International Association of Privacy Professionals

Last updated
International Association of Privacy Professionals
AbbreviationIAPP
23-3048008
Legal status 501(c)(6) professional association [1]
Headquarters Portsmouth, New Hampshire, U.S.
Revenue (2018)
$42,542,846 [1]
Expenses (2018)$30,040,401 [1]
Endowment $26,977,019 [1]
Employees (2018)
178 [1]
Volunteers (2018)
1,000 [1]
Website iapp.org

The International Association of Privacy Professionals (IAPP) is a nonprofit, non-advocacy membership association founded in 2000. [2] [3] It provides a forum for privacy professionals to share best practices, [4] track trends, [5] advance privacy management issues, [6] standardize the designations for privacy professionals, [7] and to provide education and guidance on career opportunities in the field of information privacy. [8] The IAPP offers a full suite of educational and professional development services, including privacy training, certification programs, [9] publications and annual conferences. It is headquartered in Portsmouth, New Hampshire.

Contents

History

Founded in 2000, [10] IAPP was originally constituted as the Privacy Officers Association (POA). In 2002, it became the International Association of Privacy Officers (IAPO) when the POA merged with a competing group, the Association of Corporate Privacy Officers (ACPO). [11] The group was renamed to the International Association of Privacy Professionals in 2003 to reflect a broadened mission that includes the ranks of corporate personnel, beyond the position of Chief Privacy Officer, engaged in privacy-related tasks.

Membership reached 10,000 in 2012 and in 2019, the organization reported it had surpassed the 50,000 member mark. [12] The rapid growth was the result of increased demand for privacy expertise in the face of emerging laws such as the EU's General Data Protection Regulation (GDPR). [10] [13] Half of the association's members are women. [14]

Professional certifications

The IAPP is responsible for developing and launching a global credentialing programs in information privacy. [10] The CIPM, CIPP/E, CIPP/US and CIPT credentials are accredited by the American National Standards Institute (ANSI) [15] under the International Organization for Standardization (ISO) standard for Personnel Certification Bodies 17024:2012. [10] [16] These certifications have been described as "the gold standard" for validating privacy expertise. [17]

Certified Information Privacy Professional (CIPP)

The CIPP currently offers four areas of concentration, each focused on a specific region: [18] United States (CIPP/US), Canada (CIPP/C), Europe (CIPP/E), Asia (CIPP/A). [9] [10] [19] For several years, a specialization in US Government privacy matters (CIPP/G) was offered but the program was terminated on September 30, 2018, and is presently inactive. [20]

Certified Information Privacy Manager (CIPM)

The CIPM demonstrates understanding of the operational aspects of privacy program management. [10] [21] [22]

Certified Information Privacy Technologist (CIPT)

The CIPT demonstrates understanding of how to manage and build privacy requirements into technology. [10] [22] [23]

Privacy Law Specialist (PLS)

In 2018, the IAPP initiated the PLS program, which is one of only 15 areas of legal specialization accredited by the American Bar Association (ABA). The PLS is intended only for lawyers practicing in the US. By 2019, approximately 75 attorneys had achieved the certification. [22] [24]

Fellow of Information Privacy (FIP)

The FIP designation is reserved for individuals who have attained the CIPP and either CIPM or CIPT designations, can demonstrate at least three years of work experience in which at least 50% of the job responsibilities are managing data privacy issues. The designation also requires three references who are industry peers and familiar with the applicant's work. [17] [25]

Research

The IAPP produces original research through the IAPP Westin Research Center. Two privacy scholars are selected each year for a fellowship to work on privacy research projects under the guidance of the IAPP's vice president of research and education. Topics are selected with the purpose of supporting the growth and development of the privacy profession and furthering understanding of the major privacy issues.

Research projects include:

Conferences

The IAPP holds seven annual conferences:

IAPP Global Privacy Summit, [28] held in Washington, DC, is the world's largest international privacy conference.

IAPP Privacy. Security. Risk. (P.S.R.), is held in the Fall in a variety of locations (primarily on the West Coast of the US) and offers the best of privacy and security, with innovative cross-education and networking.

IAPP Canada Privacy Symposium is usually held in Toronto in May, gathering regulators and thought leaders for intensive learning and discussion of Canadian Privacy challenges.

IAPP Europe Data Protection Congress is usually held in Brussels in late Fall, covers topics related to policy and regulation in Europe.

IAPP Data Protection Intensives [29] are held multiple times throughout the year in cities such as London, Paris, or Berlin. These events cover operational privacy issues of specific interest to European data protection professionals.

IAPP Asia Privacy Forum is held in Singapore each Spring, covering topics of specific interest to the Singaporean and greater Asia-Pacific privacy community.

IAPP ANZ Summit held in Sydney in October, covering topics particular to the Australia and New Zealand privacy community.

Publications

The Privacy Advisor, [30] the IAPP's publication, provides news, reporting on legal developments and analysis of rules and privacy practices.

The Privacy Perspectives blog includes opinion and insight from around the globe.

The Privacy Tracker blog follows legislative developments and provides guidance and analysis of how legislation impacts privacy practitioners.

The Privacy Tech blog covers privacy-enhancing technology and the technical implementation of privacy.

These publications are filtered through the Daily Dashboard, a daily clipping service, and regional digests covering Canada, Europe and the Asia-Pacific region.

Related Research Articles

Professional certification, trade certification, or professional designation, often called simply certification or qualification, is a designation earned by a person to assure qualification to perform a job or task. Not all certifications that use post-nominal letters are an acknowledgement of educational achievement, or an agency appointed to safeguard the public interest.

CISSP is an independent information security certification granted by the International Information System Security Certification Consortium, also known as ISC2.

<span class="mw-page-title-main">Canadian Securities Institute</span> Canadian organization

The Canadian Securities Institute is a Canadian organization that offers licensing courses, advanced certifications, continuing education and custom training for financial services professionals in Canada and internationally.

The Project Management Institute is a U.S.-based not-for-profit professional organization for project management.

Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person.

TrustArc Inc. is a privacy compliance technology company based in Walnut Creek, California. The company provides software and services to help corporations update their privacy management processes so they comply with government laws and best practices. Their privacy seal or certification of compliance can be used as a marketing tool.  

A chief information security officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance. The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner.

The Chief Privacy Officer (CPO) is a senior level executive within a growing number of global corporations, public agencies and other organizations, responsible for managing risks related to information privacy laws and regulations. Variations on the role often carry titles such as "Privacy Officer," "Privacy Leader," and "Privacy Counsel." However, the role of CPO differs significantly from another similarly-titled role, the Data Protection Officer (DPO), a role mandated for some organizations under the GDPR, and the two roles should not be confused or conflated.

Information governance, or IG, is the overall strategy for information at an organization. Information governance balances the risk that information presents with the value that information provides. Information governance helps with legal compliance, operational transparency, and reducing expenditures associated with legal discovery. An organization can establish a consistent and logical framework for employees to handle data through their information governance policies and procedures. These policies guide proper behavior regarding how organizations and their employees handle information whether it is physically or electronically created (ESI).

<span class="mw-page-title-main">Julie Brill</span> American lawyer

Julie Simone Brill is an American lawyer who serves as Chief Privacy Officer and Corporate Vice President for Global Privacy, Safety and Regulatory Affairs at Microsoft. Prior to her role at Microsoft, Brill was nominated by President Barack Obama on November 16, 2009, and confirmed unanimously by the US Senate to serve as Commissioner of the US Federal Trade Commission on March 3, 2010. Brill served as a Commissioner of the Federal Trade Commission (FTC) from 2010 to 2016.

The Computing Technology Industry Association, more commonly known as CompTIA, is an American non-profit trade association that issues professional certifications for the information technology (IT) industry. It is considered one of the IT industry's top trade associations.

ISC2 Non-profit IT cybersecurity organization

The International Information System Security Certification Consortium, or ISC2, is a non-profit organization which specializes in training and certifications for cybersecurity professionals. It has been described as the "world's largest IT security organization". The most widely known certification offered by ISC2 is the Certified Information Systems Security Professional (CISSP) certification.

<span class="mw-page-title-main">General Data Protection Regulation</span> EU regulation on the processing of personal data

The General Data Protection Regulation is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

Privacy engineering is an emerging field of engineering which aims to provide methodologies, tools, and techniques to ensure systems provide acceptable levels of privacy.

A data protection officer (DPO) ensures, in an independent manner, that an organization applies the laws protecting individuals' personal data. The designation, position and tasks of a DPO within an organization are described in Articles 37, 38 and 39 of the European Union (EU) General Data Protection Regulation (GDPR). Many other countries require the appointment of a DPO, and it is becoming more prevalent in privacy legislation.

<span class="mw-page-title-main">DeAndrea Salvador</span> American politician

DeAndrea Salvador is a Democratic member of the North Carolina Senate. She has represented the 39th Senate district since 2021. She is the founder and Chief Executive Officer of Renewable Energy Transition Initiative (RETI), a nonprofit that educates communities and leaders about energy conservation and affordability. She was a 2018 TED Fellow. Elected at age 30, Salvador is the youngest Black woman ever to serve in the North Carolina General Assembly.

The Campus Privacy Officer (CPO) is a position within a post-secondary university that ensures that student, faculty, and parent privacy is maintained. The CPO role was created because of growing privacy concerns across college campuses. The responsibilities of the CPO vary depending on the specific needs of the campus community. Their daily tasks may include drafting new privacy policies for their respective college campus, creating a curriculum that informs teachers and students about privacy, helping to investigate any privacy breaches within the university, and ensuring that the university is abiding by current state and federal privacy laws. CPOs are also responsible for connecting with student and faculty groups across the entire campus in order to understand the privacy concerns of the campus. The role of CPO is an expanding profession within the United States and other countries, such as Canada and South Africa. There are numerous organizations that exist to provide training for CPOs and support them.

The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of the state of California in the United States. The bill was passed by the California State Legislature and signed into law by the Governor of California, Jerry Brown, on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code. Officially called AB-375, the act was introduced by Ed Chau, member of the California State Assembly, and State Senator Robert Hertzberg.

<span class="mw-page-title-main">General Personal Data Protection Law</span> Brazilian regulation on the processing of personal data

The General Personal Data Protection Law, is a statutory law on data protection and privacy in the Federative Republic of Brazil. The law's primary aim is to unify 40 different Brazilian laws that regulate the processing of personal data. The LGPD contains provisions and requirements related to the processing of personal data of individuals, where the data is of individuals located in Brazil, where the data is collected or processed in Brazil, or where the data is used to offer goods or services to individuals in Brazil.

References

  1. 1 2 3 4 5 6 "https://projects.propublica.org/nonprofits/organizations/233048008/201911359349301931/IRS990 Archived 2019-10-02 at the Wayback Machine ". International Association of Privacy Professionals. May 14, 2019.
  2. Taylor, Mark (10 April 2000). "Privacy issues are focus of new group". Modern Healthcare. Crain Communications Inc. Archived from the original on 20 August 2019. Retrieved 3 August 2019.
  3. Swire, Peter P. (2002). "The Surprising Virtues of the New Financial Privacy Law". Minnesota Law Review. 86: 2083. doi:10.2139/ssrn.347402. Archived from the original on 2019-08-20. Retrieved 2019-08-20.
  4. Tracy, Ryan; McKinnon, John D. (24 July 2019). "Facebook Penalty Sends Message to Big Tech". The Wall Street Journal. Dow Jones & Company, Inc. Archived from the original on 18 August 2019. Retrieved 18 August 2019. "I expect a lot of board members and CEOs are chatting and texting today about what exactly they need to do to ensure they are within spitting distance of these new best practices," said Trevor Hughes, president of the International Association of Privacy Professionals.
  5. Merken, Sara (12 August 2019). "Companies Turning to Tech Vendors for Privacy Compliance Tools". Bloomberg Law. The Bureau of National Affairs, Inc. Archived from the original on 18 August 2019. Retrieved 18 August 2019. The number of privacy tech companies jumped from 51 vendors in 2017 to 224 in 2019 so far, according to annual privacy tech vendor reports by the International Association of Privacy Professionals.
  6. "Measuring privacy operations: Use of technology on the rise". HelpNetSecurity. 6 December 2018. Archived from the original on 18 August 2019. Retrieved 18 August 2019. "Among our thousands of members, we know that privacy teams are now reporting on a regular basis to company leadership, and consequently they need to demonstrate results and a return on investment," said Trevor Hughes, CEO and President of the IAPP.
  7. Tittel, Ed; Kyle, Mary (15 June 2018). "International Association of Privacy Professionals: Career and Certification Guide". Business News Daily. Archived from the original on 11 May 2019. Retrieved 11 May 2019. The IAPP has developed a globally recognized certification program around information privacy.
  8. Edwards, John (6 August 2019). "Why You Should Create a Forward Looking Privacy Policy". InformationWeek. UBM. Archived from the original on 18 August 2019. Retrieved 18 August 2019. She added that organizations can also join privacy groups, such as the International Association of Privacy Professionals (IAPP), to stay on top of changes and access self-education resources.
  9. 1 2 Kim, Lee (8 July 2019). "My Journey to Attaining Two Professional Certifications, CIPP and CISSP". HIMSS.org. Healthcare Information and Management Systems Society. Archived from the original on 31 July 2019. Retrieved 24 August 2019. I find value in the CIPP and CISSP credentials every day. Throughout my various professional roles in law, information technology, and now in health IT, I have always had to use multiple domains of knowledge.
  10. 1 2 3 4 5 6 7 Tittel, Ed (6 June 2018). "Gearing up for GDPR certification: Only a few good options". Hewlett Packard Enterprise. Hewlett Packard Enterprise Development LP. Archived from the original on 24 August 2019. Retrieved 24 August 2019. Right now, as far as I can tell, the IAPP is the only organization that qualifies as a full-fledged and entirely reputable purveyor of certifications that incorporate GDPR skills and knowledge in its various credentials (and the curricula and exams that support them). The IAPP is a vendor- and policy-neutral organization that's been around since 2000, billing itself as "the world's largest global information privacy community."
  11. Maselli, Jennifer (25 August 2003). "Privacy Group Focuses on RFID". RFID Journal. Emerald Expositions, LLC. Retrieved 18 August 2019. "This is a timely topic," says Shara Prybutok, an administrator for IAPP, which was formed recently by the merger of the Privacy Officers Association and the Association of Corporate Privacy Officers.
  12. "50K members: A landmark for the IAPP and global privacy". IAPP.org. International Association of Privacy Professionals. 2 May 2019. Archived from the original on 9 May 2019. Retrieved 1 October 2019. The IAPP had hit 50,000 members worldwide.
  13. "International Association of Privacy Professionals:Career and Certification Guide". Business News Daily. June 15, 2018. Archived from the original on May 11, 2019. Retrieved May 10, 2019.
  14. 1 2 "Do Women Make Better Privacy Professionals?". Forbes. June 10, 2015. Archived from the original on October 3, 2015. Retrieved October 5, 2015.
  15. "ANSI Directory of Accredited Personnel (ANSI/ISO/IEC 17024) Certification Bodies". ANSI.org. American National Standards Institute. August 5, 2015. Archived from the original on July 7, 2018. Retrieved July 7, 2018.
  16. "Accreditation Program for Personnel Certification Bodies under ANSI/ISO/IEC 17024". ANSI.org. Archived from the original on July 7, 2018. Retrieved July 7, 2018.
  17. 1 2 Coseglia, Jared (29 May 2018). "The Power of Certifications in the Legal Industry". Law.com. ALM Media Properties LLC. Archived from the original on 24 August 2019. Retrieved 24 August 2019. The International Association of Privacy Professionals' (IAPP) certification program has quickly become the gold standard for employers seeking instant validation of an individual's privacy expertise.
  18. "CIPP Certification". IAPP. Archived from the original on 13 August 2019. Retrieved 18 August 2019.
  19. "Certifiable! The Value of Certifications to Your Career - CIPP, CIPM and CIPT at IAPP". ILTAnet.org. International Legal Technology Association. 27 August 2015. Retrieved 24 August 2019.
  20. "The IAPP Certified Information Privacy Professional/Government (CIPP/G) Program Is Now Inactive" (PDF). 30 September 2018. Archived (PDF) from the original on 18 August 2019. Retrieved 18 August 2019.
  21. "HR.com - The Human Resources Social Network". www.hr.com. 2015-12-08. Retrieved 2015-12-08.
  22. 1 2 3 "Is IAPP Certification a Consideration for Health IT Professionals?". USF Health Online. University of South Florida. Archived from the original on 24 August 2019. Retrieved 24 August 2019.
  23. "Cybersecurity's hidden pool of talent". Healthcare IT News. 30 November 2015. Archived from the original on 2015-12-10. Retrieved 2015-12-08.
  24. "Privacy Law Specialist: The ABA-Approved Certification for Lawyers Practicing Privacy". Legaltech News/Law.com. March 19, 2019. Archived from the original on May 11, 2019. Retrieved May 10, 2019.
  25. "Fellow of Information Privacy". IAPP. Archived from the original on 13 August 2019. Retrieved 18 August 2019.
  26. Spiezio, Caroline (7 May 2019). "US Chief Privacy Officers Get Paid More Than EU Peers, Have Closer Ties to Legal". Law.com. ALM Media Properties LLC. Archived from the original on 27 July 2020. Retrieved 24 August 2019. According to the IAPP's 2019 Privacy Professionals Salary Survey, American CPOs' median salary is $212,000 compared to $185,000 in the U.K. and $142,000 in the European Union. The global median salary for CPOs is $200,000 in 2019.
  27. "Report shows privacy officials in government are understaffed and demoralized". The Daily Dot. 26 September 2015. Archived from the original on 2016-01-05. Retrieved 2015-12-08.
  28. "FTC wants role in reshaping online privacy bill -- Regulators talk cross-border privacy rules". POLITICO. Archived from the original on 2015-12-10. Retrieved 2015-12-08.
  29. "Does Privacy Need a New Language?". Governor Technology. Archived from the original on 2015-12-10. Retrieved 2015-12-08.
  30. "Administrative judge dismisses FTC case against LabMD". SC Magazine. Archived from the original on 2015-11-22. Retrieved 2015-12-08.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.