Certified Information Privacy Manager (CIPM)

Certified Information Privacy Manager (CIPM)

The CIPM course teaches a process for conceptualising, designing, building and operating a data privacy management program including creating a company vision for privacy, developing and implementing system frameworks and measuring performance.

What you’ll learn:


✔️  How to develop a privacy strategy including understanding governance, risk management auditing and compliance requirements

✔️  How privacy laws and regulations align with your strategy

✔️  Mapping data and data inventories and the role of the Privacy Impact Assessment

✔️  How to develop policies for privacy, information security, acceptable use, data retention and destruction

✔️  An individual’s rights, consent, privacy notices, handling requests and complaints

✔️  Establishing privacy training and awareness programs

✔️  Responding to incidents and data breaches and what to do when one occurs

✔️  Privacy program monitoring, measurement and analysis.


Course Detail

The CIPM course is broken down in to 6 modules and covers the following topics:

Module 1: Developing a privacy program
  • Creating an organisational vision – Evaluate the objective and gaining executive sponsorship and approval.
  • Establish a data governance model – Centralised, distributed or hybrid.
  • Define a privacy program – Defining a charter, identifying the sources, types and uses of personal information in the organisation, developing a privacy and governance strategy and incorporating legislative, regulatory, market and business requirements.
  • Structuring the privacy team including establishing the organizational model, responsibilities and reporting structure appropriate to the size of the organisation.
  • Communication of the privacy program to create awareness internally and externally and ensure employees have access to policies and procedures relative to their role.
Module 2: Establishing a privacy program framework
  • Develop the privacy program framework including developing organisational privacy policies, procedures, standards, and/or guidelines as well as required program activities.
  • Implement the privacy program framework within the organisation.
  • Developing program governance reporting and metrics.
Module 3: Privacy operational life cycle: Assess
  • Document current baseline of your privacy program – Regulatory compliance requirements, data, systems and process assessment via data mapping of inventories, information flows and system integrations.
  • Undertaking processor and third-party vendor assessments.
  • Identifying operational risks.
  • Mergers, acquisitions and divestitures.
  • Undertaking privacy assessments and documentation.
Module 4: Privacy operational life cycle: Protect
  • Information security practices including access controls, technical security controls and development of incident response plans.
  • Embedding Privacy by Design (PbD) methods within the organisation including:
    • The Integration of privacy throughout the system development life cycle (SDLC)
    • Establish privacy gates as part of the system development framework
    • Communicating with stakeholders the importance of PIAs and PbD
  • Integrating privacy requirements and representation into functional areas across the organization (e.g., Information Security, Human Resources, Marketing, Legal and Contracts, Mergers & Acquisitions).
  • Understanding technical and organisational measures.
Module 5: Privacy operational life cycle: Sustain
  • Monitoring of your program – Compliance with policies and regulatory and legislative requirements and changes.
  • Auditing of your program – Align privacy operations to an internal and external program, auditing against industry standards and compliance with privacy policies and standards.
Module 6: Privacy operational life cycle: Respond
  • Data-subject information requests and privacy rights.
  • Responding to privacy incidents, including:
    • Legal compliance requirements
    • Incident response planning, detection and handling
    • Following the incident response process to ensure you meet jurisdictional, global and business requirements
    • Identify incident reduction techniques
    • Incident metrics—quantify the cost of a privacy incident.