Certification Foundation

All candidates seeking their first IAPP privacy certification (CIPP/US, CIPP/C, CIPP/E, CIPP/G, CIPP/IT or CIPM designation) need to pass the Certification Foundation exam. The Certification Foundation covers elementary concepts of privacy and data protection from a global perspective. The Certification Foundation is designed to provide the basis for a multi-faceted approach to privacy and data protection and to allow for the specific application of IAPP privacy certifications to build upon this foundation with minimal repetition.

The Foundation course components are:

I. Common principles and approaches to privacy

  • A modern history of privacy
  • Types of information
  • Information risk management
  • Modern privacy principles

II. Jurisdictions and industries

  • Geography: privacy and data protection regulation
  • Sectors of privacy law

III. Information Security: safeguarding personal information

  • Introduction to Information Security
  • Information Security management

IV. Online privacy: using personal information on websites and with other Internet-related technologies

  • The web as a platform
  • Privacy considerations for sensitive online information


Exam Format*

The Certification Foundation exam is a 100-minute, 105-item, objective test.

The Foundation exam is composed of 90 scored multiple choice items and 15 non-score multiple choice trial items. There are no essay questions. Each non-trial item correct answer is worth one point.

It is important to note that Certification Foundation is not itself an IAPP certification; you must pass both the Certification Foundation and a designation exam to achieve certification.

Certification Foundation Body of Knowledge

Certification Foundation Exam Blueprint