What is the CIPP/US Certification?

CIPP/US | IAPP | BoK
CIPP/US Logo

If you are just beginning your journey into the professional world of privacy and data protection, you may have come across references to CIPP/US certification. The CIPP/US certification stands for Certified Information Privacy Professional, United States. This certification is administered by the International Association of Privacy Professionals (IAPP), a U.S.-based non-profit organization that has a global reach. The certifications administered by the IAPP are the most highly desired professional certifications globally in the field of information privacy and data protection. They represent the gold standard for privacy professionals.

The CIPP/US certification indicates that you are an expert in U.S. privacy laws and regulations, including how those laws and regulations are applied. In addition, it shows that you have a foundational understanding of global concepts of privacy and data protection. This includes jurisdictional laws, regulation and enforcement models, core privacy-related concepts, and how to handle personal data. The CIPP/US certification can be thought of as the “what” of privacy protection—what data needs to be protected, what laws apply, what are the consequences for non-compliance, etc.

What is Required to Obtain and Maintain the CIPP/US Certification?

To obtain CIPP/US certification, the IAPP requires that you successfully complete a qualifying exam. This exam contains 90 multiple choice questions, which you have two and a half hours to complete.

There are no prerequisites to sitting for the CIPP/US certification exam. For example, the IAPP does not require test takers to have a certain number of years of professional experience prior to sitting for the exam. For this reason, obtaining an IAPP certification is a great way for professionals to break into the privacy and data protection profession.

Once you have successfully obtained the CIPP/US certification, you must maintain it by paying an annual fee (which is waived if you are an IAPP “member”) and completing 20 hours of Continuing Privacy Education credits bi-annually.

What Are the Benefits of CIPP/US Certification?

In a word: Jobs. Jobs. Jobs. With increasing frequency, organizations are including the CIPP/US certification as a required or preferred qualification for job applicants whose role will be to handle privacy-related matters. This is true across a wide range of professions, including legal, consulting, human resources, and others. And because privacy concerns arise in many different contexts, this certification is sought in a range of industries, from healthcare, finance, information technology, and more.

Let’s take a look at some numbers. Across three of the leading job boards, based upon a recent search, the CIPP/US certification was listed in the following number of job postings:

Professionals obtaining a CIPP/US certification also earn, on average, significantly more than their non-certified peers. According to a recent survey (access for IAPP members only), certified professionals with one IAPP certification earn about $5,000 more per year than their non-certified counterparts, while those with multiple IAPP certifications earn up to $15,000 per year more than their peers.

According to that same survey, privacy professionals had a job satisfaction score of 7.3 (out of ten), with the biggest driver of that satisfaction being how interesting their work was.

Who Typically Obtains the CIPP/US Certification?

The CIPP/US exam is heavy on the law—that is, it is focused on specific laws and regulations related to the handling of personal data. For this reason, many of the people who obtain CIPP/US certification are lawyers.

But if you are not a lawyer, don’t be scared away. The CIPP/US certification is beneficial for anyone interested in privacy, data protection, cybersecurity, or law. We have had CIPP/US students at Privacy Bootcamp that come from a diverse array of backgrounds. We have had CIPP/US students that come from backgrounds in accounting, consulting, IT, human resources, software engineering, and many other fields.

As would be expected, the CIPP/US certification is more commonly held by those in the U.S than those based elsewhere. For example, among the U.S.-based respondents to a recent IAPP survey, 60% held the CIPP/US certification, while only 27% held the CIPP/E certification. In that same survey, among E.U.-based respondents, 67% held the CIPP/E certification and only 4% held the CIPP/US certification (the numbers were roughly similar for the U.K.-based respondents).

What is Tested on the CIPP/US Exam?

The IAPP sets forth the curriculum for each of the exams it administers in two documents: (1) the Body of Knowledge; and (2) the Exam Blueprint. Each of these documents is updated annually.

The Body of Knowledge is the outline of all concepts and topics that candidates will need to know to obtain their certification. The IAPP considers the Body of Knowledge to be the core document setting forth its CIPP/US curriculum, stating: “it is each candidate’s responsibility to be prepared for exams by being familiar with all elements of the Bodies of Knowledge.”

The Exam Blueprint, on the other hand, tells students how heavily certain areas in the Body of Knowledge are tested. In other words, the Exam Blueprint gives the approximate number of questions on each topic area covered on the CIPP/US exam.

The CIPP/US Body of Knowledge has five primary knowledge “domains”:

A broad array of specific laws and regulations are covered. These include, the Federal Trade Commission Act (FTC Act), the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), the California Privacy Rights Act (CPRA), and dozens of others. A discussion of the full scope of items tested on the exam is outside the scope of this article. We encourage you to review the Body of Knowledge yourself, as it runs five pages in length.

As noted above, the topics included in the five primary domains will be tested in multiple choice format. There are two different types of questions that appear on the CIPP/US exam. The first are straight forward questions testing specific knowledge—e.g., “The Fair Credit Reporting Act mandates what type of consumer consent with respect to the use of firm offers of credit or insurance?” The second type of question requires application of knowledge. Test takers are presented with a short fact pattern, followed by questions asking them to apply privacy-based knowledge.

What Comes with Privacy Bootcamp’s CIPP/US Test Preparation Course?

At Privacy Bootcamp, we have designed our CIPP/US test preparation course to be a comprehensive, all-in-one training resource. Our course comes with the following:

You can see how we’ve organized our CIPP/US course by visiting the Preview Page or the CIPP/US Preview Page and clicking on “Table of Contents” button on either page.

Privacy Bootcamp Student

Study the Smart Way With Privacy Bootcamp

Privacy Bootcamp Student
  • Comprehensive, all-in-one training source
  • Pass on your first attempt — or your money back*
  • Gain real exam experience with a live testing environment