Part 1 of my CIPP/US Privacy Materials

John Bandler’s CIPP/US and US Privacy Learning Part 1

About the CIPP/US Certification, How to Study for It, Overall Reference List, Intro to Law and Privacy

by John Bandler

This is Part 1 of my U.S. Privacy and CIPP/US and privacy learning materials.

Here we cover some basics on CIPP/US, the IAPP, learning, studying, exam taking, introductory information on law and privacy, IAPP links and references for the CIPP/US exam and privacy.

This article is adapted from my longstanding main CIPP/US page, which served well for over five years, but now I am reorganizing my CIPP/US materials.

Please excuse some construction disruption as I revamp my webpages and update my CIPP/US privacy study courses.

To navigate John's CIPP/US pages

1. Introduction

Let's learn about the CIPP/US privacy certification, how to study for it, and provide some important resources. CIPP/US stands for Certified Information Privacy Professional, United States and focuses on US privacy law and practice. The certification is administered by the International Association of Privacy Professionals (IAPP).

The information on this page is helpful for anyone considering or pursuing the CIPP/US certification, and for anyone interested in privacy, cybersecurity or law (even if you do not pursue the certification or attend my course).

I have also created online courses to help people learn about privacy and prepare for this certification exam.John Bandler’s CIPP US course at Udemy. Check for coupon codes and don’t overpay. Udemy does dynamic pricing.

2. Your goal

Learning and understanding privacy and law should be your first goal, regardless of why you are studying these materials.

If you have decided to study for and take the CIPP/US certification, then I suggest that your goals should include:

  • Learn the material well enough to pass the test easily and remember it long after you passed the test
  • Earn the certification by passing the test
  • After you have earned the certification, use your learning to continually demonstrate to yourself and others that this learning and certification has improved you professionally.

Whether you are pursuing the CIPP/US certification or not, these materials are a helpful guide for U.S. privacy law, and start with an introducton to law.

Privacy has growing importance in all of our professional and personal lives, and is the subject of increasing law and regulation. Privacy is not an isolated field, but overlaps with many others (including cybersecurity, compliance, information governance, organization management) and is a pressing societal issue.

Further, law is not just for lawyers. Every citizen and resident of the U.S. should know something about law and our legal system.

3. Learning

I offer resources on learning, including in articles, videos, and my Cyberlaw book (2025) Chapter 3. See my articles on How to Learn and Study, and How to Take and Exam (links at bottom).

If you want solid information on learning, studying, and understanding, and are willing to put in honest effort, my resources and materials are for you.

There are some things I do not promise nor provide. If you are looking for an easy fix, for hype, magic solutions, overboard promises and guarantees, improper promises of unethically pilfered exam questions, I am not for you, you will need to look to someone else.

4. About the IAPP

The IAPP is a non-profit organization based in New Hampshire and with global reach. According to their website, they are the largest and most comprehensive global information privacy community and resource. In addition to their CIPP/US certification, they offer CIPP certifications for other regions and more specific privacy certifications including Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT), and CIPP/EU focusing on EU privacy law.

You can join the IAPP and maintain your membership for an annual fee of $275. I recommend this if you are pursuing one of their certifications or if you are interested in a career path involving privacy. I find their materials to be of high quality and well organized, and they seem to be the leader in privacy. Student memberships are $50.

5. About the CIPP/US certification

A CIPP/US certification is well suited for anyone desiring to learn and demonstrate their knowledge regarding US privacy law and practice. For those with a technical background, it helps motivate to broaden horizons to learn law. For those with a law background, it has some technical aspects plus a privacy and cybersecurity law focus.

To earn the certification, one needs to study the materials, take and pass the test (which costs money), and be prepared to pay certification maintenance fees and obtain continuing education credits.

That is the basics and you should also read and follow their other rules and guidance as laid out in the Candidate Handbook and elsewhere. As IAPP points out, their certification is accredited and designed to “assess professional competence and experience” and updated body of knowledge emphasizes "understanding".

5.1 Exam topics and materials

The CIPP/US exam topics are laid out in IAPP documents including their CIPP/US “Body of Knowledge” (BoK). (They used to have a separate “Exam Blueprint” and a list of references, but that blueprint has been folded into their updated BoK, and they rely on the IAPP privacy coursebook. Essentially, the main topics tested are:

    1. Introduction to the U.S. Privacy Environment
    2. Federal Privacy Laws (includes cybersecurity laws too, was formerly called: Limits on Private-sector Collection and Use of Data, but BoK has not changed too much)
    3. Government and Court Access to Private-sector Information
    4. Workplace Privacy
    5. State Privacy Laws (includes cybersecurity and data breach notification laws too)

CIPP/US materials from IAPP are well organized, and are listed and linked to below. Given my background in law I found the certification exam to be relatively straightforward, though for many non lawyers it could be more of a challenge. I enjoy explaining law to non-lawyers (and infosec to lawyers) and think my course lays it out well.

5.2 The test

There is never a perfect time in life to take a certification test. So if you have decided to pursue this certification, you might as well get the test scheduled and give yourself a deadline and start studying.

The exam costs $550 (last I checked) and is taken at a Pearson VUE testing center or remotely in the comfort of your home or office (Pearson OnVUE).

The test is 90 multiple choice questions, each with four possible answers, and you have 2.5 hours to complete the test. Only 75 questions are scored, meaning that 15 of the questions (20%) are not scored as they are experimental or to gain insights for quality control for this and future tests. Each question you answer correctly is worth one point and there are no penalties for wrong answers. The Exam Blueprint lays out approximately how many questions you will see on the various topics. Some of the questions are scenario based, where you need to read a passage and then answer questions based on the facts presented. It is helpful to be able to spot the issues and determine what information is relevant for the questions, and what can be discounted.

My other articles have tips on how to study and learn, and how to take an exam. In sum, put in honest and continual effort to learn the materials well, relax, and pass the test (the first time). Then you will retain the knowledge to help you in your career.

5.3 After you pass

Once you have earned your IAPP certification, you need to pay to maintain it and obtain continuing education credits.

You can pay to maintain your certification by being a member of IAPP for $275 annually, which will include the certification maintenance fee and provide many other benefits. If you are not an IAPP member, you will need to pay a certification maintenance fee of $250 for 2 years. Again, I recommend joining IAPP and maintaining your membership.

After earning your CIPP/US certification, you will also have to earn continuing professional education (CPE) credits and then remember to enter them into the IAPP portal regularly. CPEs need to be entered within three months, after which you cannot get credit for them. Stay on top of this!

6. CIPP/US exam updates (in general)

The exam is updated periodically and my materials may not be 100% up to date (check the IAPP site).

Over the years I have tracked the changes, they are often very minor. My materials aim to cover the most important priority materials, and I find those generally stay very consistent over the years. In my courses I cover the priority items, and those priority items remain consistent over the years.

For my online courses it would be impossible to cover every detail in the body of knowledge, that would take over a hundred hours -- painful to create and listen to. That's why I cover the priority basics in the time we have together, then I provide these resources, and you can consult the other resources. The rest is up to you, you've got this.

I am currently updating my courses to reflect the newer coursebook edition (4th editing) and newest Body of Knowledge (see next).

Also, I cannot guarantee to update this website or my materials continuously or in perpetuity.

7. My 2026 updates (in progress, not yet live)

Here's some initial comments about my 2026 updates:

  • The core of the body of knowledge (BoK) from IAPP for CIPP/US remains the same and consistent. Learners should focus on this solid core, and that's what my courses focus on.
  • There have been developments in privacy and privacy law (obviously) which are reflected in the BoK and updated coursebook.
  • Cosmetic changes to body of knowledge.
  • Increased emphasis upon understanding (not just memorizing/regurgitating) which my courses already incorporated.
  • Little changes here and there.
  • More notes on my updates to follow.

8. Disclosures and disclaimers

First, no certification is going to change your life - even if some marketing suggests otherwise - so be realistic. Still, the CIPP/US is an excellent certification from an excellent organization, and studying for it will give you an excellent foundation in law and privacy (and cybersecurity). I like the challenge and motivation of studying for certifications, and have enjoyed the knowledge I have gained. The certification gives you something that another candidate might not have. See my article on certifications for more on them.

I would not have developed courses and materials for this certification if I didn't already have a favorable view of the certification and materials it covers.

In this article, I have simplified things greatly and left out many details. Remember that the IAPP is the main and final authority on their certification. Be sure to read the IAPP materials listed and linked to below, and consider that my list may not be complete or could become out of date. That means check the IAPP website and read their materials.

Of course I receive some compensation for creating courses for other platforms, and instructors like me get paid for courses they put on the Udemy platform.

9. My courses

I have created two online courses to help people learn about privacy and prepare for this certification exam.

If you are a "techie" (working in or wanting to work in information technology or cybersecurity), this is a great cert to get because it provides and demonstrates that you have a foundation in many of the important laws surrounding tech (privacy, cybersecurity, data breach notification).

If you are a lawyer (or in law school) this is great cert because it should be pretty simple for you to study and pass it, and it gives you additional knowledge and credential, and demonstrates knowledge in a particular area of law (privacy, cybersecurity, data breach notification) plus a small trace of tech knowledge.

10. References and additional reading (Overall references for CIPP/US and specific for John's Part 1)

10.1 My online courses and about them

My online courses have the first level of prioritized knowledge and tips, with accompanying resources and references.

10.2 CIPP/US primary references **

10.3 IAPP fuller references for CIPP/US preparation

10.3.1 IAPP historical - old enough to be obsolete

  • This same BoK and Exam Blueprint document (version 2.6.1 effective 9/1/2025, Approved 3/3/2025) is available with a slightly different cover design (but same version, same approval and revision dates) at https://assets.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt5ce0594463e20917/IAPP_Training-CIPPUS_BOK.pdf (appear to be identical, need to double check)
  • BOK/Exam blueprint note
    • IAPP combined two documents into one, which will ease my future updates. Here are the old below until I fully compare the recent changes. First review indicates minimal substantive changes, just substantial cosmetic changes. Historically, the changes are quite minimal, so learners want to keep their focus on the solid basics, which I emphasize.
    • OLD: IAPP CIPP/US Body of Knowledge v 2.6 (effective 9/2024), U.S. Private-sector Privacy Certification Outline of the Body of Knowledge for the Certified Information Privacy Professional/United States (CIPP/US™), v 2.6 Effective Date: 9/2/2024, https://iapp.org/media/pdf/certification/CIPP_US_BoK_2.6_UpdatedCover_FINAL.pdf
    • OLD: IAPP, CIPP/US Exam Blueprint v 2.43 (effective 9/2024), U.S. Private-sector Privacy Certification Examination Blueprint for the Certified Information Privacy Professional/United States (CIPP/US™), v 2.4.3, Effective 9/2/2024, https://iapp.org/media/pdf/certification/CIPP_US_EBP_2.4.3_UpdatedCover_FINAL.pdf
  • IAPP, CIPP/US Authoritative Resources list (2020), U.S. Private Sector Privacy Certification Authoritative Resources List, v. 3.2.2 Updated: 10/28/2020, https://iapp.org/media/pdf/certification/CIPP_US_Authoritative_Resource_3.2.2.pdf (note that this appears not to be linked to within their site and may be deprecated. Whatever the evolution of the CIPP/US body of knowledge, this helps show how broad it is, and how important to coursebook is)
  • Discontinued separate resources: IAPP, CIPP/US Exam Blueprint, (No longer a separate document, combined into Body of Knowledge document)

10.4 John Bandler’s Articles & Work

10.4.1 Helpful for now, at the introductory level

10.4.2 More details, as you dig in later

This page is hosted at https://johnbandler.com/cippus/part1. Copyright John Bandler, all rights reserved. No claim to IAPP materials or legal references.

Page posted 3/9/2026, based on the page I created in 2021 and evolved over the years, About the CIPP/US, about IAPP, privacy and law basics, studying. https://johnbandler.com/cipp-us-certification/ (page became too large).

This page updated 04/12/2026.