CIPP/US Study Guide 2024: a Guide to obtaining your CIPP/US Certification

CIPP/US Study Guide 2024: a Guide to obtaining your CIPP/US Certification

Step into the Detailed Introduction to the Certified Information Privacy Professional/United States (CIPP/US) Exam. In this guide, we’ve put together a comprehensive introduction to the CIPP/US certification, which focuses on understanding data protection and privacy laws relevant to the US.

Offered by the International Association of Privacy Professionals (IAPP), the CIPP/US certification is designed to equip privacy experts with the necessary knowledge and skills to address complex data privacy challenges. In today’s world, where data breaches and privacy concerns are widespread, organizations are actively seeking skilled professionals who can navigate the complex landscape of data protection laws.

Join us on this journey as we explore the path to a secure and well-regulated digital future in data privacy, guided by the informative pages of the CIPP/US study guide!

What is CIPP/US?

The Data Privacy Jobs Report Highlights High Demand for Privacy Professionals Due to Complex Regulations and Cloud Migration.

The global push for consistent digital privacy laws has led to a surge in demand for privacy experts. TRU Staffing Partners, a recruitment firm, has revealed that the intricate web of regulations, combined with the shift to remote work following the Covid-19 pandemic, has resulted in an unprecedented need for privacy professionals. This demand has reached its highest point in over a decade, with a 30% increase in data privacy job opportunities last year and expectations of similar growth in the coming years. The demand for privacy expertise is on the rise.

The Certified Information Privacy Professional (CIPP) is a prestigious certification recognized worldwide, developed and provided by the International Association of Privacy Professionals (IAPP). The IAPP CIPP program offers different certifications for various regions, including the United States (CIPP/US), Europe (CIPP/E), Asia (CIPP/A), and Canada (CIPP/C).

The CIPP/US certification is specifically designed for privacy and compliance managers and officers, as well as other professionals in the field of privacy and data protection. This certification focuses on U.S. privacy laws and regulations. Throughout the certification process, you will explore various topics, including limitations on data collection and use across different sectors. You’ll also gain insights into specific regulations that govern sectors like healthcare, finance, education, telecommunications, and marketing.

The study materials cover a wide range of subjects, from the legal aspects of data accessibility by law enforcement and national security agencies to the complexities of workplace privacy and important state-level privacy laws. Notably, after the retirement of the CIPP/G certification in October 2018, the CIPP/US remains the only IAPP privacy certification that concentrates solely on U.S. privacy laws, regulations, and frameworks.

Unlike some other certifications, there are no prerequisites in terms of prior experience or education to take the CIPP/US exam. However, the exam content is updated annually to reflect changes in the privacy landscape. You can find updates and relevant news on our blog.

As of now, the exam fee is $550. Successful candidates are required to pay a Certification Maintenance Fee of $250 every two years, unless they are active IAPP members, in which case the fee is covered by their annual membership.

The CIPP/US exam offers flexibility in terms of administration. You can take it online through Pearson VUE or in person at an authorized exam center. The exam is available in multiple languages, and you’ll receive your results immediately upon completing the exam.

The benefits of a CIPP/US certification

The CIPP/US certification offers a range of valuable benefits, making it a worthwhile investment to pursue:

  • Demonstrates In-Depth Understanding: This certification showcases your comprehensive grasp of US data protection laws and practices.
  • Expertise in Privacy Law: Employers, clients, and peers recognize you as an expert in privacy law, capable of effectively analyzing, interpreting, and implementing US requirements.
  • Competitive Edge: Holding the CIPP/US certification sets you apart from other job applicants, making you more attractive to employers. In 2019, the typical process for hiring someone skilled in data privacy took about three to six weeks for a commitment, but by 2021, it was reduced to just one week. Privacy professionals often receive multiple job offers and can choose from an average of three during their job search.
  • Enhanced Compensation: Data privacy jobs are more costly to fill in today’s market. Privacy professionals have enjoyed a 22% increase in salary, generally earning $20,000 to $30,000 more per year for similar positions. A similar salary increase is expected next year.
  • Commitment to Career Growth: For those new to the field, the certification reflects your dedication to building a successful career in privacy law.
  • Path to Data Protection Officer (DPO) Role: Combining the CIPP/US certification with the Certified Information Privacy Manager (CIPM) certification can open opportunities for a career as a Data Protection Officer.

We’ve detailed these advantages in a blog post you can find here. In conclusion, obtaining a CIPP/US certification is undeniably a valuable pursuit that can significantly enhance your career prospects and professional standing in the realm of privacy law.


What’s the difference between CIPP/US, CIPP/E and CIPM?
The CIPP/US certification focuses on demonstrating knowledge of data protection laws and regulations in the United States. The CIPP/E certification focuses on the same in Europe. Certified Information Privacy Manager (CIPM) focuses on developing leadership skills for managing and leading an organization’s privacy program. Holding both certifications equips you to fulfill the Data Protection Officer (DPO).

How long should I study for the CIPP exam?
The IAPP recommends allowing 30 hours to study for the exam. We would recommend at least 40 – 50 hours for studying to be well prepared. However, this varies depending on your level of prior work experience, personal studying style and family/work commitments.

How many questions are on the CIPP/US?
The exam has 90, multiple choice questions of which 75 are scored. There is one correct answer and 3 plausible, but incorrect answers. The exam also includes a few scenario questions, these questions often pose a challenge for students. The difficulty lies in the abundance of information provided, requiring individuals to discern between essential details and secondary points.

How long does the CIPP/US take?
You have 2.5 hours to complete the CIPP/US exam. 

Is the CIPP/US exam hard?
The CIPP/US exam is certainly challenging. The scoring system is complex and not very transparent, so it can be difficult to know exactly how well you need to do in order to pass. The exam is a test of both understanding and memorizing.

What is a passing score for CIPP?
A score of 300 out of 500 points is required, which corresponds to getting approximately 75-80% of the questions correct. However, the exact calculation method of this score remains the best-kept secret of the IAPP (International Association of Privacy Professionals). 

This not only emphasizes the seriousness of the exam and the necessity for thorough preparation, but also shrouds the evaluation criteria used by the IAPP in a mysterious veil. Achieving this threshold undoubtedly represents a significant level of expertise and understanding in the field of privacy and data protection, symbolizing recognition of profound knowledge within this intricate and evolving domain.


We advise you to secure your exam date and time at your earliest convenience.

The schedule for the exam is not predefined, and you can purchase the exam through the IAPP. Afterward, you can search for nearby exam centers and choose a suitable date and time slot from the available options. Alternatively, you can explore the possibility of online proctored sessions. With more than 6,000 test centers globally, you have ample choices.

We do recommend conducting a test run in advance to ensure everything functions smoothly. We’ve received messages from students who encountered issues with the proctored sessions during the actual exam.

Once you’ve selected your exam date and time, you have the flexibility to reschedule up to 48 hours prior to the exam time for a physical exam location or up to 15 minutes past the appointment time for an online exam. You can make as many rescheduling adjustments as needed.

Please pay attention to your confirmation email to confirm that the date and time match your expectations accurately.

How to Prepare for Your CIPP/US Exam?

For those who have limited time available or lack relevant experience, here are the recommended steps to effectively get ready for the CIPP/US examination.

  • Enroll in Our CIPP/US Training Program: Participate in our CIPP/US Training Course that offers comprehensive coverage of the subject matter. Experience our content quality through our free demo: prior to making a purchase decision, register for our free demo to explore the course offerings and firsthand experience the quality of our content.
  • Thoroughly Study the Textbook “U.S. Private-Sector Privacy Third Edition Digital”: Acquire and diligently go through the textbook titled “U.S. Private-Sector Privacy Third Edition Digital.” Familiarize yourself with the content to gain a strong foundation in the subject.
  • Review U.S. Federal Laws and Regulations: Take time to review and understand the various U.S. federal laws and regulations related to privacy and data security. This knowledge is crucial for success in the CIPP/US exam.
  • Assess Your Knowledge with Practice Exams and Sample Questions: Evaluate your understanding by utilizing trial exams or sample question resources. These materials will help you gauge your readiness and identify areas that require further attention. You can find our free practice questions here.
  • Leverage IAPP Resources: Make the most of the resources available on the IAPP website, such as the Body of Knowledge and  the Exam Blueprint. The Body of Knowledge outlines key concepts and topics essential for exam success, while the Exam Blueprint provides insights into question distribution across different areas of focus.

CIPP/US Exam book

The foundational resource for the CIPP/US exam is the IAPP-recommended book titled “U.S. Private-Sector Privacy Third Edition Digital ” authored by Peter P. Swire and DeBrae Kennedy-Mayo. This book is accessible in digital format in English via the IAPP store.

For independent study, this book serves as the fundamental and indispensable tool. If you are enrolled in our training course, it is not obligatory to purchase the book for exam success; however, we do suggest its acquisition if you wish to explore specific subjects more deeply.

It is important to note that the IAPP periodically releases updated editions of textbooks about every two years. In contrast, the CIPP/US exam and its knowledge domain receive annual updates. Consequently, there may not always be an exact alignment between the topics covered in the Body of Knowledge and the chapters found in the textbook. The most recent edition of the book was published in the first quarter of 2023, and the next exam update was slated for October 2023. Check out our blog for the latest updates.

State Data Privacy and Security Laws

As part of the CIPP/US exam blueprint, our guide includes the following legislation:

California Consumer Privacy Act (CCPA) (2018):
The CCPA was one of the pioneering state privacy laws in the United States. It grants California residents certain rights over their personal information, such as the right to know what information is collected about them, the right to request deletion of their information, and the right to opt-out of the sale of their data.

California Privacy Rights Act (CPRA) (2020):
The CPRA builds upon the foundation established by the CCPA and enhances privacy rights for California residents. It introduces new provisions, such as the establishment of the California Privacy Protection Agency (CPPA), which is responsible for enforcing and implementing privacy regulations.

Virginia Consumer Data Protection Act (VCDPA) (2021):
The VCDPA is Virginia’s comprehensive privacy legislation that provides consumers with certain rights regarding their personal information. It requires businesses to implement data protection measures and grants consumers the right to access, correct, delete, and opt-out of the sale of their data.

Colorado Privacy Act (CPA) (2021):
The CPA is Colorado’s privacy law that imposes obligations on businesses handling personal data. It grants consumers the right to access, correct, delete, and opt-out of the sale of their personal information. The law also introduces requirements for businesses to conduct data protection assessments and obtain explicit consent for the processing of sensitive data.

Nevada Privacy Law & Amendment (SB260) (2019/2021):
Nevada’s privacy law and its subsequent amendment focus on providing consumers with the right to opt-out of the sale of their personal information. It requires businesses to establish processes for consumers to exercise their opt-out rights.

Utah Consumer Privacy Act (2022):
The Utah Consumer Privacy Act is Utah’s comprehensive privacy legislation, granting consumers certain rights over their personal information. It requires businesses to implement data protection measures and enables consumers to exercise rights such as access, correction, deletion, and opt-out.

Connecticut Data Privacy Act (CTDPA):
The CTDPA aims to enhance consumer data privacy by introducing comprehensive regulations governing the collection, use, and disclosure of personal information. It establishes individuals’ rights to access, delete, and correct their data, while also imposing data breach notification requirements on organizations. The inclusion of the CTDPA in the CIPP/US exam blueprint reflects the growing importance of privacy regulations in the state of Connecticut.

California Age-Appropriate Design Code Act (A.B. 2273) (2022):
This act focuses on protecting children’s online data and privacy. It mandates that online services designed for children comply with specific age-appropriate privacy standards. It emphasizes the importance of obtaining parental consent for the collection and processing of children’s personal information. The addition of this law highlights the significance of safeguarding the privacy of minors and aligns with the broader efforts to protect children’s data in the digital age.

US Privacy Developments Explored

Within the United States, the absence of overarching federal privacy legislation has given rise to a collection of privacy laws at the state level. This has elevated the importance of staying well-informed about the most recent developments in state-level legislation, particularly for professionals aiming to achieve the Certified Information Privacy Professional/United States (CIPP/US) certification. This article delves into recent shifts in state privacy laws, shedding light on key updates that hold significance for the forthcoming CIPP/US examination.

While not explicitly covered in the examination blueprint, these advancements warrant attention due to their potential relevance for exam readiness:

  • California’s Enhanced CCPA Regulations:
    California has solidified additional regulations that expand upon the California Consumer Privacy Act (CCPA). These regulations offer clearer directives regarding compliance obligations, data entitlements, and mandates for businesses governed by CCPA. Remaining well-versed in these regulations proves crucial for privacy professionals operating within California and for entities that handle personal data of California residents.
  • Iowa Introduces Comprehensive Consumer Privacy Legislation:
    Iowa has joined the ranks as the sixth state to enact comprehensive consumer privacy legislation. This law bestows certain rights upon consumers regarding their personal information, encompassing access, deletion, and rectification. It also imposes obligations on businesses, necessitating the adoption of reasonable security measures and the provision of privacy notifications. Although not part of the official exam outline, understanding the tenets of this legislation underscores the growing trend of states emphasizing consumer privacy rights.
  • Texas Embraces Comprehensive Privacy Legislation:
    Texas has become the tenth state to ratify comprehensive privacy legislation. This law amplifies consumer rights by empowering individuals with control over their personal information. It mandates transparency in data practices, requisites consent for specific usages, and mandates the maintenance of sensible security measures by businesses. While not encompassed within the exam blueprint, this development underscores the escalating significance of privacy regulations spanning diverse states.

While currently not integrated into the exam outline, the following laws are anticipated to take effect in the future and may warrant vigilance:

  • Indiana Consumer Data Protection Act (Effective January 1, 2026):
    Scheduled to become operative in 2026, the Indiana Consumer Data Protection Act ushers in comprehensive privacy regulations, demanding businesses to institute reasonable security measures, secure consent for data processing, and confer privacy rights to consumers. This forthcoming legislation exemplifies the sustained momentum of state-level privacy statutes.
  • Montana Consumer Data Privacy Act (Effective October 1, 2024):
    Montana has sanctioned the Consumer Data Privacy Act, slated for enactment on October 1, 2024. This legislation confers consumers with rights to access, amend, erase, and opt-out of the sale of their personal information. It also mandates obligations for businesses to safeguard consumer data and to inform individuals of their privacy rights. Privacy experts should track the implementation of this legislation as it harmonizes with the escalating emphasis on consumer rights and data safeguarding.
  • Tennessee Information Protection Act (Effective July 1, 2024):
    Effective as of July 1, 2024, the Tennessee Information Protection Act establishes requisites for businesses handling personal information. It mandates the implementation of security measures, stipulates protocols for data breach notifications, and mandates the dissemination of privacy policies to consumers. This act showcases Tennessee’s dedication to reinforcing privacy safeguards and has the potential to feature in future exam blueprints.

In the ever-evolving domain of US state-level privacy legislation, remaining abreast of developments is indispensable for professionals striving for the CIPP/US certification. Recent additions such as the Connecticut Data Privacy Act and the California Age-Appropriate Design Code Act underscore ongoing endeavors to fortify consumer privacy rights. Moreover, developments like the finalization of CCPA regulations in California and the enactment of comprehensive privacy laws in Iowa and Texas underscore the expanding sphere of state-level privacy protection. While not presently integrated into the exam outline, laws in Indiana, Montana, and Tennessee showcase the continuous emergence of fresh privacy legislation. By maintaining awareness of these changes, CIPP/US aspirants can augment their comprehension of the dynamic privacy landscape and aptly prepare for the examination.

Taking the CIPP/US Exam

Taking the CIPP/US exam is an exciting milestone after thoroughly studying this CIPP/US Study Guide. Currently, candidates have the option to take the exam remotely through Pearson Vue, the IAPP’s partner, or in person at an approved test center.

However, some students have shared their experiences with remote proctoring, which can present challenges. Technical issues, such as difficulty scrolling through the exam or webcam connection problems, have been reported by some candidates. Waiting times before starting the exam have also been mentioned.

If you have already scheduled an exam and do not feel ready to take it, then  you can reschedule the exam for free up to 48 hours before the scheduled time. 

Tips for the CIPP/US Exam

We have some tips for your CIPP/US exam. What we would recommend is to study the summary very well. Get the details out of it. Try to take a good look at the topics that weigh heavily in the blueprint, check out our blog.

Try to take a good look at the themes that weigh heavily in the examination blueprint. These are in chapters (in this order:)

  • Chapter 4 (Information Management) 
  • Chapter 12 (Workplace) 
  • Chapter 11 (Telecommunications) 
  • Chapter 9 (Financial) 
  • Chapter 8 (Medical) 
  • Chapters 2 and 3 (combination)

And please don’t forget the State Privacy Laws Appendix.

 You can also buy this book:

 or this one to practice some more. However, I would not be too focused on more questions. What I would do is study the summary very well. Get the details out of it. Also don’t panic if the scenarios seem difficult. You don’t have to have everything right and you can review them afterwards. There are plenty of simple multiple choice questions that you can score with only learning the material. You may well have some questions wrong with the difficult questions in the scenarios. That’s OK. Also know that some of the questions are experimental and do not count at all in the result.

Hopefully the above is useful. Once again, if you know the material in the summary well, you are already a long way off. Questions that do not originate from the study materials can often be answered logically.

CIPP/US training course

Are you seeking a streamlined learning approach, aiming to tap into the wisdom of seasoned professionals, access comprehensive course materials all in one convenient location, and significantly enhance your prospects of success? Look no further than our CIPP/US training course. This comprehensive program is expertly crafted not only to save you time but also to provide valuable insights derived from the experiences of others. Enrolling in this course offers a better understanding of crucial concepts. Join us on this journey to unlock your full potential in the realms of data protection and privacy.

We recommend our online CIPP/US training course, which offers you lifelong access upon purchase. Our courses are thoughtfully designed for self-paced learning, allowing you to seamlessly integrate your study sessions with your other commitments, whether it be work or other activities. Balancing our online CIPP and CIPM courses with your full-time job and other engagements is entirely feasible. Each course can be completed in one or two full days, and it’s advisable to allocate some study time for our summary and relevant laws. 

Our course layout aligns with the chapters of the knowledge book. Every chapter starts with an instructive video introduction (an example is provided below). Following the video are succinct narratives and quizzes. Certain aspects of the curriculum are further explored within the online environment. We place considerable emphasis on the chapters carrying the highest weight (score) within our comprehensive course.

This course encompasses a well-balanced fusion of videos, a summary of the official textbook, three full-length practice exams (each comprising 90 questions), supplementary questions, valuable insights, and beneficial tips to enhance your preparation. To delve deeper into our course content, we invite you to register for our free demo and also, check out our practice questions.

Rest assured that our course materials amply equip you to tackle the CIPP/E exam in a single attempt. You will also receive the study outline in PDF format to guide your learning journey. As an extra resource, we’ve attached 30 sample questions to this guide; you can find them in the attachments. 

To gain firsthand insights from our students’ experiences, you can visit Trustpilot and explore our YouTube channel for video testimonials.

Embark on the road to certification success by enrolling in our CIPP/US training course. If you have any inquiries, feel free to reach out, and we will respond within 24 hours.

After the exam

If you successfully pass the exam, congratulations! Your exam result will be immediately displayed on the screen upon completing the test. Additionally, the outcome will be sent to your registered IAPP email address. Furthermore, you will receive a link to access your PR toolkit, accessible through your profile on the IAPP website. This PR toolkit encompasses a customizable news release template, media engagement tip sheets, and suggestions for effectively showcasing your certification to your professional network, utilizing the features of your newly obtained electronic certificate.

In the event that you do not achieve a passing score on the exam, please do not lose heart; you are not alone in this experience! The CIPP/US exam is indeed demanding, but with appropriate preparation, success is within reach. Following an unsuccessful attempt, there is a mandatory waiting period of 30 days before you can schedule a retake. Additionally, there is a retake fee of $375 payable to the IAPP, which is lower than the initial exam fee. A valuable piece of advice is to focus your efforts on delving deeper into the areas where you may have scored lower.

Does my certificate expire?

Your CIPP/US certification remains valid for a span of two years, commencing from the date of your successful exam completion. To uphold your certification status within this timeframe, you need to acquire 20 Continuing Privacy Education (CPE) credits and submit the maintenance fee of $250 every two years.

The IAPP website serves as a valuable hub for accumulating CPE credits. You can conveniently filter the content to discover resources that align with your specific interests and requirements.

It’s crucial to understand that CPE credits extend beyond IAPP-exclusive materials. Opportunities for credit accumulation encompass attending industry conferences, engaging in privacy-related training, and participating in a range of activities outlined in the IAPP CPE policy. Moreover, numerous cost-free activities are also eligible for credit accrual.

If you hold an annual IAPP membership, the maintenance fee is already covered by your membership benefits. For non-members, the fee can be directly paid. The positive aspect is that re-taking the exam is not required at the end of the two-year cycle. Your certification can be sustained by achieving the mandated CPE credits, fulfilling the fee obligation, and ensuring the continuous active status of your certification.

The end

Congratulations on successfully completing our comprehensive guide to achieving success in the CIPP/US exam. Your diligent efforts and commitment to your studies are sure to yield positive results. If you found this guide beneficial, we would greatly appreciate it if you could share your preparation journey with us. Feel free to share the strategies that proved effective for you, the obstacles you encountered, and your overall experience with the certification process.

If you are considering pursuing another IAPP certification, such as the CIPP/E or CIPM, we invite you to explore our study guides tailored to these certifications. To stay informed about new guidelines, recommended resources, updates to the exam, and more, we encourage you to visit our blog. Additionally, don’t miss out on our collection of free practice questions, available here.

We extend our best wishes for continued success in your studies!

Flashcards added to our CIPP/E and CIPP/US training courses!