Certified Information Privacy Manager (CIPM)
The CIPM course teaches a process for conceptualising, designing, building and operating a data privacy management program including creating a company vision for privacy, developing and implementing system frameworks and measuring performance.
What you’ll learn:
✔️ How to develop a privacy strategy including understanding governance, risk management auditing and compliance requirements
✔️ How privacy laws and regulations align with your strategy
✔️ Mapping data and data inventories and the role of the Privacy Impact Assessment
✔️ How to develop policies for privacy, information security, acceptable use, data retention and destruction
✔️ An individual’s rights, consent, privacy notices, handling requests and complaints
✔️ Establishing privacy training and awareness programs
✔️ Responding to incidents and data breaches and what to do when one occurs
✔️ Privacy program monitoring, measurement and analysis.
The CIPM course is broken down in to 6 modules and covers the following topics:
Module 1: Introduction to Privacy Program Management
- Define privacy program management and the phases of the privacy data life cycle.
- Explore the relationship between accountability and privacy program management.
- Explore how to create an effective privacy program.
- Summarise the privacy program manager’s responsibilities and how to identify privacy program stakeholders.
Module 2: Privacy Program Framework: Privacy Governance
- Define privacy governance and discuss common privacy program frameworks and governance models.
- Define a privacy program – Defining a charter, identifying the sources, types and uses of personal information in the organisation, developing a privacy and governance strategy and incorporating legislative, regulatory, market and business requirements.
- Structuring the privacy team including establishing the organisational model, responsibilities and reporting structure appropriate to the size of the organisation.
- Communication of the privacy program to create awareness both internally and externally and ensure employees have access to policies and procedures relative to their role.
Module 3: Privacy Program Framework: Applicable Laws and Regulations
- Compare key privacy/data protection laws, regulations and standards around the world.
- Review privacy compliance considerations for conducting international data transfers.
- Discuss strategies for aligning privacy compliance with your organisational strategy.
Module 4: Privacy Operational Life Cycle—Assess: Data Assessments
- Understand your regulatory compliance requirements and how to capture them via the use of systems and process assessments via data mapping of inventories, information flows and system integrations.
- Understanding the role of privacy impact assessments (PIAs) and how to conduct one.
- Determine the processes that mergers, acquisitions and divestitures should evaluate.
- What to consider when undertaking a vendor assessment (including cloud-based vendors) and identify methods for assessing vendor risk.
Module 5: Privacy Operational Life Cycle—Protect: Protecting Personal Information
- Explore the importance of privacy and information security and examine ways to better align the privacy and information security functions.
- Analyse types and categories of controls, administrative and access controls.
- Determine technical controls for protecting personal information.
- Define privacy by design (PbD) and review its seven principles.
- Explore different privacy risk models and frameworks and compare process-oriented and data-oriented privacy design strategies.
Module 6: Privacy Operational Life Cycle—Protect: Policies
- Review strategies for communicating the privacy program and its policies to all internal stakeholders and employees.
- How to assess vendors from a privacy perspective, including cloud-based vendors.
- Describe how privacy-related HR concerns may be addressed through HR policies.
- How to develop data retention and data destruction policies.
Module 7: Privacy Operational Life Cycle—Sustain: Monitoring and Auditing Program Performance
- Explore various types and forms of privacy program performance monitoring.
- How to audit your privacy program – Align privacy operations to an internal and external program, auditing against industry standards and compliance with privacy policies and standards.
Module 8: Privacy Operational Life Cycle—Sustain: Training and Awareness
- Understand the difference between privacy training and awareness.
- Identify methods and delivery options for developing privacy training and awareness programs both for initial training and to ensure ongoing awareness.
- Determine who requires privacy training.
- Explore the ways that establishing a privacy training program can help your organisation.
Module 9: Privacy Operational Life Cycle—Respond: Data Subject Rights
- Understand the function of a privacy notice including:
- What are the common elements of a privacy notice?
- Explore key communication considerations when providing privacy notice.
- Explore the concept of consent and how it relates to privacy notices including the key considerations for opt-in vs. opt-out.
- Tailoring privacy notices to children and ensuring parental consent when required.
- Understand individuals’ requests for withdrawal of consent, access and rectification.
- Review examples of different countries’ requirements for responding to data subject rights, including what organisations must do to comply with requests related to the rights of data portability, objection and erasure under the GDPR.
- Understand how to develop privacy-related complaint-handling procedures.
Module 10: Privacy Operational Life Cycle—Respond: Data Breach Incident Plans
- Explain the differences between an incident and a breach.
- Understand the risks and potential impacts of a data breach.
- Explore common causes of data breaches.
- How to develop an incident response plan.
- Operational considerations for initial breach detection and response.
- Describe how an organisation’s breach-related internal announcements should differ from its external announcements and review what internal and external breach notifications should each include.
- Understand what a breach investigation involves.
- Review examples of compliance obligations for reporting a breach.
- Explore ways an organisation can learn from a breach.