Certified Information Privacy Professional and Technologist (CIPP/US, CIPT) Prep Course



In this course, you will gain foundational knowledge on concepts of privacy and data protection laws and practice. You will learn common principles and approaches to privacy as well as understand the major privacy models employed around the globe. An introduction to information security concepts and information security management and governance will be covered including frameworks, controls, and identity and access management. You will also learn about online privacy as it relates to using personal information on websites and other Internet-related technologies.

The structure of US law, the enforcement of US privacy and security laws, and information management from a US perspective will be discussed as well as the limitations on private-sector collection and usage of data. This course will also provide an introduction to workplace privacy considerations and US state laws related to marketing, financial data, data security and breach notification.

You will learn the need and importance for privacy in the IT environment with impacts such as regulatory activities, security threats, advances in technology and the proliferation of social networks. This course will provide an introduction to privacy laws, regulations, and standards impacting privacy in IT and the risks inherent in the IT environment. You will also learn about the importance of personally identifiable information and methods for ensuring its protection.

This three-day program covering the principals of information privacy and privacy technology in the US private-sector includes:

  • Official IAPP CIPP and CIPT participant guides
  • Official IAPP CIPP textbook and CIPT textbooks ('Introduction to IT Privacy' and 'Privacy in Technology')
  • Official IAPP CIPP and CIPT practice tests
  • IAPP CIPP/US and CIPT certification exam vouchers
  • IAPP membership for one year

Note: Your contact information must be provided to the IAPP and will be used by IAPP for membership services fulfillment in accordance with IAPP's policies.


  • Individuals who need a foundational understanding of information privacy and data protection in an IT environment
  • Anyone interested in pursuing CIPP/US and CIPT certifications

Learning Objectives

  • Common principles and approaches to privacy
  • Jurisdictions and industries
  • Safeguarding personal information
  • Online privacy
  • US privacy environment
  • Private-sector collection and data usage limitations
  • Workplace privacy
  • State privacy laws
  • Regulations and standards impacting privacy in IT
  • Privacy in systems and applications
  • Online privacy issues
  • De-identifying and anonymizing personally identifiable information
  • Cloud computing

Fundamentals of Information Privacy:

1. Common Principles and Approaches to Privacy

  • Modern History of Privacy
  • Types of Information
  • Risk Management Overview
  • Modern Privacy Principles

2. Jurisdictions and Industries

  • Major Privacy Models around the Globe
  • Privacy Regulation by Jurisdictions
  • Privacy Regulation by Industry Sectors

3. Information Security: Safeguarding Personal Information

  • Information Security
    • Definitions
    • Elements
    • Standards
    • Threats and Vulnerabilities
  • Information Security Management and Governance
    • Frameworks
    • Controls
    • Cryptography
    • Identity and Access Management (IAM)

4. Online Privacy: Using Personal Information and Websites and other Internet-Related Technologies

  • Privacy Considerations for Sensitive Online Information
    • Notices
    • Access
    • Security
    • Authentication Identification
    • Data Collection
  • Additional Online Privacy
    • Children's Online Privacy
    • Online Data Collection
    • Email
    • Searches
    • Online Marketing and Advertising
    • Social Media
    • Online Assurance
    • Cloud Computing
    • Mobile Devices

United States Private Sector:

5. US Privacy Environment

  • US Law Structure
  • Enforcement of US Privacy and Security Laws
  • Information Management from a US Perspective

6. Limits on Private-Sector Collection and Use of Data

  • Sector Limits
    • Medical
    • Financial
    • Education
    • Telecommunications
    • Marketing
  • Cross-Sector Privacy Protection by the Federal Trade Commission

7. Government and Court Access to Private-Sector Information

  • Privacy Law and Practice
    • Law Enforcement
    • National Security
    • Civil Litigation

8. Workplace Privacy

  • Workplace Privacy
  • Detailed Privacy Considerations
    • Employment: Before, During, and After
    • Background Checks
    • Employee Monitoring
    • Employee Misconduct Investigation
    • Termination of Employment Relationship

9. State Privacy Laws

  • Marketing
  • Financial Data
  • Data Security
  • Breach Notification
    • Marketing
    • Financial Data
    • Data Security
    • Breach Notification
  • Privacy Technologist

10. The Need for Privacy in the IT Environment

  • IT Department Impacts
    • Regulatory Activities
    • Security Threats
    • Advances in Technology
    • Proliferation of Social Networks

11. Core Privacy Concepts

  • Attainable Privacy Compliance
    • Information Lifecycle Plans
    • Data Identification and Classification Systems
    • Data Flow Diagrams

12. Regulations and Standards

  • Privacy Laws, Regulations and Standards

13. Privacy in Systems and Applications

  • Risks Inherent in the IT Environment
  • Addressing Risks

14. De-Identifying and Anonymizing Personally Identification Information

15. Cloud Computing

  • Privacy and Security Concerns with Cloud Services

16. Standards of Use

17. Privacy Program Governance

  • Create a Privacy Program
    • Company Vision
    • Alignment to the Business
    • Structure a Privacy Team
  • Develop and Implement a Framework
    • Organizational Privacy Policies
    • Standards and Guidelines
  • Establish Metrics to Measure Program Effectiveness
    • Define Program Activities
    • Define Program Metrics

18. Privacy Operational Life Cycle

  • Assess
    • Document Privacy Baseline
    • Data Processors and Third Party Vendor Assessments
    • Physical Assessments
    • Mergers, Acquisitions, and Divestures
    • Privacy Threshold Analysis
    • Privacy Impact Assessments
    • Information Security Practices
  • Protect
    • Privacy by Design
    • Integrating Privacy Requirements Across the Organization
  • Sustain
    • Auditing a Privacy Program
    • Creating Awareness
    • Compliance Monitoring
  • Respond
    • Handling Information Requests
    • Handling Privacy Incidents