Which IAPP certification is for you?
Why should I get IAPP certification?
IAPP certifications are among the most respected in the industry, and many organizations consider them the gold standard in privacy. Whether you're working toward an IAPP CIPP certification to understand privacy laws, a CIPM certification to manage privacy or a CIPT certification to bring privacy into technology, IAPP holders typically higher salaries and have more job opportunities than the average privacy professional.
These certifications can become career catalysts, particularly when you earn multiple or all the IAPP credentials offered. Although general knowledge and some experience are recommended, there aren't set requirements for IAPP certification, meaning almost anyone with the proper certification exam training can benefit from this knowledge.
Is IAPP certification worth it?
Earning and maintaining IAPP certification boosts your professional reputation by signifying you're on top of the latest privacy laws and regulations. This can increase your earnings by 13 to 27 percent, according to an IAPP survey.
When you receive your IAPP certification, you can also become a member of the organization for a small additional fee, which has its own benefits. You'll have access to industry-leading resources and a network of privacy professionals around the world who face many of the same challenges.
IAPP certification exams FAQs
All IAPP certification exams were last updated in October 2023. Here’s what you should know about the current exams:
What are the CIPP (Certified Information Privacy Professional) U.S. Private Sector exam objectives?
The IAPP CIPP U.S. Private Sector certification covers the five objectives, or domains, listed below:
- Introduction to the U.S. privacy environment (38%): Provides a structural overview of the U.S. legal system and the branches of government. Covers regulatory authorities and how laws are enforced at a national level. Includes a view of information management from a U.S. perspective and how privacy and security laws are enforced by the government.
- Limits on private-sector collection and use of data (27%): Covers regulatory and enforcement policies of the FTC and limitations of collecting data from medical, financial and educational sectors. Includes ethics and laws surrounding the collection and dissemination of telecommunications and marketing data.
- Government and Court Access to Private-sector Information (8%): Includes limitations and protections of data by law enforcement and those during civil litigation. Also includes laws and exceptions of data collection as it pertains to national security.
- Workplace Privacy (10%): Covers tools and methods for maintaining workplace privacy, including how to maintain it before, during, and after employment. Includes all relevant workplace privacy laws and how to manage privacy before, during, and after employee terminations, as well as laws surrounding employee monitoring.
- State Privacy Laws (17%): Covers specific privacy laws enacted by states with a focus on the collection and protection of digital data. Also defines how federal and state authorities work together to enforce privacy laws and the jurisdictions of each.
What are the CIPP (Certified Information Privacy Professional) Europe exam objectives?
The IAPP CIPP Europe certification certification covers the three objectives, or domains, listed below:
-
Introduction to European data protection (10%): Covers the history of European privacy law and the current legal framework for data privacy in the E.U. Includes an overview of the E.U. institutions that regulate privacy laws.
- European data protection saw and regulation (71%): Includes an in-depth look at the concepts and principles that guide data privacy regulations in the European Union. Covers processing laws, how they're governed within the E.U. and how they're maintained internationally. Includes enforcement of these laws and consequences for their violation.
- Compliance with European data protection saw and regulation (19%): Covers the responsibilities of employers and organizations regarding E.U. data privacy in the workplace. Includes regulations on surveillance, direct marketing and IT.
What are the CIPT (Certified Information Privacy Technologist) exam objectives?
The IAPP CIPT certification covers the seven objectives, or domains, listed below:
- Foundational principles (12%): Covers the basics of information privacy, including the average data life cycle, value-sensitive design models and the foundational principles of privacy by design. Includes commonly used privacy risk models and frameworks that can be applied to different organizational models.
- Role of IT in privacy (15%): Covers the basics of information security and the role of IT in privacy design to give a better picture of where IT fits in overall privacy strategies. Includes the most common privacy responsibilities of IT professionals from the ground up.
- Privacy threats and violations (17%): Includes common risks to privacy during data collection, usage and dissemination. Includes information on software security implementation and management. Also covers less obvious threats from intrusion, decisional interference and self-representation.
- Technical measures and privacy-enhancing technologies (18%): Covers how to use the latest in privacy technology and strategies for technology to reduce privacy threat risk. Includes data-oriented strategies and techniques and process-oriented strategies.
- Privacy engineering (12%): Covers the role engineers play in maintaining organization-wide privacy. Outlines common privacy objectives for engineers and privacy design patterns that can be implemented to reduce risk. Includes common privacy risks in software and how they can be mitigated.
- Privacy by design methodology (11%): Covers the latest methodology for the Privacy by Design process and the importance of frequent monitoring of how this process is enacted in organizations.
- Technology challenges for privacy (15%): Covers the latest technologies that pose risks to privacy, including automated decision-making, tracking and surveillance, anthropomorphism, ubiquitous computing and mobile social computing.
What are the CIPM (Certified Information Privacy Manager) exam objectives?
The IAPP CIPM certification covers the six objectives, or domains, listed below:
- Developing a framework (21%): Covers how to create a solid foundation for a privacy program and details who is responsible for what tasks to keep it running. Includes how to adapt a program's governance model to specific privacy strategies. Covers laws and regulations related to programs.
- Establishing a program governance (19%): Covers how to institute privacy programs and requirements across an organization and how to establish roles and responsibilities for those involved. Includes how to define privacy metrics for oversight and how to institute information privacy training.
- Assessing data (19%): Covers how to assess potential privacy threats to an organization's information systems and processes. Includes how to pinpoint weaknesses to secure policies and procedures across an organization and how to prepare for potential threats.
- Protecting personal data (15%): Covers different levels of protection of an organization's personal data. Explores security controls and technology that protect personal employee and customer data for companies of varying sizes and industries. Includes how to enact these strategies company-wide.
- Sustaining program performance (10%): Covers how to maintain privacy strategies and policies after they're created. Includes auditing and risk assessment techniques and ways to use metrics to judge the performance of implemented privacy policies and programs.
- Responding to requests and incidents (16%): Covers methodology for responding to privacy requests and how to create an incident response plan if leaks or violations occur. Includes how to perform risk assessment after incidents occur, how to prevent incidents from spreading throughout data systems and how to course correct after incidents.
How do I prepare for IAPP exams?
To begin, enroll in training courses for each IAPP exam you plan on taking. There are online classes and boot camps for IAPP CIPP/US, IAPP CIPP/E certification, IAPP CIPT certification and IAPP CIPM certification that comprehensively cover the latest bodies of knowledge for these exams. Once you've completed the relevant courses, IAPP sells some of the most popular data privacy books on data privacy from the foremost experts in the field, as well as practice tests for the four exams mentioned above. Exam blueprints and other free resources give candidates a rough idea of the topics covered and how much weight is attributed to each domain in the exam.
What is the passing score for the IAPP exam?
Grading for these exams is based on the total number of scored questions answered correctly, and candidates need a cumulative score of 300 (on a scale of 100-500) to pass and receive their certification. This is true for all exams offered by IAPP.
How hard is it to pass the CIPP exam?
While there are no published data on first-time pass rates, many people who have taken the CIPP U.S. Private-sector exam report it being the toughest of the four exams covered because it has the widest-reaching BOKs of any IAPP certification. Candidates report that CIPP Europe exams are slightly easier due to fewer domains covered, but they are still quite challenging. Rigorous and comprehensive studying using training courses, paid materials and free materials is highly recommended to earn IAPP CIPP certification.
How hard is it to pass the CIPT exam?
How difficult the CIPT exam will be depends on your experience, your exam preparation approach and how well you take tests. IAPP training partners like Infosec offer an Exam Pass Guarantee, which means if you don't pass your exam on the first attempt, you can get a second attempt at no cost to you.
How hard is it to pass the CIPM exam?
As mentioned above, your chances of passing the CIPM exam depend on your experience and how well you prepare for the exam. IAPP training partners like Infosec offer an Exam Pass Guarantee, which means if you don't pass your exam on the first attempt, you can get a second attempt at no cost to you.
Free and self-study IAPP certification materials
There are many helpful resources to help you on your journey to passing IAPP exams. Before looking for the best IAPP exam resources, we recommend browsing official IAPP exam outlines so you know what areas to study before test day.
IAPP exam study guides and IAPP-approved books
The following study guides and books cover the most relevant information on IAPP exams. You can find them at your local library, bookstore or online stores like Amazon. A few of the most popular are:
-
IAPP study guides. Sign up on the IAPP website to receive a free CIPP/US Study Guide, CIPP/E Study Guide, CIPT Study Guide and CIPM Study Guide.
-
Privacy Program Management Third Edition Digital by Russell Densmore (IAPP)
-
Strategic Privacy by Design Second Edition Digital by R. Jason Cronk (IAPP)
-
European Data Protection Third Edition Digital by Eduardo Ustaran (IAPP)
IAPP practice exams and simulations
Practice exams are a great way to gauge your exam readiness, and the IAPP offers paid practice exams to help you prepare. A few of the most popular IAPP practice exams are listed below:
In addition to these options, many IAPP training courses and content include practice questions. For example, Infosec's CIPP/US training, CIPP/E training, CIPT training and CIPM training include comprehensive practice exams.
Other free IAPP training resources
There are a number of other free IAPP certification training materials produced and shared by the community:
-
-
Forums like TechExams and Reddit allow you to connect directly with others studying for or who have already taken IAPP exams.
-
YouTube is another great place to connect with data privacy professionals and learn about IAPP exams. Although most IAPP credential courses cost money, numerous free videos are available, including our Tips to Pass Your IAPP Certification Exam video with featuring Infosec Skills authors.
-
Podcasts may not help you directly study for your IAPP exam, but those like the Cyber Work Podcast are a great way to learn about privacy career options and your peers' career journeys.
-
IAPP certification jobs and careers
With major data breaches in recent years, professionals with IAPP credentials are in high demand. Learn how these certifications can help you open new doors in your career.
What does a CIPP/E holder do?
Professionals with this certification are experts on European Union privacy law and understand how it interacts with U.S. privacy law. Some of the jobs CIPP/E holders have are similar to CIPP/US holders and include:
-
Data protection officer
-
Compliance and regulation associate
-
Privacy analyst/consultant
-
Institutional privacy oversight manager
-
Technical privacy investigator
What does a CIPT holder do?
IT professionals with CIPT certification understand the ins and outs of protecting privacy data on a technical level. They know the latest privacy techniques for systems and applications and are aware of weak points in information life cycles. Some of the jobs CIPT holders enjoy can include:
-
Compliance manager
-
Privacy program manager
-
Data governance and privacy operations analyst
-
Privacy engineer
-
IT internal auditor
What does a CIPM holder do?
CIPM is a management-level privacy certification, so most holders have all the above knowledge and more about instituting privacy programs across an organization. They can train employees in the latest security techniques and develop policies that protect employees and customers. Some jobs held by professionals with CIPM certification include:
-
Data privacy manager/advisor
-
Privacy program manager
-
Lead privacy analyst
-
Privacy director
-
Director of governance, risk and compliance
What is the IAPP certification average salary?
According to the IAPP salary survey, "Respondents with any one IAPP certification earned over 13% more than those with no IAPP qualifications, while those with multiple IAPP certifications earned just over 27% more than those with no IAPP qualifications."
IAPP estimates that the average base salary for internal privacy professionals is $146,200.
How many people have IAPP certifications?
As of 2019, the IAPP reported that over 25,000 certifications had been issued and, as the leading privacy certifications in the U.S., the current number is likely much higher.
Where can I find CIPP/US, CIPP/E, CIPM and CIPT jobs?
CIPP U.S. Private-sector is a requested certification in data-privacy-related job listings. General job boards like Indeed, Monster, Glassdoor, LinkedIn and CareerBuilder allow you to search by keywords like “CIPP/US” or relevant job titles for open roles.
There are also cyber-specific job boards, such as ClearedJobs, infosec-jobs.com and others. Another great way to find CIPP/US job openings is by joining local and national cybersecurity groups — such as ISSA, or Women in Cybersecurity — joining local meetups or engaging in cybersecurity forums and websites.
To prepare for your job interview, download our free ebook of cybersecurity interview tips: How to stand out, get hired and advance your career.
Paid IAPP certification training and exam prep
When preparing for IAPP certification exams, you can self-train with books and free resources, find paid courses or combine efforts. IAPP training partners like Infosec offer live online boot camps and on-demand courses where you go at your own pace.
Live IAPP boot camps
Boot camps for CIPP/US, CIPP/E, CIPT, and CIPM exams provide days of intensive instruction from expert instructors. You can even train for more than one IAPP certification at a time with some Infosec IAPP boot camps.
The benefits of live CIPP/US, CIPP/E, CIPT and CIPM boot camps include:
-
Live training and Q&A: Privacy law is constantly changing, and keeping up with the latest regulations, privacy technology and newest risks is challenging. Our expert instructors help you make sense of the latest news and information to help you on the exam.
-
Complete training package: Most boot camps come with everything you need: instruction, exam vouchers, books, practice exams and labs. Training with a live instructor is more expensive, so when shopping around, be sure you know what's included in your purchase — and what you have to pay extra for.
-
Improved pass rates: Boot camp providers like Infosec stand by their training with an Exam Pass Guarantee. That means if you fail your exam on your first attempt, you get a second attempt to pass — for free.
Self-paced IAPP instruction
There's a lot of material to cover when studying for IAPP exams, and sometimes going at your own pace is ideal. These types of courses include pre-recorded videos, online labs and exercises that keep learning engaging.
The benefits of on-demand IAPP training include:
-
Train when you want: You're in charge of your certification training prep, whether you cram on your lunch break or weekend-long study sessions.
-
Build an individual training plan: Don't waste time learning what you already know. When you're not tied to a group, you can focus more on the areas where you need the most work.
-
Prepare at your own pace: With on-demand training, you can take your time preparing for your IAPP exams. But make sure to stay consistent. Studies show you can quickly forget information you aren’t actively using or reviewing.
IAPP certification comparisons, alternatives and more
While IAPP certifications are valuable, they're not the only path to a privacy-related career. Check out these articles to learn more:
- ISACA CDPSE job titles and career outlook: If you're interested in data privacy but not the roles related to IT, CDPSE certification could be a better fit for you. Find out more.
- Data protection vs. data privacy: What's the difference?: There are some big differences between European privacy and U.S. privacy, right down to terminology. Learn the differences.
- Do security managers need an IAAP certificate?: If your career goals include becoming a security manager, know what's required for the position and what regular duties include.
- I failed IAPP’s CIPP/C certification. Here’s how I recovered: Failing an IAPP exam can be frustrating and cause you to rethink this certification, but it shouldn't be the end of your path.