Certified Information Privacy Manager (CIPM)

Certified Information Privacy Manager (CIPM)

The CIPM course teaches a process for conceptualising, designing, building and operating a data privacy management program including creating a company vision for privacy, developing and implementing system frameworks and measuring performance.

What you’ll learn:

 

✔️  How to develop a privacy strategy including understanding governance, risk management auditing and compliance requirements

✔️  How privacy laws and regulations align with your strategy

✔️  Mapping data and data inventories and the role of the Privacy Impact Assessment

✔️  How to develop policies for privacy, information security, acceptable use, data retention and destruction

✔️  An individual’s rights, consent, privacy notices, handling requests and complaints

✔️  Establishing privacy training and awareness programs

✔️  Responding to incidents and data breaches and what to do when one occurs

✔️  Privacy program monitoring, measurement and analysis.

 

Course Detail

The CIPM course is broken down in to 6 modules and covers the following topics:

Module 1: Developing a privacy program

• Creating an organisational vision – Evaluate the objective and gaining executive sponsorship and approval.
• Establish a data governance model – Centralised, distributed or hybrid.
• Define a privacy program – Defining a charter, identifying the sources, types and uses of personal information in the organisation, developing a privacy and governance strategy and incorporating legislative, regulatory, market and business requirements.
• Structuring the privacy team including establishing the organizational model, responsibilities and reporting structure appropriate to the size of the organisation.
• Communication of the privacy program to create awareness internally and externally and ensure employees have access to policies and procedures relative to their role.

Module 2: Establishing a privacy program framework

• Develop the privacy program framework including developing organisational privacy policies, procedures, standards, and/or guidelines as well as required program activities.
• Implement the privacy program framework within the organisation.
• Developing program governance reporting and metrics.

Module 3: Privacy operational life cycle: Assess

• Document current baseline of your privacy program – Regulatory compliance requirements, data, systems and process assessment via data mapping of inventories, information flows and system integrations.
• Undertaking processor and third-party vendor assessments.
• Identifying operational risks.
• Mergers, acquisitions and divestitures.
• Undertaking privacy assessments and documentation.

Module 4: Privacy operational life cycle: Protect

• Information security practices including access controls, technical security controls and development of incident response plans.
• Embedding Privacy by Design (PbD) methods within the organisation including:
  • The Integration of privacy throughout the system development life cycle (SDLC)
  • Establish privacy gates as part of the system development framework
  • Communicating with stakeholders the importance of PIAs and PbD
• Integrating privacy requirements and representation into functional areas across the organization (e.g., Information Security, Human Resources, Marketing, Legal and Contracts, Mergers & Acquisitions).
• Understanding technical and organisational measures.

Module 5: Privacy operational life cycle: Sustain

• Monitoring of your program – Compliance with policies and regulatory and legislative requirements and changes.
• Auditing of your program – Align privacy operations to an internal and external program, auditing against industry standards and compliance with privacy policies and standards.

Module 6: Privacy operational life cycle: Respond

• Data-subject information requests and privacy rights.
• Responding to privacy incidents, including:
  • Legal compliance requirements
  • Incident response planning, detection and handling
  • Following the incident response process to ensure you meet jurisdictional, global and business requirements
  • Identify incident reduction techniques
  • Incident metrics—quantify the cost of a privacy incident.