The CIPP/US credential demonstrates a strong foundation in U.S. private-sector privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions.
The Certified Information Privacy Professional/United States (CIPP/US) program launched in October 2004 as the first professional certification ever to be offered in information privacy. It has since become the preeminent credential in the field of privacy and remains the IAPP’s single largest educational program with several thousand CIPP/US-certified professionals working successfully in the field today.
The CIPP/US credential demonstrates a strong foundation in U.S. privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. Subject matter areas covered include:
|•||The U.S. legal system: definitions, sources of law and sectoral model for privacy enforcement|
|•||U.S. federal laws for protection of personal data: FCRA and FACTA, HIPAA, GLBA, COPPA and DPPA|
|•||U.S. federal regulation of marketing practices: TSR, DNC, CAN-SPAM, TCPA and JFPA|
|•||U.S. state data breach notification and select state laws|
|•||Regulation of privacy in the U.S. workplace: FCRA, EPP, ADA and ECPA plus best practices for privacy and background screening, employee testing, workplace monitoring, employee investigation and termination of employment|
To become CIPP/US-certified, you must successfully complete the Certification Foundation examination before or after the CIPP/US exam.
|•||Chief Privacy Officers (CPOs) and other senior information management professionals who serve a U.S.-based corporate organization or a global multinational with business or policy interests in the U.S.|
|•||U.S. corporate privacy managers, legal compliance officers and risk managers|
|•||Staff members who serve or support a privacy or compliance team and who need to achieve a consistent level of privacy education|
|•||Intermediate-level privacy professionals and entry-level candidates who are transitioning from non-privacy roles inside U.S. corporate organizations or who are entirely new to the privacy profession|
|•||Information management professionals in the U.S. financial services, healthcare or telecommunications industries who seek to broaden their expertise into a general information privacy scope|
|•||Information security professionals (CISO, CISSP)|
|•||Information auditing and IT governance professionals (CISA, CISM)|
The IAPP developed the CIPP/US program in coordination with the Ponemon Institute, a top privacy research firm as well as corporate privacy leaders from Hewlett-Packard Company, Microsoft Corporation, Nationwide Insurance Company, Procter & Gamble, General Electric, Walt Disney Company, eBay, Intuit, Privacy and Information Management Services P.C. and Corporate Privacy Group. The CIPP/US was made possible through the generous underwriting support of HP and Microsoft.
Each certification candidate must become an IAPP member prior to testing. Membership provides access to the world’s largest community of privacy professionals, including valuable educational resources and networking opportunities. A variety of annual membership levels are available. Learn more about the benefits of IAPP membership.
The Certification Foundation exam is required for all first-time certification candidates. It assesses understanding of fundamental concepts of privacy and data protection and covers common privacy principles and approaches, global data protection models, information security controls and online privacy protections. These practice areas are relevant to all privacy professionals regardless of legal jurisdiction, geographic location or practice specialization.
Candidates must also pass the CIPP/US designation exam. The CIPP/US exam layers over the Certification Foundation Exam, resulting in CIPP/US certification.
Privacy certification is an important career effort that requires advance preparation. Choosing how you will prepare for your privacy certification exams is a personal choice that should include an assessment of your professional background, scope of privacy knowledge and your preferred method of learning. In general, the IAPP recommends that candidates plan for a minimum of 20 hours of study time in advance of each exam; however, you might need more or fewer hours depending on your personal choices and professional experience.
The way in which you choose to prepare for your exams should be based on your level of familiarity with the exam content and your preferred learning style.
The IAPP strongly recommends that you prepare in the following manner:
The bodies of knowledge are comprehensive outlines of the subject matter areas covered by the both the Certification Foundation and the CIPP/US exams; the exam blueprints specify the approximate number of items on the examinations in each area of the bodies of knowledge.
CIPP/US Body of Knowledge (pdf 1MB)
Certification Foundation Textbook:
Foundations of Information Privacy and Data Protection: A Survey of Global Concepts, Laws and Practices
U.S. Private-sector Privacy: Law and Practice for Information Privacy Professionals
The Information Privacy Case Book: A Global Survey of Privacy and Security Enforcement Actions with Recommendations for Reducing Risk
The IAPP offers both in-person certification prep classes and online training to help you prepare for your Foundation and CIPP/US exams.
IAPP certification prep classes are offered at IAPP conferences, in conjunction with industry events in select cities throughout the year. You are not required to attend the IAPP conference in order to attend the Certification Prep class. All certification prep classes include an accompanying coursebook. See a list of upcoming Certification Prep classes.
Online training for the Certification Foundation and CIPP/US is currently available. It is recommended as a complement to a certification prep class, or an alternative training method if you are not able to attend a class. The training coursebooks are downloadable from online training.
CIPP practice tests are a great way to gain familiarity with the format and content of the actual designation exams. Each practice test includes suggestions for use, a sample answer sheet, questions, answer key and an explanation of each correct answer.
Privacy Enforcement Case Studies Guide (pdf 3MB) excerpted from The IAPP Information Privacy Case Book: A Global Survey of Privacy and Security Enforcement Actions with Recommendations for Reducing Risk by Margaret P. Eisenhauer, Esq., CIPP/US
Candidates for CIPP/US certification must pass both the Certification Foundation and the CIPP/US exams. Partial completion will result in no certification being awarded until such time that all requirements are met.
Note: Existing CIPP holders who are seeking an additional credential are exempted from the Foundation testing requirement.
The Certification Foundation exam is a 90-minute, 90-item, objective test.
The Foundation exam is composed of 90 multiple choice items. There are no essay questions. Each correct answer is worth one point.
It is important to note that Certification Foundation is not itself an IAPP certification; you must pass both the Certification Foundation and the CIPP/US exam to achieve certification.
Please note that on March 7, 2014, The Certification Foundation exam will become a 100-minute, 105 item objective test. The test will include 90 scored items and 15 non-scored trial items. If you plan to schedule your exam on or after that date, please make sure to take into account the new length of the exam.
The CIPP/US is a 70-minute, 60-item, objective test covering the following general topics:
I. The U.S. Privacy Environment
II. Limits on Private Sector Collection and Use of Data
III. Government and Court Access to Private-sector Information
IV. Workplace Privacy
V. State Privacy Laws
The CIPP/US exam is comprised of 60 multiple choice items. Ten of the multiple choice items are associated with scenarios. There are no essay questions. Each correct answer is worth one point.
Please note that on March 7, 2014, the CIPP/US exam will become an 80-minute, 72-item objective test. The test will include 60 scored items and 12 non-scored trial items. If you plan to schedule your exam on or after that date, please make sure to take into account the new length of the exam.
Congratulations on your decision to pursue the CIPP/US! Get started on the road to certification now by selecting and purchasing the items you will need to successfully prepare for and achieve your CIPP/US designation.
Purchase items a la carte below or order everything you need to become CIPP/US-certified in one convenient package.
Available IAPP memberships (select one):
Open to privacy professionals.
Reserved for city, state or federal employees.
Reserved for employees of non-profit organizations.
Reserved for employees of accredited institutions.
Reserved for full-time students at accredited institutions.
|Foundations of Information Privacy and Data Protection: A Survey of Global Concepts, Laws and Practices||$65|
|U.S. Private-sector Privacy: Law and Practice for Information Privacy Professionals||$65|
|The Information Privacy Case Book: A Global Survey of Privacy and Security Enforcement Actions with Recommendations for Reducing Risk
NEW! Prep classes featuring in-person instruction by IAPP Professional Privacy Faculty are now available in cities around the world. See a complete prep class schedule now.
|Certification Foundation Online Training||$425|
|CIPP/US Online Training||$525|
|In-person training is available at IAPP conferences and select industry events. Separate registration is required. See available training events now.
|Certification Foundation Practice Test||$25|
|CIPP/US Practice Test||$25|
|Certification Foundation Exam||$275|