IAPP Certification Director Doug Forman and Training Director Marla Berry went live on LinkedIn on October 14th 2020 to answer questions about IAPP Certifications & Training. It was a fantastic Q&A session and we have summarised some key points from the discussion below, including the announcement of a new CIPP/E practice exam coming in 2021! Other highlights include:
- The CIPP/E exam post-Brexit
- CIPT vs CDPSE
- Getting CIPP/A training outside of Asia
- Updates on textbook life cycle for CIPP/E, CIPP/US, CIPP/C and CIPT
Everything below is a summary of the conversation in the video, however, when we have added our own notes, these will appear in a green text box so you know it comes from the team at Privacy Study Group (PSG) and not from the IAPP staff in the video.
COVID-19 has made it an interesting year but they have seen lots of people trying to earn their certifications while working from home. IAPP has also made a pivot to more virtual delivery of content.
While many of their training products are there to support certifications, they have added a stand-alone product targeted to supporting people who need to learn about the California Consumer Privacy Act (CCPA) and this is being updated frequently.
CIPM is becoming very popular globally, even in countries where privacy is just beginning to become a focus for businesses.
The FIP program recognises people who have that excellence in privacy, between the policy knowledge and the operational knowledge. You need certifications as well as experience to obtain this
The exams and training are updated once a year and the September 1st 2020 update reflects the Schrems II decision
Reminder that you can access CIPP/E and CIPM training materials, classes, textbooks and exams in French and German now too.
What certifications do I need to become a Privacy Officer?
This is for DPOs in Europe or CPOs in the US and IAPP recommends the certifications CIPP/E and CIPP/US plus the CIPM. The jurisdictional certifications CIPP/E and CIPP/US help people understand local laws and regulations while the CIPM is a global program which looks at operationalising privacy and how you build a privacy team etc.
They have a program called GDPR Ready which packages up training, membership and exam (combo of CIPP/E and CIPM programs).
CIPP/E Practice Exam
Beyond training and certification, IAPP provides other resources to support DPOs and CPOs, for example, textbooks and sample questions. In early 2021, they will be providing a full CIPP/E practice exam which will be timed, will include 90-100 qs and will reflect the true test-taking experience. The test will include feedback as to why a correct answer is correct and feedback on which domains you are performing better on than others so you can further focus your studies.
They noted it takes a lot of time to create enough questions so they are starting with the CIPP/E practice exam in Q1 (or possibly early Q2) next year with CIPP/US practice exams and CIPM practice exams to follow soon after. Still working on project plans and strategies for those.
|***PSG note*** You don’t have to wait to take a practice test. We have partnered with Privacy-exam.com to give members of our CIPP/E Study Group on Facebook, a 25% discount on their trial exam. Join the group for the discount code and read feedback from the many members who have taken the exam and gone on to pass their certification exam first-time.|
How should I prepare for the exam?
Everyone is coming into the certification process with different experience and education. They recommend 30 hours plus preparation time. There are no experience or educational prerequisites for the certifications.
The preparation approach will vary based on the candidate and there is no one, right, way to prepare. IAPP provides training programs that are online self-paced as well as offline or online instructor-led classes. They also provide textbooks (print or ebook form) and sample questions. A CIPP/E practice exam will be coming in 2021
In addition, IAPP encourages candidates to do some self-assessment. Look at the Body of Knowledge and ensure you’re comfortable with all the topics. Look at the exam blueprint. There are areas you might not need to focus a lot of study time on because there are 0-1 questions in that domain. It’s better to focus your studies on domains that will have more questions on them.
|***PSG note*** We have prepared a map of textbook chapters to body of knowledge domains for the CIPP/E and CIPT exams. These maps show you which parts of the textbooks most of the questions are coming from so you can study the chapters in order of importance. The CIPP/E map is available here and the CIPT map is here|
They also recommend that candidates should look at the free resources on the IAPP website (they can be sorted by topic)
Really, your preparations are based on your own study preferences and experience coming into the certification process but doing self-assessment is a critical component and can make a difference. Ultimately, it can take a lot of effort to prepare and the exams are rigorous. It’s not unusual for candidates to have to take an exam multiple times.
Post-Brexit, will the CIPP/E cover things like PECR and the UK DPA 2018?
They are following that closely. Right now, the CIPP/E is GDPR focused. They do cover some individual country derogations and are watching to see if they need to edit CIPP/E to include UK specific law or will they need to create some custom training and certification for the UK.
They are also monitoring other privacy developments across the globe eg, Brazil. IAPP are meeting regularly to see how they can serve that region. They are entertaining a few possibilities, for example, translation of exams or creating certifications for that region. These are ongoing discussions.
How does CIPT differ from CDPSE? Why go for one over the other?
New, revamped CIPT came out last spring. Technologists are becoming a bigger and bigger part of the privacy ecosystem. The CIPT is targeted to technical people (eg, Information security, Data and Infrastructure professionals) rather than privacy professionals. The exam may be particularly challenging for privacy pros.
CIPT training helps technical people identify risks and threats throughout data and software development lifecycles and provides strategies to mitigate against them. It is very practical, actionable training and candidates can bring the skills learned back to their day to day jobs. It talks about privacy by design – not what it is, but how to apply it and gives technologists strategies they can use to embed privacy in their systems and products throughout development lifecycles. CIPT teaches technologists how to use data ethically and addresses user experience as well as cutting edge areas of privacy like Internet of Things, AI, surveillance and how to manage those areas.
They have been following ISACAs venture into privacy. It appears from their body of knowledge that CDPSE is more focused on the security area of privacy whereas CIPT is focused on skills and strategies to use data safely. Right now, they can’t really compare the two as there is no training or exam available for CDPSE yet and the credential is not yet predicated on passing an exam.
Which of the CIPP curriculums are changing the fastest?
So far, it has been CIPP/US. A lot of state breach laws have been enacted in the last few years and the advent of CCPA, CPRA on the horizon and continual bills being proposed means there is even more potential for rapid change.
IAPP continually watches law and regulations and are prepared to respond whenever there are significant changes
How do I get my CIPP/A if I’m not in Asia?
The CIPP/A credential covers Hong Kong, Singapore and India and may be updated soon as India is on the brink of a data protection law. Currently training is provided by a local partner in Singapore. There are some resources available on the IAPP website and they are working with that local partner to see if there are opportunities for providing training across a broader geography. Hopeful of doing that soon and encourage interested candidates to check IAPP website regularly. There has been increased demand for this program over the past month or so.
Best advice or study materials for CIPM?
CIPM was updated on September 1st, 2020 with a reorganised body of knowledge. Formerly a 2 domain exam it is now 5 or 6. Also made an effort to decrease the reading burden by lowering the number of scenarios in the exam.
Training, textbooks and sample questions are available for the CIPM on the website. CIPM Practice tests will be a really valuable tool but in the meantime, sample questions will support your studies.
The action of going through study materials and creating flashcards helps with retention of information. The CIPM book was just updated this year and books are typically on just over a 2 year life cycle. We can expect a new CIPM book in just over a year.
They encourage people to form or join study groups. It’s a great way to prepare.
|***PSG note*** We operate four study group communities on Facebook. These are supportive and welcoming spaces for people to share their study and preparation tips as well as their exam experiences and resources used. Join them here:|
CIPP/E study group on Facebook
CIPT study group on Facebook
CIPP/US study group on Facebook
CIPM study group on Facebook
Are updates coming for the CIPP/C CIPP/E and CIPP/US textbooks?
The CIPP/C and CIPT (An Introduction to privacy for technology professionals) textbooks were updated this year. US private sector privacy book came out in July 2020 and the CIPP/E book was released November 2019. That book will be starting a revision soon and it takes about 12-13 months. The exam textbook updates are on roughly a 2 year cycle. Training courses are updated twice a year.
Annual exam updates are usually done to introduce a little bit of new content but mainly just to improve quality. There might be a 10% change in an exam (approx 8 or 9 qs different) so they want to reassure people that even if a textbook hasn’t been updated before an exam update comes out, textbooks are still relevant and people shouldn’t be concerned that the books will be obsolete.
We really enjoyed this interesting and informative session from the IAPP. It’s exciting news about the upcoming CIPP/E practice exam and very useful to understand the textbook update cycle, in particular. Hope you found this summary useful. We covered just some of the highlights from the video but there were a few other short questions discussed too. If you want to watch the video in-full (it’s 1 hour long) you can find it here on LinkedIn.
Want to know more about how the IAPP creates their certification exams? Check out our summary of IAPP video “Writing for IAPP Certification Exams“. You can even volunteer to become an exam question writer!
You can also read our Ultimate CIPP/E Study Guide which is compiled from advice from certified professionals, detailed research and experiences of our community members. This guide will outline the necessary steps you need to take in order to ensure CIPP/E exam success. Best of luck with your CIPP/E studies!