CIPP/IT Designation Arrives

Thinking about joining thousands of privacy professionals by obtaining a Certified Information Privacy Professional (CIPP) credential? Next month, the IAPP rolls out an expanded architecture for all existing privacy certifications that also includes the new IT privacy certification, CIPP/IT.

The Certification Foundation
Recognizing the need to ground all students (of all certifications) in a common framework for privacy and data protection, the IAPP has created the Certification Foundation, an optional course and mandatory exam that covers elementary concepts of information privacy from a global perspective.

Certification Foundation is the first step in the path toward achieving an IAPP certification. For example, first-time certification candidates who seek a CIPP designation must first pass the certification foundation exam, a two-hour objective test that covers the following concepts:

  • Privacy fundamentals
  • Privacy history
  • World data protection models
  • Select data protection laws and enforcement regimes
  • Information security
  • Online privacy

The Certification Foundation applies only to first-time candidates for IAPP privacy certification. Existing certified professionals (current CIPP, CIPP/G and CIPP/C credential holders in good standing) are neither obligated nor required to train or test for Foundation.

Once you pass the certification foundation exam, you may pursue one of the certification designations of your choice:

The Certification Modules

The U.S. Corporate Privacy module (CIPP). The IAPP's landmark certification, which debuted in 2004, focuses on compliance with U.S. private-sector privacy laws and regulations as well as European requirements for data transfers to/from the U.S. Subject matter areas include:

  • The U.S. legal system
  • U.S. privacy enforcement
  • Private and public-sector data protection laws
  • Data disclosure and breach notification laws
  • Privacy in the U.S. workplace
  • cross-border data transfer laws now in force across Europe and other jurisdictions

Privacy and Information Technology (CIPP/IT)
The CIPP/IT makes its debut in September 2008 as the IAPP's newest certification program. It assesses understanding of privacy and data protection practices in the design, acquisition, implementation, configuration, audit and ongoing management of IT products and services. Elements covered include:

  • Privacy and data management
  • IT privacy and security standards
  • End user controls for installation and removal of software
  • Identity and access management (IAM)
  • Privacy-enabling technologies and controls

The U.S. Government Privacy (CIPP/G)

This certification is designed exclusively for employees of U.S. federal and state government agencies, as well as vendors and consultants who serve U.S. government clients. The CIPP/G covers:

  • Information laws for U.S. government practice
  • Select private sector data protection laws
  • Data disclosure laws
  • Key OMB memoranda
  • Privacy policy development and implementation
  • Records management
  • Auditing, compliance and reporting obligations in U.S. government

Canadian Privacy (CIPP/C)

The CIPP/C is the first national certification to be offered in privacy and data protection. It is targeted to the specific needs of Canadian privacy professionals as well as any practitioner who manages information that is subject to Canadian jurisdiction. The CIPP/C module covers:

  • The Canadian legal system
  • Canadian private and public sector data protection laws
  • Canadian health information privacy laws
  • Model codes for privacy compliance in Canada
  • Cross-border data transfers between Canada and other jurisdictions outside of Canada


Q. I already have my CIPP and I want to pursue a CIPP/G? Must I take the foundation certification exam in addition to the CIPP/G exam?

A. No. Your current CIPP designation means that you need not repeat the foundation exam. You need only take the CIPP/G exam to pursue that designation.

I am not currently certified, but would like to obtain my CIPP/C. Does this mean I must attend two different exam dates?

No, you may take the foundation exam AND the CIPP/C module at the same time and location.
Q. What if I pass the foundation exam, but not the CIPP/IT exam? Do I have to retake both exams?

A. No, your passing foundation exam score will be noted and you need only retake the CIPP/IT.

For more questions and answers, visit: iapp.org and click "Certify," then "FAQ."


If you want to comment on this post, you need to login.