|IT Professionals' Comprehension Improvement as a Result of the CIPP/IT:|
|23% increase in ability to identify reportable privacy incidents|
|28% increase in comprehension of privacy-regulated data and ability to properly classify data types|
When the IAPP launched the Certified Information Privacy Professional/Information Technology (CIPP/IT) certification in 2010, it needed to demonstrate its value not only to its membership—privacy professionals—but also to IT professionals. The IAPP partnered with retail giant Walmart to launch a pilot program to gather meaningful data on how the CIPP/IT could help increase comprehension of and engagement with privacy issues for the IT profession.
Assess Privacy Knowledge Before and After the CIPP/IT
Knowing there is a critical link between mitigating privacy risk and extending privacy knowledge to IT professionals within an organization, the IAPP developed the CIPP/IT, a privacy certification targeted to IT professionals. To demonstrate the value of the CIPP/IT, the IAPP partnered with Zoe Strickland, CIPP/US, CIPP/G, CIPP/IT, Walmart’s chief privacy officer, to launch a pilot program to assess Walmart IT employees’ knowledge of privacy before and after the CIPP/IT training and exam.
On-site Training and Testing of IT Professionals
The IAPP worked closely with Strickland to develop a survey that would effectively measure the specific and unique practices at Walmart. The survey measured knowledge of data classification, what constitutes a privacy incident, and the number of hours spent working on privacy per person, per month.
An IAPP trainer traveled to Walmart headquarters to deliver in-person training to 28 employees in the IT department, followed by the CIPP/IT exam. A follow up survey was conducted several months later to assess whether the training and testing had any effect in the same areas. Additionally, Strickland kept a log to track how often employees elevated privacy inquiries versus handling them on their own.
Significant Improvement in IT Pros’ Privacy Knowledge
When asked if they could point to any insights gained from their participation in the training and exam, participants’ responses included:
“I found that by preparing for the CIPP/IT certification I was able to develop an appreciation and a level of awareness for privacy that I didn’t have before. I believe this awareness will allow me to think broader and consider impacts beyond the immediate solutions.”
“I have a heightened awareness regarding PII. Asking for e-mail, phone, name, etc. is done unnecessarily and without need sometimes.”
“It helps us better prioritize efforts on remediation of outstanding regulatory or security audit findings.”
The overall feedback was positive, and participants were appreciative of the additional knowledge and the recognition they gained through the CIPP/IT designation.