The CIPM is the world’s first and only certification in privacy programme management. When you earn a CIPM, it shows that you know how to make a privacy programme work for your organisation. In other words, you’re the go-to person for day-to-day operations when it comes to data protection
The CIPM program was developed by the International Association of Privacy Professionals (IAPP), which is the world’s largest comprehensive global information privacy community and resource. The CIPM certification also holds accreditation under ISO 17024: 2012.
What will you learn?
The course is broken into ten modules:
Module 1: Introduction to privacy program management
Identifies privacy program management responsibilities, and describes the role of accountability in privacy program management.
Module 2: Privacy governance
Examines considerations for developing and implementing a privacy program, including the position of the privacy function within the organization, role of the DPO, program scope and charter, privacy strategy, support and ongoing involvement of key functions and privacy frameworks.
Module 3: Applicable laws and regulations
Discusses the regulatory environment, common elements across jurisdictions and strategies for aligning compliance with organizational strategy.
Module 4: Data assessments
Relates practical processes for creating and using data inventories/maps, gap analyses, privacy assessments, privacy impact assessments/data protection impact assessments and vendor assessments.
Module 5: Policies
Describes common types of privacy-related policies, outlines components and offers strategies for implementation.
Module 6: Data subject rights
Discusses operational considerations for communicating and ensuring data subject rights, including privacy notice, choice and consent, access and rectification, data portability, and erasure and the right to be forgotten.
Module 7: Training and awareness
Outlines strategies for developing and implementing privacy training and awareness programs.
Module 8: Protecting personal information
Examines a holistic approach to protecting personal information through privacy by design.
Module 9: Data breach incident plans
Provides guidance on planning for and responding to a data security incident or breach.
Module 10: Measuring, monitoring and auditing program performance
Relates common practices for monitoring, measuring, analyzing and auditing privacy program performance.
Who should attend?
Are you GDPR-ready?
The General Data Protection Regulation (GDPR) takes effect in 2018, are you ready for it? Among its mandates is the requirement to appoint a knowledgeable Data Protection Officer (DPO) tasked with monitoring compliance, managing internal data protection activities, training data processing staff, conducting internal audits and more. There’s a lot to know, there’s a lot at stake and there’s a lot of opportunity for data protection professionals with the right training and education.
Achieving a CIPM credential shows that you have a comprehensive knowledge of how data protection programmes should work across an organization. Add a CIPP/E credential and prove that you not only can manage a data protection programme, but you understand the regulations that govern them.
With a CIPM and CIPP/E combined you’ll be uniquely equipped to fulfill the DPO requirements of the GDPR. The CIPP/E relates to the knowledge a DPO must have concerning the European legal framework of the legislation, and the CIPM provides theoretical aspects necessary to lead an organisation’s data protection policy.
It is recommended to read the course materials (Book + Notes) few times before the exam.
MODULE 1: Fundamentals of Information Privacy
Unit 1: Common Principles and Approaches to Privacy
This unit includes a brief discussion of the modern history of privacy, an introduction to types of information,
an overview of information risk management and a summary of modern privacy principles.
Unit 2: Jurisdiction and Industries
This unit introduces the major privacy models employed around the globe and provides an overview of privacy
and data protection regulation by jurisdictions and industry sectors.
Unit 3: Information Security: Safeguarding Personal Information
This unit presents introductions to information security, including definitions, elements, standards and
threats/vulnerabilities, as well as introductions to information security management and governance, including
frameworks, controls, cryptography and identity and access management (IAM).
Unit 4: Online Privacy: Using Personal Information on Websites and with Other Internet-related Technologies
This unit examines the web as a platform, as well as privacy considerations for sensitive online information,
including policies and notices, access, security, authentication and data collection. Additional topics include
children’s online privacy, email, searches, online marketing and advertising, social media, online assurance, cloud
computing and mobile devices.
MODULE 2: Privacy Management
This programme is broken into two segments: the first illustrates important practices in managing privacy, and
the second is an interactive format in which participants apply these practices to a real-world scenario.
Unit 1: Privacy Programme Governance
This unit reveals how to create a privacy programme at an organisational level, develop and implement a
framework and establish metrics to measure programme effectiveness. Topics include: creating a company
vision for its privacy programme; establishing a privacy programme that aligns to the business; structuring the
privacy team; developing organisational privacy policies, standards and guidelines; defining privacy programme
activities; and defining programme metrics.
Unit 2: Privacy Operational Life Cycle
This substantial unit reviews privacy programme practices employed throughout the privacy life cycle—assess,
protect, sustain and respond. Topics include: documenting the privacy baseline of the organisation; data
processors and third-party vendor assessments; physical assessments; mergers, acquisitions and divestitures;
privacy threshold analysis; privacy impact assessments; information security practices; Privacy by Design;
integrating privacy requirements across the organisation; auditing your privacy programme; creating awareness
of the organisation’s privacy programme; compliance monitoring; handling information requests; and handling