International Association of Privacy Professionals (IAPP): Certification overview

Ravi Das
August 13, 2018 by
Ravi Das

In the business world today, many customers are submitting their private information and data to organizations. The most typical forms of this very often include Social Security numbers, credit card information, banking, and other types of financial data, etc.

One of the primary reasons why do this is for the sake of convenience, especially when it comes to E-Commerce transactions. After all, if you frequent an online merchant on a regular basis, why keep entering the same information when it can be stored automatically and recalled again for subsequent use?

Get certified with an Exam Pass Guarantee

Get certified with an Exam Pass Guarantee

Looking to get certified? Many of our boot camps are backed by an Exam Pass Guarantee, ensuring you leave with the certification you want.

In this regard, you have established a certain baseline of trust: We assume that our credit card or banking information will be stored securely in the databases of the online merchant and used appropriately. This is where the concept of information privacy comes in. It can be specifically defined as:

"Information privacy is the privacy of personal information and usually relates to personal data stored on computer systems . . . [and] applies to collected personal information, such as medical records, financial data, criminal records, political records, business-related information or website data."

(SOURCE: https://www.techopedia.com/definition/10380/information-privacy)

Thus, the protection of private information and data has become not only a top priority but even a must. Recognizing this long-standing fact, the International Association of Privacy Professionals (the IAPP) was created and offers a number of specialized certs in the area of information and data privacy.


The IAPP is actually a nonprofit agency that was created and founded in 2000. Apart from offering the various certs, it also serves a number of other functions as well, which include the following:

  • The sharing of best practices and standards;
  • The tracking of the latest trends with regards to information privacy;
  • Be an advocate for the various managerial issues surrounding information privacy;
  • Provide a common set of standards for further training of the IT professionals in the field of information privacy;
  • Assist in finding careers for those individuals who have received their cert through the IAPP.

At present, the IAPP is the world's largest information privacy association, with over 20,000 members in 83 countries.

The IAPP Certs

The IAPP offers three kinds of information privacy certs, and they are as follows:

1. The Certified Information Privacy Professional (CIPP)

This cert is deemed to be more of a generalist kind of one, and it tests the skills and knowledge in the following areas:

  • The overall laws surrounding information/data privacy;
  • The various jurisdictional laws;
  • The various privacy models;
  • Important concepts surrounding the concepts and principals around information/data privacy;
  • The technical and legal requirements for the handling and subsequent transfer of confidential information and data.

What is unique about the CIPP is that there are five different concentrations of this cert, focused upon a specific geographic location from where the candidate is working at. These regions are:

The specific privacy topics that are covered for each of the areas mentioned above can be seen here.

There are also a number of free resources that can be used to get started on preparing for this cert, and they can be downloaded here.

This cert is intended primarily for those professionals involved in:

  • Legal;
  • Information Technology;
  • Human Resources;
  • Data Compliance/Governance.

2. The Certified Information Privacy Manager (CIPM)

This cert is geared towards the IT Manager, that is the main point of contact for information and data privacy-related issues. The exam not only tests for the requisite skills and knowledge that are needed to conduct the day-to-day operations but how to also implement them as well for the IT team as well as the entire organization.

The CIPM tests the candidate in these key areas:

  • Creating a company vision and mission statement as it relates to information/data privacy;
  • How to create a specialized privacy team;
  • The process that is required to create policies around information/data privacy;
  • How to effectively communicate with key stakeholders within the business or corporation;
  • How to establish and gauge Key Performance Indicators (KPIs);
  • The fundamentals of an information/data privacy program operational lifecycle.

The specific body of knowledge that is tested for this cert can be downloaded here.

The specifics on the exam cert (called the "Exam Blueprint") can be downloaded here.

Cert preparation tips can be seen here.

This cert is intended primarily for those professionals involved in:

  • Risk Management;
  • IT Accountability;
  • Audit and Controls.

3. The Certified Information Privacy Technologist (CIPT)

This cert has been specifically designed for the IT professional that works on the technological aspects of information/data privacy, especially in the service/product offerings of their organization. When compared to the other certs, this is a brand new one, as it was launched back in 2014.

The CIPT tests the candidate in these key areas:

  • The information/data privacy issues that have an impact on the IT infrastructure of a business or a corporation;
  • The rights and expectations of customers as it relates to information/data privacy;
  • How to factor in the concepts of privacy during the very initial stages of new product/service development;
  • The steps that are required to ensure the Confidentiality, Integrity, and Assurance of customer information/data when it is transferred from one IT system to another (such as a database);
  • Dealing with privacy issues as it relates to the Internet of Things (IoT):
  • The factors that need to be taken into account when storing private information/data into a Cloud Infrastructure;
  • The proper mechanisms in communicating privacy issues to key stakeholders within and external to a business or corporation.

The specific body of knowledge that is tested for this cert can be downloaded here.

The Exam Blueprint can be viewed here.

Cert preparation tips can be seen here.

This cert is intended primarily for those professionals involved in:

Get certified with our Exam Pass Guarantee

Get certified with our Exam Pass Guarantee

Many of our boot camps come with an Exam Pass Guarantee: if you fail on your first attempt, we'll invite you to re-sit the course for free and cover the cost of your second exam.

  • Hardware/software aspects of an IT infrastructure;
  • Cybersecurity within an organization;
  • Software development/engineering.


As cyberattacks continue to grow in stealth and sophistication, the demand for information/data privacy professionals is also expected to grow at a very fast pace as well. For instance, compensation is very high, ranging from $101,146.00 to $152,136.00. A majority of these cert holders work for rather large companies, with employee sizes ranging from 5,000 to 24,999 employees. The industries which have the most demand for cert holders include the following:

  • Software and Services;
  • Media;
  • Drugs and Biotechnology;
  • The US Federal Government;
  • Education and Academia;
  • Healthcare;
  • Insurance;
  • Retail;
  • Telecom.


Ravi Das
Ravi Das

Ravi is a Business Development Specialist for BiometricNews.Net, Inc., a technical communications and content marketing firm based out of Chicago, IL. The business was started in 2009, and has clients all over the world. Ravi’s primary area of expertise is Biometrics. In this regard, he has written and published two books through CRC Press. He is also a regular columnist for the Journal of Documents and Identity, a leading security publication based out of Amsterdam.

You can visit the company’s website at www.biometricnews.net (or http://biometricnews.blog/); and contact Ravi at ravi.das@biometricnews.net.