CIPT - Privacy Engineering & PETs
An enterprise CIPT prep course mapped to the IAPP CIPT Body of Knowledge v4.0.0. It follows the exam's five domains and their competencies and performance indicators - the privacy technologist's role, minimizing risk across data collection, use, dissemination and destruction, privacy risk management, privacy by design, and privacy engineering and governance.
What it covers and how it works
The Certified Information Privacy Technologist (CIPT) is the credential for the people who build privacy into technology. This prep course is mapped to the IAPP CIPT Body of Knowledge v4.0.0 and its five domains, teaching the competencies and performance indicators the exam assesses - from the technologist's role and the data life cycle to privacy risk models, privacy by design, and privacy engineering with PETs.
It combines structured lessons with practical exercises and, where relevant, exam-aligned preparation. It is self-paced with lifetime access, and available as a mentor-led cohort or private corporate training.
5 modules · 16 chapters
An enterprise CIPT prep course mapped to the IAPP CIPT Body of Knowledge v4.0.0. It follows the exam's five domains and their competencies and performance indicators - the privacy technologist's role, minimizing risk across data collection, use, dissemination and destruction, privacy risk management, privacy by design, and privacy engineering and governance.
01 Domain I - The privacy technologist's role in the organization 4 chapters
Understand the technologist's role, frameworks, and ethics.
- I.A Legal and procedural roles and responsibilities: data-governance roles (DPO, owner, steward, custodian); translate legal requirements into technical/operational solutions; implement notices, policies & procedures
- I.B Technical roles and responsibilities: oversee technical privacy operations & audits; support breach and incident response; risk concepts (threat, vulnerability, attack, exploit)
- I.C Privacy risk models and frameworks: Nissenbaum's Contextual Integrity, Calo's Harms, FAIR, NIST/NICE, FIPPs, OECD; threat models LINDDUN and MITRE PANOPTIC
- I.D Data ethics and data privacy: legal vs ethical processing; social and ethical issues in design; identify and minimize bias in automated decision-making
02 Domain II - Data collection, use, dissemination and destruction 3 chapters
Minimize privacy risk across the full data life cycle.
- II.A Minimize privacy risk during collection: consent and control mechanisms; manage automatic collection; minimize risk from public sources; retention and destruction techniques
- II.B Minimize privacy risk during use: data minimization; processing segregation; minimize aggregation risk; PETs (anonymization, pseudonymization, differential privacy); minimize secondary-use risk
- II.C Minimize privacy risk during dissemination: minimize disclosure and accessibility risk; defend against distortion, exposure, breach of confidentiality, blackmail and appropriation; identity and access management
03 Domain III - Privacy risk management 5 chapters
Identify, manage, and monitor privacy risk across technologies.
- III.A Minimize intrusion and decisional interference: counter behavioral advertising, profiling, cyberbullying and social engineering; avoid dark patterns
- III.B Software-security privacy risks: detect and fix privacy vulnerabilities; intrusion detection & prevention; change management; recognize service-provider violations
- III.C Tracking and surveillance risks: e-commerce, cookies, chatbots; audio/video surveillance, wearables and IoT; biometrics; location tracking; internet monitoring & web tracking
- III.D Workplace-technology risks: AI, ML and deep learning; communications technologies (video, messaging, mobile, social, gaming)
- III.E Monitor and manage privacy risk: privacy audits & IT control reviews; privacy KRIs and KPIs; privacy and data-protection impact assessments
04 Domain IV - Privacy by design 2 chapters
Integrate privacy by design into products and experiences.
- IV.A Implement privacy by design principles: apply the seven PbD principles; define and communicate privacy goals; align high-level and low-level specifications with PbD
- IV.B Evaluate privacy risks in user experiences: UX concepts and their impact on behavior; usability testing of privacy functions; value-sensitive design
05 Domain V - Privacy engineering and privacy governance 2 chapters
Engineer and govern privacy across the development life cycle.
- V.A Privacy engineering objectives: NIST objectives - predictability, manageability, dissociability; enterprise architecture, data-flow diagrams & lineage; manage privacy risk in the development life cycle
- V.B Manage and monitor privacy functions and controls: catalog data assets, build a data inventory and RoPA; code reviews for privacy gaps; runtime behavior monitoring
Explore the track
How you learn
- Self-paced with lifetime access
- Mentor-led cohorts
- Private corporate training
- Certificate and digital badge
CIPT - Privacy Engineering & PETs - answered
What is the CIPT - Privacy Engineering & PETs program?
A prep course built to the IAPP CIPT Body of Knowledge v4.0.0 (effective 1 Sept 2025) - five domains covering the privacy technologist's role, the data life cycle, privacy risk management, privacy by design, and privacy engineering.
How is it delivered?
It combines structured lessons with practical exercises and, where relevant, exam-aligned preparation. It is self-paced with lifetime access, and available as a mentor-led cohort or private corporate training.
Is it aligned to the official body of knowledge?
Yes. The curriculum is mapped to the current official body of knowledge for this credential. This is independent training and is not affiliated with or endorsed by the certifying body; it does not itself confer certification.
Who is it for?
Privacy, governance, compliance, and data professionals - and the teams around them - preparing for certification or building applied capability in this area.
Do I need prior experience?
Each program is structured so motivated learners can follow the full arc; certification tracks assume the background the relevant exam expects.
Is there a downloadable brochure?
Yes. A PDF brochure for this track is available from the download button on this page.
Can my organization run this privately?
Yes. It can be delivered as a private corporate cohort tailored to your context. Use the enquire button to scope it.
How do I enrol or enquire?
Use the enquire button to request details or a corporate cohort, and a specialist will respond.
CIPT - Privacy Engineering & PETs for you or your team
Enquire about enrolment, or scope a private corporate cohort.