Use this quick start guide to collect all the information about IAPP CIPP-C Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the CIPP-C IAPP Certified Information Privacy Professional/Canada exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual IAPP Information Privacy Professional/Canada certification exam.
The IAPP CIPP-C certification is mainly targeted to those candidates who want to build their career in Privacy Laws and regulations domain. The IAPP Certified Information Privacy Professional/Canada (CIPP-C) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of IAPP Information Privacy Professional/Canada.
IAPP CIPP-C Exam Summary:
| Exam Name | IAPP Certified Information Privacy Professional/Canada (CIPP-C) |
| Exam Code | CIPP-C |
| Exam Price |
First Time Candidate: $550 Retake: $375 |
| Duration | 150 mins |
| Number of Questions | 90 |
| Passing Score | 300 / 500 |
| Books / Training | Canadian Privacy (CIPP/C) |
| Schedule Exam | Pearson VUE |
| Sample Questions | IAPP CIPP-C Sample Questions |
| Practice Exam | IAPP CIPP-C Certification Practice Exam |
IAPP CIPP-C Exam Syllabus Topics:
| Topic | Details |
|---|---|
Introduction to Privacy in Canada |
|
| Understand the Canadian governmental structure |
- Understand the basics of the Canadian government and legal system (e.g., the political structure, the division of powers, the role of courts and administrative tribunals). - Understand Canadian laws and their interpretations (e.g., the difference between civil and common law, the sources of law, the scope and application of law). - Know the purposes and roles of Privacy Commissioners, courts and remedies (e.g., the scope of Federal, Provincial and Territorial Commissioners, the scope of Federal and Provincial courts). |
| Apply privacy basics |
- Understand that definitions of personal information vary among Canadian jurisdictions and legislation (e.g., employee and work related information, public records, publicly available information). - Understand what constitutes private or sensitive information. - Understand how to safeguard personal information (e.g., standards / frameworks, categories of controls applicable to third parties, privacy enhancing technologies, cybersecurity issues, impacts of technological world). - Understand privacy incidents, privacy breaches and reporting obligations (e.g., high-level processes for dealing with each, notification to privacy commissioner according to legislation as applicable to each sector). - Understand emerging AI laws in all sectors. |
| Understand the development of privacy principles |
- Understand the general concepts and development of fair information practices and when to use applicable practices (e.g., notice, types of content, access controls and accountability). - Know the Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy. - Know the Canadian Standards Association (CSA) Model Code for the Protection of Personal Information. - Know the Generally Accepted Privacy Principles (GAPP). |
| Understand international privacy and implement where applicable | - Understand that international and regional laws impact Canadian organizations and are relevant to particular situations (e.g., data transfers across borders, applicable adequacy standards, and sector specific considerations for healthcare, education, and finance) |
Canadian Privacy Laws and Practices – Private Sector |
|
| Know the Privacy Principles that are the foundation of the Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial private sector laws |
- Understand what is and is not a commercial activity. |
| Know when private-sector legislation is applicable instead of PIPEDA |
- Know the provinces that have privacy laws deemed substantially similar to PIPEDA. - Understand the scope of application of PIPEDA & substantially similar laws. - Know what private sector industries fall under federal and provincial laws respectively. - Know the differences between PIPEDA and provincial private sector laws (e.g., individual rights, breach notification, PIA, profiling technologies, automated decision making). |
| Understand Canada’s Anti-Spam Legislation (CASL) | - Follow rules for consent, identification and unsubscribe mechanisms. |
Canadian Privacy Laws and Practices – Public Sector |
|
| Know the Privacy Principles that are the foundation of the Privacy Act |
- Understand the expectations of consent governing personal information, including when the collection, use and disclosure is permitted without consent. - Understand the individual’s right of access and correction to their personal information, including when requests to access or to correct personal information may be denied. - Follow storage, retention and destruction of personal information requirements. |
| Conduct Privacy Impact Assessments | - Understand how and when to complete a PIA. |
| Understand the applicability of the Freedom of Information and Protection of Privacy Acts of the different provinces and territories |
- Know the different responsibilities of public bodies regarding privacy when provincially regulated. - Know which public bodies fall under the Privacy Act and which are provincially regulated. |
Canadian Privacy Laws and Practices – Health Sector |
|
| Understand when to apply the various health privacy acts of the provinces and territories |
- Know which provincial health laws have been deemed “substantially similar”. - Know what defines Personal Health Information (PHI). - Determine the purpose(s) for when the collection, use and disclosure of PHI is necessary. - Understand when the right to access and the right to correct information are allowed or not. - Demonstrate oversight and accountability, including proper use, retention, safeguarding and disposal of PHI, including when used by third parties. - Demonstrate meaningful consent to the collection, use and disclosure of PHI, including when implicit/implied consent is considered appropriate and what constitutes the circle of care for an individual. - Establish safeguarding and breach protocols, including reasonable administrative, technical and physical safeguards. - Facilitate openness. |
To ensure success in IAPP Information Privacy Professional/Canada certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for IAPP Certified Information Privacy Professional/Canada (CIPP-C) exam.