One of the most pressing issues in the Internet age is data protection. The data of individuals and businesses must be protected from malicious entities, many of whom see clear profit in accessing the many databases that contain a plethora of sensitive information. The safety of all this information is entrusted to the information systems security environment created by each company through technical tools and designated specific IT teams, each having a responsibility to protect the security of business or client info by making the most of loss prevention technologies and safeguarding company assets from attack.
In fact, great importance is placed on the skills and behaviors of the staff that manage the sensitive data daily, as they are the first line of defense against cyberattack. For that reason, many businesses are investing more and more in security awareness programs and education for all staff, so that they are conscious of how data security risks affect their organization and of what they can do to help.
A strong push to was given to data protection in May 2018 by the implementation of the EU’s General Data Protection Regulation (GDPR), which has completely changed how personal information is to be collected, processed, and transferred. The GDPR requires data protection safeguards be implemented and imposes a number of obligations, including the obligation to conduct an assessment to determine any risks and privacy impacts related to the collecting and processing the personal data of data subjects. Under certain circumstances, this requires the organization to address potential security risks in order to ensure a level of data control that is compliant with GDPR. The regulation is designed to keep personally-identifiable information (PII) safe.
Consequently, this means companies may need to appoint somebody who can guide the privacy efforts of a company and who is knowledgeable about privacy issues. Particular skills or qualifications are needed for the new job role. To find such professionals, many companies rely on certifications which can prove the IT practitioner has expertise in the field, up-to-date knowledge and overall proficiency in the vast privacy realm.
Certified Information Privacy Technologist (CIPT) professionals, in this case, can assume the role of protectors of data against loss or theft. They are able to detect illicit activity that reacts by issuing a security alert, which could prevent data breaches.
Launched in 2014, the CIPT credential is offered by the International Association of Privacy Professionals (IAPP), a not-for-profit organization founded in 2000 with the mission to define, support and improve the privacy profession globally. According to IAPP, through the CIPT path, professionals can acquire knowledge in:
- Critical privacy concepts and practices that impact IT
- Consumer privacy expectations and responsibility
- How to integrate privacy into early stages of IT products and services for cost control, accuracy and speed-to-market
- How to establish privacy practices for data collection and transfer
- How to preempt privacy issues in the Internet of Things (IoT)
- How to factor privacy into data classification and emerging tech such as cloud computing, facial recognition and surveillance
- How to communicate privacy issues with partners such as management, development, marketing and legal
This is a wide range of topics that goes from technical know-how to communication skills and legislative awareness.
Why IAPP’s Certifications in Privacy and Who Should Earn the CIPT?
Today, “the job market for privacy-trained IT pros has never been stronger,” says IAPP. The organization serves as a resource for professionals who want to develop and advance their careers by helping their organizations successfully manage these risks and protect their data; to this end, it developed and launched three globally-recognized credentialing programs in information privacy. These are the Certified Information Privacy Professional (CIPP), the Certified Information Privacy Manager (CIPM) and the Certified Information Privacy Technologist (CIPT). All of these are accredited by the American National Standards Institute (ANSI) under the International Organization for Standardization (ISO) standard 17024: 2012. The IAPP maintains a common body of knowledge (CBK) for each certification.
Anyone who needs to understand the importance of developing and managing IT activity to meet changing privacy requirements would make a suitable CIPT, including those who need understanding of data protection and security practices in the context of the design and implementation of information and communication technologies. IAPP’s training for CIPT is a fit for any IT professional responsible for technology, security, software engineering or privacy by design. The CIPT certification also includes a course on privacy and data protection which relates to using personal information on Internet-related technologies.
There are many career paths available to those with the CIPT credential. This certification is a good choice for:
- Data Protection Professionals
- Privacy Officers/Specialists
- InfoSec Managers/Administrators
- Security Consultants
- Others: In essence, anybody assigned in roles or positions that will incorporate technology with privacy considerations
About the CIPT Exam
As the privacy realm with its laws, regulations and issues changes continuously, IAPP updates the content of the CIPT certification annually. The latest update was implemented on August 1st, 2018, when the new CIPT Body of Knowledge (BoK) was implemented for all testers.
What’s New: CIPT Updates Effective August 1, 2018
- Increase in number of questions from 85 to 90 (no change to time limit)
- IT risks and risk analysis topics
- Foundational elements (e.g., data protection by design/default)
Ready to get certified? Beginning August 1, 2018, a potential CIPT certificant must take an exam that consists of 90 questions, to be completed within 2.5 hours. Questions are multiple-choice items with one correct answer and “three incorrect responses (distractors) that will be plausible to not-minimally qualified candidates.” This system is specifically set up to separate out the candidates with solid knowledge. (In fact, IAPP strongly recommends careful preparation, even for degreed professionals who have passed other certification tests.) The passing score is 300 out of 500 possible points.
Most of the questions come from the major areas of the Body of Knowledge (BoK) as follows:
- Understanding the need for privacy in the IT environment – 10 to 12 questions
- Core Privacy Concepts – 12 to 14 questions
- Privacy Considerations in the Information Life Cycle – 16 to 20 questions
- Privacy in Systems and Applications – 9 to 11 questions
- Privacy Techniques – 6 to 8 questions
- Online Privacy Issues – 9 to 11 questions
- Technologies with Privacy Considerations – 10 to 12 questions
When ready to register to take the CIPT examination, candidates can go to the IAPP website.
With computer-based testing, candidates are given their results immediately after completing the exam. They will also be sent an email with their score. For paper and pencil exams, results can take up to 6 weeks to process.
CIPT computer-based exams are administered through Kryterion testing centers at locations throughout the world. You can simply log into the IAPP website and purchase your exam. You will need to schedule it at a test center, but there are centers throughout the U.S. and maps to nearby centers available. After scheduling, you’ll get an email with step-by-step instructions on how to proceed.
So are you on the verge of joining the globally recognized community of IAPP-certified professionals?
How Can I Maintain My CIPT Certification?
In order to maintain the CIPT certification, the credential holder must meet the minimum CPE requirements and pay an annual maintenance fee or membership dues. Please note that the IAPP requires 10 hours of continuing privacy education (CPE) per year for certified professionals (current CIPT credential holders). CPE credits can be earned by participating in IAPP conferences, including IAPP web conferences.
Ethical Hacking Training – Resources (InfoSec)
Note: CPE credits for IAPP Events and Webinars will be automatically added to the certificant’s account. For all other activities, certificants are required to self-report using the CPE Submission Form, accessible through your IAPP account.
The Best Way to Train for the CIPT Certification Exam?
Of course, IAPP offers professional education, training and resources for those interested in privacy and looking to certify in the field. Anyone pursuing the CIPT certification exam can get a free CIPT study guide.
The IAPP also recommends taking the Privacy in Technology (Online) course to learn about critical privacy concepts that are also integral to the CIPT exam. The curriculum aims to boosts understanding of privacy and data protection practices in the development, engineering, deployment and auditing of IT products and services.
InfoSec Institute also offers several courses to help professionals prepare for a career in the digital privacy field. A six-day authorized CIPP/US, CIPT and CIPM boot camp, for example, is a great place to start. Alternatively, testers can consider taking the CIPM boot camp, CIPP/E boot camp or CIPP/US and CIPT boot camp, which are great individual courses.
Conferences are also an effective way to learn all about the newest issues in digital privacy. The IAPP Global Summit, for instance, is where the worldwide privacy profession gathers annually. This 2018 data protection was held in Washington DC (March 27-28) and discussed scandals of leaks or misappropriation of personal data that impact the EU General Data Protection Regulation (GDPR). For those that missed it, preparations are underway for the 2019 event.
A person who would like to expand their skillset and knowledge in the areas of information security and privacy will find the IAPP Certified Information Privacy Technologist (CIPT) certification of value to demonstrate mastery of privacy-related issues and security practices. Achieving CIPT certification also validates a credential holder’s understanding of how to manage and build privacy requirements into technology. As “data privacy skills are quickly becoming a must, [the CIPT credential] shows you’ve got the knowledge to build your organization’s privacy structures from the ground up,” IAPP says. The credential is excellent for any organization that takes personal data protection very seriously and is committed to protecting customers’ data.
And it has other benefits. As InfoSec Institute states (@InfosecEdu ): “According to a recent IAPP survey, privacy professionals that hold at least one IAPP certification earn an average of $25,000-$35,000 more in annual salary than their non-certified peers.”
Get GDPR Ready, IAPP
What is privacy?, IAPP
IT Privacy Certification, IAPP
Locate Test Center, Kryterion
Burgess, C. (2016, March 14). Security Certifications: The Alphabet Soup of the Information Security Profession. Retrieved from https://securityintelligence.com/security-certifications-the-alphabet-soup-of-the-information-security-profession/
IAPP. (n.d.). IAPP Privacy Certification Candidate Handbook 2018. Retrieved from https://iapp.org/media/pdf/certification/IAPP_Privacy_Certification_Candidate_Handbook_3.0.0.pdf
IAPP. (n.d.). CIPT Certification. Retrieved from https://iapp.org/certify/cipt/
IAPP. (n.d.). CIPT Test Center Exam (First-Time Candidate). Retrieved from https://iapp.org/store/certifications/a0l1a000000SJxhAAG/
IAPP. (n.d.). CIPT Test Center Exam (Retake). Retrieved from https://iapp.org/store/certifications/a0l1a000000SMoVAAW/
IAPP. (2015, September 2). Discussing the Value of a CIPP, CIPM, CIPT. Retrieved from https://iapp.org/news/a/discussing-the-value-of-a-cipp-cipm-cipt/
InfoSec Institute. (2018, July 17). 5 Ways an IAPP Privacy Certification Can Boost Your Career. Retrieved from https://www2.infosecinstitute.com/l/12882/2018-07-17/5vdgg4
Solove, D. J. (2014, September 29). How to Enter the Privacy Profession. Retrieved from https://teachprivacy.com/enter-privacy-profession/
Yasin, R. (2016, May 24). Employee Negligence: The Cause Of Many Data Breaches. Retrieved from https://www.darkreading.com/vulnerabilities—threats/employee-negligence-the-cause-of-many-data-breaches-/d/d-id/1325656