Founded in 2000, the International Association of Privacy Professionals (IAPP) bills itself as “the largest and most comprehensive global information privacy community and resource.” It is more than just a certification body. It is a full-fledged not-for-profit membership association with a focus on information privacy concerns and topics. Its membership includes both individuals and organizations, in the tens of thousands for the former and the hundreds for the latter (including many Fortune 500 outfits).
Its mandate is to help privacy practitioners develop and advance in their careers, and help organizations manage and protect their data. To that end, the IAPP seeks to create a forum where privacy pros can track news and trends, share best practices and processes, and better articulate privacy management issues and concerns.
By 2012, the organization included 10,000 members. By the end of 2015, membership had more than doubled to 23,000 members. According to a Forbes story published that same year, approximately half of the IAPP’s membership is women (which makes it pretty special, based on our understanding of the gender composition for most IT associations and certification programs). Current membership must be between 30,000 and 40,000 as growth rates from 2012 to 2015 have continued, if not accelerated in the face of the EU’s General Data Protection Regulation (GDPR), which went into full effect on May 25, 2018. The IAPP also claims to have certified “thousands of professionals around the world.”
IAPP certification program overview
The IAPP has developed a globally recognized certification program around information privacy. Its current certification offerings include the following credentials:
- Certified Information Privacy Professional (CIPP): seeks to identify professionals who work primarily with privacy laws, regulations and frameworks
- Certified Information Privacy Manager (CIPM): seeks to identify professionals who manage day-to-day privacy operations for businesses and organizations
- Certified Information Privacy Technologist (CIPT): seeks to identify IT professionals who work regularly (if not primarily) with privacy policies, tools and technologies on the job
All these certifications comply with the ANSI/ISO/IEC 17024 standard, which means they have been developed to meet stringent requirements for analyzing the subject matter and the fields of work to which they apply, along with formal psychometric analysis of test items to make sure that exams truly differentiate those who possess the required skills and knowledge to do the related jobs from those who do not.
All the IAPP exams follow the same cost structure, though charges vary by location. In the U.S., each first-time test costs $550, with a $375 charge for any subsequent retake of the same exam. Those who already hold any IAPP certification pay just $375 for each additional certification test they take. IAPP certification holders can either pay an annual maintenance fee of $125 to keep their certifications current (and meet continuing education requirements of 20 CPE credits every two years) or they must join the IAPP.
If a person joins, they’ll pay an annual membership fee. Currently, that’s $250 for professional members, $50 for student members, and $100 for all other membership categories (government, higher education, retired and not-for-profit). Those who elect to pay the certification maintenance fee need pay only once a year, no matter how many IAPP certifications they earn.
IAPP exams are available at Kryterion testing centers, which may be identified with its test center locator. Exams consist of 90 question items. Candidates may take up to 150 minutes (2.5 hours) to complete any IAPP exam. Payment is handled through the IAPP website, but Kryterion handles date and time windows for exams at its test centers.
Other IAPP certifications
The IAPP also offers two other elements in its certification programs. One is the Privacy Law Specialist, which aims at attorneys or other licensed legal professionals who wish to focus on privacy syllabus in a legal context. The other, called the Fellow of Information Privacy (FIP), aims at those at the top of the privacy profession and is available only to those who’ve completed two or more IAPP credentials, including either a CIPM or a CIPT, and one or more of the CIPP credentials. It requires three professional peer referrals and completion of a detailed application form. We won’t discuss these credentials much more in this article, except to note here that the Privacy Law Specialist garnered a surprising 200 hits in our job board search (see below for other details gleaned thereby).
Finally, the IAPP website recommends the combination of CIPP/E and CIPM as the possible credentialing for those wishing to focus on GDPR, shown in this screenshot from its Certify pop-up menu:
IAPP employment: Job board stats and example jobs
We visit four job posting sites to check on demand for specific credentials: Simply Hired, Indeed, LinkedIn and LinkUp. Here’s what we learned.
| Certification |
Search string |
Simply Hired |
Indeed |
LinkedIn |
LinkUp |
Total |
| CIPP |
CIPP |
668 |
745 |
1,064 |
401 |
2,878 |
| CIPM |
CIPM |
187 |
198 |
260 |
191 |
836 |
| CIPT |
CIPT |
146 |
155 |
276 |
210 |
787 |
The breakdown for CIPP fell out like this: CIPP/A 27, CIPP/C 287, CIPP/E 351, CIPP/G 154 and CIPP/US 401. As you’d expect, the U.S. categories combine for a majority, with Europe a surprising second ahead of third-place Canada.
Salary information appears in the next table. We collected low, median and high values for each credential, finding surprisingly little difference between the CIPM and the CIPP. Given that a CIPM is likely to hold a management position, this shows that the CIPP holds considerable value in employers’ estimations. It’s also interesting that the median values show the CIPT and the CIPP are close to one another too. This bodes well for IT professionals interested in pursuing the CIPT.
| Certification |
Low
|
Median
|
High
|
| CIPP |
$33,969 |
$66,748 |
$131,156 |
| CIPM |
$41,069 |
$73,936 |
$133,106 |
| CIPT |
$32,131 |
$62,279 |
$120,716 |
| Privacy Law Attorney |
$46,146 |
$89,026 |
$171,752 |
Typical positions for privacy professionals are very much one-offs. We found a risk management and compliance manager position at a South Carolina government agency charged with defining and implementing security and privacy policies for the department of corrections. That position paid $120,000 per year and involved security and audit compliance, business continuity and disaster recovery planning, and risk and incident management. By itself, the requested CIPM would not be enough to qualify for that job.
The next position was for a healthcare services director position in Albuquerque, New Mexico, which involved auditing, risk management, and contract and vendor negotiation. Its pay range was $140,000 to $190,000 per year, and it required serious management chops, along with IT governance and risk and compliance experience, with calls for knowledge of tools like Archer and Clearwell. The third position was for a senior data privacy associate at a Washington law firm, which sought a person with a CIPP/E, CIPP/US and CIPT, with pay in the $120K-$150K range.
Thus, it appears there are plenty of opportunities – some with high rates of pay – for those willing to climb the IAPP certification ladder. Both the job boards and the individual postings speak directly to strong and urgent need in the field for qualified privacy professionals at all levels.
Training resources
IAPP courses are available through many channels, including classroom training through the IAPP and its partner network. Online training classes are also available, for lesser charges. The IAPP provides ample references and resources, with authoritative and supplemental texts, websites, legal references and statutes, and more for each of its credentials. There’s also plenty of self-study material for those who prefer that route.
The IAPP also offers practice exams (which it calls demo questions) to help candidates prepare for exams. Surprisingly, there is even something of an aftermarket for IAPP books and materials, as a quick trip to Amazon will attest.
