Last week, I wrote about the need for stricter information privacy laws. Such laws could help stem the tide of legitimate companies (as opposed to phishers) not caring properly for individuals' private information. In the wake of the recent ChoicePoint, Bank of America, DSW, et al, security breaches, tougher data privacy laws are inevitable. The smart company will start preparing now to beef up its privacy policies and procedures.
One way you can prepare is to add a Certified Information Privacy Professional (CIPP) to your staff. The CIPP is a credential issued by the International Association of Privacy Professionals (IAPP), an organization formed through the merger of the Privacy Officers Association (POA) and the Association of Corporate Privacy Officers (ACPO). As the leading association for privacy and security professionals, IAPP helps its members build and maintain privacy programs while effectively navigating the rapidly changing regulatory and legal environments. This last part of the mission is important, since the regulatory landscape is about to change radically.
The IAPP mission is clear: to support an individual membership organization by providing a forum for the discussion and debate of issues related to developing and maintaining privacy programs and policies in business. The association provides three major functions:
* To promote privacy programs and safeguards - their introduction, development and maintenance.
* To provide a forum for interaction and information exchange for our members.
* To create high-quality educational opportunities for those involved with privacy issues.
I believe the forum for interaction among members is especially important in this age of sharing data along the whole value chain of a business. As one company passes off sensitive data to another to fulfill a business transaction, it's important that both companies agree on how to protect the information. For example, in the case of a mortgage application, an individual's credit information gets passed along electronically from a bank to a title company, and it needs safeguards all along the way.
The CIPP is a generalist credential (not industry-specific) that certifies the individual against an essential body of privacy knowledge as defined by the IAPP and its advisors. Candidates will be tested on:
* Privacy law and compliance (key legal concepts, case laws and their application).
* Information security (IT infrastructure and assets; incident handling), Web privacy and security (Web site disclosure, customer tracking and online marketing).
* Data sharing and transfer (information inventory, user preferences and access).
* Workplace privacy (background screening, workforce monitoring and HR records).
In addition, candidates are encouraged to learn background material that won't likely appear on the certification exam. Such material includes privacy fundamentals (the social origins of privacy and its history) and privacy ethics (professional responsibilities and remedies to conflicts).
IAPP also offers a credential, called CIPP/G, designed exclusively for federal and state government employees, as well as professionals who serve government clients. As an extension of the regular CIPP program, the CIPP/G requires a deeper understanding of federal and state privacy regulations, policies and practices. The IAPP developed the CIPP/G with the assistance of leading figures in government privacy from the U.S. Postal Service, the U.S. Department of Veterans Affairs, the U.S. Office of Management and Budget, the California State Department of Consumer Affairs, SRA International and MITRE Corporation.
The CIPP and the CIPP/G credentials are good for three years, after which the individual must get recertified. The certificants also must join IAPP as a member.
Whether you are in the private sector or the government arena, there's no doubt that privacy is moving to the forefront as an issue confronting the information technology professional. The IAPP is a great resource to help you through the landmines. And, by the way, you don't have to be a CIPP to be a member of the IAPP. Like any other IT discipline, certification just gives you a boost toward validating your skills and knowledge.
Learn more about this topicQ&A: New IETF chief: 'Our work's still cool'
Network World, 03/21/05