Controlled Document Approved by: Certification Effective Date: 1/17/2022

Page 1 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

IAPP Privacy Certification

Continuing Privacy Education (CPE) Policy

Overview

All CIPP® (CIPP/US®, CIPP/C®, CIPP/E®, CIPP/A), CIPM™ and CIPT™ holders must meet
two minimum requirements over the two-year term of their certification in order to maintain
credentialed status: (1) pay a certification maintenance fee for their term (for members this fee is
included in their membership benefits) and (2) Submit evidence of 20 hours of continuing privacy
education (CPE) for each certification they hold.

The intent of this policy is to ensure our certified individuals are remaining up to date with the
latest developments in their designation or sector, while also allowing them the freedom to pursue
privacy and/or security education that is most relevant to their interests and job requirements. By
earning continuing education credits, certification holders do not have to retest to renew their
certifications. There are a few features of the policy that merit particular attention:

• Individuals with more than one IAPP certification are able and encouraged to apply CPE
credits to as many of their IAPP credentials as they see fit, as long as the continuing
education is relevant to those credentials. We understand that there can be substantial
crossovers in privacy that break through the boundaries we place around sectors and
jurisdictions. We believe it will be rare that people with multiple credentials will need to
earn 20 unique credits for each designation
• The number of available CPEs for certain activities are capped to encourage certified
individuals to pursue a variety of educational opportunities
• CPE Central on the IAPP website provides certification holders with numerous pre-
tagged CPE opportunities
• The IAPP is not the only place to pursue continuing education. Events, seminars, training,
and web conferences hosted by other professional organizations that inhabit the privacy,
InfoSec. Data governance, and healthcare spaces are often CPE eligible

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
1
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 2 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

This CPE policy was developed by the IAPP in conjunction with its advisory boards. The various
requirements of the policy have been reviewed and approved by the Certification Advisory Board
of the IAPP. The IAPP and the certification advisory boards established the CPE program and
policy and are solely responsible for reviewing, approving and issuing CPE credits. Further
inquires relating to Continuing Privacy Education can be directed to the IAPP (see CPE Contact
Information below).

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
2
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 3 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

Continuing Privacy Education

Definition

A continuing privacy education (CPE) credit is generally defined as a one-hour unit earned from
participating in or attending any program, event, or forum, reading or writing any published
written material, creating and administering a presentation, course of instruction, or other activity
that relates to privacy and/or security. The number of credits that can be earned per activity type
are more clearly defined later in this policy.

Certification Term

The IAPP credential (CIPP/US, CIPP/C, CIPP/E, CIPP/A, CIPM or CIPT) is considered
“active” beginning on the date that the individual credential holder has successfully completed the
certification examination for that credential and has paid a certification maintenance fee or is an
active member.

The credential term is two years from the first day of the month following the date the credential
was earned and each anniversary thereof. A person with multiple credentials will adhere to the
anniversary of his or her first credential; this is referred to as Term Alignment. If an additional
certification is attained past year 1 of his or her existing term, CPEs will not be required for the
new certification until the individual’s next term starts (in alignment with his or her first
certification.) He or she will then be required to complete the 20 additional credits. If the
additional certification is attained during year 1 of the existing term, the full 20 CPE’s will be
required.

Certification Maintenance

To maintain the credential(s), the certification holder must meet the minimum requirement of
CPEs for each term, as well as pay the certification maintenance fee of $250 (this fee is included
in membership benefits). If the credential holder fails in either of these obligations, the credential
will be considered suspended and the individual may no longer represent the CIPP/US, CIPP/C,
CIPP/E, CIPP/A, CIPM or CIPT designation in person or on business cards in professional
correspondence or other communications; furthermore, the IAPP Membership Directory will not
represent the member as an IAPP credential holder.

A certified individual will receive at least three email reminders to submit their required CPEs—
90, 30, and 7 days before their term is set to expire. The Certification Maintenance Fee and
Membership can both be purchased online in the IAPP Store.

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
3
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 4 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

CPE Submission

It is the certificant’s responsibility to ensure that CPEs earned from IAPP and non-IAPP
programming and events have been applied correctly to their accounts.

Certified individuals must use the CPE Submission Form to self-report all non-IAPP activities
within 90 days of the event, otherwise the CPEs will not be accepted. CPEs earned from IAPP
activities such as conferences, webinars, and live trainings, will be automatically added to the
certificant’s account and do not need to be self-submitted.

CPE Central

The IAPP has created a searchable database for all IAPP CPE-eligible activities. Certificants can
search by certification designation, activity type, and CPE amount in order to find exactly what
they need. CPEs are automatically added to the certificant’s relevant certifications for all IAPP
events and can take up to 2 weeks.

Suspension and Reinstatement

An individual’s certification can be suspended due to a lack of membership or enrollment in the

Certification Maintenance Fee (CMF), or for lack of their required CPE’s. NOTE: The CMF is
strictly a credential activation product and therefore runs concurrently with the Certificate term.
Membership is not a certification-only product and as a result may have a unique start and end
date separate from the certification term. IAPP membership benefits includes the CMF fee.

Suspension for Lack of CPE’s:

If, at the end of a certification term, the certificant has not completed and submitted the required
amount of CPEs, his or her new term will begin in suspended status. When an individual’s
certification is suspended for lack of CPEs, he or she cannot submit CPEs earned in the prior term
to cover the deficiency from that term; instead, he or she must earn additional CPEs during the
new term to cover the gap from the prior term. Once the individual earns the CPEs owed from
the prior term, the suspension will be lifted. Once the certification is returned to active status, the
individual must then satisfy the regular CPE requirements for their credential(s) for the current
term. For example, someone with a CIPP/US whose term expires while she still owes 8 CPEs
will then need to earn 28 during the new term. Once she submits 8 CPEs, her certification will
return to active status and they will be required to earn the 20 CPEs for the current term.

Suspension for Lack of Membership:

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
4
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 5 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

If a certificant’s membership lapses during their certification term, the certification(s) will be
suspended immediately. The certification(s) will be reinstated once payment of all missing fees has
been processed. Membership can be purchased here.

Suspension for Lack of CMF:

If, at the end of a certification term, the certificant has not paid the CMF for the next term, his or
her next term will begin in suspended status. The certification will become active once the
individual pays the CMF. A new CMF fee can be purchase here.

An individual’s certification will be revoked if any of the following three events occur:

1. If, during an individual’s certification term, he or she has been suspended for failure to pay
the certification maintenance fee, and at the end of the suspended certification term the
fee has not been paid, the credential will be revoked.

2. If, during an individual’s certification term, he or she has been suspended for failure to pay
renewal membership fees, and at the end of their current certification term the fees have
not been paid, the credential will be revoked.

3. If, at the end of a certification term, an individual is suspended for failure to submit the
required CPEs and does not remedy the CPE shortage by the end of his or her next term,
the credential will be revoked.

Certificants with revoked credentials will be required to retake and pass the certification
designation(s) exams and, if necessary, pay the certification maintenance fee (non-members) or
restore active IAPP membership status

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
5
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 6 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

Multiple Credentials

Term Alignment

All certifications will eventually align to the start and end dates of the credential holder’s first
earned certification. When an additional certification is earned, the new certification will
automatically adopt the end date of the original certification.

If an additional certification is attained past year 1 of his or her existing term, CPEs will not be
required for the new certification until the individual’s next term starts (in alignment with his or
her first certification.) He or she will then be required to complete the 20 additional credits. If the
additional certification is attained during year 1 of the existing term, the full 20 CPE’s will be
required.

When the end date of the certifications arrives, and each requirement has been met, all
certifications will run concurrently for the same two-year term.

Surplus CPE Credits

In the event that an individual exceeds the required CPEs in a two-year period, that individual
may carry over a maximum of 10 credits per certification as long as they were earned in the 6
months prior to the end of the recertification period.

If the surplus CPEs are earned outside of the last 6 months, certification holders can still view the
activity in their CPE history.

Documentation

Certified individuals must use the CPE Submission Form to self-report all non-IAPP activities-
but are not required to submit supporting documentation at this time; however, you must retain
documentation in your own records in the event you are randomly selected for a CPE audit.
Documentation might include an email confirmation from an event or a receipt from a webinar.
You should retain these records each year for three months after your anniversary date.

Certified individuals must self-report all non-IAPP activities within 90 days of the event, otherwise
the CPEs will not be accepted.

Audit

The IAPP will conduct periodic random audits of CPE accounts and request documentation for
events and activities not automatically credited to a certificant’s account (those submitted by the
certificant). Certificants randomly selected for an audit will be notified by e-mail. Audits may
result in any of the following findings:
Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA
+1 603.427.9200 ∙ certification@iapp.org
6
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 7 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

1. Acceptable documentation and verification of CPE credit hours submitted.

2. Unacceptable documentation and request for further documentation. Such further
documentation must be received by the IAPP within 30 days of the request.
3. CPE credit hours will be denied for either (a) unacceptable documentation or (b) failure
to respond within the specified period, and the credit hours will be subtracted from the
certificant’s CPE account.

If, in the course of an audit or by any other means, the IAPP determines that a certificant has
submitted CPE credit hours for activities in which he or she did not participate, the certificant’s
CIPP, CIPM or CIPT credential(s) will be immediately and permanently revoked.

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
7
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 8 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

Eligible Activities for Continuing Privacy Education Credit

The following programs are eligible for CPEs. IAPP-certificants are responsible for reviewing the
requirements for submitting credit for these programs. Please note, CPEs awarded for attending
IAPP conferences, web conferences and Knowledge-Nets will be automatically applied to your
IAPP certification account; you are not required to self-report for these activities.

• ATTENDING IAPP CONFERENCES AND PARTNERED EVENTS = Up to 12

CPEs per event, per attendee

Includes the Global Privacy Summit, Privacy. Security. Risk (Formerly Privacy Academy),
IAPP Canada Privacy Symposium, IAPP Europe Data Protection Congress, IAPP Europe
Data Protection Intensive, Practical Privacy Series and IAPP Asia Privacy Forum. If you
hold multiple credentials, the maximum allowed credits for pre-conference workshops,
privacy training and/or the main conference attended will be automatically applied to each
designation you hold. Note: IAPP conference attendees who become certified at that
conference will be able to claim CPEs for that conference.

• IAPP LIVE AND RECORDED AUDIO/VIDEO PROGRAMS = 1 CPE per hour

Awarded CPE credits from an IAPP web conference, live or recorded, will be
automatically applied to your IAPP account within 24 hours of purchase.
In the event that the audio conference phone line is used by multiple employees of the
same organization (who also are IAPP-certified), each participating employee (other than
the registered user) from that organization will need to complete and submit a CPE
Submission Form, listing the name of the registered user, as soon after the audio
conference as practicable.

• SPEAKING OR PRESENTING AT AN IAPP EVENT OR ONLINE PROGRAM=

3 CPEs per hour of speaking/presenting for the first delivery of the presentation; 1 CPE
per hour for redelivery of the same material.

Awarded CPEs from speaking or presenting at an IAPP event or online program will be
automatically applied for you to your IAPP account after the event has taken place.

• ATTENDING NON-IAPP PRIVACY EVENTS OR ONLINE PROGRAMS= 1

CPE per hour, up to 12 CPEs per event, per attendee

CPE credits are awarded to CIPP, CIPM and CIPT holders who attend events, forums
and online programs that are provided by other organizations and agencies. For your
convenience we have a listing of approved privacy training and activities available on our
website (see IAPP’s Industry Events page or IAPP’s Approved CPE Providers page).

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
8
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 9 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

• SPEAKING OR PRESENTING AT NON-IAPP EVENTS OR ONLINE

PROGRAMS = 3 CPE per hour of speaking/presenting for the first delivery of the
presentation; 1 CPE per hour for redelivery of the same material.

CPE credits are awarded to CIPP, CIPM and CIPT holders who speak before an
audience or present a program provided that such an appearance/presentation/course
covers content in privacy and/or security.

- The certificant should retain one or more of the following forms of documentation
in the event of an audit: the program agenda, speaker profile and/or panel
description.

• IAPP KNOWLEDGE-NET MEETINGS = 1 CPE per hour per attendee

In order to receive credits for IAPP Knowledge-Net, each IAPP-certified professional

must sign the attendance sheet at the meeting. Awarded CPEs for attending an IAPP
Knowledge-Net will be automatically applied to your IAPP account two weeks after the
event has taken place.

• IAPP CERTIFICATION TRAINING = 13 CPEs per program, per attendee

Includes both instructor-led and media-based training.

Note: because CPE activities must be completed after initial certification, only existing
CIPPs, CIPMs and CIPTs and those who certify at an IAPP conference after taking
IAPP training at that conference are eligible for CPE credit for certification training.

Only IAPP-certified individuals who are confirmed purchasers of the media-based training
program will be awarded CPE credits. Please use the CPE Submission Form to report
CPEs for media-based training.

• IAPP TRAINING FACULTY: 1 CPE per session hour, max 16 CPEs per recertification
period.

IAPP training faculty will have CPEs automatically applied to their IAPP account after the
training has taken place. Upon reaching the maximum allowed CPEs for training with the
IAPP, no more CPE credits will be applied.

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
9
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 10 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

• NON-IAPP PRIVACY TRAINING, INCLUDING WORKPLACE-REQUIRED

PRIVACY TRAINING=1 CPE per hour for attendees and presenters

Validated by proof of attendance or completion of an assessment.

• PRIVACY-SPECIFIC READING MATERIALS = 1 CPE per 50 pages of text/max of

5 CPE credits per certification period
Includes selections from the IAPP’s Authoritative Resource List(s).

CPE credits are awarded to CIPP, CIPM and CIPT holders in recognition of reading
efforts and self-study activities based on a formula where 1 CPE credit is awarded for
every 50 pages of written text that is read by the applicant. For example, a 300-page book
on data privacy laws is eligible for the maximum of 5 CPE credits.

• IAPP WEBSITE CONTENT

Certain IAPP website content of sufficient breadth and importance will be eligible for
CPE credit. These eligible articles, studies, and white papers will be clearly tagged on the
site with the designation(s) the content relates to, and the number of CPEs available.

• PUBLISHED MATERIALS

CPE credits are awarded to CIPP, CIPM and CIPT holders who produce publicly
accessible writing on privacy or security. The published materials should be research-based
and reflect privacy or security knowledge or the dissemination of privacy or security
knowledge. Eligible examples include white papers, articles, newsletters and blogs. In the
event of a CPE audit, a certified individual must provide access to the published materials.

➢ 1 CPE for an employer-issued newsletter

➢ 2 CPEs for an article in an industry group publication
➢ 3 CPE for an article in a publication of general circulation
➢ 5 CPE for a law review article or book chapter
➢ 10 CPE for an entire book

• ATTENDING ACADEMIC CLASSES IN PRIVACY = 3 CPEs per academic credit

hour, up to 12 CPEs per class

CPE credits are awarded to CIPP, CIPM and CIPT holders who successfully complete
academic courses in privacy or security with a minimum C (or equivalent) grade. In the
event of a CPE audit, the certificant must provide an official copy of the transcript issued
by the academic institution.

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
10
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 11 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

• TEACHING ACADEMIC CLASSES IN PRIVACY = 3 CPEs per academic credit

hour, up to 12 CPEs per class

CPE credits are awarded to CIPP, CIPM and CIPT holders who teach a course of
instruction provided that such an appearance/presentation/course covers content in
privacy and/or security.

• COACHING/MENTORING AN EMPLOYEE IN PRIVACY OR SECURITY=3

CPEs per mentoring relationship

- In the event of a CPE audit, the certified individual will need to provide evidence
supporting their coaching or mentoring arrangement.

IAPP VOLUNTEER ACTIVITIES

• IAPP BOARD OF DIRECTORS, CERTIFICATION ADVISORY BOARDAND

EXAM DEVELOPMENT BOARD PARTICIPATION = 5 CPEs per year

• ALL OTHER IAPP ADVISORY BOARD PARTICIPATION = 3 CPEs per year

CPE credits are awarded to individuals who serve as a member of an IAPP board for a
length of one full term. Credits will be automatically awarded in December for service
performed during that year. Active participation in board meetings is required to qualify
for full credit. Eligible boards are the Education Advisory Board, Publications Advisory
Board, Canadian Advisory Board, and European Advisory Board

• IAPP KNOWLEDGENET CHAIR = 3 CPEs per year per chairperson

CPE credits are awarded to individuals who serve as a chairperson for IAPP
KnowledgeNet locations. Credits will automatically be awarded in December for service
performed during that year.

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
11
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 12 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

Certification Disputes

In the event of a dispute regarding certification status, CPE status or CPE credit value, concerned
credential holders may contact the IAPP to resolve the matter informally. Formal complaints and
appeals may be made by completing the appropriate form within 30 days of the incident’s
occurrence and sending it to the IAPP Certification Department The submission may be mailed,
e-mailed or faxed. The submission shall include sufficient objective evidence to substantiate the
claims and allow for a decision to be made and the appropriate action to be taken. Please review
the appropriate policies and forms here for more information.

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
12
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 13 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

CPE Credit Guide

Activity Participant Max Speaker/Presenter/Teacher/A Max
uthor
IAPP-sponsored or 1 CPE per hour 12 per 3 CPEs per hour of 12 per
partnered events event speaking/presenting for the term
first delivery of the
presentation; 1 CPE per hour
for redelivery of the same
material.

Privacy events not 1 CPE per hour 12 per 3 CPEs per hour of 12 per
hosted or sponsored by event speaking/presenting for the term
the IAPP first delivery of the
presentation; 1 CPE per hour
for redelivery of the same
material.

Reading 1 CPE per 50 5 per

pages certification
period
Podcasts or Web 1 CPE per hour 3 CPEs per hour of
Conferences speaking/presenting for the
first delivery of the
presentation; 1 CPE per hour
for redelivery of the same
material.
Academic coursework 3 CPEs per 12 per term 3 CPEs per academic credit
in Privacy academic credit hour
hour
IAPP Training 13 CPEs per 13 per term 1 CPE per hour of teaching 16 per
Courses program, per for first delivery/1 CPE per term
attendee hour for re-delivery
Non-IAPP Privacy 1 CPE per hour 13 per term 1 CPE per hour of teaching 16 per
Training for first delivery/1 CPE per term
hour for re-delivery
Workplace-required 1 CPE per hour 13 per term 1 CPE per hour of teaching 16 per
Privacy Training for first delivery/1 CPE per term
hour for re-delivery
Published materials • 1 CPE for an
employer-issued
newsletter
• 2 CPEs for an article
in an industry group
publication
• 3 CPE for an article
in a publication of

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
13
Controlled Document Approved by: Certification Effective Date: 1/17/2022
Page 14 of 14 Advisory Board

Version 3.1.0 Approved on: 12/1/2021 Supersedes: 3.0.0

general circulation
• 5 CPE for a law
review article or book
chapter (since
probably a similar
amount of work)
• 10 CPE for an entire
book
IAPP Knowledge-Nets 1 CPE per hour 3 CPE per year
Certification Advisory 5 CPE per year
Board (CAB)
All other IAPP 3 CPE per year
Advisory Boards
Proctoring IAPP 1 CPE per 3 CPE per
exams Proctoring term
session

Pease International Tradeport ∙ 75 Rochester Ave∙ Portsmouth, NH 03801 USA

+1 603.427.9200 ∙ certification@iapp.org
14