Last week, I wrote about the need for stricter information privacy laws. Such laws could help stem the tide of legitimate companies (as opposed to phishers) not caring properly for individuals' private information. In the wake of the recent ChoicePoint, Bank of America, DSW, et al, security breaches, tougher data privacy laws are inevitable. The smart company will start preparing now to beef up its privacy policies and procedures.

One way you can prepare is to add a Certified Information Privacy Professional (CIPP) to your staff. The CIPP is a credential issued by the International Association of Privacy Professionals (IAPP), an organization formed through the merger of the Privacy Officers Association (POA) and the Association of Corporate Privacy Officers (ACPO). As the leading association for privacy and security professionals, IAPP helps its members build and maintain privacy programs while effectively navigating the rapidly changing regulatory and legal environments. This last part of the mission is important, since the regulatory landscape is about to change radically.

The IAPP mission is clear: to support an individual membership organization by providing a forum for the discussion and debate of issues related to developing and maintaining privacy programs and policies in business. The association provides three major functions:

* To promote privacy programs and safeguards - their introduction, development and maintenance.

* To provide a forum for interaction and information exchange for our members.

* To create high-quality educational opportunities for those involved with privacy issues.

I believe the forum for interaction among members is especially important in this age of sharing data along the whole value chain of a business. As one company passes off sensitive data to another to fulfill a business transaction, it's important that both companies agree on how to protect the information. For example, in the case of a mortgage application, an individual's credit information gets passed along electronically from a bank to a title company, and it needs safeguards all along the way.

The CIPP is a generalist credential (not industry-specific) that certifies the individual against an essential body of privacy knowledge as defined by the IAPP and its advisors. Candidates will be tested on:

Linda Musthaler is a principal analyst with Essential Solutions Corporation.