Privacy and data protection is a fast-evolving field. From a functional perspective, the handling of personal data is maturing across every sector of the economy. And with the passage of laws such as the General Data Protection Regulation (GDPR) in Europe and the California Privacy Rights Act (CPRA), the legal compliance challenges that organizations face are greater than ever.
As a privacy professional, it is of utmost importance to stay up to date on developments in the field. For those that have obtained certification by the International Association of Privacy Professionals (IAPP), continuing to develop your skills and knowledge base after certification is required.
The IAPP issues certifications that are the gold-standard across the globe to establish that you are an expert in privacy and data protection issues. These certifications include the Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), and Certified Information Privacy Technologist (CIPT) designations. Once you have earned one of these designations, the IAPP requires that you complete Continuing Privacy Education (CPE) requirements to maintain it. In this article we explain those requirements.
- Find out what it takes to earn a passing score on IAPP exams by reading our article: “Explainer: What is a Passing Score on IAPP Exams?”
What is Continuing Privacy Education?
Continuing Privacy Education (CPE) is name that the IAPP has given to its ongoing education program that all certification holders are required to complete. It is the IAPP’s way of ensuring that certified individuals remain up to date with the latest developments in their designation or sector. Completion of 20 hours of CPE is one of two requirements necessary to maintain certification (the other is payment of a certification maintenance fee).
CPE requirements are similar in nature to continuing professional education requirements in other fields such as legal, accounting, or cyber security. They are designed to be closely related to the relevant designation or sector, while being flexible enough that professionals have the freedom to pursue knowledge or skills that are most relevant to their job requirements or interests.
After earning your IAPP certification, it remains active for a two-year period, which starts from the day you pass the exam. It is within this two-year period that professionals must complete their CPE credits.
The types of activities that can count toward CPE requirements include: (1) reading books or whitepapers; (2) attending various events like seminars or conferences; (3) staying current with relevant news; (4) reviewing relevant tools and resources; (5) taking online training courses; (6) watching educational videos; and (7) attending web conferences (either live or prerecorded).
In addition to CPE activities, the IAPP also allows certification holders to satisfy their CPE requirements through various other activities that include academic class attendance, coaching/mentoring an employee, IAPP board participation, proctoring exams, publishing materials, research/study/training, speaking engagements, and teaching. The IAPP, however, does place a cap on the number of available CPEs for certain activities as a means of encouraging professionals to pursue a variety of skills and knowledge.
How Do I Submit CPE Credits?
In order for your CPE credits to “count” toward maintaining your certification(s), you must report your CPE activities directly to the IAPP on its website. This can be done by signing into your account and navigating to this link. Alternatively, you can navigate to this page by opening the dropdown menu by clicking on the person icon in the top right corner of the page, and then clicking on “MyIAPP” link. From there, on the left-hand column, click on the “My Certifications” page where you will find a button that says “Submit CPEs.” You can also see you current CPE status on that page.
When submitting your CPE activities, you must choose which certification to apply those credits to (you can often submit to more than one). In addition, you must identify what type of activity was involved, the date, the credits earned, and (optionally) any notes. The submission process effectively works on the honor system.
What if I Hold More Than One IAPP Certification?
If you have more than one IAPP certification, the IAPP now allows you to apply your CPE credits to all certifications that are relevant to that activity. In other words, it is possible for just 20 hours of CPE credits to satisfy the requirements for all of the credentials that you hold. According to the IAPP itself, “We understand that there can be substantial crossovers in privacy that break through the boundaries we place around sectors and jurisdictions. We believe it will be rare that people with multiple credentials will need to earn 20 unique credits for each designation.”
Where Can I Earn CPE Credits?
Perhaps the best place to earn CPE credits is directly on the IAPP’s website on its CPE Central page (must be signed into your IAPP account to access). One of the added benefits of earning your CPE credits through the CPE Central is that IAPP facilitates the easy submission of credits when completed on the website.
The IAPP website, however, is not the only place to earn CPE credits. Credits can be earned at events, seminars, trainings, and other activities hosted by other professional organizations.
Are There Costs Associated with Earning CPE Credits?
Many of the resources available on the CPE Central page of IAPP’s website are made available free of cost to IAPP members. In fact, you can filter search results for relevant CPE opportunities by whether they are free or require payment.
There are some activities or resources, such as attending a conference, that require the payment of a fee. These fees vary widely based on the activity or resource.
- Learn more about the costs associated with earning IAPP certification by reading our article: “What Are the Costs of IAPP Certification?”
While the above article summarizes the key points of IAPP’s CPE program, the IAPP has published an official CPE Policy that you read here.