This course is designed to prepare you for both the Certified Information Privacy Professional/United States (CIPP/US) and Certified Information Privacy Manager (CIPM) certification exams.

The CIPP/US certification is designed for privacy and compliance officers as well as other professionals in privacy and data protection roles with a focus on U.S. privacy laws and regulations. You will learn about cross-sector limits on the collection and use of data and about specific regulations for the medical, financial, education, telecommunications and marketing sectors. The course also covers laws governing access to private information by law enforcement and national security agencies, issues related to workplace privacy and important state privacy laws.

The CIPM certification is designed to provide privacy managers, compliance officers, and other professionals in privacy and data protection roles with comprehensive knowledge and understanding of privacy and data protection practices in the development, measurement and improvement of a privacy program. The course covers organizational-level privacy program governance, development, implementation and measurement of a privacy program framework as well as application of the privacy operational life cycle.

• Four days of intense training delivered by CIPP/US- and CIPM-certified instructors with actual professional experience in data privacy and the security field
• CIPP/US all-in-one digital textbook
• CIPM all-in-one digital textbook
• CIPP/US and CIPM exam vouchers
• One year IAPP membership
• 90-day access to course replays (Flex Pro)
• Curated videos from other top-rated instructors (add-on)
• 100% Satisfaction Guarantee
• Exam Pass Guarantee (Flex Pro)

Infosec is an International Association of Privacy Professionals (IAPP) Official Training Partner. After attending our CIPP/US and CIPM boot camp, you will be able to successfully pass the IAPP CIPP/US and CIPM exams and will gain deep knowledge of the following key areas:

• The U.S. legal system: definitions, sources of law and the U.S. sectoral model for privacy enforcement
• U.S. federal laws for protection of personal data: FCRA and FACTA, HIPAA, GLBA and COPPA
• U.S. federal regulation of marketing practices: TSR, DNC, CAN-SPAM, TCPA and JFPA
• U.S. state data breach notification: California SB-1386 and select state laws
• Regulation of privacy in the U.S. workplace: FCRA, EPP, ADA and ECPA plus best practices for privacy and background screening, employee testing, workplace monitoring, employee investigation and termination of employment
• Organizational privacy concerns, including creating a company vision, structuring the privacy team and communicating with stakeholders
• Developing and implementing a privacy program framework
• Measuring performance
• The privacy operational life cycle

• Chief privacy officers (CPOs) and other senior information management professionals in both the U.S. public and private sectors or those employed by any organization with business or policy interests in the U.S.
• Privacy managers, legal compliance officers and risk managers
• Members of a privacy or compliance team
• Intermediate-level privacy professionals and entry-level candidates who are transitioning from non-privacy roles or who are entirely new to the privacy profession
• Information management professionals in the U.S. financial services, healthcare or telecommunications industries who seek to broaden their expertise into a general information privacy scope
• Corporate managers who are responsible for privacy within their teams, such as human resources, procurement, marketing and customer relations
• Non–privacy professionals who serve or support a privacy or compliance team and who need to achieve a consistent level of privacy education
• Information security professionals (CISO, CISSP)
• Information auditing and IT governance professionals (CISA, CISM)

The IAPP CIPP/US was launched in 2004 as the first professional certification in information privacy and remains the preeminent certification in the field of privacy. The CIPP/US credential demonstrates a strong foundation in U.S. privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive personal data to/from the U.S., the EU and other jurisdictions.

The IAPP CIPM was launched in 2013 as the first and only certification in privacy program management. It was developed in response to overwhelming demand to collect and collate common practices for managing privacy operations. The CIPM body of knowledge is comprised of two domains: privacy program governance and privacy program operational life cycle.

Day 1: U.S. laws, models and collecting data

• Course introduction
• Structure of U.S. law and enforcement models
  • Common privacy principles
  • U.S. law sources, definitions and authorities
  • Legal liability in the U.S.
  • U.S. approach to protecting privacy and security of information
• Regulating collection and use of data in the private sector
  • Federal trade commission privacy and security enforcement actions
  • HIPAA and other healthcare privacy regulations
  • Privacy in financial sector
  • FERPA (education)
  • Privacy protection laws for telecommunications and marketing

Day 2: Access, privacy and state laws

• Access to private information by government and courts
  • Law enforcement access to financial data and communications
  • Laws related to national security
  • Privacy issues in civil litigation
• Workplace privacy
  • General workplace privacy concerns
  • Human resources management
  • Relevant U.S. agencies and laws
  • Employee background screening
  • Employee monitoring and investigations
  • Employee termination
• State privacy laws
  • Federal vs. state authority
  • Marketing laws
  • Financial data and data security laws
  • Overview of data breach notification laws

Day 3: Privacy program governance

• Organizational level
  • Creating a company vision
  • Establishing a privacy program
  • Structuring the privacy team
• Developing the privacy program framework
  • Developing privacy policies, standards and guidelines
  • Defining privacy program activities
• Implementing the privacy policy framework
  • Communicating the privacy framework to stakeholders
  • Ensuring alignment with laws and regulations
• Metrics
  • Identifying intended audience for metrics
  • Defining reporting resources
  • Defining privacy metrics
  • Identifying systems/application collection points

Day 4: Privacy operational life cycle

• Stage I: Assess (privacy operational life cycle)
  • Documenting current baseline
  • Processors and third-party vendor assessment
  • Physical assessments
  • Mergers, acquisitions and divestitures
  • Conducting analysis and assessments
• Stage II: Protect (privacy operational life cycle)
  • Data life cycle
  • Information security practices
  • Privacy by design
• Stage III: Sustain (privacy operational life cycle)
  • Measure
  • Align
  • Audit
  • Communicate
  • Monitor
• Stage IV: Respond (privacy operational life cycle)
  • Information requests
  • Privacy incidents