Shelley’s Guide to Acing the IAPP CIPT Exam

Published at 07:28 on 18 Oct 2024

If you’re considering a career in privacy and data protection, or if you’re an existing IT or information security professional looking to extend your expertise into privacy –  earning the Certified Information Privacy Technologist (CIPT) certification from the International Association of Privacy Professionals (IAPP) is a powerful step forward.  

Table of Contents

What Is The CIPT?

The CIPT credential is designed for IT professionals who want to build a robust understanding of privacy and data protection in their technology operations. Passing the CIPT exam is a useful indicator of your expertise in integrating privacy by design, managing data lifecycle, and implementing security measures that align with global privacy standards. It validates your ability to manage data responsibly and ensures that privacy considerations are baked into your organisation’s products and services from the ground up.

Privacy 108 team member Shelley recently took (and aced) the CIPT. Here are her thoughts on the exam and exam prep:

Why I like the CIPT

I have been working in both technology and privacy for many years now, and working in these fields is both challenging and extremely rewarding. What I enjoy about the CIPT is that it seeks to meet the needs of practitioners like me, to demonstrate their competency in both technology and privacy. People that are trying to work in organisations to improve privacy in a real and tangible way, implementing the controls that support the principles that privacy regulation is built on. It’s not focused on the law or compliance.

In this blog post, I’ll outline everything I’ve learnt from my recent experience in preparing for and passing the CIPT exam (the first time!).

What the CIPT Exam Covers

The CIPT exam tests your knowledge across several key domains:

  1. Foundation Principles 
  2. The privacy technologist’s role in the context of the organisation
  3. Privacy Risks, Threats and Violations 
  4. Privacy enhancing strategies, techniques and technologies
  5. Privacy by design
  6. Privacy Engineering
  7. Evolving or emerging technologies in privacy.

Each of these domains is described in more detail in the CIPT Body of Knowledge.

New Body of Knowledge (From 2 September 2024)

The IAPP has updated the BoK and it is effective from September 2024. The new format aligns the content (which hasn’t substantially changed) with a series of competencies and performance indicators to help assess the testtakers proficiency against the broad knowledge domains.

Each domain is integral to developing a comprehensive understanding of privacy from a technological standpoint.

Tips for Preparing for the CIPT Exam

  1. Do not underestimate it!

The CIPT can take a lot of preparation, even for those candidates who already have a deep knowledge of privacy and technology.  The IAPP recommends at least 30 hrs of study to prepare for the exam.  In my experience this is a reasonable guide, however this will depend a lot on your baseline understanding and how you use the supporting tools and resources available.  Note – this is the minimum!

Pure technologists may benefit from doing the CIPM first to help improve your knowledge of the privacy programs, frameworks and terms as well as the IAPP exam format which is quite different from some other technology certifications.

  1. Take Advantage of IAPP Training Programs and book your exam straight away!

Participate in virtual or in-person training designed to prepare candidates for the CIPT exam. These programs provide structured learning and are led by experienced instructors who can clarify complex concepts and enables participants to engage with each other to discuss and relate the concepts to their own experience.

We say this again and again in our preparation courses, but do not wait to book your exam. Booking soon after training has always helped me maintain the momentum I’ve built while the knowledge is still fresh. Also, setting a clear deadline that isn’t too far in the future also prevents other priorities from taking over once I’m back in the office.

  1. Learn the Lexicon

As a certification involving both privacy and technology, there is a lot of specific terminology to be familiar with. It is essential you know your methodologies from your frameworks, your risks from your violations, and your homomorphic from your polymorphic.  You can check out the IAPP’s Glossary. There are also several great examples of flashcard sets that other test takers have put together, which are another great tool for studying and testing your knowledge. 

IAPP Glossary

Flashcards on Quizlet

  1. Lots of ‘light reading’

There are specific reading materials for the CIPT exam, including the CIPT Textbook and the “CIPT Certification Body of Knowledge” which provide in-depth coverage of the exam content and are essential for your study plan. 

However, to really understand many of these concepts and frameworks, it really helps to read some of the sources referenced in the BoK. There are particular domains where this is beneficial, I think are:

  • Foundation Principles (Domain 1)
  • Risks Threats and Violations (Domain 3)
  • Privacy by Design (Domain 5)
  1. Practice with Sample Questions (a lot of sample questions!)

The IAPP provides sample questions that mimic the style and difficulty of those on the actual exam. Practicing with these questions helps you familiarise yourself with the exam format and identify areas where you need to improve. 

Sample questions can be hard to come by, with the IAPP only publishing one practice exam which candidates need to purchase.  There are other sources around online of varying quality however perhaps the best and most reliable source available is the CIPT Exam Guide by Joseph Byrne which is available on Kindle.

The exam is 90 questions, so doing multiple practice exams can be very time consuming.  Look at ways to make this process more efficient and effective. I built a simple spreadsheet which included the correct answers and the domain they related to. This gave me an instant score and identified the domains that I needed to focus on.  Repeating these practice exams, keeping track of my progress and being systematic in my study was key to feeling confident going into the exam. 

This certification is generally regarded as often the most challenging, but by understanding the exam structure, utilising recommended resources, and following a disciplined study plan, you can position yourself for success. 

Good luck with your studies, and here’s to your success on the CIPT exam!

Shelley brings a wealth of experience in data privacy, project management, change management, and IT service management across industries including education, banking, credit reporting and government. Her expertise includes designing and implementing privacy programs, conducting impact assessments, interpreting global regulations, and managing privacy incidents.