Certified Information Privacy Professional / Europe (CIPP/E)
Module 1: Data Protection Laws
Introduces key European data protection laws and regulatory bodies, describing the evolution toward a harmonised legislative framework.
Module 2: Personal Data
Defines and differentiates between types of data as defined by the GDPR, including personal, anonymous, pseudonymous and special categories.
Module 3: Controllers and Processors
Describes the roles and relationships of controllers and processors as defined by the GDPR.
Module 4: Processing Personal Data
Defines data processing and GDPR processing principles, explains the application of the GDPR and outlines the legal grounds for processing personal data.
Module 5: Data Subject Rights
Describes data subject rights, applications of rights, and controller and processor obligations as set out in the GDPR.
Module 6: Information Provision Obligations
Explains controller obligations for providing information about data processing activities to data subjects and supervisory authorities as set out in the GDPR.
Module 7: International Data Transfers
Outlines options and obligations under the GDPR for transferring data outside the European Economic Area, including adequacy decisions and appropriate safeguards and derogations.
Module 8: Compliance Considerations
Discusses the applications of European data protection law, legal bases and compliance requirements for processing personal data in practice, including employers processing employee data, surveillance, direct marketing, and internet technology and communications.
Module 9: Security of Processing
Discusses considerations and duties of controllers and processors for ensuring security of personal data and GDPR specifications for providing notification of data breaches.
Module 10: Accountability
Investigates accountability requirements, including data protection management systems, data protection impact assessments, data protection policies and the role of the data protection officer.
Module 11: Supervision and Enforcement
Describes the role, powers and procedures of supervisory authorities; the composition and tasks of the European Data Protection Board; the role of the European Data Protection Supervisor; and remedies, liabilities and penalties for non-compliance as set out in the
GDPR.
Certified Information Privacy Technologist (CIPT)
Module 1: Foundational principles of privacy in technology
Summarizes the foundational elements for embedding privacyin technology through privacy by design and value-sensitive design; reviews the data life cycle and common privacy risk models and frameworks
Module 2: The role of the technology professional in privacy
Reviews the fundamentals of privacy as they relate to the privacy technologist; describes the privacy technologist’s role in ensuring compliance with privacy requirements and meeting stakeholder privacy expectations; explores the relationship between privacy and security
Module 3: Privacy threats and violations
Identifies inherent risks throughout the stages of the data life cycle and explores how software security helps mitigate privacy threats; examines the impacts that behavioral advertising, cyberbullying and social engineering have on privacy within the technological environment
Module 4: Technical measures and privacy-enhancing technologies
Outlines the strategies and techniques for enhancing privacy throughout the data life cycle, including: identity and access management; authentication, encryption, and aggregation; collection and use of personal information
Module 5: Privacy engineering
Explores the role of privacy engineering within an organization, including the objectives of privacy engineering, privacy design patterns, and software privacy risks
Module 6: Privacy-by-design methodology
Illustrates the process and methodology of the privacy-by-design model; explores practices to ensure ongoing vigilance when implementing privacy by design
Module 7: Technology challenges for privacy
Examines the unique challenges that come from online privacy issues, including automated decision making, tracking and surveillance technologies, anthropomorphism, ubiquitous computing and mobile social computing.
Artificial Intelligence Governance Professional (AIGP)
Domain 1: ″Understanding the Foundations of Artificial Intelligence,″ defines AI and machine learning, provides an overview of the different types of AI systems and their use cases, and positions AI models in the broader socio-cultural context.
Domain 2: ″Understanding AI Impacts and Responsible AI Principles,″ identifies the risks that ungoverned AI systems can have on humans and society and describes the characteristics and principles that are essential to trustworthy and ethical
AI.
Domain 3: ″Understanding How Current Laws Apply to AI Systems,″ surveys the current laws that govern the use of artificial intelligence.
Domain 4: ″Understanding the Existing and Emerging AI Laws and Standards,″ outlines the global AI-specific laws (like the EU AI Act and Canada’s Bill C-27) and the major frameworks that show how AI systems can be responsibly governed.
Domain 5: ″Understanding the AI Development Life Cycle,″ broadly outlines the context in which AI risks are managed.
Domain 6: ″Implementing Responsible AI Governance and Risk Management,″ explains how the major AI stakeholders collaborate in a layered approach, to manage AI risks while fulfilling the potential benefits AI systems have for society.
Domain 7: ″Contemplating Ongoing Issues and Concerns,″ presents some of the debated issues around AI governance.
| Certified Information Privacy Manager (CIPM)
Module 1: Introduction to privacy program management
Identifies privacy program management responsibilities, and describes the role of accountability in privacy program management.
Module 2: Privacy governance
Examines considerations for developing and implementing a privacy program, including the position of the privacy function within the organization, role of the DPO, program scope and charter, privacy strategy, support and ongoing involvement of key functions and privacy frameworks.
Module 3: Applicable laws and regulations
Discusses the regulatory environment, common elements across jurisdictions and strategies for aligning compliance with organizational strategy.
Module 4: Data assessments
Relates practical processes for creating and using data inventories/maps, gap analysis, privacy assessments, privacy impact assessments/data protection impact assessments and vendor assessments.
Module 5: Policies
Describes common types of privacy-related policies, outlines components and offers strategies for implementation.
Module 6: Data subject rights
Discusses operational considerations for communicating and ensuring data subject rights, including privacy notice, choice and consent, access and rectification, data portability, and erasure.
Module 7: Training and awareness
Outlines strategies for developing and implementing privacy training and awareness programs.
Module 8: Protecting personal information
Examines a holistic approach to protecting personal information through privacy by design.
Module 9: Data breach incident plans
Provides guidance on planning for and responding to a data security incident or breach.
Module 10: Monitoring and auditing program performance
Relates common practices for monitoring, measuring, analyzing and auditing privacy program performance.
Certified Information Privacy Professional/U.S. (CIPP/US)
Module 1: Introduction to privacy
Discusses the modern history of privacy, an introduction to personal information, an overview of data protection roles, and a summary of modern privacy frameworks
Module 2: Structure of U.S. law
Reviews the structure and sources of U.S. law and relevant terms and introduces governmental bodies that have privacy and information security authority
Module 3: General Data Protection Regulation overview (GDPR)
Presents a high-level overview of the GDPR, discusses the significance of the GDPR to U.S. organizations, and summarizes the roles and responsibilities outlined in the law
Module 4: California Consumer Privacy Act of 2018 (CCPA)
Presents a high-level overview of the newly passed California Consumer Privacy Act of 2018, including scope, consumer rights, business obligations and enforcement
Module 5: Enforcement of U.S. privacy and security laws
Distinguishes between criminal and civil liability, compares federal and state authority, presents theories of legal liability, and describes the enforcement powers and responsibilities of government bodies, such as the FTC and state attorneys general
Module 6: Information management from a U.S. perspective
Explores the development of a privacy program, reviews the role of privacy professionals and accountability, discusses employee training, user preferences, vendor management, and examines data classification
Module 7: Healthcare
Describes privacy laws in healthcare, including the major components of HIPAA and the development of HITECH, and outlines privacy protections mandated by other significant healthcare laws
Module 8: Financial privacy
Outlines the goals of financial privacy laws, highlights key concepts of FCRA, FACTA and GLBA, and discusses the Red Flags Rule, Dodd-Frank and consumer protection laws
Module 9: Education
Outlines the privacy rights and protections under FERPA, as well as recent amendments provided by PPRA and NCLBA
Module 10: Telecommunications and marketing
Explores rules and regulations of telecommunications entities, reviews laws that govern marketing and briefly discusses how privacy is addressed in the digital advertising realm
Module 11: Law enforcement, civil litigation and privacy
Relates the Fourth Amendment with expectations of privacy; outlines laws that ensure rights to financial privacy; describes laws around accessing and intercepting communication,
including how the telecommunications industry must cooperate with law
enforcement; and discusses privacy issues related to litigation, including
electronic discovery, redaction and protective orders
Module 12: National security and privacy
Further explores rules and regulations on intercepting communication, including how the laws have evolved and how government agencies and private companies work collaboratively to improve cybersecurity
Module 13: Workplace privacy
Describes federal and state laws that regulate and protect employee privacy, as well as federal laws that prohibit discrimination; examines the lifecycle of employee privacy, including background screening, employee monitoring, investigating misconduct and
termination
Module 14: State data security and breach notification laws
Identifies state laws that impact data security, reviews Social Security number use regulation, and discusses laws governing data destruction; summarizes the scope of state data breach notification law, highlights the nine elements of state data breach notification laws and notes major differences in state laws
|