Test Preparation Course for Certified Information Privacy Professional exam

What is the CIPP exam?

The CIPP exam is the exam for a certification i.e. Certified Information Privacy Professional offered by the International Association of Privacy Professionals (IAPP).

The International Association of Privacy Professionals (IAPP) is a not-for-profit organization and is the largest and most comprehensive global information privacy community.

The IAPP offers four concentrations for this certification, based on different regions:

CIPP/A - covering Asia
CIPP/E - covering Europe
CIPP/US - covering the United States, and
CIPP/C - covering Canada

All four certifications have different exams of their own, different syllabus and different study resources.

Who is eligible to appear for it? Who should appear for it?

The CIPP is a certification. It is not a degree. There is therefore no eligibility criteria for attempting the exam, except that you need to purchase the exam from the website of the IAPP and you need to sign a candidate application statement.

You can find the statement in the last two pages of the handbook here.

Ideally, the following people should appear for this certification exam:

Lawyers and legal and compliance professionals working in companies that have to deal with big data i.e. Healthcare, BFSI, Education, Social Media, E-Commerce etc.
Lawyers looking to move into the field of data protection and privacy laws as a practice area;
Chartered Accountants and Company Secretaries working in or serving clients in data-intensive industries
Young lawyers looking to work in the domain of information technology and data governance and in the data protection departments of companies.

What are the career benefits of cracking the exam? What kind of opportunities can you secure?

The CIPP certification is one of the most recognized certifications by the industry for hiring privacy professionals. Its popularity can be witnessed in the growth of the certifications and membership numbers of the IAPP.

The IAPP hit the numbers of 25000 certifications and 50000 members, both in 2019. While they took 12 years to hit their first 10000 certifications, they increased by 15000 in the next seven years.

While the current numbers are unknown, it is very likely that they will hit their next landmark much faster.

This is not surprising, considering the salary levels of professionals who hold the Certified Information Privacy Professional (CIPP) certification. When the demand for some skills is higher than the supply, this is what happens.

screenshot

The variety of positions that you can secure includes privacy managers, compliance managers, privacy counsel, privacy analyst, data privacy consultant, privacy specialist, data privacy advisor, etc.

Multinational companies and tech startups that are expanding out of the country are highly interested in hiring lawyers who can understand the federal and state data privacy laws and the CIPP certification can go a long way in convincing them that you have knowledge in this area.

The IAPP itself has many jobs listed on its portal in the Career Central area.

Who can be your employers / clients?

Large multinationals which have a privacy and data protection department, looking to hire employees who have a greater understanding of multi-jurisdictional data protection laws;
Startup entities looking to expand to multiple countries which become subject to global data protection regulations but cannot afford to hire large teams to ensure compliance;
Tech law firms around the world which are small or medium-sized, looking to build their capacity at lower cost by outsourcing paralegal work remotely
Small businesses around the world, looking for guidance on compliance with data protection laws for their websites and agreements;

What are the challenges faced by candidates attempting the exam?

Here are some of the issues that the candidates face while attempting this exam:

The first issue that candidates face is that the syllabus isn’t fixed. The body of knowledge available on the IAPP website is basically an outline. It doesn’t mean that those are the only things that will be asked. It is essential for students to buy the textbook which costs USD75 and the textbooks are often not updated to the latest year.
The questions asked are situational. The available resources train people on law, but there’s no guidance on how to apply it to specific situations.
There are not many live classes and sessions available and where they are available, they are concentrated within 2-4 days and are prohibitively expensive.
One of the biggest challenges that candidates face is the unavailability of mentoring and handholding sessions for any doubts that they may have or any gaps that they face in understanding the legal concepts. They do not know whom to reach out to, to get the gaps sorted or doubts cleared. If they do find someone, they aren’t sure the person will guide them correctly.
The laws in this domain are updated fairly frequently. It is very difficult to keep track of the changes in developments and often textbooks do not take care of the changes. There is also a lack of clarity on what can be the correct resources to use, to keep a tab of the changes and a complete lack of a system on how to do this.

How much does CIPP training cost from different providers?

The IAPP itself has partnered with Pearson Vue for offering live online training (see here). However, this training is not spaced out and is concentrated over 4 days (14 hours in total) and costs USD1495 (approximately INR 1,08,500) for non-members of IAPP. It includes the textbook and session notes (but no other reading material) and some sample questions.
Learning tree International provides live, online training for CIPP/US (see here). The training includes a 2-day instructor led training course, exam practice questions, 1 year IAPP membership and also one-on-one after course instructor coaching, but it’s priced at USD3,495 (approximately INR 2,53,850).
Infosec Institute offers a 2 day CIPP/US bootcamp with exam voucher and CIPP membership for USD 3590.

How much preparation does the certification require?

Although IAPP states that the required preparation hours are 30, most candidates find it difficult to grasp the entire syllabus in that much time. If you are totally new to this area, the required time can be almost double for you.

If you space out your learning over 2 months and put in 8 hours in a week (1.5 hours per day for 5 days + time for mock tests), this will add up to 64 hours, which can be sufficient. This is what we will be doing in this test prep course.

How can LawSikho help?

LawSikho enables you to choose training for any one of the four concentrations - CIPP/E, CIPP/US, CIPP/C or CIPP/A at only INR20,000.

LawSikho is the only organisation providing live online training for all four certifications. We are also the only organisation providing 20 mock tests. Further, we will provide you with the material in hard copy - all other providers will provide you with only a digital textbook and notes.

The live sessions will explain the concepts in a very simplified manner and clear any gaps in understanding that you have.

On top of it, there is constant mentoring and doubt clearing available as required.

Most course providers are charging over INR 1 lakh for one certification, while with LawSikho, the training for one certification can be completed at INR 20,000.

You will have access to the class recordings and the material up to the point when you clear the exams and not just up to the first attempt.

We also provide placement support for people who have cleared the exams, which no other provider does.

No other training provider provides handholding to the extent LawSikho does. At LawSikho, we have your back.

Training Methodology

Online 24/7 access

Access to basic study material through an online learning management system, Android and iOS app. Recordings of all classroom sessions will be available.

Hard Copy Study Material

Hard copy study material modules to be couriered to your address in India.

Mock tests and Practice MCQs

You will be provided 20 mock tests of 25 questions each, for each certification. In total, you will attempt about 500 questions easily before you attempt the exam for each certification

Live Online Classes

There will be a live video-based online class to teach you specific contract negotiation, drafting and enforcement work performed by lawyers. You can ask questions, share your screen, get personal feedback in this class. Every week there will be approx. 1-1.5 hours of class to teach you the work and give you feedback. There will be recordings available in case you miss a class.

Convenient Class timings

Classes are held after regular work hours. Typically classes are kept on Sunday or 8-9 pm on other days.

Live Doubt Clearing

You can ask questions in class, or on the learning management system when you read a chapter. You can also schedule a one-on-one session with evaluators to perform exercises or write articles.

Certification

This course is recognized by the National Skill Development Corporation, a PPP under the Ministry of Skill Development and Entrepreneurship of the Government of India. You will receive a certificate cobranded by NSDC and Skill India on successful completion.

This is how the certificate from NSDC and Skill India will look as per the current applicable format (may change as per the approval authorities):

screenshot

Money back guarantee

If you take this course, follow it diligently for a month, attend all classes and do all the exercises but still do not find value in it, or are not able to understand or follow it or not find it good for any reason, we will refund the entire course fee to you. It is a 100% money-back guarantee with only one condition, you must pursue it properly for a month. If you don’t find it valuable after that, get your entire money back.

View Refund Policy

Client Opportunities & Recruitment Support where required

Many employers, law firms and companies are happy to recruit our high performing students. If you do well in your exercises and classes, we can help you to get jobs, internships and assessment internships in good law firms, with renowned lawyers as well as in various companies.

Our team helps our students in building their profile on LinkedIn and freelancing platforms to increase their reach to potential recruiters or clients.

Our experts guide the students on how to crack any interview.

On-demand, we provide mock interviews for our students looking for jobs.

We share multiple internship/recruitment opportunities every week on our Whatsapp group.

We help our students to get internships not only at law firms and chambers but also with rising startups in diverse sectors.

Our mentorship helps students to avoid running in the rat race behind the regular job openings; rather we help them design their own path based on their personal interests.

We share multiple and diverse client opportunities with our pool of practising advocates on a daily basis. Our references have helped several advocates really scale up their practice. The opportunities range from contract drafting to complex international taxation matters.

Syllabus

USA (CIPP/US) (September - October 2021)

Introduction to the U.S. Privacy Environment

Structure of U.S. Law

- Branches of government
- Sources of law
i. Constitution
ii. Legislation
iii. Regulations and rules
iv. Case law
v. Common law
vi. Contract law

- Legal definitions
i. Jurisdiction
ii. Person
iii. Preemption
iv. Private right of action

- Regulatory authorities
i. Federal Trade Commission (FTC)
ii. Federal Communications Commission (FCC)
iii. Department of Commerce (DoC)
iv. Department of Health and Human Services (HHS)
v. Banking regulators
1. Federal Reserve Board
2. Comptroller of the Currency
vi. State attorneys general
vii. Self-regulatory programs and trust marks

- Understanding laws
i. Scope and application
ii. Analyzing a law
iii. Determining jurisdiction
iv. Preemption

Enforcement of U.S. Privacy and Security Laws
- Criminal versus civil liability
- General theories of legal liability
i. Contract
ii. Tort
iii. Civil enforcement

- Negligence
- Unfair and deceptive trade practices (UDTP)
- Federal enforcement actions
- State enforcement (Attorneys General (AGs), etc.)
- Cross-border enforcement issues (Global Privacy Enforcement Network (GPEN)) - Self-regulatory enforcement (PCI, Trust Marks)

Information Management from a U.S. Perspective

- Data sharing and transfers
i. Data inventory
ii. Data classification
iii. Data flow mapping

- Privacy program development
- Managing User Preferences
- Incident response programs
i. Cyber threats (e.g., ransomware)

- Workforce Training
- Accountability
- Data retention and disposal (FACTA)
- Online Privacy
- Privacy notices
- Vendor management
i. Vendor incidents
ii. Cloud issues

- International data transfers
i. U.S. Safe Harbor and Privacy Shield
ii. Binding Corporate Rules (BCRs)
iii. Standard Contractual Clauses
iv. Other approved transfer mechanisms

- Other key considerations for U.S.-based global multinational companies
i. GDPR requirements
ii. APEC privacy framework

- Resolving multinational compliance conflicts
i. EU data protection versus e-discovery

Limits on Private-sector Collection and Use of Data

Cross-sector FTC Privacy Protection
- The Federal Trade Commission Act
- FTC Privacy Enforcement Actions
- FTC Security Enforcement Actions
- The Children’s Online Privacy Protection Act of 1998 (COPPA)
- Future of federal enforcement (Data brokers, Big Data, IoT, AI, unregulated data)

Medical
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
i. HIPAA privacy rule
ii. HIPAA security rule

- Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009
- The 21st Century Cures Act of 2016
- Confidentiality of Substance Use Disorder Patient Records Rule
i. 42 CFR Part 2

Financial
- The Fair Credit Reporting Act of 1970 (FCRA)
- The Fair and Accurate Credit Transactions Act of 2003 (FACTA)
- The Financial Services Modernization Act of 1999 (“Gramm-Leach-Bliley” or GLBA)
i. GLBA privacy rule
ii. GLBA safeguards rule

- Red Flags Rule
- Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010
- Consumer Financial Protection Bureau
- Online Banking

Education
- Family Educational Rights and Privacy Act of 1974 (FERPA)
- Education technology

Telecommunications and Marketing
- Telemarketing sales rule (TSR) and the Telephone Consumer Protection Act of 1991 (TCPA) i. The Do-Not-Call registry (DNC)
- Combating the Assault of Non-solicited Pornography and Marketing Act of 2003 (CAN-SPAM)
- The Junk Fax Prevention Act of 2005 (JFPA)
- The Wireless Domain Registry
- Telecommunications Act of 1996 and Customer Proprietary Network Information
- Cable Communications Privacy Act of 1984
- Video Privacy Protection Act of 1988 (VPPA)
i. Video Privacy Protection Act Amendments Act of 2012 (H.R. 6671)

- Digital advertising

Government and Court Access to Private-sector Information

Law Enforcement and Privacy
- Access to financial data
i. Right to Financial Privacy Act of 1978
ii. Bank Secrecy Act of 1970 (BSA)

- Access to communications
i. Wiretaps
ii. Electronic Communications Privacy Act (ECPA)
1. E-mails
2. Stored records
3. Pen registers

- The Communications Assistance to Law Enforcement Act (CALEA)

National Security and Privacy
- Foreign Intelligence Surveillance Act of 1978 (FISA)
i. Wiretaps
ii. E-mails and stored records
iii. National security letters

- Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA-Patriot Act)
- The USA Freedom Act of 2015
- The Cybersecurity Information Sharing Act of 2015 (CISA)

Civil Litigation and Privacy
- Compelled disclosure of media information
i. Privacy Protection Act of 1980

- Electronic discovery

Workplace Privacy

Introduction to Workplace Privacy
- Workplace privacy concepts
i. Human resources management

- U.S. agencies regulating workplace privacy issues
i. Federal Trade Commission (FTC)
ii. Department of Labor
iii. Equal Employment Opportunity Commission (EEOC)
iv. National Labor Relations Board (NLRB)
v. Occupational Safety and Health Act (OSHA)
vi. Securities and Exchange Commission (SEC)

U.S. Anti-discrimination laws
i. Civil Rights Act of 1964
ii. Americans with Disabilities Act (ADA)
iii. Genetic Information Nondiscrimination Act (GINA)

Privacy before, during and after employment
- Employee background screening
i. Requirements under FCRA
ii. Methods
1. Personality and psychological evaluations
2. Polygraph testing
3. Drug and alcohol testing
4. Social media

- Employee monitoring
i. Technologies
1. Computer usage (including social media)
2. Biometrics
3. Location-based services (LBS)
4. Wellness Programs
5. Mobile computing
6. E-mail and postal mail
7. Photography
8. Telephony
9. Video

ii. Requirements under the Electronic Communications Privacy Act of 1986 (ECPA)

iii. Unionized worker issues concerning monitoring in the U.S. workplace

- Investigation of employee misconduct
i. Data handling in misconduct investigations
ii. Use of third parties in investigations
iii. Documenting performance problems
iv. Balancing rights of multiple individuals in a single situation

- Termination of the employment relationship
i. Transition management
ii. Records retention
iii. References

State Privacy Laws

Federal vs. state authority

Marketing laws

Financial Data
- Credit history
- California SB-1

Data Security Laws
- SSN
- Data destruction
- Security procedures
- Recent developments
i. California Electronic Communications Privacy Act (2015)
ii. Delaware Online Privacy and Protection Act (2016)
iii. Nevada SB 538 (2017)
iv. Illinois Right to Know Act (2017)
v. New Jersey Personal Information and Privacy Protection Act (2017)
vi. Washington Biometric Privacy Law (H.B. 1493) (2017)
vii. NYDFS Cybersecurity Regulation (2017)
viii. California Consumer Privacy Act (CCPA) (2018)
ix. Other significant state acts and laws

Data Breach Notification Laws
- Elements of state data breach notification laws
i. Definitions of relevant terms (personal information, security breach)
ii. Conditions for notification (who, when, how)
iii. Subject rights (credit monitoring, private right of action)

- Key differences among states today
- Recent developments
i. Tennessee SB 2005
ii. Illinois HB 1260
iii. California AB 2828
iv. New Mexico HB 15
v. Massachusetts HB 4806
vi. Other significant state amendments