs per program, per attendee||2 CPEs per hour||26/term|
|Non-IAPP Certification Training||1 CPE per hour|
|Teaching||3 CPE per hour of teaching|
|Speaking engagements||3 CPE per hour of speaking/presenting for the first delivery of the presentation; 1 CPE per hour for redelivery of the same material.|
|Published materials||1 CPE per 500 words|