Certified Information Privacy Professional (CIPP/US) + Certified Information Privacy Manager (CIPM)

Course Overview

Principles of Privacy in the U.S. Private Sector covers U.S. privacy laws and regulations at federal and state levels, including breach notification and limits on various private sectors. You’ll leave with an understanding of the legal requirements for the responsible handling and transfer of personal data within industry and workplaces, including government access to private-sector data. The training is based on the body of knowledge for the IAPP’s ANSI-accredited Certified Information Privacy Professional/ U.S. (CIPP/US) certification program. CIPM. Founded in 2000, the IAPP is the world’s largest and most comprehensive privacy resource with a mission to define, support and improve the Privacy profession globally. Every organization has data protection needs. Every day, we access, share and manage data across companies, continents and the globe. Knowing how to implement a privacy program is an invaluable skill that will help you protect your organization’s data—and take your career to the next level. Our Principles of Privacy Program Management training is the premier course on implementing a privacy program framework, managing the privacy program operational lifecycle and structuring a privacy team.

Who Should Attend

Data Protection Officers Data Protection Managers Auditors Legal Compliance Officers Security Manager Information Managers Anyone involved with data protection processes and programs

Course Objectives

It will show the world that students know privacy laws and regulations and how to apply them, and that students know how to secure your place in the information economy. When students earn a CIPP credential, it means they’ve gained a foundational understanding of broad global concepts of privacy and data protection law and practice, including: jurisdictional laws, regulations and enforcement models; essential privacy concepts and principals; legal requirements for handling and transferring data and more. Principles of Privacy Program Management is the how-to training on implementing a privacy program framework, managing the privacy program operational lifecycle and structuring a knowledgeable, high-performing privacy team. Those taking this course will learn the skills to manage privacy in an organization through process and technology—regardless of jurisdiction or industry. The Principles of Privacy Program Management training is based on the body of knowledge for the IAPP’s ANSI accredited Certified Information Privacy Manager (CIPM) certification program.

Course Outline

1 - Introduction to Privacy

  • Discusses the modern history of privacy, an introduction to personal information, an overview of data protection roles and a summary of modern privacy frameworks.

2 - Structure of U.S. Law

  • Reviews the structure and sources of U.S. law and relevant terms, and introduces governmental bodies that have privacy and information security authority.

3 - General Data Protection Regulation Overview

  • Presents a high-level overview of the GDPR, discuss the significance of the GDPR to U.S. organizations, and summarizes the roles and responsibilities outlined in the law.

4 - Enforcement of U.S. Privacy and Security Laws

  • Distinguishes between criminal and civil liability, presents theories of legal liability and describes the enforcement powers and responsibilities of government bodies, such as the FTC and state attorneys general.

5 - Information Management from a U.S. Perspective

  • Explores the development of a privacy program and the role of privacy professionals, discusses vendor management and examines data collection, classification and retention.

6 - Federal Versus State Authority

  • Compares federal and state authority and discusses preemption.

7 - Healthcare

  • Describes privacy laws in healthcare, including the major components of HIPAA and the development of HITECH, and outlines privacy protections mandated by other significant healthcare laws.

8 - Financial Privacy

  • Outlines the goals of financial privacy laws, highlights key concepts of FCRA, FACTA and GLBA, and discusses the Red Flags Rule, Dodd-Frank and consumer protection laws.

9 - Education

  • Outlines the privacy rights and protections under FERPA, as well as recent amendments provided by PPRA and NCLBA.

10 - Telecommunications and Marketing

  • Explores rules and regulations of telecommunications entities, reviews laws that govern marketing, and briefly discusses how privacy is addressed in the digital advertising realm.

11 - Law Enforcement and Privacy

  • Summarizes privacy laws on intercepting communication, including how the telecommunications industry must cooperate with law enforcement, and outlines laws that assure rights to financial privacy.

12 - National Security and Privacy

  • Further explores rules and regulations on intercepting communication, including how the laws have evolved and how government agencies and private companies work collaboratively to improve cyber-security.

13 - Civil Litigation and Privacy

  • Discusses privacy issues related to litigation including electronic discovery, redaction and protective orders, and briefly compares U.S. discovery rules to foreign laws.

14 - Legal Overview of Workplace Privacy

  • Describes federal and state laws that regulate and protect employee privacy, as well as federal laws that prohibit discrimination.

15 - Privacy Before, During and After Employment

  • Examines the lifecycle of employee privacy including background screening, employee monitoring, investigating misconduct and termination; outlines anti-discrimination laws; and discusses “bring your own device” policies.

16 - State Data Security Laws

  • Identifies state laws that impact data security, reviews Social Security number use regulation and discusses laws governing data destruction.

17 - Data Breach Notification Laws

  • Summarizes the scope of state data breach notification law, highlights the nine elements of state data breach notification laws and notes major differences in state laws.


  • Identifies privacy program management responsibilities, and describes the role of accountability in privacy program management.


  • Examines considerations for developing and implementing a privacy program, including the position of the privacy function within the organization, role of the DPO, program scope and charter, privacy strategy, support and ongoing involvement of key functions and privacy frameworks.


  • Discusses the regulatory environment, common elements across jurisdictions and strategies for aligning compliance with organizational strategy.


  • Relates practical processes for creating and using data inventories/maps, gap analyses, privacy assessments, privacy impact assessments/data protection impact assessments and vendor assessments.


  • Describes common types of privacy-related policies, outlines components and offers strategies for implementation.


  • Discusses operational considerations for communicating and ensuring data subject rights, including privacy notice, choice and consent, access and rectification, data portability, and erasure and the right to be forgotten.


  • Outlines strategies for developing and implementing privacy training and awareness programs.


  • Examines a holistic approach to protecting personal information through privacy by design.


  • Provides guidance on planning for and responding to a data security incident or breach.


  • Relates common practices for monitoring, measuring, analyzing and auditing privacy program performance.

Enroll Today

This is a 4-day class

Price: $3,595.00
Payment Options

ILT Instructor‑Led Training


GTR  Guaranteed to Run

Class times are listed Eastern time. This class is available for Private Group Training

To sort by location or date, click the ‘When’ and ‘Where’ column headings.

Class dates not listed.
Please contact us for available
dates and times.