With data breaches a common topic of headlines and the number of cyberattacks on the rise, data privacy and protection has been on the minds of many organizations.
- Cybersecurity company Gemalto’s Breach Level Index shows that every hour, 252,539 records are lost or stolen — that’s 70 every second!
- The number of small and medium businesses who said they experienced a cyberattack in the last 12 months grew in 2018 to 67 percent. This is up from 61 percent in 2017 and from 54 percent in 2016, according to 2018 and 2017 studies by Keeper Security, conducted by Ponemon Institute.
- In 2018, the Identity Theft Resource Center saw a 126 percent increase in the number of exposed records containing sensitive information
While the risk of sensitive data exposure is growing, at the same time regulations like European Union’s GDPR are tightening up requirements for safeguarding consumers’ data. As organizations look to build up their data-privacy infrastructure and implement stronger data protection, they need qualified information security (IS) professionals who have expertise and skills in this area. Certified Information Privacy Technologist (CIPT) is a credential that can help IT and IS practitioners to demonstrate their qualifications and advance in their field.
What Is CIPT Certification?
The International Association of Privacy Professionals (IAPP) has been offering the CIPT certification since 2014. Founded in 2000, the nonprofit organization has the mission to “define, support and improve the privacy profession globally.” To that end, it offers various professional development programs, including three certification programs. According to the IAPP, CIPT is the first and only certification of its kind.
The credential covers a broad range of data-protection knowledge, from privacy laws like GDPR to techniques that help mitigate security threats. Here’s a general outline of the knowledge you’ll need for the CIPT certification exam:
- Understanding the need for privacy in the IT environment (IT risks and evolving data-protection regulation compliance)
- Privacy concepts (e.g., privacy policies, data inventory, incident response, information life cycle, common privacy principles)
- Privacy considerations in the information life cycle (e.g., disclosure and data collection, use, retention and destruction)
- Privacy in systems and applications (e.g., identity and access management, data encryption, remote access, customer-facing apps)
- Privacy techniques (authentication, identifiability, protection by design)
- Online privacy issues (e.g., e-commerce personalization, online threats, social media, browser privacy and security)
- Technologies with privacy considerations (cloud computing, smart tech, biometrics and more)
Who Benefits from CIPT Certification?
In today’s data-driven business world, privacy issues have implications for just about every aspect of the private sector, regardless of what products or services an organization provides. Privacy best practices apply to a broad spectrum of IT roles, not just security — especially in those industries that have to follow a range of laws and regulations.
The CIPT certification program can benefit those working in engineering, software development, IT audit and risk management areas, among others. If you’re looking to advance in your career or want a higher earning potential, a widely-recognized industry credential can set you apart from your peers and demonstrate your commitment to your profession.
The CIPT cert can also benefit employers who understand how critical data privacy is to their organization. Having a certified pro on board means your organization has a knowledgeable expert who understands the current best practices and keeps up with the latest security threats and privacy laws.
There are no specific experience requirements or other prerequisites for taking the CIPT certification exam. However, the IAPP does say that its exams have a reputation for being rigorous and it’s not unusual for candidates to have to retake an exam even if they have other certs.
As with other certification exams, at least some experience in the field is helpful — or, in the absence of that, advanced knowledge of the topic. The IAPP recommends that you train or study for any of its certifications for at least 30 hours.
You’ll have two and a half hours to answer a total of 90 questions. The computer-based examinations take place year-round through PearsonVUE, which has test centers at 6,000 locations around the world.
CIPT vs. Other Privacy Certifications
Just as with any IT certifications, you have several options for data privacy. IAPP has two other credentials for privacy professionals: Certified Information Privacy Professional (CIPP) and Certified Information Privacy Manager (CIPM). Here’s a comparison:
- CIPT: Best for practitioners who implement the technical controls and practices related to privacy. Of the three IAPP certs, CIPT is considered the most entry-level
- CIPP: Designed for those who are responsible for data privacy and protection, as well as legal issues, compliance, governance and information management. The cert has “regional” versions, and the CIPP/E (Europe) has the most focus specific to GDRP compliance
In its 2018 annual salary survey, Certification Magazine ranked CIPP as No. 7 on its list of 75 top IT certs based on average salary of the U.S. holders of those certs in 2017, as well as the number of holders for each cert. The average salary for CIPP was $139,380.
- CIPM: This certification is geared to those who manage information privacy programs. In addition to covering privacy law and regulations, it focuses on how to turn that knowledge into practice through policies and procedures
Besides the three IAPP credentials, some of the other options include:
- HCISPP (HealthCare Information Security and Privacy Practitioner) from (ISC)2 (for healthcare field)
- CHC (Certified in Healthcare Compliance), CHPC (Certified in Healthcare Privacy Compliance) and CHRC (Certified in Healthcare Research Compliance) from the Compliance Certification Board (also for healthcare field)
- CCEP (Certified Compliance & Ethics Professional (CCEP) and CCEP-I (Certified Compliance & Ethics Professional-International), also from CCB
- GDPR Data Protection Officer certification from the EU GDPR Institute (specifically for GDPR compliance)
Preparing for the CIPT
As mentioned above, IAPP recommends at least 30 hours of training or studying for any of its exams. To prepare for the CIPT exam, you should take advantage of study materials such as a study guide, online training as well as free resources like IPAA’s authoritative resource list. (Recommended resources include authoritative texts like “Introduction to IT Privacy: A Handbook for Technologists” by Travis Breaux and “Privacy in Technology: Standards and Practices for Engineers and Security and IT Professionals” by J.C. Cannon.) You can also purchase sample questions to give you an idea of what to expect.
Once you obtain your credential, you’ll have to maintain it through a continuing privacy education (CPE) program. IAPP requires at least 20 CPE hours every two years, which you can meet through variety of activities that include attending conferences, teaching and reading from the approved authoritative resources list. The CPE program is an excellent way to stay abreast of the newest privacy issues, which will continue to evolve as technology and regulations change.
- Breach Level Index, Gemalto
- 2018 State of Cybersecurity in Small & Medium Size Businesses, Keeper Security/Ponemon Institute
- 2017 State of Cybersecurity in Small & Medium Size Businesses, Keeper Security/Ponemon Institute
- 2018 End-of-Year Data Breach Report, Identity Theft Resource Center
- IT Privacy Certification, Outline of Body of Knowledge for CIPT, IAPP
- IAPP Privacy Certification Candidate Handbook, IAPP
- Salary Survey 2018, Certification Magazine
- How to Prepare for Certification, IAPP