Other

CIPP/US: 5 things to know about privacy and cybersecurity law

John Bandler
February 2, 2022 by
John Bandler

Privacy is a concept with deep roots in our culture and is now an important and evolving part of society with growing legal requirements. The CIPP/US certification path provides critical knowledge about law, privacy and cybersecurity for every information security professional looking to advance their career and protect their business.  That's why I created the new CIPP/US learning path in Infosec Skills. It demystifies the law, prepares you to pass the exam and empowers your life.

CIPP/US is the leading certification in privacy

CIPP stands for Certified Information Privacy Professional and is issued by the International Association of Privacy Professionals (IAPP), a non-profit and the leading privacy organization. CIPP/US focuses on United States law, and the IAPP offers others for Europe, Canada and Asia (CIPP/E, CIPP/C, CIPP/A) and other certifications for different areas of privacy management and implementation, such as certified information privacy technologist (CIPT) and certified information privacy manager (CIPM).

Get your free course catalog

Get your free course catalog

Download the Infosec Skills course catalog to learn more about these courses — and hundreds more.

Earning the CIPP/US certification is a valuable achievement, and equally important is the learning and knowledge that comes with preparing for the exam. Information security professionals can better protect their organizations and elevate their careers with this practical knowledge. 

Not just “privacy law” but “privacy and cybersecurity law”

Privacy is a matter of personal, professional, organizational concern and the laws and regulations on the topic are expanding exponentially. Every organization needs to know them, cybersecurity programs and professionals need to incorporate them. The body of knowledge for the CIPP/US certification is large, focusing on “privacy law” and the application of privacy principles.

We manage and protect information systems, so we need to understand the broad array of legal requirements. I put “privacy law” in quotes because it is not a perfect term since the legal requirements for privacy and cybersecurity are so intertwined. Every privacy law has a cybersecurity component, so for me, it is more accurate and effective to call them “privacy and cybersecurity laws.” 

This learning path is of essential benefit for anyone seeking to earn the CIPP/US certification and for any cybersecurity professional interested in learning more about laws related to information governance, privacy, and information security.

What important law areas does the CIPP/US cover?

By studying the CIPP/US materials and taking this course, participants will learn a lot about law, including privacy-specific laws, data breach reporting laws, cybersecurity requirements and general information about our legal system. We start the learning path by laying a foundation to ensure your future success. Then we dive into general legal concepts, specific laws and regulations, government enforcement, private-sector collection and use of data, and government collection of data. Next, we explore workplace privacy and state laws. Finally, we bring it all together, and I prepare you for the exam and apply the knowledge in the workplace.

I enjoy teaching law to non-lawyers and making legal concepts understandable. I realize that the law (and admittedly some lawyers) can be confusing. Rest assured, this is a two-way street, and many lawyers find technology and cybersecurity confounding. My goal is to empower each group to understand the other discipline, which means helping you understand the law and regulation.

Why did I build these courses?

This topic is close to my heart, combining four important things: law, privacy, cybersecurity and teaching. I could not pass up this opportunity. I speak a lot, teach at many different levels, wrote two books, and build courses. Still, these courses were a new, exciting project and required enormous effort. It is a learning experience I am proud of. Throughout, my focus is to help you succeed with your learning.

Why should you take the courses?

Every information security professional needs to know about privacy and law. This provides it.

If you live in the United States, it’s good to understand our foundational legal principles, and these courses give it. 

If you are an information security professional, you need to understand the increasing regulations and laws that govern privacy, cybersecurity, data destruction and data breach reporting. The courses provide that also. This learning path provides an amazing foundation in law, and I will help demystify it and empower you the next time you need to evaluate legal requirements.

Certifications are a way to motivate you to study and learn. When you pass that exam and earn that credential, you can display your achievement, add a line to your resume and broaden your opportunities. I hold about a dozen certifications and enjoy the process of getting them. I think you will too, and I offer some strategies to help you. 

Learning is a life-long process that benefits our personal and professional well-being. I am delighted to play a part in your development.

Take a look at my courses today and get started. 

John Bandler
John Bandler

John Bandler is a lawyer, consultant, speaker, teacher, and author in the areas of cybersecurity, cybercrime, privacy, investigations, and more. He is the founder of Bandler Law Firm PLLC and Bandler Group LLC, legal and consulting practices that help organizations and individuals with cybersecurity, the prevention and investigation of cybercrime, privacy, legal compliance, and more.

John has expertise in many subjects, holds a number of certifications, and is a prolific writer and speaker. He is the author of Cybersecurity for the Home and Office, a comprehensive guide to understanding and improving information security. His second book is Cybercrime Investigations, an extensive resource regarding the law, technology, process, and skills for the investigation of cybercrime. John has authored many articles on a range of topics, teaches students at the undergraduate, graduate, and law level, and provides training for professionals.

Before entering private practice, John served in government for more than twenty years as a prosecutor, police officer, and military officer. John was hired as an assistant district attorney at the New York County District Attorney’s Office by the legendary Robert M. Morgenthau, where he investigated and prosecuted the full range of offenses including traditional crime, cybercrime, the global trafficking of stolen data, and virtual currency money laundering. Before that, he served for eight years as a state trooper in the New York State Police, assigned to a busy patrol station providing full services to the local community. He also served in the Army Reserves.