The International Association of Privacy Professionals (IAPP) is a nonprofit, non-advocacy membership association founded in 2000.[2][3] It provides a forum for privacy professionals to share best practices,[4] track trends,[5] advance privacy management issues,[6] standardize the designations for privacy professionals,[7] and to provide education and guidance on career opportunities in the field of information privacy.[8] The IAPP offers a full suite of educational and professional development services, including privacy training, certification programs,[9] publications and annual conferences. It is headquartered in Portsmouth, New Hampshire.
History
Founded in 2000,[10] IAPP was originally constituted as the Privacy Officers Association (POA). In 2002, it became the International Association of Privacy Officers (IAPO) when the POA merged with a competing group, the Association of Corporate Privacy Officers (ACPO).[11] The group was renamed to the International Association of Privacy Professionals in 2003 to reflect a broadened mission that includes the ranks of corporate personnel, beyond the position of Chief Privacy Officer, engaged in privacy-related tasks.
Membership reached 10,000 in 2012 and in 2019, the organization reported it had surpassed the 50,000 member mark.[12] The rapid growth was the result of increased demand for privacy expertise in the face of emerging laws such as the EU's General Data Protection Regulation (GDPR).[10][13] Half of the association's members are women.[14]
In 2024, IAPP President and CEO J. Trevor Hughes announced that IAPP would be expanding its mission to "define, promote and improve the professions of privacy, AI governance and digital responsibility globally."[15]
Professional certifications
The IAPP is responsible for developing and launching a global credentialing programs in information privacy.[10] The CIPM, CIPP/E, CIPP/US and CIPT credentials are accredited by the American National Standards Institute (ANSI)[16] under the International Organization for Standardization (ISO) standard for Personnel Certification Bodies 17024:2012.[10][17] These certifications have been described as "the gold standard" for validating privacy expertise.[18]
Certified Information Privacy Professional (CIPP)
The CIPP currently offers five areas of concentration, each focused on a specific region:[19] United States (CIPP/US), Canada (CIPP/C), Europe (CIPP/E), Asia (CIPP/A), China (CIPP/CN).[9][10][20] For several years, a specialization in US Government privacy matters (CIPP/G) was offered but the program was terminated on September 30, 2018, and is presently inactive.[21]
Certified Information Privacy Manager (CIPM)
The CIPM demonstrates understanding of the operational aspects of privacy program management.[10][22][23]
Certified Information Privacy Technologist (CIPT)
The CIPT demonstrates understanding of how to manage and build privacy requirements into technology.[10][23][24]
Artificial Intelligence Governance Professional (AIGP)
In 2024, the IAPP launched the AIGP (Artificial Intelligence Governance Professional) certification which equips professionals with essential skills to understand and execute responsible AI governance. It emphasizes foundational knowledge around the development and evolution of key AI technologies, the emerging legal and regulatory frameworks, and the building of governance processes to effectively and responsibly implement AI in organizations.[25]
Privacy Law Specialist (PLS)
In 2018, the IAPP initiated the PLS program, which is one of only 15 areas of legal specialization accredited by the American Bar Association (ABA). The PLS is intended only for lawyers practicing in the US. By 2019, approximately 75 attorneys had achieved the certification.[23][26]
Fellow of Information Privacy (FIP)
The FIP designation is reserved for individuals who have attained the CIPP and either CIPM or CIPT designations, can demonstrate at least three years of work experience in which at least 50% of the job responsibilities are managing data privacy issues. The designation also requires three references who are industry peers and familiar with the applicant's work.[18][27]
Research
The IAPP produces original research through the IAPP Westin Research Center. Two privacy scholars are selected each year for a fellowship to work on privacy research projects under the guidance of the IAPP's vice president of research and education. Topics are selected with the purpose of supporting the growth and development of the privacy profession and furthering understanding of the major privacy issues.
IAPP Global Privacy Summit,[30] held in Washington, DC, is the world's largest international privacy conference.
IAPP Privacy. Security. Risk. (P.S.R.), is held in the Fall in a variety of locations (primarily on the West Coast of the US) and offers the best of privacy and security, with innovative cross-education and networking.
IAPP Canada Privacy Symposium is usually held in Toronto in May, gathering regulators and thought leaders for intensive learning and discussion of Canadian Privacy challenges.
IAPP Europe Data Protection Congress is usually held in Brussels in late Fall, covers topics related to policy and regulation in Europe.
IAPP Data Protection Intensives[31] are held multiple times throughout the year in cities such as London, Paris, or Berlin. These events cover operational privacy issues of specific interest to European data protection professionals.
IAPP Asia Privacy Forum is held in Singapore each Spring, covering topics of specific interest to the Singaporean and greater Asia-Pacific privacy community.
IAPP ANZ Summit held in Sydney in October, covering topics particular to the Australia and New Zealand privacy community.
Publications
The Privacy Advisor,[32] the IAPP's publication, provides news, reporting on legal developments and analysis of rules and privacy practices.
The Privacy Perspectives blog includes opinion and insight from around the globe.
The Privacy Tracker blog follows legislative developments and provides guidance and analysis of how legislation impacts privacy practitioners.
The Privacy Tech blog covers privacy-enhancing technology and the technical implementation of privacy.
These publications are filtered through the Daily Dashboard, a daily clipping service, and regional digests covering Canada, Europe and the Asia-Pacific region.
^Tracy, Ryan; McKinnon, John D. (24 July 2019). "Facebook Penalty Sends Message to Big Tech". The Wall Street Journal. Dow Jones & Company, Inc. Archived from the original on 18 August 2019. Retrieved 18 August 2019. "I expect a lot of board members and CEOs are chatting and texting today about what exactly they need to do to ensure they are within spitting distance of these new best practices," said Trevor Hughes, president of the International Association of Privacy Professionals.
^Merken, Sara (12 August 2019). "Companies Turning to Tech Vendors for Privacy Compliance Tools". Bloomberg Law. The Bureau of National Affairs, Inc. Archived from the original on 18 August 2019. Retrieved 18 August 2019. The number of privacy tech companies jumped from 51 vendors in 2017 to 224 in 2019 so far, according to annual privacy tech vendor reports by the International Association of Privacy Professionals.
^"Measuring privacy operations: Use of technology on the rise". HelpNetSecurity. 6 December 2018. Archived from the original on 18 August 2019. Retrieved 18 August 2019. "Among our thousands of members, we know that privacy teams are now reporting on a regular basis to company leadership, and consequently they need to demonstrate results and a return on investment," said Trevor Hughes, CEO and President of the IAPP.
^Edwards, John (6 August 2019). "Why You Should Create a Forward Looking Privacy Policy". InformationWeek. UBM. Archived from the original on 18 August 2019. Retrieved 18 August 2019. She added that organizations can also join privacy groups, such as the International Association of Privacy Professionals (IAPP), to stay on top of changes and access self-education resources.
^ abKim, Lee (8 July 2019). "My Journey to Attaining Two Professional Certifications, CIPP and CISSP". HIMSS.org. Healthcare Information and Management Systems Society. Archived from the original on 31 July 2019. Retrieved 24 August 2019. I find value in the CIPP and CISSP credentials every day. Throughout my various professional roles in law, information technology, and now in health IT, I have always had to use multiple domains of knowledge.
^ abcdefgTittel, Ed (6 June 2018). "Gearing up for GDPR certification: Only a few good options". Hewlett Packard Enterprise. Hewlett Packard Enterprise Development LP. Archived from the original on 24 August 2019. Retrieved 24 August 2019. Right now, as far as I can tell, the IAPP is the only organization that qualifies as a full-fledged and entirely reputable purveyor of certifications that incorporate GDPR skills and knowledge in its various credentials (and the curricula and exams that support them). The IAPP is a vendor- and policy-neutral organization that's been around since 2000, billing itself as "the world's largest global information privacy community."
^Maselli, Jennifer (25 August 2003). "Privacy Group Focuses on RFID". RFID Journal. Emerald Expositions, LLC. Retrieved 18 August 2019. "This is a timely topic," says Shara Prybutok, an administrator for IAPP, which was formed recently by the merger of the Privacy Officers Association and the Association of Corporate Privacy Officers.
^ abCoseglia, Jared (29 May 2018). "The Power of Certifications in the Legal Industry". Law.com. ALM Media Properties LLC. Archived from the original on 24 August 2019. Retrieved 24 August 2019. The International Association of Privacy Professionals' (IAPP) certification program has quickly become the gold standard for employers seeking instant validation of an individual's privacy expertise.
^Spiezio, Caroline (7 May 2019). "US Chief Privacy Officers Get Paid More Than EU Peers, Have Closer Ties to Legal". Law.com. ALM Media Properties LLC. Archived from the original on 27 July 2020. Retrieved 24 August 2019. According to the IAPP's 2019 Privacy Professionals Salary Survey, American CPOs' median salary is $212,000 compared to $185,000 in the U.K. and $142,000 in the European Union. The global median salary for CPOs is $200,000 in 2019.