CIPP-US Exam Format | CIPP-US Course Contents | CIPP-US Course Outline | CIPP-US Exam Syllabus | CIPP-US Exam Objectives

Title: Certified Information Privacy Professional/United States (CIPP/US) - IAPP CIPP-US

Test Detail:
The Certified Information Privacy Professional/United States (CIPP/US) exam, offered by the International Association of Privacy Professionals (IAPP), is designed to validate the knowledge and expertise of professionals in the field of privacy and data protection within the United States. This certification is intended for individuals who work with U.S. privacy laws and regulations.

Course Outline:
The CIPP/US certification program provides participants with comprehensive knowledge and understanding of privacy laws and regulations specific to the United States. The following is a general outline of the key areas covered in the certification program:

1. Introduction to U.S. Privacy Laws and Regulations:
- Understanding the legal and regulatory landscape of privacy in the United States
- Familiarizing with key U.S. privacy laws, including the Privacy Act, HIPAA, and COPPA
- Exploring industry-specific regulations and standards, such as GLBA and FERPA

2. Privacy Governance and Program Management:
- Developing and implementing privacy policies and procedures
- Establishing privacy governance frameworks and accountability measures
- Managing privacy risks and compliance obligations

3. Privacy in Practice:
- Conducting privacy impact assessments (PIAs) and privacy audits
- Managing data breaches and incident response procedures
- Addressing cross-border data transfers and international privacy considerations

4. Privacy Principles and Frameworks:
- Understanding the key privacy principles, including notice, choice, and consent
- Exploring privacy frameworks and standards, such as the Fair Information Practices (FIPs)
- Applying privacy by design principles and practices

5. Privacy Operations:
- Managing privacy documentation and records
- Implementing privacy training and awareness programs
- Monitoring and enforcing privacy policies and practices

Exam Objectives:
The CIPP/US exam assesses candidates' knowledge and understanding of privacy laws and regulations within the United States. The exam objectives include, but are not limited to:

1. Understanding the legal and regulatory framework of privacy in the United States.
2. Applying privacy principles and practices to various scenarios.
3. Implementing privacy governance and accountability measures.
4. Managing privacy risks and compliance obligations.
5. Addressing privacy challenges in practice, such as data breaches and cross-border data transfers.
6. Ensuring privacy operations and documentation meet regulatory requirements.

Syllabus:
The CIPP/US certification program typically includes comprehensive training provided by the International Association of Privacy Professionals (IAPP) or authorized training partners. The syllabus provides a breakdown of the topics covered throughout the course, including specific learning objectives and milestones. The syllabus may include the following components:

- Introduction to CIPP/US exam overview and certification process
- U.S. Privacy Laws and Regulations
- Privacy Governance and Program Management
- Privacy in Practice
- Privacy Principles and Frameworks
- Privacy Operations
- Exam Preparation and Practice Tests
- Final CIPP/US Certification Exam

---------------------

- Structure of U.S. Law
- Branches of government
- sources of law
- legal definitions
- regulatory authorities
- understanding laws

- Enforcement of U.S. Privacy and Security Laws
- Criminal vs. civil liability
- general theories of legal liability

- Information Management from a U.S. Perspective
- Data inventory and classification
- data flow mapping
- privacy program development
- managing user preferences
- incident response programs
- workforce training
- accountability
- data and records retention and disposal (FACTA)
- online privacy
- privacy notices
- vendor management
- international data transfers and Schrems decisions
- other key considerations for U.S.-based multinational companies
- GDPR requirements
- APEC
- resolving multinational compliance conflicts

- Limits on Private-sector Collection and Use of Data
- Cross-sector FTC Privacy Protection
- The FTC Act
- FTC privacy enforcement actions
- FTC security enforcement actions
- COPPA
- future of federal enforcement

- Healthcare/Medical
- HIPAA
HITECH
GINA
the 21st Century Cures Act of 2016
Confidentiality of Substance Use Disorder Patient Records Rule

- Financial
- FCRA
- FACTA
- GLBA
- Red Flags Rules
- Dodd-Frank
- CFPB
- online banking

- Education
- FERPA
- education technology
- Telecommunications and Marketing

- Government and Court Access to Private-sector Information
- Law Enforcement and Privacy
- Access to financial data
- access to communications
- CALEA

- National Security and Privacy
- FISA
- USA-Patriot Act
- USA Freedom Act
- Cybersecurity Information Sharing Act (CISA)

- Civil Litigation and Privacy
- Compelled disclosure of media information
- electronic discovery

- Workplace Privacy
- Introduction to workplace privacy
- Workplace privacy concepts
- U.S. agencies regulating workplace privacy issues
- U.S. anti-discrimination laws

- Privacy before, during and after employment
- Automated employment decision tools and potential for bias
- employee background screening
- employee monitoring
- investigation of employee misconduct
- termination of employment relationship
- working with third parties

- State Privacy Laws
- Federal vs. state authority
- State attorneys general
- California Privacy Protection Agency (CPPA)

- Data privacy and security laws
- Applicability
data subject rights
privacy notice requirements
data security requirements
data protection agreements
data protection assessments/risk assessments

health data rules
data retention and destruction
selling and sharing of personal information
enforcement
cookie and online tracking regulations

facial recognition use restrictions
biometric information privacy regulations
AI bias laws
important comprehensive data privacy laws

- Data breach notification laws
- Elements of
- key differences among states
- significant developments