Level 15, 51 Shortland St Auckland, New Zealand 1010
Certified Information Privacy Manager (CIPM)
Certified Information Privacy Manager (CIPM)
The CIPM course teaches a process for conceptualising, designing, building and operating a data privacy management program including creating a company vision for privacy, developing and implementing system frameworks and measuring performance.
What you’ll learn:
✔️ How to develop a privacy strategy including understanding governance, risk management auditing and compliance requirements
✔️ How privacy laws and regulations align with your strategy
✔️ Mapping data and data inventories and the role of the Privacy Impact Assessment
✔️ How to develop policies for privacy, information security, acceptable use, data retention and destruction
✔️ An individual’s rights, consent, privacy notices, handling requests and complaints
✔️ Establishing privacy training and awareness programs
✔️ Responding to incidents and data breaches and what to do when one occurs
✔️ Privacy program monitoring, measurement and analysis.
Course Detail
The CIPM course is broken down in to 6 modules and covers the following topics:
Module 1: Developing a privacy program
Creating an organisational vision – Evaluate the objective and gaining executive sponsorship and approval.
Establish a data governance model – Centralised, distributed or hybrid.
Define a privacy program – Defining a charter, identifying the sources, types and uses of personal information in the organisation, developing a privacy and governance strategy and incorporating legislative, regulatory, market and business requirements.
Structuring the privacy team including establishing the organizational model, responsibilities and reporting structure appropriate to the size of the organisation.
Communication of the privacy program to create awareness internally and externally and ensure employees have access to policies and procedures relative to their role.
Module 2: Establishing a privacy program framework
Develop the privacy program framework including developing organisational privacy policies, procedures, standards, and/or guidelines as well as required program activities.
Implement the privacy program framework within the organisation.
Developing program governance reporting and metrics.
Module 3: Privacy operational life cycle: Assess
Document current baseline of your privacy program – Regulatory compliance requirements, data, systems and process assessment via data mapping of inventories, information flows and system integrations.
Undertaking processor and third-party vendor assessments.
Identifying operational risks.
Mergers, acquisitions and divestitures.
Undertaking privacy assessments and documentation.
Module 4: Privacy operational life cycle: Protect
Information security practices including access controls, technical security controls and development of incident response plans.
Embedding Privacy by Design (PbD) methods within the organisation including:
The Integration of privacy throughout the system development life cycle (SDLC)
Establish privacy gates as part of the system development framework
Communicating with stakeholders the importance of PIAs and PbD
Integrating privacy requirements and representation into functional areas across the organization (e.g., Information Security, Human Resources, Marketing, Legal and Contracts, Mergers & Acquisitions).
Understanding technical and organisational measures.
Module 5: Privacy operational life cycle: Sustain
Monitoring of your program – Compliance with policies and regulatory and legislative requirements and changes.
Auditing of your program – Align privacy operations to an internal and external program, auditing against industry standards and compliance with privacy policies and standards.
Module 6: Privacy operational life cycle: Respond
Data-subject information requests and privacy rights.
Responding to privacy incidents, including:
Legal compliance requirements
Incident response planning, detection and handling
Following the incident response process to ensure you meet jurisdictional, global and business requirements
Identify incident reduction techniques
Incident metrics—quantify the cost of a privacy incident.