Certified Information Privacy Technologist (CIPT)
The CIPT course is the first and only certification of its kind worldwide. Privacy in Technology course teaches technology and data professionals how to understand and integrate strategies and techniques to minimise privacy threats. The curriculum includes privacy-by-design principles; implementing data and process-oriented strategies to support privacy policies; and managing threats from AI, location tracking, etc.
What you’ll learn:
✔️ The foundational privacy principles in technology
✔️ Applying privacy by design principles, across the information life cycle and within products and services
✔️ How to recognise privacy threats and violations and understand associated privacy risks
✔️ How to apply privacy enhancing technologies and strategies within an organisation
✔️ The role of privacy engineering in an organisation be that identifying privacy objectives and privacy risks and applying privacy design patterns
✔️ The technological privacy challenges associated with for example, automated decision making, impacts of tracking and surveillance, ubiquitous computing and mobile social computing.
The CIPT course is broken down in to 7 modules and covers the following topics:
Module 1: Foundation principles
- Privacy risk models and frameworks – e.g., Nissenbaum’s contextual integrity, Calo’s Harms dimensions, legal compliance, FIPPs, NIST/NICE, FAIR.
- Privacy by Design foundation principles – Full life-cycle protection, embedded into design, full functionality, visibility & transparency, proactive not reactive, privacy by default, respect for users.
- Value Sensitive Design – How design affects users, strategies for skilful practice.
- The Information Life cycle – Collection, use, disclosure, retention and Disposal.
Module 2: The role of IT in privacy
- Fundamentals of privacy related IT – Privacy notices, privacy policies, security policies, common IT frameworks, data inventories, enterprise architecture and data flows, including cross-border transfers, privacy impact assessments (PIAs).
- Information security – Security requirements and the law, Incident response, security & privacy in a system lifecycle (SDLC) process, privacy and security regulations.
- Information Governance basic principles.
- The privacy role of the IT professional – policy, regulatory and contractual feedback.
Module 3: Privacy threats and violations
- During data collection – Asking people to reveal personal information, surveillance.
- During use – Insecurity, identification, aggregation, secondary use, exclusion.
- During dissemination – Disclosure, distortion, exposure, breach of confidentiality, increased accessibility, blackmail, appropriation.
- Intrusion, decisional interference and self-representation – Behavioural advertising, cyber bullying, social engineering.
- Software security – Vulnerability management, intrusion reports, patches, upgrades, open-source v closed source.
Module 4: Technical measures & privacy enhancing technologies
- Data oriented strategies – Separate, minimise, abstract, hide.
- Techniques – Aggregation, de-identification, encryption, identity and access management, authentication.
- Process oriented strategies – Informing the individual, user control, policy and process enforcement, demonstrate compliance.
Module 5: Privacy engineering
- The privacy engineering role in the organisation.
- Privacy engineering objectives – Predictability, manageability, dissociability.
- Privacy design patterns – Design patterns to emulate, dark patterns to avoid.
- Privacy risks in software – Risks and countermeasures.
Module 6: Privacy by Design methodology
- The privacy by design process – Goal setting, documenting requirements, understanding quality attributes, identify information needs, high-level design, low-level design and implementation, impose controls, testing and validation.
- Ongoing vigilance – Code reviews and audits, runtime behavioural monitoring, software evolution.
Module 7: Technology challenges for privacy
- Automated decision making – Machine learning, deep learning, artificial intelligence (AI), context aware computing.
- Tracking and surveillance – Internet monitoring, web & location tracking, audio & video surveillance, drones.
- Anthropomorphism – speech recognition, natural language understanding / generation, chat bots, robots.
- Ubiquitous computing – IOT, vehicular automation, wearable devices.
- Mobile social computing – Geo-tagging, geo-social patterns.