Certified Information Privacy Manager (CIPM)

Business functions such as marketing, finance, human resources and customer service have privacy responsibilities that can expose their organisations to financial loss and damage to reputation.

The Certified Information Privacy Manager (CIPM) certification provides privacy and data protection professionals with the tools they need to operationalise privacy and minimise risks to reputation from improper handling of personal data.

The CIPM course teaches a process for conceptualising, designing, building and operating a data privacy management program including creating a company vision for privacy, developing and implementing system frameworks and measuring performance.

Course Schedule


CIPM course pricing

The CIPM course price is as follows:

With Exam $2,600
Without Exam (unbundled) $2,000

Further course dates may be added to the schedule, please contact us at training@mosaicfsi.com for an up-to-date list of all scheduled courses. The course price is in New Zealand Dollars and is exclusive of GST, please add GST to any PO or payment.
Course Discounts and Booking Terms

What you’ll learn:

  • How to develop a privacy strategy including understanding governance, risk management auditing and compliance requirements
  • How privacy laws and regulations align with your strategy
  • Mapping data and data inventories and the role of the Privacy Impact Assessment
  • How to develop policies for privacy, information security, acceptable use, data retention and destruction
  • An individual’s rights, consent, privacy notices, handling requests and complaints
  • Establishing privacy training and awareness programs
  • Responding to incidents and data breaches and what to do when one occurs
  • Privacy program monitoring, measurement and analysis.

The latest version of the CIPM course (updated March 2023) is broken down in to 10 modules and covers the following topics:

Module 1: Introduction to Privacy Program Management

  • Define privacy program management and the phases of the privacy data life cycle.
  • Explore the relationship between accountability and privacy program management.
  • Explore how to create an effective privacy program.
  • Summarise the privacy program manager’s responsibilities and how to identify privacy program stakeholders.

Module 2: Privacy Program Framework: Privacy Governance

  • Define privacy governance and discuss common privacy program frameworks and governance models.
  • Define a privacy program – Defining a charter, identifying the sources, types and uses of personal information in the organisation, developing a privacy and governance strategy and incorporating legislative, regulatory, market and business requirements.
  • Structuring the privacy team including establishing the organisational model, responsibilities and reporting structure appropriate to the size of the organisation.
  • Communication of the privacy program to create awareness both internally and externally and ensure employees have access to policies and procedures relative to their role.

Module 3: Privacy Program Framework: Applicable Laws and Regulations

  • Compare key privacy/data protection laws, regulations and standards around the world.
  • Review privacy compliance considerations for conducting international data transfers.
  • Discuss strategies for aligning privacy compliance with your organisational strategy.

Module 4: Privacy Operational Life Cycle – Assess: Data Assessments

  • Understand your regulatory compliance requirements and how to capture them via the use of systems and process assessments via data mapping of inventories, information flows and system integrations.
  • Understanding the role of privacy impact assessments (PIAs) and how to conduct one.
  • Determine the processes that mergers, acquisitions and divestitures should evaluate.
  • What to consider when undertaking a vendor assessment (including cloud-based vendors) and identify methods for assessing vendor risk.

Module 5: Privacy Operational Life Cycle – Protect: Protecting Personal Information

  • Explore the importance of privacy and information security and examine ways to better align the privacy and information security functions.
  • Analyse types and categories of controls, administrative and access controls.
  • Determine technical controls for protecting personal information.
  • Define privacy by design (PbD) and review its seven principles.
  • Explore different privacy risk models and frameworks and compare process-oriented and data-oriented privacy design strategies.

Module 6: Privacy Operational Life Cycle – Protect: Policies

  • Identify the components of a privacy policy and explore different types of privacy policies.
  • Review strategies for communicating the privacy program and its policies to all internal stakeholders and employees.
  • How to assess vendors from a privacy perspective, including cloud-based vendors.
  • Describe how privacy-related HR concerns may be addressed through HR policies.
  • How to develop data retention and data destruction policies.

Module 7: Privacy Operational Life Cycle – Sustain: Monitoring and Auditing Program Performance

  • Explore various types and forms of privacy program performance monitoring.
  • How to audit your privacy program – Align privacy operations to an internal and external program, auditing against industry standards and compliance with privacy policies and standards.

Module 8: Privacy Operational Life Cycle – Sustain: Training and Awareness

  • Understand the difference between privacy training and awareness.
  • Identify methods and delivery options for developing privacy training and awareness programs both for initial training and to ensure ongoing awareness.
  • Determine who requires privacy training.
  • Explore the ways that establishing a privacy training program can help your organisation.

Module 9: Privacy Operational Life Cycle – Respond: Data Subject Rights

  • Understand the function of a privacy notice including:
    – What are the common elements of a privacy notice?
    – Explore key communication considerations when providing privacy notice.
    – Explore the concept of consent and how it relates to privacy notices including the key
    considerations for opt-in vs. opt-out.
    – Tailoring privacy notices to children and ensuring parental consent when required.
    – Understand individuals’ requests for withdrawal of consent, access and rectification.
  • Review examples of different countries’ requirements for responding to data subject rights, including what organisations must do to comply with requests related to the rights of dataportability, objection and erasure under the GDPR.
  • Understand how to develop privacy-related complaint-handling procedures.

Module 10: Privacy Operational Life Cycle – Respond: Data Breach Incident Plans

  • Explain the differences between an incident and a breach.
  • Understand the risks and potential impacts of a data breach.
  • Explore common causes of data breaches.
  • How to develop an incident response plan.
  • Operational considerations for initial breach detection and response.
  • Describe how an organisation’s breach-related internal announcements should differ from its external announcements and review what internal and external breach notifications should each include.
  • Understand what a breach investigation involves.
  • Review examples of compliance obligations for reporting a breach.
  • Explore ways an organisation can learn from a breach.

Course Discounts and Booking Terms

  1. Where a delegate books an additional 'with exam' course within 12 months of the first course date a $500 discount applies to subsequent course.
  2. 12-month IAPP membership (applicable for the first course you attend only). If you are already an IAPP member and you are attending your first IAPP course, your membership will be extended by 12-months. Unfortunately, 12-months extension is not included when you attend a subsequent course.
  3. No discounts apply to Unbundled (without exam) courses.
  4. Where you take an unbundled course, exams can be purchased separately via your IAPP membership account, where you wish to sit the exam.
  5. Cancellations: Unfortunately, once attendance on the relevant course is confirmed through receipt of your booking form (and purchase order) we will not be able to provide a refund if the delegate cancels or cannot attend. Of course, we will look to place you on a future course. However, if for unforeseen circumstances the course is cancelled you will receive a full refund.
  6. Postponements: If a course is impacted by COVID restrictions or other events out of our control, we will endeavour to reschedule the course to a suitable date.

How Do I Pay?

Enclosed below are the details for payment into our account, plus company details if you need to set Mosaic up as a supplier and/or provide us with a Purchase Order. If you require an invoice, please indicate on the booking form. We do require at least your purchase order or payment (where no purchase order is provided) prior to the course unless prior arrangements have been made.

  • Company Name: Mosaic Business Solutions T/A Mosaic Financial Services Infrastructure
  • Registered Address: 72 Mountain Road, Epsom, Auckland 1023
  • Primary Office Address: 204/131 Queen Street, CBD, Auckland 1010
  • GST No: 103843782
  • Account Name: Mosaic Business Solutions

For further information or queries about the course please do not hesitate to contact us at training@mosaicfsi.com

Book your spot in this engaging course. Get your CIPM certification today.