IAPP Certified Information
Privacy Technologist (CIPT)

Organisations that employ IT professionals who hold the CIPT are more able to implement the strategies, policies, processes, and techniques required to manage cybersecurity risks while enabling reasonable personal data use for business purposes.

IAPP Certified Information Privacy Technologists will learn:

• Privacy concepts, strategies and techniques relating to IT
• About consumer privacy expectations
• How to build privacy-by-design into every stage of the IT products and services lifecycle
• How to setup privacy-preserving data collection and transfer processes
• How to establish privacy-related IT security practices, such as data minimisation, access controls and encryption
• How to evaluate emerging technologies and how to use them while maintaining data privacy
• How to audit IT infrastructure
• How to communicate technical privacy issues to colleagues, partners, and customers outside of IT and collaborate with them to produce solutions

Who should attend the IAPP Certified Information Privacy Technologist?

• Data Protection Officers
• Privacy Engineers, Developers
• CIO, CTO & CISO
• Director of Information Systems, Technology
• IT Managers
• Data Scientists, Analysts, Architects
• Systems Administrators, Developers, Engineers
• Software Engineers, Designers
• Programmers
• Test Managers & QA Engineers
• Information Security Managers, Professionals
• IT & Infosec Auditors
• Ethical Hackers & Forensics Investigators
• Business Continuity Managers
• Risk Managers
• Website Developers & UX/UI Designers
• Digital SEO & SEM Managers
• Game Developers
• Project Managers
• Product Managers
• Service Support Desk Technicians
• Records Managers
• Anyone who works in technology acquisition, risk management and compliance

The IAPP have mapped the skills and competencies gained on the CIPT programme to the above roles and more:

• IT Infrastructure Knowledge Map (PDF)
• IT Engineering Knowledge Map (PDF)
• Information Security Knowledge Map (PDF)
• Data Science Knowledge Map (PDF)

Due to its singular focus on privacy technology, the CIPT is complementary to other recognised industry IT qualifications, including those offered by, (ISC2), ISACA, Microsoft, Cisco, CompTIA, GIAC, EC-Council, ITIL IT Service Management, Prince II, Project Management Institute.

This IAPP accredited CIPT course, which is traditionally taught in a classroom setting over 2-days, is now available online. Due to the COVID-19 pandemic, delegates can gain a recognised workplace qualification whether they're working at their desk or from home by attending four x 4 hour live online sessions across four consecutive days.

IAPP CIPT Course Contents

This online is broken into seven modules includes:

Module 1: Foundational Principles in Technology

A summary of the foundational elements for embedding privacy in technology:

• Privacy Risk Models and Frameworks
• Privacy by Design Foundational Principles
• Value Sensitive Design
• The Data Life Cycle

Module 2: The role of the technology professional in privacy

A review of the fundamentals of privacy as they relate to the privacy technologist. In particular, the privacy technologist's role in ensuring compliance with data protection requirements, meeting stakeholder expectations and exploring the relationship between privacy and security.

• Fundamentals of privacy-related IT
• Information Security
• Privacy responsibilities of the IT professionals

Module 3: Privacy threats and violations

Identifies inherent risks throughout the stages of the data life cycle and explores how software security helps mitigate privacy threats. The module also considers the impacts behavioural advertising, cyberbullying, and social engineering have on privacy within the technological environment.

• During Data Collection
• During Use
• During Dissemination
• Intrusion, Decisional Interference and Self Representation
• Software Security

Module 4: Technical measures and privacy-enhancing technologies

A detailed examination of the strategies and techniques used for enhancing privacy throughout the data lifecycle. Includes; identity and access management, authentication, de-identification, encryption, aggregation, along with collection and use of personal information.

• Data Oriented Strategies
• Techniques
• Process Oriented Strategies

Module 5: Privacy engineering

An exploration of the role that privacy engineering plays within an organisation:

• Role of Privacy Engineering in the organisation
• Privacy Engineering Objectives
• Privacy Design Patterns
• Privacy Risks in Software

Module 6: Privacy-by-design methodology

This module focuses on the privacy-by-design methodology and explores practices to ensure ongoing diligence following implementation.

• Privacy by Design Process
• Ongoing Vigilance

Module 7: Technology challenges for privacy

The final module examines the unique challenges that come from online privacy issues, including:

• Automated decision making
• Tracking and surveillance technologies
• Anthropomorphism
• Ubiquitous computing
• Mobile social computing

For more in-depth detail on the areas covered within each of the seven modules, please refer to the official CIPT Body of Knowledge.

The certified information privacy technologist programme was developed by the International Association of Privacy Professionals (IAPP), which is the world’s largest comprehensive global information privacy community and resource.

The CIPT also holds accreditation under ISO 17024: 2012.

IAPP Certified Information Privacy Manager Exam information

IAPP exams have gained a reputation for being difficult to pass. Both Freevacy and the IAPP strongly recommend careful preparation, even for experienced professionals.

The following information about the CIPT examination is an extract from documentation provided to delegates by the IAPP. For the full details please review the IAPP Privacy Certification Candidate Handbook 2023 and the CIPT Examination Blueprint.

Exam Information

IAPP certification programs are designed to differentiate between candidates who do and who do not possess the knowledge required to be considered minimally qualified privacy professionals. All questions are multiple choice with some relating to scenarios. Each question has only one correct answer. Each item (question) consists of a clearly written question (stem), a correct or best response (key) that should be apparent to minimally qualified candidates and three incorrect responses (distractors) that will be plausible to not-minimally qualified candidates. Note that it is each candidate’s responsibility to be prepared for exams by being familiar with all elements of the Bodies of Knowledge.

The candidate is encouraged to read each question carefully. The stem may be in the form of an actual question or an incomplete statement. An exam question may require the candidate to choose the most appropriate answer based on a qualifier, such as MOST likely or BEST.

Scoring

On all IAPP certification exams, each item has equal value and is scored as correct or incorrect. Unanswered items are considered incorrect, and there is no additional penalty for incorrect answers.

Special Accommodations

It is the policy of the IAPP to provide testing accommodations to candidates with qualifying disabilities to ensure each candidate a comparable opportunity for success on exams. We require 30 days notice in order to arrange special accommodations. Please do not schedule an exam until the IAPP approves your request. After exam purchase, submit your request and supporting documentation using the forms provided on the IAPP website.

Exam Languages

All IAPP examinations are administered in English.