If your career sits at the intersection of privacy and technology, you understand the importance of staying on top of the ever-evolving laws, regulations, and best practices of privacy protection to help keep your organization compliant and keep privacy threats at bay.
You’ve likely also thought about pursuing a certification to help keep up with industry demands and further enhance your career. But where do you start? There’s a lot to consider, like the organizations offering the certification and the memberships they offer, the exam structure and cost, your career goals, level of experience, and area of focus within privacy protection.
In this article, we’re going to focus on two popular certifications for privacy technologists—the Certified Information Privacy Technologist (CIPT) and the >Certified Data Privacy Solutions Engineer (CDPSE) certifications.
Why focus on these two certifications? Well, because they’re really quite comparable. We want to help you navigate the research process by taking a look at the two organizations offering the certifications, the nitty-gritty of each exam, and other determining factors on whether the CIPT or CDPSE certification is right for you.
Why Get a Certification in Privacy Technology?
By obtaining a certification, you’ll gain worldwide credibility as a privacy professional, opening the door for professional growth, career advancement, and higher compensation. A certification demonstrates to companies that you have proven knowledge and skills in privacy protection.
Professionals with dual literacy in privacy and technology are in especially high demand, as regulations require privacy protection be built into products and services—a concept called “Privacy by Design.” Companies are seeking experts in the field to integrate strategies and techniques into their business to minimize privacy threats.
This is where you come in!
As you begin your research, you’ll frequently come across two organizations offering privacy in technology training: the International Association of Privacy Professionals (IAPP) and the Information Systems Audit and Control Association (ISACA). Let’s take a look at these organizations and what they offer.
IAPP vs. ISACA
While there are several organizations worldwide that offer certifications in information technology and related fields, the IAPP and ISACA are two that you should get to know.
Overview of IAPP
The International Association of Privacy Professionals (IAPP) is the largest and most comprehensive information privacy community worldwide. IAPP is a not-for-profit established in 2000 with the mission of defining, promoting, and improving the privacy profession globally.
The IAPP offers resources, training, membership and certification options, as well as opportunities to connect and network with other privacy professionals at virtual and in-person events, like their annual IAPP Global Privacy Summit.
With more than 80,000 members across 149 countries, the IAPP plays an important role in shaping the privacy landscape and promoting best practices in the industry.
What Certifications are Offered by IAPP?
The IAPP is a well-respected organization when it comes to certification. Its lineup currently includes four, certifications:
- Certified Information Privacy Professional (CIPP), with four concentrations by region
- Certified Information Privacy Manager (CIPM)
- Certified Information Privacy Technologist (CIPT)
- Certified Artificial Intelligence Governance Professional (AIGP), a new certification, available as of April 2024
Overview of ISACA
The Information Systems Audit and Control Association (ISACA) is a professional membership organization working towards a common goal: pursuit of digital trust. The nonprofit, independent ISACA has been a globally recognized leader in information security and information technology since it was founded in 1969.
Similar to IAPP, the ISACA offers industry-leading credentials, in-person and virtual training, as well as events and other membership benefits. In addition, ISACA offers a career center with mentorship opportunities, job boards, and a professional development forum.
Speaking of membership, the ISACA has 170,000 members across 188 countries. An earlier inception has clearly given ISACA a bit of a leg up in membership numbers compared to the IAPP.
What Certifications are Offered by ISACA?
The ISACA has awarded 300,000 certifications to-date. And while the ISACA’s certification and certificate list is quite extensive, the most in-demand credentials include:
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Data Privacy Solutions Engineer (CDPSE)
- Certified in the Governance of Enterprise IT (CGEIT)
Focus on Technology: CIPT vs. CDPSE
Now that we’ve provided an overview of the two organizations you should know and the certifications they offer, let’s dive into the comparison between CIPT and CDPSE to help you determine which may be best for you. As a privacy professional focused on technology, these are the two you’ll want to consider first.
IAPP’s Certified Information Privacy Technologist (CIPT)
The IAPP introduced its globally recognized CIPT certification in 2014, making it the first association to offer this type of designation for privacy technologists.
About the CIPT Exam
There are no prerequisites required to sit for the CIPT exam. IAPP recommends that you study a minimum of 30 hours to prepare for the exam. In our experience, however, most professionals need at least 50 hours of study before sitting for any IAPP exam to ensure success.
The exam consists of 90 multiple-choice questions, which you must complete in two and a half hours. You’ll have the option to take the exam virtually or in person at one of the 6,000 test centers across the globe. Either way, the exam is administered via computer, so you can put those scantron nightmares to rest.
The curriculum for the CIPT exam covers the following areas:
- Foundational principles
- The privacy technologist’s role in the context of the organization
- Privacy risks, threats, and violations
- Privacy-enhancing strategies, techniques, and technologies
- Privacy engineering
- Privacy by design methodology
- Evolving or emerging technologies in privacy
How Much Does CIPT Certification Cost?
There’s a fee of $550 (USD) to take the exam and $375 for retakes. You’ll want to make sure you take your exam within one year of purchase; otherwise, your exam fee will be forfeited.
Once you’ve passed your exam, you’ll need to pay a $250 Certification Maintenance Fee to activate your certification, which must be renewed every two years. The good news is, IAPP waives the fee if you’re a member.
Membership fees for IAPP range from a $50 annual student membership, up to a $295 annual professional membership.
If you’re all about the Benjamins, you can read more about the costs of IAPP certification.
Maintaining CIPT Certification
So, you’ve been awarded your shiny new CIPT certificate. Now what?
To maintain your CIPT designation, the IAPP requires you to complete 20 hours of Continuing Privacy Education (CPE) per term. In this case, a term is identified as the two-year period covered by your Certification Maintenance Fee. These CPE hours can be obtained through qualified educational content on the IAPP website, participation on advisory boards, hosting training sessions, and attending IAPP sponsored events.
ISACA’s Certified Data Privacy Solutions Engineer (CDPSE)
The CDPSE became available in 2020, trailing IAPP’s CIPT offering by a few years. It was the first experience-based technical certification in the industry. Since its introduction, the ISACA has awarded more than 16,000 CDPSE certifications.
About the CDPSE Exam
To become certified for the CDPSE, you’ll need to have three or more years of experience in data privacy governance, privacy architecture, and/or data lifecycle work. However, it’s important to note that you can sit for the exam without having this experience first. You have up to five years from passing your exam to apply for the certification, at which point you’ll need to demonstrate the experience requirements.
A tad lengthier than the CIPT exam, the CDPSE exam is 120 multiple-choice questions, which you have three and a half hours to complete. Like the CIPT, the CDPSE exam is computer-based and administered globally at authorized testing centers, or virtually via a remotely proctored exam.
If you don’t pass the exam on the first try, ISACA has a retake policy that allows you three more attempts within one year of your first attempt. However, you’ll need to pay the registration fee in full for each exam attempt.
The exam curriculum covers three key domain areas: privacy governance, privacy architecture, and data lifecycle.
How Much Does CDPSE Certification Cost?
The exam registration fee is $575 (USD) for an ISACA member and $760 for a nonmember, with the same costs for any retakes. These registration fees are non-refundable and non-transferrable, and registration fees will be forfeited if you don’t take the exam within one year.
To become an ISACA member, you’ll pay $145 to join and $135 per year thereafter.
Don’t close your wallet just yet! After successfully passing the CDPSE exam, you’ll need to pay a $50 processing fee to submit your application, demonstrating three or more years of experience.
Maintaining CDPSE Certification
The ISACA requires a minimum of 120 Continuing Professional Education hours during a three-year reporting period, with a minimum of 20 hours per year. You can obtain these CPE hours a number of ways, including conferences, webinars and online training, on-demand learning, training courses and skills-based labs, and volunteering.
In addition, as an ISACA member and/or holder of a CDPSE designation, you’ll need to agree to a Code of Professional Ethics.
Which Certification is Right for You?
The choice between CIPT and CDPSE ultimately depends on your preference for an organization and its membership offerings, the exam structure and associated costs, and your area of expertise, experience, and career goals.
If your professional focus is on building privacy-friendly products and services, embedding privacy protection throughout every stage of development, and designing software and systems to better ensure privacy, then CIPT may be the best option for you.
The CIPT designation is also a great choice for those with a non-technical background (e.g., attorneys) to gain a deeper understanding about how data protection is built directly into products and services. The knowledge gained in acquiring CIPT certification can help bridge the gap between the technical and legal functions within organizations.
If your focus leans more toward implementing privacy controls within organizational frameworks and the nitty-gritty of privacy architecture, you may consider CDPSE your best option. The ISACA itself has a broader focus on information security and information technology. IAPP, on the other hand, is all privacy, all the time. Thus, if you consider yourself an information technology professional first, then the CDPSE may be the best choice. But if you consider yourself a privacy professional first, then the CIPT certification would be the way to go.
The most obvious area where this plays out is comparing the experience requirements for the CIPT and CDPSE certifications. Keep in mind is the CDPSE is an experience-based certificate, meaning you’ll need to demonstrate at least three years of qualified experience before actually obtaining the certification. So, if you’re newer to the field of privacy and are looking to get certified sooner rather than later, the CIPT is perhaps the better choice. The lack of experience-based requirements also means that the CIPT provides a better on-ramp for professionals from non-technical backgrounds seeking to expand their technical understanding.
At the end of the day, obtaining either CIPT or CDPSE certification will demonstrate your expertise as a privacy technologist, giving you worldwide credibility and recognition in the field of privacy.
