If you are interested in advancing your career at the intersection of technology and privacy, then obtaining the Certified Information Privacy Technologist (CIPT) credential is a great place to start. To become certified, you will need to pass the CIPT exam, which is administered by the International Association of Privacy Professionals (IAPP). To pass this exam, one must understand all of the topics and concepts listed in a document that the IAPP refers to as the Body of Knowledge (BoK). The CIPT Body of Knowledge is a high-level document that should guide any study plan.
Historically, the IAPP has released updated BoKs for three of its other exams—the CIPP/US, CIPP/E, and CIPM certifications—sometime around mid-May to mid-June. This year, after overhauling the CIPT Body of Knowledge significantly in 2023, the IAPP has moved the CIPT updates onto this same schedule. It now considers the CIPT exam one of its “core certifications.”
You might ask yourself: why does the IAPP issue updates every year? The reason is twofold. First, the IAPP wants to make sure its certification exams keep pace with the rapidly evolving industry of data protection and new technologies. And second, the IAPP wants to make sure its certification exams do not become too “overexposed.”
In its last update to the CIPT Body of Knowledge in October 2023, the IAPP stated that the exam would consist of up to 50% new content. Thankfully, the changes made this year to the 2024-2025 CIPT Body of Knowledge are much more manageable. We break down these changes below, in detail.
When Do These Changes Go into Effect?
As we noted above, the annual CIPT Body of Knowledge update has now moved onto the same schedule as the CIPP/US, CIPP/E, and CIPM updates. That means the changes to the CIPT certification exam will also become active at the same time as the changes to these other exams become active on September 2, 2024.
To give test-takers plenty of time to prepare and to ensure that there are no surprises, the IAPP always makes sure to release updates to the CIPT Body of Knowledge months before any new material appears on an exam.
What is the Format for the New CIPT Body of Knowledge?
Since its inception, the IAPP has structured the Bodies of Knowledge for each of its certification exams in a nested outline structure. Last year, however, that began to change with the release of the 2023-2024 Certified Information Privacy Manager (CIPM) Body of Knowledge. The CIPT Body of Knowledge for 2023-2024 continued to adhere to the traditional nested outline format.
Under the new approach, Bodies of Knowledge are organized according to high-level “competencies” that are then matched with a set of “performance indicators.” According to the IAPP, competencies are intended to be “clusters of connected tasks and abilities that constitute a body of knowledge domain.” On the other hand, performance indicators “are the discreet tasks and abilities that constitutes the broader competence group.”
Beyond this restructuring, this new format combines the BoK with a document the IAPP previously referred to as the “Exam Blueprint.” The Exam Blueprint identified the number of questions (given as a range) that test-takers should expect to see on each competency.
Unsurprisingly, the 2024-2025 CIPT Body of Knowledge now follows this updated format.
Changes to the New CIPT Body of Knowledge
At this point, you’re probably wondering: What besides the structure changed? The good news, not a whole lot.
Did the Domains Change?
Domains are the highest level of organization within the CIPT Body of Knowledge. For the CIPT BoK, these domains remain the same as they were last year, with only some minor rephrasing. One thing of note, however, is that Domains V and VI have been reordered. There are seven domains, which include the following:
- Domain I – Foundational Principles
- Domain II – The Privacy Technologist’s Role in the Context of the Organization
- Domain III – Privacy Risks, Threats and Violations
- Domain IV – Privacy-Enhancing Strategies, Techniques and Technologies
- Domain V – Privacy by Design
- Domain VI – Privacy Engineering
- Domain VII – Evolving or Emerging Technologies in Privacy
Are There Any New Topics or Concepts That Have Been Added?
Some new topics and concepts appear on the 2024-2025 CIPT Body of Knowledge that were not included in last year’s version. Before diving in, however, there is one point worth noting.
When the IAPP transitioned the CIPM BoK to the new competency / performance indicator format, it grouped topics together in a way that masked some of the nuance. The transition with respect to the CIPT exam appears much more straightforward. The highest-level categories under the old structure easily map to the new “competencies,” while the subtopics under the old structure easily map to new “performance indicators.” This makes comparison relatively easy, which was decidedly not the case with the CIPM transition to this new format.
Topics VII.D and VII.E were combined into one competency. All of the other highest-level topics on last year’s CIPT BoK have been made into their own competency in this year’s CIPT BoK.
While it is easy to track the topics from last year to this year, it is worth noting that some of the competencies and performance indicators have slightly different phrasing, and some have been combined to create one performance indicator. But, they generally cover the same topic as listed last year. There is not much detail lost in this transition, and in some cases, further description is provided.
With that said, the following new performance indicators appear on this year’s CIPT BoK:
- Competency II.B – Performance Indicator: “Advise on Privacy by Design implementation via privacy engineering in systems engineering processes”
- Competency II.B – Performance Indicator: “Provide technical privacy support to identify and respond to privacy breaches and other types of incidents”
- Competency V.A – Performance Indicator: “Demonstrate how the principles of privacy risk are embedded into the design process”
- Competency V.C – Performance Indicator: “Apply Value Sensitive Design aligned with Privacy by Design principles”
- Competency VII.C – Performance Indicator: “Identify and minimize privacy risk involved in using DNA”
We note that all except the last of these performance indicators are relatively similar to past topics on the CIPT exam. In our opinion, they do not represent a fully new topic. Although the IAPP has identified each as new, which indicates they are likely to receive increased emphasis this year.
In short, after the massive overhaul of the CIPT exam last year, the changes this year are very minimal.
Were Any Topics or Concepts Removed?
With the above caveats regarding the new BoK structure, it does not appear that the IAPP removed any topics from its CIPT BoK this year.
Did the Number of Questions Asked on Each Topic Change?
Perhaps the biggest change to this year’s CIPT Body of Knowledge is the number of questions asked with respect to each domain and competency. Literally every domain and every competency now has new number of questions that may be asked about them.
Below we list the number of questions that can be asked in each domain and whether that domain is newly emphasized or deemphasized compared to last year.
- Domain I – Foundational Principles (13-15 questions; emphasized)
- Domain II – The Privacy Technologist’s Role in the Context of the Organization (7-9 questions; deemphasized)
- Domain III – Privacy Risks, Threats and Violations (15-19 questions; emphasized)
- Domain IV – Privacy-Enhancing Strategies, Techniques and Technologies (9-11 questions; deemphasized)
- Domain V – Privacy by Design (8-10 questions; emphasized)
- Domain VI – Privacy Engineering (10-12 questions; emphasized)
- Domain VII – Evolving or Emerging Technologies in Privacy (5-7 questions; deemphasized)
Is Privacy Bootcamp’s CIPT Course Up to Date?
Yes, all Privacy Bootcamp courses are up to date.
At Privacy Bootcamp, we comprehensively update our courses once a year to correspond to changes implemented by the IAPP. We begin work implementing these annual updates months before the IAPP releases its updated BoKs. We do this based upon knowledge of changing technology, events in the privacy and data protection industry over the past year, and student feedback. These comprehensive updates are in addition to smaller updates that we release throughout the year.
Our students are never left flat-footed. In the coming days, weeks, and months we will begin rolling out all of our annual updates. So be on the lookout for new content for our CIPT course shortly. We ensure that these updates happen seamlessly for all enrolled students, and months ahead of the September 2, 2024, effective date. There’s no reason to worry about the changes the IAPP throws your way when you have Privacy Bootcamp at your side.
