SecProve
ProfessionalVendor-neutralIAPP· issued from US

CIPP/US

Certified Information Privacy Professional / United States

US federal and state privacy-law expertise.

Official page at IAPP↔ Compare with another cert
Exam fee
$550
Ongoing
$250/yr AMF · 10 CPE/yr
Study time
40–80 hrs
Delivery
Online proctored
Validity
2 yrs (renewal cycle)

› Quality score

27.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor
How well-defined and rigorous the exam blueprint is.
Body of knowledge organised by US federal regimes, sector-specific laws, state laws, and workplace privacy. Clear, well-scoped blueprint.
9.0/10
Practical evidence
Hands-on labs / written reports vs pure MCQ.
Pure MCQ. No applied case work.
0.0/10
Currency & upkeep
How aggressively content is kept current with the field.
Refreshed regularly to reflect new state laws (CPRA, VA, CO, CT, UT) and federal rulemaking.
9.0/10
Market recognition
How often this signal actually moves a hiring decision.
The most-held IAPP credential and the de-facto US privacy cert. Frequently required on DPO/privacy-counsel job specs in North America. [Holders: 45k, 2024-12]
9.5/10

› Market signals

public, citable inputs to the recognition score
Holders worldwide
45,000
as of 2024-12 · source

› Built for these roles

Privacy Engineer (US)Privacy CounselCCPA / CPRA Compliance LeadPrivacy Program Manager

› Exam format

90 multiple-choice questions over 2.5 hours, English. Online proctored via IAPP/Pearson. Covers US federal privacy law, sector-specific regimes (HIPAA, GLBA, COPPA), state laws (CCPA/CPRA), and workplace privacy.

Passing score
300/500 (scaled, ~70%)
Retake policy
Fee: $375 per attempt
Wait: 30d between attempts

30-day wait between attempts. IAPP member discounts available.

› Recertification

20 CPE credits over two years (avg 10/yr) plus the $250/yr IAPP membership fee that bundles certification renewal.

› 3-year cost of ownership

Exam (1×)
$550
AMF (3×)
$750@$250/yr
Total
$1300

Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.

Recognition
GlobalUSCA
Exam languages
en

› Core domains covered

The 1 domain this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A12Data Security, Privacy & Protection

Data classification, encryption-at-rest/in-transit, DLP, tokenization, privacy-by-design, plus the regulatory stack (GDPR, CCPA, HIPAA) that sets the bar.

› Also touched

Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.

A1Governance, Risk & Compliance

Risk frameworks (NIST RMF, ISO 31000, FAIR), policy development, audit, regulatory compliance, third-party risk.

C7AI Governance & Risk

EU AI Act compliance, NIST AI RMF, AI risk assessment, model cards, algorithmic auditing, AI incident response.

› Prerequisites

Experience

Legal, compliance, or privacy-program background preferred. The US privacy stack is fragmented across federal sector laws and 15+ state laws — heavy reading.

Knowledge assumed
  • HIPAA, GLBA, COPPA, FCRA, FERPA
  • CCPA / CPRA and other state privacy laws
  • FTC enforcement and Section 5 unfairness/deception

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (0)

No de facto priors typically expected.

CIPP/US
IAPP
Required by (0)

No certs require this one.

Recommended next (1)
CIPP/CIAPP

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Practice tests
  • IAPP Practice Exam

› Version & lifecycle

Current version
2024 BoK refresh
Released
2024-01

Updated annually to track US state privacy laws (CCPA/CPRA, CO/VA/CT/UT/etc.).

› Salary signal

US privacy professional / counsel-adjacent role, US, 3–7 years.

$95K$145K
median $117K

IAPP Privacy Salary Survey + Robert Half Salary Guide · 2024 · US base only · p25–p75 range

› How it compares

vs
CIPP/E

Regional twin — CIPP/US for US state laws (CCPA/CPRA, CO/VA/CT/UT/etc.); CIPP/E for EU/GDPR.

↔ Compare side-by-side
vs
CIPM

CIPM is privacy-program management; CIPP/US is regulatory knowledge. Often paired.

↔ Compare side-by-side

› Careers that commonly pursue this cert

Privacy Engineer / DPO

Build privacy into systems by design. Navigate GDPR, CCPA, and emerging AI privacy regulations.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain mapBrowse all certifications