Monday, November 24, 2014

JD, CIPP/US, CIPP/E - The Purpose of Credentials and Examinations?

Last week I passed an examination on European privacy that entitles me to add CIPP/E after my name.

So what?

When I took the Minnesota bar exam in 1985, failing was not an option. The exam took two days and was intended to determine whether or not I was qualified to practice law. The J.D. (Juris Doctor) degree lets the world know that I graduated from law school and attained a professional doctorate in law. Yes, I graduated with a J.D. from the University of Minnesota law school and passed the bar exam.  I have enjoyed almost 30 years of a very fulfilling legal practice where no more examinations or credentials were required for me to counsel clients in my chosen practice areas of intellectual property law, information technology law, e-commerce and internet law, and data privacy and security laws and regulations. 

So what prompted me to spend many weekends and evenings studying for and taking the examinations necessary to become a Certified Information Privacy Professional (CIPP)? Did I really want to subject myself to the same stress and anxiety I experienced in 1985? Or in 2012 when I took the CIPP/US examination

For the CIPP/E exam, I was ensconced alone in a tiny room in a nondescript St. Paul office building with nothing but the computer terminal and a proctor to make sure that I was indeed Michael R. Cohen and that I would have absolutely no help in completing the exam. Upon answering the last question and hitting the submit key, I learned immediately that I had passed the CIPP/E exam. Instant gratification.

What is the big deal about obtaining a CIPP/US and CIPP/E ?

The CIPP is the global standard in privacy certification. Developed and launched by the International Association of Privacy Professionals (IAPP) with leading subject matter experts, it is the world’s first broad-based global privacy and data protection credentialing program. The CIPP/US demonstrates a strong foundation in U.S. private-sector privacy laws and regulations and understanding of the legal requirements for the responsible transfer of sensitive personal data to/from the United States, the European Union, and other jurisdictions. 

The CIPP/E is the first professional credential specific to European data protection professionals that is part of a comprehensive, principles-based framework and knowledge base in information privacy. The CIPP/E encompasses pan-European and national data protection laws, the European model for privacy enforcement, key privacy terminology, and practical concepts concerning the protection of personal data and trans-border data flows. 

By reviewing the extensive IAPP course materials, I confirmed what I already knew and filled in gaps as necessary. To pass these CIPP examinations, you must know a lot about data privacy and security law. And with our global economy and expanded use of e-commerce and the internet, few businesses today can safely say that they only need to be concerned about privacy laws in the United States. To me, the knowledge gained through preparation for the CIPP/E exam was equally as important as what I learned preparing for the CIPP/US. 

With confidence, I can now help my clients successfully navigate their business through our global data-driven global economy.  I can now help organizations manage rapidly evolving privacy threats and mitigate the potential loss and misuse of information. And I am not finished learning. I continue to monitor developments in privacy law daily to make sure I know what is happening and that my clients are getting the most current advice relative to this ever-changing legal landscape.

So you tell me–are you in compliance with all federal, state, and global privacy laws and regulations? Ready for changes in the EU directive relative to the collection and use of personal information? In compliance with the European “right to be forgotten” and the California eraser law (effective January 1, 2015)? Prepared for the onerous penalties for noncompliance with the new Canadian anti-spam law?  Do you have a plan in place for when a data breach occurs?

If you do not yet have a plan in place for dealing with a data breach or don’t know whether you are in compliance with data privacy and security laws, you may want to consult your favorite lawyer. It should be comforting if you see them wearing a little gold CIPP pin on their lapel.

Michael R. Cohen

1 comment :

  1. Michael. Nice article. I am also studying for the certification CIPP/G. What helped you pass the exam?