Certified Information Privacy Technologist (CIPT) Certification Training
Read Reviews

Foundational Principles

1. Privacy Risk Models and Frameworks

• Nissenbaum’s Contextual Integrity
• Calo’s Harmful Dimensions
• Legal Compliance
• FIPPs
• NIST/NICE framework
• FAIR (Factors Analysis in Information Risk)

1. Privacy by Design Foundational Principles

• Full Life Cycle Protection
• Embedded into Design
• Full Functionality
• Visibility and Transparency
• Proactive not Reactive
• Privacy by Default
• Respect for Users

1. Value Sensitive Design

• How Design Affects Users
• Strategies for Skillful Practice

1. The Data Life Cycle

• Collection
• Use
• Disclosure
• Retention
• Destruction

IT’s Role in Protecting Privacy

1. Fundamentals of privacy-related IT

• Organization privacy notice
• Organization internal privacy policies
• Organization security policies, including data classification policies and schema, data retention and data deletion
• Other commitments made by the organization (contracts, agreements)
• Common IT Frameworks (COBIT, ITIL, etc.)
• Data inventories, classification and records of processing
• Enterprise architecture and data flows, including cross-border transfers
• Data Protection and Privacy impact assessments (DPIA/PIAs)

1. Information Security

• Transactions which collect confidential data for use in later processing activities
• Breach/disclosure incident investigations and responses—security and privacy perspectives
• Security and privacy in the systems development life cycle (SDLC) process
• Privacy and security regulations with specific IT requirements

1. The privacy responsibilities of the IT professional

• Consultation on internal and external policies
• Consultation on contractual and regulatory requirements
• Understanding how IT supports information governance in an organization

Privacy Threats and Violations

1. During Data Collection

• Asking people to reveal personal information
• Surveillance

1. During Use

• Insecurity
• Identification
• Aggregation
• Secondary Use
• Exclusion

1. During Dissemination

• Disclosure
• Distortion
• Exposure
• Breach of Confidentiality
• Increased accessibility
• Blackmail
• Appropriation

1. Intrusion, Decisional Interference and Self Representation

• Behavioral advertising
• Cyberbullying
• Social engineering

1. Software Security

• Vulnerability management
• Intrusion reports
• Patches
• Upgrades
• Open-source vs Closed-source

Technical Measures and Privacy Enhancing Technologies

1. Data Oriented Strategies

• Separate
• Minimize
• Abstract
• Hide

1. Techniques

• Aggregation
• De-identification
• Encryption
• Identity and access management
• Authentication

1. Process Oriented Strategies

• Informing the Individual
• User Control
• Policy and Process Enforcement
• Demonstrate Compliance

Privacy Engineering

1. The Privacy Engineering role in the organization

• Effective Implementation
• Technological Controls
• Protecting Privacy during the Development Lifecycle

1. Privacy Engineering Objectives

• Predictability
• Manageability
• Disassociability

1. Privacy Design Patterns

• Design patterns to emulate
• Dark patterns to avoid

1. Privacy Risks in Software

• Risks
• Countermeasures

Privacy by Design Methodology

1. The Privacy by Design Process

• Goal Setting
• Documenting Requirements
• Understanding quality attributes
• Identify information needs
• Privacy risk assessment and analysis
• High level design
• Low level design and implementation
• Impose controls
• Testing and validation

1. Ongoing Vigilance

• Privacy audits and IT control reviews
• Code reviews
• Code audits
• Runtime behavior monitoring
• Software evolution
• Data cleansing in production and non-production environments

Technology Challenges for Privacy

1. Automated decision making

• Machine learning
• Deep learning
• Artificial Intelligence (AI)
• Context aware computing

1. Tracking and Surveillance

• Internet monitoring
• Adtech, cookies and other web tracking technologies
• Location tracking
• Audio and Video Surveillance
• Drones

1. Anthropomorphism

• Speech recognition
• Natural language understanding
• Natural language generation
• Chat bots
• Robots

1. Ubiquitous computing

• Mobile phones and apps
• Internet of Things (IoT) and Edge Computing
• Smart Cities
• Vehicular automation/Smart vehicles
• Wearable devices
• Blockchain and NFTs
• Virtual Reality, Augmented Reality and Mixed Reality

1. Mobile Social Computing

• Geo-tagging
• Geo-social patterns