In the days of connected living, lot of amazing new products and features are released every day. Being part of the grid helps encourage innovation, effective collaboration, and possibly, a better way of living in general!
The rush to roll-out the products and/or features that enable this connected existence has a strong inclination to dissipate focus on one important area concerning the ENTITY at the center of it– the human and his/her right to privacy.
Most of these products take a “will this put me in a legal soup?” approach, and push the limits to the maximum, rather than being designed with the privacy protections of the end users built in. As with security, the general thought around privacy is that of hindrance in reaping maximum profitability out of the products.
I have been heavily involved in secure software development lifecycle projects in my career. So, in order to get a better insight into privacy focused software development lifecycle, I decided to pursue the CIPT credentials from IAPP.
My take was that unless the technology folks are made to understand the importance of Privacy (and of course Security), real long term resolution of the privacy/security crisis will not be possible. The goal was to get a structured understanding of what the technologists, not the management/leaders, needs to know to make knowledgeable decisions related to data privacy as they build a product.
While working on my preparations, I realized that there are lot of CIPP information available (it’s the most popular of privacy credentials) but not much on CIPT. Hence including a short summary of my plan below.
My only reference for the certification was the book “Privacy In technology – Standards and Practices for Engineers and Security and IT Professionals” by JC Cannon. The book is well written, and for someone with technical background, this is the only book needed for CIPT.
For individuals with no knowledge of technical concepts around network security, cryptography, and authentication schemes will find this tests to be little tough. On a scale of 0-5, one must at least have a 1.5-2 knowledge of the aforementioned concepts to be comfortable with the type of questions that the exam has.
Reading up freely available articles on the technical concepts mentioned should suffice in understanding the concepts highlighted in the book.
The course covers lots of good information on privacy focused architecture and development practices, privacy notices and tools.
Did I find the course worthy of the dollars/time spent? – Yes! In a world where most do not understand the importance of data privacy and confuse data privacy with data security, the materials covered in this course are refreshingly to the point.
Whether one will get a promotion because he/she got a CIPT, well, that depends J