Certified Information Privacy Professional/United States Exam Prep

Covers the foundations of the U.S. privacy system, core privacy concepts, common privacy harms, and the design and operation of privacy programs. It also includes data lifecycle management, privacy risk assessments, transparency and consent practices, and cross-border and third-party data governance.

• Task 1: Explain the foundations of the U.S. privacy system
• Distinguish sectoral from omnibus models
• Legal sources of privacy obligations
• Self-regulation and private ordering
• Enforcement actors in privacy
• Task 2: Apply core privacy concepts and principles in practice
• Define information categories

Key references: CIPP/US official exam guide · ExamPal shared topic tree

Covers major comprehensive state privacy statutes, consumer rights, business obligations, California privacy law, and state enforcement and litigation risk. It also addresses harmonization strategies for organizations operating across multiple states.

• Task 1: Compare major comprehensive state privacy statutes
• Common elements across state laws
• Scope and applicability
• Controllers, processors, and service providers
• State-specific terminology and obligations
• Task 2: Apply consumer rights under state privacy laws
• Core consumer rights

Key references: CIPP/US official exam guide · ExamPal shared topic tree

Covers the federal privacy enforcement landscape and major sectoral regimes, including health, financial, communications, education, children’s, and other federal privacy obligations. It emphasizes agency authority, statutory requirements, and how these laws interact with state law and FTC authority.

• Task 1: Explain the federal privacy enforcement landscape
• FTC Section 5 authority
• Sector-specific federal regulators
• Agency guidance and orders
• Limits without omnibus statute
• Task 2: Apply health privacy requirements
• HIPAA scope and actors

Key references: CIPP/US official exam guide · ExamPal shared topic tree

Covers privacy issues in the employment context, employee data management across the employment lifecycle, and workplace legal and operational constraints. It emphasizes monitoring, notices, retention, sensitive workforce data, and governance roles.

• Task 1: Apply privacy principles in the employment context
• Workplace privacy issues
• Employer interests and employee expectations
• Notices, policies, and access restrictions
• Minimization and purpose limitation
• Task 2: Manage employee data throughout the employment lifecycle
• Employment lifecycle stages

Key references: CIPP/US official exam guide · ExamPal shared topic tree

Covers government access frameworks, litigation and court-driven access to information, and organizational responses to compelled disclosure. It emphasizes constitutional and statutory limits, disclosure mechanisms, protective measures, and defensible response practices.

• Task 1: Explain government access frameworks
• Constitutional and statutory limits
• Types of government access
• Compelled process types
• Provider obligations
• Task 2: Address litigation and court-driven access to information
• Discovery and preservation

Key references: CIPP/US official exam guide · ExamPal shared topic tree