Beruflich Dokumente
Kultur Dokumente
Study Guide
The CIPP is the “what” of privacy. Earning this designation demonstrates your mastery of a principles-based framework in
information privacy in a legal or practical specialization. Within the CIPP, there are five concentrations:
The CIPM is the “how” of privacy. Earning this designation assesses your understanding of the application of common
privacy practices in the daily operations of an organization. There are no concentrations within the CIPM—it crosses all
jurisdictions and industries.
To become certified in any of these areas, you must successfully complete the Certification Foundation examination,
followed by a designation exam (either the CIPM exam or an exam in one of the five CIPP concentrations).
The Certification Foundation exam assesses understanding of fundamental concepts of privacy and data protection. It covers
common practice areas that are relevant to all privacy professionals regardless of legal jurisdiction, geographic location or
practice specialization.
You must pass both the Certification Foundation exam and a designation exam to achieve certification.
Successful completion of just one exam will not result in certification being awarded.
IV. Online Privacy: Using Personal Information on Websites and with Other Internet-related Technologies
• Privacy considerations for sensitive online information, including data subject access and redress, children’s
online privacy, online identification methods, privacy and electronic mail, Internet searches, marketing and
advertising, social media, cloud computing and mobile privacy
In general, the IAPP recommends that you plan for a minimum of 20 hours of study time in advance of your exam date;
however, you might need more or fewer hours depending on your personal choices and professional experience.
The Foundation exam is composed of 90 multiple-choice items. There are no essay questions. Each correct answer is
worth one point.
It is important to note that Certification Foundation is not itself an IAPP certification; you must pass both the
Certification Foundation and a designation exam to achieve certification.
Exam Blueprint
The exam blueprint indicates the minimum and maximum number of questions included on the exam from the major
areas of the body of knowledge. Questions may be asked from any of the topics listed within each area.You can use this
blueprint to guide your studying.
Min Max
I. Common Principles and Approaches to Privacy 31 35
A. Modern history of privacy 1 3
B. Types of information 15 21
Personal information, non-personal information, general and organizational
information, elements of personal information, data processing roles, privacy
policy and notice
C. Information risk management 7 11
Privacy’s impact of organizational risk, information lifecycle principles,
privacy impact assessments
D. Modern privacy principles 3 5
II. Privacy by Jurisdictions and Industries 20 23
A. Jurisdictions 10 13
Global perspectives, Europe, United States, Canada, other jurisdictions
B. Industries 9 11
Healthcare, financial, telecommunications, marketing, human resources,
other industries
3. Which standard web protocol allows for a peer’s identity to be authenticated prior to a connection being made?
A. Secure Sockets Layer.
B. Hypertext Transfer Protocol.
C. Transmission Control Protocol.
D. Internet Protocol.
The IAPP also offers testing via computer-based delivery at test centers worldwide. There are approximately 600 Kryterion
High-stakes Online Secured Testing (HOST) locations around the world where IAPP certification exams are administered.
You can find detailed information about how to register for exams, as well as exam day instructions, on our website at
www.privacyassociation.org/certification.
Questions?
The IAPP recognizes that privacy certification is an important professional development effort requiring commitment and
preparation. We thank you for choosing to pursue certification, and we welcome your questions and comments regarding
our certification program.