Skip Links

Certifying your skills and experiences as a privacy/security pro

A look at Certified Information Privacy Professionals

IT Best Practices Alert By Linda Musthaler, Network World
March 21, 2005 10:36 AM ET
Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

Last week, I wrote about the need for stricter information privacy laws. Such laws could help stem the tide of legitimate companies (as opposed to phishers) not caring properly for individuals' private information. In the wake of the recent ChoicePoint, Bank of America, DSW, et al, security breaches, tougher data privacy laws are inevitable. The smart company will start preparing now to beef up its privacy policies and procedures.

One way you can prepare is to add a Certified Information Privacy Professional (CIPP) to your staff. The CIPP is a credential issued by the International Association of Privacy Professionals (IAPP), an organization formed through the merger of the Privacy Officers Association (POA) and the Association of Corporate Privacy Officers (ACPO). As the leading association for privacy and security professionals, IAPP helps its members build and maintain privacy programs while effectively navigating the rapidly changing regulatory and legal environments. This last part of the mission is important, since the regulatory landscape is about to change radically.

The IAPP mission is clear: to support an individual membership organization by providing a forum for the discussion and debate of issues related to developing and maintaining privacy programs and policies in business. The association provides three major functions:

* To promote privacy programs and safeguards - their introduction, development and maintenance.

* To provide a forum for interaction and information exchange for our members.

* To create high-quality educational opportunities for those involved with privacy issues.

I believe the forum for interaction among members is especially important in this age of sharing data along the whole value chain of a business. As one company passes off sensitive data to another to fulfill a business transaction, it's important that both companies agree on how to protect the information. For example, in the case of a mortgage application, an individual's credit information gets passed along electronically from a bank to a title company, and it needs safeguards all along the way.

The CIPP is a generalist credential (not industry-specific) that certifies the individual against an essential body of privacy knowledge as defined by the IAPP and its advisors. Candidates will be tested on:

* Privacy law and compliance (key legal concepts, case laws and their application).

* Information security (IT infrastructure and assets; incident handling), Web privacy and security (Web site disclosure, customer tracking and online marketing).

* Data sharing and transfer (information inventory, user preferences and access).

* Workplace privacy (background screening, workforce monitoring and HR records).

In addition, candidates are encouraged to learn background material that won't likely appear on the certification exam. Such material includes privacy fundamentals (the social origins of privacy and its history) and privacy ethics (professional responsibilities and remedies to conflicts).

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News