What is a CIPP?


A Certified Information Privacy Professional (CIPP) is an individual who has achieved any one of the five IAPP credentials—CIPP/US, CIPP/C, CIPP/E, CIPP/G or CIPP/IT. All CIPPs have demonstrated knowledge of both broad global and specific regional or sectoral concepts of privacy and data protection law and practice.

The broad global concepts are demonstrated by passing the CIPP Certification Foundation examination, which covers the following areas:

  • Common principles and practices
  • Information security
  • Online privacy

Passing the Certification Foundation examination alone does not confer certification, but all CIPPs are required to pass it as a prerequisite to regional or sectoral certification. The Foundation program ensures a basic understanding of the common aspects of privacy and data protection across national borders or regions and across specific sectors or industries.

Knowledge of specific regional or sectoral concepts are demonstrated by passing one or more of the certification designation examinations, which include:

  • U.S. Private-sector (CIPP/US)—The CIPP/US demonstrates a strong foundation in U.S. privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive personal data to/from the U.S., the EU and other jurisdictions
  • Canadian Privacy (CIPP/C)—The CIPP/C demonstrates understanding and application of Canadian information privacy laws, principles and practices at the federal, provincial and territorial levels
  • European Privacy (CIPP/E)—The CIPP/E encompasses pan-European and national data protection laws, the European model for privacy enforcement, key privacy terminology, and practical concepts concerning the protection of personal data and trans-border data flows
  • U.S. Government Privacy (CIPP/G)—The CIPP/G addresses U.S. government privacy laws, regulations and policies specific to government practice as well as those more broadly applicable to the public and private sectors in the U.S.
  • Information Technology (CIPP/IT)—The CIPP/IT demonstrates understanding of privacy and data protection practices in the development, engineering, deployment and auditing of IT products and services