CIPP/E and CIPP/US annual update (September 1, 2019)
From September 1, 2019, the IAPP CIPP/US and CIPP/E exams undergo a small annual update. Approximately 10% of the body of knowledge and the exam are adjusted accordingly. If we look closely at the exam blueprints, the adjustment is actually minimal.
The exam blueprint has two additions:
- Storage limitation retention, under II, C;
- Consent (and withdrawal of), under II, F.
The changes are marked (yellow) on the official IAPP CIPP/E exam blueprint. Download the blueprint here.
We recommend reading the following two articles from the IAPP:
Further updated content consists of:
- Data subject consent, including the right of withdrawal
- Organizational data protection mechanisms
- Risk reporting requirements
- Data sharing and associated security implications
- Joint data controllers
- DPIAs and established criteria for conducting them
Please note that we actually only see the first topic (data subject consent and withdrawal) in the new exam blueprint. It is possible that the changes have not been made visible and simply fall under the topics that are already in the blueprint. For example, the joint controller (5) is now dealt with under II, A.
In view of the above, we also recommend reading:
The exam blueprint has the following additions:
- Data flow mapping, under I, C;
- Added ‘APEC’ to other key considerations for U.S.-based multinational companies, under I, C.
- Future of federal enforcement, under II, A;
- Elements of, key differences among states, recent development, under V, E. (This seems more like a textual clarification because this was already requested in the exam. Now it has been made clear that people can expect this too.)
The changes are marked (yellow) on the official IAPP CIPP/US exam blueprint. Download the blueprint here.
We recommend reading the following articles from the IAPP:
Further updated content include:
- The role of new cyber threats in incident response programs
- Cloud issues related to vendor management
- The role of the APEC privacy framework for U.S.-based global multinational companies
- Emerging areas of federal enforcement (data brokers, big data, IoT, AI, unregulated data)
- State data security developments such as the CCPA
Please note that we actually only see the third and fourth subject in the new exam blueprint. It is possible that the changes have not been made visible and simply fall under the topics that are already in the blueprint.
In view of the above, we recommend reading:
The official textbooks have not yet been updated with the above changes. So it is wise to read the IAPP articles on these topics.