If you are interested in advancing your career at the intersection of technology and privacy, then obtaining the Certified Information Privacy Technologist (CIPT) credential is a great place to start. To become certified, you will need to pass the CIPT exam, which is administered by the IAPP, formerly the International Association of Privacy Professionals. To pass this exam, one must understand all of the topics and concepts listed in a document that the IAPP refers to as the Body of Knowledge (BoK). The CIPT Body of Knowledge is a high-level document that should guide any study plan.
As the IAPP now considers the CIPT exam one of its “core certifications,” it updates the BoK annually. This year, those changes go into effect on September 1, 2025. We break down these changes below, in detail.
Changes to the New CIPT Body of Knowledge
In 2023, the CIPT was overhauled significantly, with 50% new content. This year, some more significant changes are afoot. Thankfully, however, many of these changes appear to be merely structural – not substantive. So, let’s dive in and see what has changed.
Did the Domains Change?
Yes, the overall structure of the CIPT Body of Knowledge was overhauled to reduce the number of domains from seven down to five. According to the IAPP, this is largely due to breaking up previous domains I (Foundational principles), III (Privacy risks, threats, and violations), and IV (Privacy-enhancing strategies, techniques, and technologies), and distributing them across other domains. Additionally, a new domain covering the collection, use dissemination, and destruction of data was added (now Domain II).
The five current domains are the following:
- Domain I – The Privacy Technologist’s Role in the Context of the Organization
- Domain II – Data Collection, Use, Dissemination, and Destruction
- Domain III – Privacy Risk Management
- Domain IV – Privacy-Enhancing Strategies, Techniques, and Technologies
- Domain V – Privacy by Design
Are There Any New Topics or Concepts That Have Been Added?
According to the IAPP, most of the changes this year “were re-organization and consolidation of topics,” not substantively new areas.
While Domain II is a supposedly new domain, it contains many of the same areas previously tested in domains that were removed or consolidated. All three competencies in this new domain were previously included in old-domain III, which covered privacy risks, threats and violations.
The IAPP separately identified only one new performance indicator, which is:
- Performance Indicator I.C.2 – “Understand and apply common privacy threat models and frameworks (e.g., LINDDUN and MITRE PANOPTIC).”
In short, while this year’s changes represent a significant overhaul, it is more form than substance.
Were Any Topics or Concepts Removed?
Whenever the IAPP restructures one of its BoKs, there is always some ambiguity over whether certain topics were removed or simply reorganized or rephrased. This year, the IAPP has indicated that the following three topics are no longer going to be tested on the CIPT certification exam:
- Former Performance Indicator VII.D.9 – “Identify and minimize privacy risk involved in quantum computing.”
- Former Performance Indicator VII.D.10 – “Identify and minimize privacy risk involved when using blockchain, cryptocurrencies and non-fungible tokens (NFT).”
- Former Performance Indicator VII.D.11 – “Identify and minimize privacy risk involved when using virtual/augmented reality.”
Bringing Beta Exams Back
Last year, the IAPP did not administer beta exams for any of its certifications. This year, however, the IAPP has brought back beta exams for the CIPP/US and CIPT certification exams.
You can learn more about beta exams in this article: IAPP Beta Exams Explained
In order to sit for a beta exam, you must register between June 1, 2025 and July 26, 2025. The exam itself must be taken in the test window, which is from July 21st through 27th. Beta exams test all of the new material that will be incorporated into the updated BoK, which become effective for everyone just one month after the beta exam window closes.
Is Privacy Bootcamp’s CIPT Course Up to Date?
Yes, all Privacy Bootcamp courses are up to date.
At Privacy Bootcamp, we comprehensively update our courses once a year to correspond to changes implemented by the IAPP. We begin work implementing these annual updates months before the IAPP releases its updated BoKs. We do this based upon knowledge of changing technology, events in the privacy and data protection industry over the past year, and student feedback. These comprehensive updates are in addition to smaller updates that we release throughout the year.
Our students are never left flat-footed. In the coming days, weeks, and months we will begin rolling out all of our annual updates. So be on the lookout for new content for our CIPT course shortly. We ensure that these updates happen seamlessly for all enrolled students, and months ahead of the September 1, 2025, effective date. There’s no reason to worry about the changes the IAPP throws your way when you have Privacy Bootcamp at your side.
