top of page

Planning to get certified as a privacy professional? Here's how to do it.

Anybody interested in carving out a professional career in Data Privacy should consider getting any of the certifications offered by the International Association of Privacy Professionals (IAPP). This is especially crucial for current privacy professionals, considering the utter lack of available professional training in the Philippines at the moment.

The IAPP describes itself as “largest and most comprehensive global information privacy community and resource.” As far as I know, it is the only globally-recognized body giving out certifications to Information Privacy professionals. The IAPP has a Philippines chapter, which has been set up by local IAPP members. To date, the IAPP Philippines chapter has held two KnowledgeNet sessions (as far as I know).

The IAPP has three types of certifications: The CIPP (Certified Information Privacy Professional), the CIPM (Certified Information Privacy Manager), and the CIPT (Certified Information Privacy Technologist). The CIPP has the following variants or concentrations:

  1. CIPP/A

  2. CIPP/C

  3. CIPP/E

  4. CIPP/G

  5. CIPP/US

The CIPP/A credential is focused on Asia. Currently, the exam covers laws of Hong Kong, India, and Singapore. I understand that IAPP will add more countries in the coverage as more Asian countries adopt their own privacy laws. Click here for more information on the certification. The CIPP/C credential is focused on Canada, which has one of the more mature privacy regimes in the world. More information on the certification is at this link.

There are two creddentials with US concentration: the CIPP/G and CIPP/US. CIPP/G is for vendors, suppliers, and consultants with clients in the US Government. On the other hand, CIPP/US is for privacy professionals working in the private sector. Links to more information on the credentials: CIPP/G, CIPP/US

Finally, there’s the CIPP/E, which is a credential with Europe. This credential has received an update recently, with the upcoming entry into force of the General Data Protection Regulation (GDPR) in May 2018. Follow link for more information on the CIPP/E.

The CIPM certification is focused on privacy program administration. As the IAPP website describes it, “[T]he CIPM is the world’s first and only certification in privacy program management.” More information on the CIPM amy be found here. On the other hand, the CIPT certification are for technology professionals interested in learning how privacy protection can be included as a core component of their products and services. As with the CIPM, the CIPT is the only credential of its kind. Click on the link to know more about the CIPT.

The number of choices has probably left you wondering just what credential to choose. For me, the answer was simple: The CIPM appears to be the most useful for me for the work that I do. Reviewing for the CIPM certification would be a way for me to learn a lot of practical and relevant knowledge for my consulting work with clients. At the same time, a CIPM certification will assure my clients that I know just what I’m doing. It’s a win-win, right?

So, how does one go about getting a CIPM credential?

You earn the certification as soon as you pass the CIPM exam. And you find out the result of the exam a minute or two after you submit your exam answers. Yes, it’s that quick! It’s the preparation for the exam that will take a bit of time.

How do you prepare? The IAPP gives you several options:

  1. Attend an in-person training. Your options for this type of training is limited because the IAPP does not have offices in Manila. You can check the IAPP website for information on training available in Southeast Asia. Your best bet though will be to attend training in the US or Canada, where they regularly have several scheduled in a year.

  2. Do online training. You can purchase access to the IAPP’s online training platform, where you can study for the exam at your own pace and time. The online training option is not cheap but it does have the added advantage of being accessible forever. This means that you can get refresher training whenever you need it, as well as benefit from updated materials when the IAPP makes major changes on the course.

  3. Buy the books and review on your own. This is the most affordable option but it is no less effective than the other two. For better results, get the textbook Introduction to Privacy as well. In total, both books cost around $60 plus shipping. This will mean big savings since the exam is already quite expensive.

What approach did I take? I did the online training AND read the book. Based on experience, I don’t think just the training will be enough to prepare for the exam. Reading the book is indispensable to adequate preparation because there were some questions on topics that were not covered in the training but were in the book.

As I said, reading the book alone will probably be sufficient preparation for the exam. However, since I had zero idea on what the exam entails (and I also had no one to ask for advice) I opted to get the online training plus the book. The online training is a nice intro for the concepts. You can then delve deeper into the topics by reading the book as well as reading more materials available online.

If you choose to get both the online training and the book though, check if the CIPM bundle is still being offered bythe IAPP. The bundle consists of the CIPM exam and the online training. They throw in the book as a freebie (that’s about a $50 USD value since they give you two books: one on Introduction to Privacy and the other on Privacy Program Management). The exam, by itself, costs $550. If I recall correctly, the bundle costs more than $1,000.

There are several testing centers in the Philippines where you can take the exam, which is taken online. It will take you half a day to take the exam and get the results. If, in the course of your preparations, you feel that you are not ready to take the exam, don’t worry. You can reschedule the exam as late as 72 hours before the schedule for free. I understand that if you to reschedule later than 72 hours before your exam, you may be asked to pay a fee. I had to reschedule twice due to work commitments and making the change was quite easy: you just needed to log in and change the date. Note that you may not always get your preferred date as it would also depend on the schedule of the testing center.

On exam day, try not to bring a lot of things with you. You will be asked to leave your belongings inside a tiny locker so your books may not fit. In any case, you don’t need to do a last-minute review anyway since the exam requires you to apply your privacy management knowledge. Given the nature of the exam, if you’re not ready by exam day you’re not going to be able to cram for it a few minutes before.

Have I convinced you to take the exam? If you have questions—whether it be on the exam or other privacy issue—drop me a note.

#dataprotectionofficer #privacyprofessional #IAPP #certification #CIPM #CIPT #CIPP


I am Cecilia Soria, a Privacy Attorney. This blog is where I share news and insights as I continue to learn more about privacy.


bottom of page