Certified Information Privacy Manager (CIPM)
The CIPM course teaches a process for conceptualising, designing, building and operating a data privacy management program including creating a company vision for privacy, developing and implementing system frameworks and measuring performance.
What you’ll learn:
✔️ How to develop a privacy strategy including understanding governance, risk management auditing and compliance requirements
✔️ How privacy laws and regulations align with your strategy
✔️ Mapping data and data inventories and the role of the Privacy Impact Assessment
✔️ How to develop policies for privacy, information security, acceptable use, data retention and destruction
✔️ An individual’s rights, consent, privacy notices, handling requests and complaints
✔️ Establishing privacy training and awareness programs
✔️ Responding to incidents and data breaches and what to do when one occurs
✔️ Privacy program monitoring, measurement and analysis.
The CIPM course is broken down in to 6 modules and covers the following topics:
Module 1: Developing a privacy program
- Creating an organisational vision – Evaluate the objective and gaining executive sponsorship and approval.
- Establish a data governance model – Centralised, distributed or hybrid.
- Define a privacy program – Defining a charter, identifying the sources, types and uses of personal information in the organisation, developing a privacy and governance strategy and incorporating legislative, regulatory, market and business requirements.
- Structuring the privacy team including establishing the organizational model, responsibilities and reporting structure appropriate to the size of the organisation.
- Communication of the privacy program to create awareness internally and externally and ensure employees have access to policies and procedures relative to their role.
Module 2: Establishing a privacy program framework
- Develop the privacy program framework including developing organisational privacy policies, procedures, standards, and/or guidelines as well as required program activities.
- Implement the privacy program framework within the organisation.
- Developing program governance reporting and metrics.
Module 3: Privacy operational life cycle: Assess
- Document current baseline of your privacy program – Regulatory compliance requirements, data, systems and process assessment via data mapping of inventories, information flows and system integrations.
- Undertaking processor and third-party vendor assessments.
- Identifying operational risks.
- Mergers, acquisitions and divestitures.
- Undertaking privacy assessments and documentation.
Module 4: Privacy operational life cycle: Protect
- Information security practices including access controls, technical security controls and development of incident response plans.
- Embedding Privacy by Design (PbD) methods within the organisation including:
- The Integration of privacy throughout the system development life cycle (SDLC)
- Establish privacy gates as part of the system development framework
- Communicating with stakeholders the importance of PIAs and PbD
- Integrating privacy requirements and representation into functional areas across the organization (e.g., Information Security, Human Resources, Marketing, Legal and Contracts, Mergers & Acquisitions).
- Understanding technical and organisational measures.
Module 5: Privacy operational life cycle: Sustain
- Monitoring of your program – Compliance with policies and regulatory and legislative requirements and changes.
- Auditing of your program – Align privacy operations to an internal and external program, auditing against industry standards and compliance with privacy policies and standards.
Module 6: Privacy operational life cycle: Respond
- Data-subject information requests and privacy rights.
- Responding to privacy incidents, including:
- Legal compliance requirements
- Incident response planning, detection and handling
- Following the incident response process to ensure you meet jurisdictional, global and business requirements
- Identify incident reduction techniques
- Incident metrics—quantify the cost of a privacy incident.