About the CIPP/US Certification, How to Study for It, and Reference List
by John Bandler
Let's learn about the CIPP/US privacy certification, how to study for it, and provide some important resources. CIPP/US stands for Certified Information Privacy Professional, United States and focuses on US privacy law and practice. The certification is administered by the International Association of Privacy Professionals (IAPP). I have created an online course to help people learn about privacy and prepare for this certification exam. Anyone interested in privacy, cybersecurity or law can find helpful information below (even if you do not pursue the certification or attend my course).
If you have decided to study for and take the CIPP/US certification, then I suggest that your goal should be:
- Learn the material well enough to pass the test easily and remember it long after you passed the test
- Earn the certification by passing the test
- After you have earned the certification, use your learning to continually demonstrate to yourself and others that this learning and certification has improved you professionally.
Alternatively, maybe you have decided to learn more about privacy in the United States without pursuing the CIPP/US certification, then these materials are a helpful guide. Review the substantive information and references below relating to privacy and the CIPP/US body of knowledge.
Privacy has growing importance in all of our professional and personal lives, and is the subject of increasing law and regulation. Privacy is not an isolated field, but overlaps with many others (including cybersecurity, compliance, information governance, organization management) and is a pressing societal issue.
About the IAPP
The IAPP is a non-profit organization based in New Hampshire and with global reach. According to their website, they are the largest and most comprehensive global information privacy community and resource. In addition to their CIPP/US certification, they offer CIPP certifications for other regions and more specific privacy certifications including Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT), and CIPP/EU focusing on EU privacy law.
You can join the IAPP and maintain your membership for an annual fee of $275. I recommend this if you are pursuing one of their certifications or if you are interested in a career path involving privacy. I find their materials to be of high quality and well organized, and they seem to be the leader in privacy. Student memberships are $50.
About the CIPP/US certification
A CIPP/US certification is well suited for anyone desiring to learn and demonstrate their knowledge regarding US privacy law and practice. To earn the certification, one needs to study the materials, take and pass the test (which costs money), and also pay a certification maintenance fee. That is the basics and you should also read and follow their other rules and guidance as laid out in the Candidate Handbook and elsewhere. As IAPP points out, their certification is accredited and designed to “assess professional competence and experience”.
Exam topics and materials
The exam topics are laid out in IAPP documents including their “Body of Knowledge”, “Exam Blueprint”, and their list of references. Essentially, the main topics tested are:
- Introduction to the U.S. Privacy Environment
- Limits on Private-sector Collection and Use of Data
- Government and Court Access to Private-sector Information
- Workplace Privacy
- State Privacy Laws
CIPP/US materials from IAPP are well organized, and are listed and linked to below. Given my background in law I found the certification exam to be relatively straightforward, though for many non lawyers it could be more of a challenge. I enjoy explaining law to non-lawyers and think my course lays it out well.
There is never a perfect time in life to take a certification test. So if you have decided to pursue this certification, you might as well get the test scheduled and give yourself a deadline and start studying.
The exam costs $550 (last I checked) and is taken at a Pearson VUE testing center or remotely in the comfort of your home or office (Pearson OnVUE).
The test is 90 multiple choice questions, each with four possible answers, and you have 2.5 hours to complete the test. Only 75 questions are scored, meaning that 15 of the questions (20%) are not scored as they are experimental or to gain insights for quality control for this and future tests. Each question you answer correctly is worth one point and there are no penalties for wrong answers. The Exam Blueprint lays out approximately how many questions you will see on the various topics. Some of the questions are scenario based, where you need to read a passage and then answer questions based on the facts presented. It is helpful to be able to spot the issues and determine what information is relevant for the questions, and what can be discounted.
My other articles have tips on how to study and learn, and how to take an exam. In sum, put in honest and continual effort to learn the materials well, relax, and pass the test (the first time). Then you will retain the knowledge to help you in your career.
After you pass
Once you have earned your IAPP certification, you need to pay to maintain it. You can do this by being a member of IAPP for $275 annually, which will include the certification maintenance fee and provide many other benefits. If you are not an IAPP member, you will need to pay a certification maintenance fee of $250 for 2 years. Again, I recommend joining IAPP and maintaining your membership.
After earning your CIPP/US certification, you will also have to earn continuing professional education (CPE) credits and then remember to enter them into the IAPP portal regularly. CPEs need to be entered within three months, after which you cannot get credit for them. Stay on top of this!
My course at Infosec Skills
I created a CIPP/US study course which is available at the InfoSec Institute, a respected and leading online educational provider. I think it came out great with a lot of helpful content. I cover all of the CIPP/US body of knowledge, plus additional information to help you understand law, improve your learning, studying, and exam taking skills, practical advice and a practical exercise (if you choose to do it). My course also includes over 200 practice questions. These CIPP/US sample questions will help reinforce your learning.
My personal coupon code at Infosec Skills
I have a personal coupon code for Infosec Skills which provides a 50% discount for any subscription purchase (monthly or yearly) which gives you access to their entire learning library (including my course). The code is Bandler50 and you can learn more about how that works here.
My mini course for lawyers and law students
Coming soon (someday?) is a mini-course for lawyers and law students.
Details to follow.
Conclusion and disclaimer
The CIPP/US is an excellent certification from an excellent organization, and studying for it will give you an excellent foundation in law and privacy (and cybersecurity).
I have simplified things greatly and left out many details. Remember that the IAPP is the main and final authority on their certification. Be sure to read the IAPP materials listed and linked to below, and consider that my list may not be complete or could become out of date. That means check the IAPP website and read their materials.
Of course I receive some compensation for the course I created, and I would not have developed this course if I didn't already have a favorable view.
Reference list: Sources and additional reading
- Trial my course for free. Create a free account, log in and view my course at Infosec Inc. through this link to https://app.infosecinstitute.com/portal/skills/path/6155. You can start a free 7-day trial to test drive my course and others on the platform. The InfoSec Institute is a leading online information security education provider. My discount code is BANDLER50.
- View course information at Infosec Inc. at https://www.infosecinstitute.
- View my author page at Infosec Inc. at https://www.infosecinstitute.
- Learn more about my personal discount code for fifty percent off and how it works
John Bandler’s Articles & Work
- About my 50% off coupon code Bandler50
- John Bandler's CIPP/US certification preparation course at the InfoSec Institute, a respected provider of educational content. Create a free account, log in and view my course through this link https://app.infosecinstitute.com/portal/skills/path/6155. You can start a free 7-day trial to test drive my course and others on the platform.
- How to Learn and Study, https://johnbandler.com/how-to-learn-and-study/
- How to Take an Exam, https://johnbandler.com/how-to-take-an-exam
- Certifications and Improving Your Knowledge and Credentials Relating to Technology, Cybersecurity, and More, https://johnbandler.com/certifications-improve-knowledge-credentials-technology-cybersecurity-more/
- Privacy, https://johnbandler.com/privacy/
- Introduction to Law (an outline) https://johnbandler.com/introduction-to-law-outline/
- Cybersecurity Laws and Regulations Part 1, (general legal overview), https://johnbandler.com/cybersecurity-laws-and-regulations-1/
- Cybersecurity Laws and Regulations Part 2, (listing and brief summary of some laws and regulations), https://johnbandler.com/cybersecurity-laws-and-regulations-2/
- Health Sector Laws and Regulations, https://johnbandler.com/health-sector-laws-and-regulations/
- Privacy, You, Your Organization, and the New NIST Privacy Framework, https://johnbandler.com/privacy-and-the-new-nist-privacy-framework/
- Introduction to Cybersecurity, https://johnbandler.com/introduction-cybersecurity-information-security/
- Cybersecurity, Privacy, You, and Your Organization, https://johnbandler.com/cybersecurity-privacy-you-and-your-organization/
- Policies, Procedures, and Governance of an Organization, https://johnbandler.com/policies-procedures-and-governance-of-an-organization/
- Policy Checklist, https://johnbandler.com/policy-checklist/
- Five Components for Policy Work, https://johnbandler.com/five-components-for-policy-work/
- CIPP/US Certification Privacy Law Compilation, https://johnbandler.com/cipp-us-certification-privacy-law-compilation/
- Students, Learning, and Teaching
IAPP articles and references (Check IAPP to ensure you are visiting the most up to date versions)
- IAPP Certification Process, https://iapp.org/certify/certification-process/
- IAPP How to Prepare, https://iapp.org/certify/prepare/
- IAPP Certification, CIPP/US (include link to purchase exam and free resources, which are also listed and linked below), https://iapp.org/certify/get-certified/cippus/
- IAPP CIPP/US Body of Knowledge, U.S. Private-sector Privacy Certification Outline of the Body of Knowledge for the Certified Information Privacy Professional/United States (CIPP/US™), v 2.5. Effective Date: 10/3/2022, https://iapp.org/media/pdf/certification/CIPP_US_BoK_2.5.pdf
- IAPP, CIPP/US Exam Blueprint, U.S. Private-sector Privacy Certification Examination Blueprint for the Certified Information Privacy Professional/United States (CIPP/US™), v 2.5, Effective 10/1/2022, https://iapp.org/media/pdf/certification/CIPP_US_EBP_2.4.1.pdf
- IAPP Glossary of Privacy Terms for CIPP/US https://iapp.org/resources/glossary/group/cippus/ (also see terms from main glossary page, and then you can later use the filter for CIPP/US, https://iapp.org/resources/glossary/ )
- IAPP, CIPP/US Resources list, U.S. Private Sector Privacy Certification Authoritative Resources List, v. 3.2.2 Updated: 10/28/2020, https://iapp.org/media/pdf/certification/CIPP_US_Authoritative_Resource_3.2.2.pdf (Note this is a 2020 update so it will not have recent changes, I am looking for a more current version)
- IAPP Resource center, https://iapp.org/resources/
- IAPP Privacy Certification Candidate Handbook 2023, Version 4.1.0, Effective Date: January 10, 2023, https://iapp.org/media/pdf/certification/IAPP_Privacy_Certification_Candidate_Handbook_4.1.0.pdf
- IAPP CIPP/US Exam Updates effective 9/1/2021, https://iapp.org/media/pdf/certification/IAPP_CERTIFICATION_ExamUpdate_052521_003.pdf
- IAPP CIPP/US free study guide (this is not super helpful, as it is dated 2019, includes the older body of knowledge and older exam blueprint, and has just three sample questions), https://pages.iapp.org/Free-Study-Guides_CIPPUS-FSG-PPC.html
- ** (Book) Peter Swire and DeBrae Kennedy-Mayo, U.S. Private-Sector Privacy, Third Edition, IAPP, 2020. ** Available through the IAPP website and store, see, https://iapp.org/store/books/a191P000003oyb7QAA/ and, https://iapp.org/resources/article/u-s-private-sector-privacy-third-edition/ (IAPP indicates this is “the principal text" for the CIPP/US credential. It is written well and clearly and I recommend it). ** The principal text **
- IAPP Daily Dashboard, https://iapp.org/news/daily-dashboard/
- IAPP home page, https://iapp.org/
- Daniel Solove, Privacy & Security, https://teachprivacy.com/
- IAPP Certification (input CPEs), https://iapp.org/certify/cpe/ (After you earn your certification, do not forget to input your CPE regularly!)
- (Book) Daniel J. Solove and Paul M. Schwartz. Privacy Law Fundamentals – New 2019 Edition. Portsmouth: IAPP Publications, 2019, https://iapp.org/store/books/a191P0000035CivQAE/
This page is hosted at https://johnbandler.com/cipp-us-certification. Copyright John Bandler, all rights reserved. No claim to IAPP materials or legal references.
A copy of this article is also available on Medium at https://johnbandler.medium.com/about-the-cipp-us-certification-and-how-to-study-for-it-9a64de08baa0 (though perhaps not kept as current).
Please notify me of any corrections or updates.
Page posted 7/30/2021. Updated 9/16/2023.