1. Home
  2. IAPP
  3. CIPP-A CIPP/A Exam Syllabus

IAPP CIPP-A Exam Syllabus

IAPP CIPP-A Exam

Certified Information Privacy Professional/Asia

Total Questions: 90

What is Included in the IAPP CIPP-A Exam?

Authentic information about the syllabus and an effective study guide is essential to go through the IAPP CIPP-A exam in the first attempt. The study guide of Study4Exam provides you with comprehensive information about the syllabus of the IAPP CIPP-A exam. You should get this information at the start of your preparation because it helps you make an effective study plan. We have designed this IAPP Certified Information Privacy Professional certification exam preparation guide to give the exam overview, practice questions, practice test, prerequisites, and information about exam topics that help to go through the IAPP Certified Information Privacy Professional/Asia exam. We recommend you to the preparation material mentioned in this study guide to cover the entire IAPP CIPP-A syllabus. Study4Exam offers 3 formats of IAPP CIPP-A exam preparation material. Each format provides new practice questions in PDF format, web-based and desktop practice exams to get passing marks in the first attempt.

IAPP CIPP-A Exam Overview :

Exam Name Certified Information Privacy Professional/Asia
Exam Code CIPP-A
Official Information https://iapp.org/certify/cippa/
See Expected Questions IAPP CIPP-A Expected Questions in Actual Exam
Take Self-Assessment Use IAPP CIPP-A Practice Test to Assess your preparation - Save Time and Reduce Chances of Failure

IAPP CIPP-A Exam Topics :

Section Weight Objectives
I. Privacy Fundamentals 6-12% A. Modern Privacy Principles
    a. The Organisation of Economic Cooperation and Development (OECD) ‘Guidelines Governing the Protection of Privacy and Trans-border Data Flows of Personal Data.” (1980)
    b. The Asia Pacific Economic Cooperation (APEC) privacy principles
    c. Fair Information Practices(FIPs)
    d. Universal Declaration of Human Rights (1948)
    
B. Adequacy and the Rest of the World
    a. Europe and the General Data Protection Regulation (GDPR)
    b. Deemed adequate: New Zealand, Canada, Israel, Argentina, Uruguay
    c. United States and the EU-U.S. Privacy Shield
    d. Deemed not adequate: Australia, Mexico, Korea, Taiwan
    
C. Elements of personal information
    a. Personal data (EU) (HK) (SG)
    b. Personally identifiable information (U.S.)
    c. Sensitive personal data information (IND)
    d. Pseudonymisation,de-identification and anonymisation
II. Singapore Privacy Laws and Practices 14-25% A. Legislative history and origins
    a. Singapore government and legal system
        i. Political structure
    b. Social attitudes toward privacy and data protection
    c. Surveillance and identification
    d. Constitutional protections
    e. Common law protections
    f. Sector-specific protections
    
B. Personal Data Protection Act 2012 (PDPA)
    a. Application and scope
        i. PDPA predecessor: National Internet Advisory Committee (NIAC) 2002 Report, Report on a Model Data Protection Code for the Private Sector.
        ii. Extraterritorial reach
        iii. PDPA definitions
            a. Personal data
            b.‘Business contact information’
            c.‘Data intermediary’
            d. Publicly available
            e. Survivorship
        iv. Do Not Call Registry
            a.‘Specified message’
        v. PDPA in an employment setting
        vi.Exemptions
            a. Public-sector
            b. Response to emergency
            c. National interest
            d. Investigations in legal proceedings
            e. Evaluative purposes
            f. Journalism and media
    b. Key concepts and practices
        i.    Data protection officer
        ii.    Staff training
        iii.Consent and exceptions to consent
        iv.    Use
        v.    Disclosure
        vi.    Safeguarding/Security
        vii.Accountability and openness
        viii.Access and correction
        ix.    Retention and deletion
        x.    Transfer out
        
C. Enforcement
    a.    Monetary Authority of Singapore
        i.    Regulations andguidances
        ii.    ‘Notices on Prevention of Money Laundering and Countering the Financing of Terrorism’
        iii.Individual’s access and rights
        iv.    Protection of customer data
        v.    Outsourcing
    b.    Personal Data Protection Commission (PDPC)
    c.    Decision in appealed commissioner rulings, complaints
        i. Complaint-based vs. audit-based
    d.    Commissioner guidance and published positions
    e.    Managing consent opt-out mechanisms: their useand limitations, consent to new purposes and documentation
    f.    Penalties and sanctions
    g.    Policy development and implementation
        i. Freedom of information legislation
        ii.Data transfers: doctrine of privity of contract for third-partie
III. Hong Kong Privacy Laws and Practices 14-25% A.    Legislative history and origins
    a.    Hong Kong government and legal system
    b.    Social attitudes toward privacy and data protection
    c.    Surveillance and identification
    d.    Constitutional protections
    e.    Common law protections
B.    Personal Data (Privacy) Ordinance (PDPO):
    a.    Application and scope
        i.    PDPO definitions
            a.    Personal data
            b.    Publicly available data
            c.    Sensitive personal data
            d.    ‘Prescribed consent’
            e.    Rights of data subject
        ii.    Personal Data (Privacy) (Amendment) Ordinance 2012
            a.    ‘The New Guidance on Direct Marketing
        iii.Exemptions
            a.    Journalism and news media
    b.     Key concepts and practices
        i.    Six Data Protection Principles (DPPs) and the Internet Data Guidance
            1.    DPP1: Data Collections
            2.    DPP2: Accuracy and retention
            3.    DDP3: Data Use
            4.    DPP4: Data security
            5.    DPP5: Openness
            6.    DPP6: Data access and correction
        ii.    Due diligence exemption and exercise
        iii.Guidance on Personal Data Erasure and Anonymisation
        iv.    Guidance on employment matters
        v.    Data Transfer/Export, Ordinance Section 33
            a.    Data processorsb.Model contracts
C. Enforcement
    a.    The Office of the Privacy Commissioner for Personal Data
    b.    Commissioner rules
    c.    Commissioner guidance and published positionsi.Octopus Rewards Ltd.
    d.    Decisions in appealed commissioner rulings, complaints
    e.    Personal Data (Privacy) Advisory Committee
    f.    Managing consent opt-out mechanisms: their use and limitations, consent to new purposes and documentation
    g.    Enforcement notice
    h.    Policy development and implementation
        i.    Law reform proposals for third-party benefit exception
    i.Privacy incidents: trends in commissioner expectations   
IV. India Privacy Law and Practices 14-25% A.    Legislative history and origins
    a.    Indian government and legal system
        i.    Political structure
    b.    Social attitudes toward privacy and data protection
    c.    Surveillance and identification
        i.    Credit Information Companies (Regulation) Act 2005
    d.    Constitutional protections
        i.    Article 21
        ii.    The Right to Information Act 2005
        iii.The Protection of Human Rights Act 1993
    e.    Common law protections

B.    Information Technology Act 2000 (IT Act)
    a.    Application and scope
        i.    Information Technology Act 2000
            a.    Section 43
            b.    Section 66A and its removal
        ii.    Information Technology (Amendment) Act 2008 (ITAA)
            a.    Section 43A
            b.    Definitions
                i.    Personal data
                ii.    Sensitive personal data
                iii.Body corporate
                iv.    Rights of data subjects
        iii.Exemptions
            a.    Religious and social, charitable organisations
            b.    Non-commercial organisations
            c.    Non-automated data
    b. Section 43A and the 2011 Rules: Rules 3-8
        i.    Privacy policies required: Rule 3
        ii.    Data protection principles: Rule 4
            a.    Consent and purpose limitation
            b.    Lawful purpose and minimal collection
            c.    Notice and purpose limitation
            d.    Retentione.Use
            f.    Subject access and correction
            g.    Option to refuse or withdraw consent
            h.    Security
            i.    Complaint handling
        iii.Disclosure imitations and exceptions: Rule 5
        iv.    Data processing: Rule 6
        v.    Data export restriction: Rule 7
        vi.    Reasonable security: Rule 8

C.     Enforcement
    a.    The Ministry of Communication and InformationTechnology
    b.    The Department of Electronics and Information (DeitY)
    c.    The Telecom Regulatory Authority of India (TRAI) and Do Not Call Registry
        i.    Banning Free Basics and Net Neutrality
    d.    Commissioner rulings, appeals and complaints
    e.    Penalties and sanctions
        i.    IT Act Sections 43(b) and (g)
        ii.    IT Act Sections 72 and 72A
    f.    Commissioner guidance and published positions
    g.    Grievance officers
    h.    Managing consent opt-out mechanisms: their use and limitations, consent to new purposes and documentation
    i.    Policy development and implementation
        i.    Data transfers: doctrine of privity of contract for third-parties
    j.    Public-sector exemption       
V. Common themes among principle frameworks 6-10% A.  Comparing protections and principles
    i.    Sensitive data protections
    ii.    Children’s data protections
    iii.Natural persons vs. legal persons
    iv.    Data breach notification
    v.    Public Registers
    vi.    Surveillance
        a.    National identity systems
            i.    SingPass
            ii.    HKID
            iii.India’s UIDAI
        b.    Legislation
        c.    Hong Kong: PCPD Code of Practice on Identity Card Number and Other Personal Identifiers, 1997
    vii.Data processing and export
    viii.Intermediaries
    ix.    Extraterritorial operations
B.     Rights of the data subject
    i.    ‘Domestic’ use
    ii.    Breadth of exemption
        a.    Hong Kong
            i.    Chinese central government organisations
            ii.    Media
        b.    Singapore
            i.    Public-sector
            ii.    Public authorities
            iii.Publicly available information
            iv.‘Public agency’
            v.    Business contracted by Singapore government
        c.    India
            i.    Limited application for ‘sensitive data’
            ii.    Limited application to ‘providers’ not data subjects
            iii.Freedom of speech
            iv.    Lack of openness
           

Updates in the IAPP CIPP-A Exam Syllabus:

IAPP CIPP-A exam questions and practice test are the best ways to get fully prepared. Study4exam's trusted preparation material consists of both practice questions and practice test. To pass the actual Certified Information Privacy Professional CIPP-A exam on the first attempt, you need to put in hard work on these IAPP CIPP-A questions that provide updated information about the entire exam syllabus. Besides studying actual questions, you should take the IAPP CIPP-A practice test for self-assessment and actual exam simulation. Revise actual exam questions and remove your mistakes with the Certified Information Privacy Professional/Asia CIPP-A exam practice test. Online and windows-based formats of the CIPP-A exam practice test are available for self-assessment.

 

CIPP-A Exam Details

Free CIPP-A Questions