The IAPP CIPM (Certified Information Privacy Manager) exam measures the candidate's understanding and application of global privacy laws and regulations, as well as the development and implementation of privacy policies, procedures, and programs within an organization. The exam objectives cover the following topics:
- Privacy program governance
- Privacy program operational life cycle
- Privacy laws and regulations
- Data subjects' rights
- Vendor management
- Risk management
- Privacy program infrastructure
There are a variety of resources available to help candidates prepare for the CIPM exam, including:
- Certified Information Privacy Manager (CIPM) Study Guide by John Watts
- The Privacy Engineer's Manifesto: Getting from Policy to Code to QA to Value by Michelle Finneran Dennedy, Jonathan Fox, and Thomas Finneran
- Privacy Law Fundamentals by Daniel J. Solove
- Privacy's Blueprint: The Battle to Control the Design of New Technologies by Woodrow Hartzog
The CIPM exam is a 90-question multiple-choice test that must be completed within 2.5 hours. The exam can be taken in-person at a testing center or online through remote proctoring. The cost to take the exam is $550 for IAPP members and $750 for non-members. To pass the exam, candidates must achieve a minimum score of 300 out of 500.
To pass the CIPM exam, candidates should have a comprehensive understanding of the seven exam objectives listed above. The Privacy program governance objective covers topics such as privacy frameworks, policies, and procedures, while the Privacy program operational life cycle objective includes topics such as privacy impact assessments, data inventory and mapping, and incident response plans. The Privacy laws and regulations objective covers various laws and regulations from around the world, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). The Data subjects' rights objective covers topics such as individual rights to access and control their personal data, while the Vendor management objective covers the vendor management lifecycle and how it relates to privacy. The Risk management objective covers topics such as risk assessments and risk mitigation strategies, while the Privacy program infrastructure objective covers topics such as privacy training and awareness programs.
Candidates should consider utilizing a variety of study materials, such as the related books listed above, as well as IAPP's official training materials and practice exams. It is also recommended that candidates have practical experience in the development and implementation of privacy programs within an organization.
Overall, passing the CIPM exam requires a thorough understanding of global privacy laws and regulations, as well as the ability to apply that knowledge to the development and implementation of privacy programs within an organization.