CIPP Certification Programs

Certified Information Privacy Professional/United States

The CIPP/US credential demonstrates a strong foundation in U.S. private-sector privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions.

Certified Information Privacy Professional/United States (CIPP/US)

The Certified Information Privacy Professional/United States (CIPP/US) program launched in October 2004 as the first professional certification ever to be offered in information privacy. It has since become the preeminent credential in the field of privacy and remains the IAPP’s single largest educational program with several thousand CIPP/US-certified professionals working successfully in the field today.

The CIPP/US credential demonstrates a strong foundation in U.S. privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. Subject matter areas covered include:

The U.S. legal system: definitions, sources of law and sectoral model for privacy enforcement
U.S. federal laws for protection of personal data: FCRA and FACTA, HIPAA, GLBA, COPPA and DPPA
U.S. federal regulation of marketing practices: TSR, DNC, CAN-SPAM, TCPA and JFPA
U.S. state data breach notification and select state laws
Regulation of privacy in the U.S. workplace: FCRA, EPP, ADA and ECPA plus best practices for privacy and background screening, employee testing, workplace monitoring, employee investigation and termination of employment

See the complete current CIPP/US Body of Knowledge (pdf 1MB)

See the CIPP/US Exam Blueprint

To become CIPP/US-certified, you must successfully complete the Certification Foundation examination before or after the CIPP/US exam.

Who Should Apply

Chief Privacy Officers (CPOs) and other senior information management professionals who serve a U.S.-based corporate organization or a global multinational with business or policy interests in the U.S.
U.S. corporate privacy managers, legal compliance officers and risk managers
Staff members who serve or support a privacy or compliance team and who need to achieve a consistent level of privacy education
Intermediate-level privacy professionals and entry-level candidates who are transitioning from non-privacy roles inside U.S. corporate organizations or who are entirely new to the privacy profession
Information management professionals in the U.S. financial services, healthcare or telecommunications industries who seek to broaden their expertise into a general information privacy scope
Information security professionals (CISO, CISSP)
Information auditing and IT governance professionals (CISA, CISM)

The IAPP developed the CIPP/US program in coordination with the Ponemon Institute, a top privacy research firm as well as corporate privacy leaders from Hewlett-Packard Company, Microsoft Corporation, Nationwide Insurance Company, Procter & Gamble, General Electric, Walt Disney Company, eBay, Intuit, Privacy and Information Management Services P.C. and Corporate Privacy Group. The CIPP/US was made possible through the generous underwriting support of HP and Microsoft.

CIPP/US Certification Requirements

1. Become an IAPP Member

Each certification candidate must become an IAPP member prior to testing. Membership provides access to the world’s largest community of privacy professionals, including valuable educational resources and networking opportunities. A variety of annual membership levels are available. Learn more about the benefits of IAPP membership.

2. Pass the Certification Foundation Exam

The Certification Foundation exam is required for all first-time certification candidates. It assesses understanding of fundamental concepts of privacy and data protection and covers common privacy principles and approaches, global data protection models, information security controls and online privacy protections. These practice areas are relevant to all privacy professionals regardless of legal jurisdiction, geographic location or practice specialization.

3. Pass the CIPP/US Exam

Candidates must also pass the CIPP/US designation exam. The CIPP/US exam layers over the Certification Foundation Exam, resulting in CIPP/US certification.

CIPP/US Certification Preparation

Privacy certification is an important career effort that requires advance preparation. Choosing how you will prepare for your privacy certification exams is a personal choice that should include an assessment of your professional background, scope of privacy knowledge and your preferred method of learning. In general, the IAPP recommends that candidates plan for a minimum of 20 hours of study time in advance of each exam; however, you might need more or fewer hours depending on your personal choices and professional experience.

The way in which you choose to prepare for your exams should be based on your level of familiarity with the exam content and your preferred learning style.

The IAPP strongly recommends that you prepare in the following manner:

1. Review the Bodies of Knowledge and Exam Blueprints

The bodies of knowledge are comprehensive outlines of the subject matter areas covered by the both the Certification Foundation and the CIPP/US exams; the exam blueprints specify the approximate number of items on the examinations in each area of the bodies of knowledge.

Certification Foundation Common Body of Knowledge (pdf 1MB)

Certification Foundation Exam Blueprint

CIPP/US Body of Knowledge (pdf 1MB)

CIPP/US Exam Blueprint

2. Study the Textbooks

Certification Foundation Textbook:

Foundations of Information Privacy and Data Protection: A Survey of Global Concepts, Laws and Practices      

Foundations of Information Privacy and Data Protection: A Survey of Global Concepts, Laws and Practices
Peter P. Swire, CIPP/US
Kenesa Ahmad, CIPP/US

CIPP/US Textbook:

U.S. Private-sector Privacy: Law and Practice for Information Privacy Professionals      

U.S. Private-sector Privacy: Law and Practice for Information Privacy Professionals
Peter P. Swire, CIPP/US
Kenesa Ahmad, CIPP/US

Additional Reading:

The Information Privacy Case Book: A Global Survey of Privacy and Security Enforcement Actions with Recommendations for Reducing Risk      

The Information Privacy Case Book: A Global Survey of Privacy and Security Enforcement Actions with Recommendations for Reducing Risk
Margaret P. Eisenhauer, Esq., CIPP/US

3. Get Certification Training

The IAPP offers both in-person certification prep classes and online training to help you prepare for your Foundation and CIPP/US exams.

IAPP certification prep classes are offered at IAPP conferences, in conjunction with industry events in select cities throughout the year. You are not required to attend the IAPP conference in order to attend the Certification Prep class. All certification prep classes include an accompanying coursebook. See a list of upcoming Certification Prep classes.

Online training for the Certification Foundation and CIPP/US is currently available. It is recommended as a complement to a certification prep class, or an alternative training method if you are not able to attend a class. The training coursebooks are downloadable from online training.

4. Take the CIPP/US Practice Tests

CIPP practice tests are a great way to gain familiarity with the format and content of the actual designation exams. Each practice test includes suggestions for use, a sample answer sheet, questions, answer key and an explanation of each correct answer.

Certification Foundation Practice Test

CIPP/US Practice Test

5. Additional Resources

CIPP/US bibliography of recommended reading (pdf 1MB)

Privacy Enforcement Case Studies Guide (pdf 3MB) excerpted from The IAPP Information Privacy Case Book: A Global Survey of Privacy and Security Enforcement Actions with Recommendations for Reducing Risk by Margaret P. Eisenhauer, Esq., CIPP/US

Glossary of Privacy Terms

CIPP/US Exam Content and Format

Candidates for CIPP/US certification must pass both the Certification Foundation and the CIPP/US exams. Partial completion will result in no certification being awarded until such time that all requirements are met.

Note: Existing CIPP holders who are seeking an additional credential are exempted from the Foundation testing requirement.

Certification Foundation Exam Format*

The Certification Foundation exam is a 100-minute, 105-item, objective test.

The Foundation exam is composed of 90 multiple choice scored items and 15 non-scored trial items. There are no essay questions. Each scored correct answer is worth one point.

It is important to note that Certification Foundation is not itself an IAPP certification; you must pass both the Certification Foundation and the CIPP/US exam to achieve certification.

CIPP/US Exam Format

The CIPP/US is an 80-minute, 72-item, objective test covering the following general topics:

I. The U.S. Privacy Environment
II. Limits on Private Sector Collection and Use of Data
III. Government and Court Access to Private-sector Information
IV. Workplace Privacy
V. State Privacy Laws

The CIPP/US exam is comprised of 60 scored multiple choice items and 12 multiple choice non-scored trial items. Fourteen of the multiple choice items are associated with scenarios. There are no essay questions. Each non-trial item correct answer is worth one point.

Get Started

Congratulations on your decision to pursue the CIPP/US! Get started on the road to certification now by selecting and purchasing the items you will need to successfully prepare for and achieve your CIPP/US designation.

Now Avaliable!

Get everything you need to become CIPP/US-certified. Purchase the official IAPP study materials and your exams in one convenient package.

- or -

Add items to your cart individually:

1. IAPP Membership

Available IAPP memberships (select one):

Professional
Open to privacy professionals.
  $250
 
Government
Reserved for city, state or federal employees.
  $100
 
Not-for-profit
Reserved for employees of non-profit organizations.
  $100
 
Higher Education
Reserved for employees of accredited institutions.
  $100
 
Student
Reserved for full-time students at accredited institutions.
 
  $50
     

2. Textbooks

Foundations of Information Privacy and Data Protection: A Survey of Global Concepts, Laws and Practices   $65
 
U.S. Private-sector Privacy: Law and Practice for Information Privacy Professionals   $65
     

3. Training

NEW! Prep classes featuring in-person instruction by IAPP Professional Privacy Faculty are now available in cities around the world. See a complete prep class schedule now.

Certification Foundation Online Training   $425
 
CIPP/US Online Training   $525
 
In-person training is available at IAPP conferences and select industry events. Separate registration is required. See available training events now.
 
 
     

4. Practice tests

Certification Foundation Practice Test   $25
 
CIPP/US Practice Test   $25
     

5. Testing

Certification Foundation Exam   $275
 
CIPP/US Exam   $275