IAPP Certified Information Privacy Professional/Asia (CIPP-A) Exam Syllabus

CIPP-A PDF, CIPP-A Dumps, CIPP-A VCE, IAPP Certified Information Privacy Professional/Asia Questions PDF, IAPP Certified Information Privacy Professional/Asia VCE, IAPP Information Privacy Professional/Asia Dumps, IAPP Information Privacy Professional/Asia PDFUse this quick start guide to collect all the information about IAPP CIPP-A Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the IAPP Certified Information Privacy Professional/Asia (CIPP-A) exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual IAPP Certified Information Privacy Professional/Asia (CIPP-A) certification exam.

The IAPP CIPP-A certification is mainly targeted to those candidates who want to build their career in Privacy Laws and regulations domain. The IAPP Certified Information Privacy Professional/Asia (CIPP-A) exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of IAPP Information Privacy Professional/Asia.

IAPP CIPP-A Exam Summary:

Exam Name IAPP Certified Information Privacy Professional/Asia (CIPP-A)
Exam Code CIPP-A
Exam Price $550 (USD)
Duration 150 mins
Number of Questions 90
Passing Score 300 / 500
Books / Training Asian Privacy (CIPP/A)
Schedule Exam Pearson VUE
Sample Questions IAPP CIPP-A Sample Questions
Practice Exam IAPP CIPP-A Certification Practice Exam

IAPP Information Privacy Professional/Asia Exam Syllabus Topics:

Topic Details

Privacy Fundamentals
Modern Privacy Principles - The Organisation of Economic Cooperation and Development (OECD) ‘Guidelines Governing the Protection of Privacy and Trans-border Data Flows of Personal Data.” (1980)
- The Asia Pacific Economic Cooperation (APEC) privacy principles
- Fair Information Practices (FIPs)
- Universal Declaration of Human Rights (1948)
Adequacy and the Rest of the World - Europe and the General Data Protection Regulation (GDPR)
- Deemed adequate: New Zealand, Canada, Israel, Argentina, Uruguay
- United States and the EU-U.S. Privacy Shield
- Deemed not adequate: Australia, Mexico, Korea, Taiwan
Elements of personal information - Personal data (EU) (HK) (SG)
- Personally identifiable information (U.S.)
- Sensitive personal data information (IND)
- Pseudonymisation, de-identification and anonymisation

Singapore Privacy Laws and Practices
Legislative history and origins - Singapore government and legal system
  • Political structure

- Social attitudes toward privacy and data protection
- Surveillance and identification
- Constitutional protections
- Common law protections
- Sector-specific protections
Personal Data Protection Act 2012 (PDPA) - Application and scope
  • PDPA predecessor: National Internet Advisory Committee (NIAC) 2002 Report, Report on a Model Data Protection Code for the Private Sector.
  • Extraterritorial reach
  • PDPA definitions
    - Personal data
    - ‘Business contact information’
    - ‘Data intermediary’
    - Publicly available
    - Survivorship
  • Do Not Call Registry
    - ‘Specified message’
  • PDPA in an employment setting
  • Exemptions
    - Public-sector
    - Response to emergency
    - National interest
    - Investigations in legal proceedings
    - Evaluative purposes
    - Journalism and media

- Key concepts and practices

  • Data protection officer
  • Staff training
  • Consent and exceptions to consent
  • Use
  • Disclosure
  • Safeguarding/Security
  • Accountability and openness
  • Access and correction
  • Retention and deletion
  • Transfer out (e.g. APEC, CBPR and PRP)
  • Data breach notification obligation
Enforcement - Monetary Authority of Singapore
  • Regulations and guidances
  • ‘Notices on Prevention of Money Laundering and Countering the Financing of Terrorism’
  • Individual’s access and rights
  • Protection of customer data
  • Outsourcing

- Personal Data Protection Commission (PDPC)
- Decision in appealed commissioner rulings, complaints

  • Complaint-based vs. audit-based

- Commissioner guidance and published positions
- Managing consent opt-out mechanisms: their use and limitations, consent to new purposes and documentation
- Penalties and sanctions
- Policy development and implementation

  • Freedom of information legislation
  • Data transfers: doctrine of privity of contract for thirdparties

Hong Kong Privacy Laws and Practices
Legislative history and origins - Hong Kong government and legal system
- Social attitudes toward privacy and data protection
- Surveillance and identification
- Constitutional protections
- Common law protections
Personal Data (Privacy) Ordinance (PDPO): - Application and scope
  • Meaning under PDPO
    - Personal data
    - Publicly available data
    - Sensitive personal data
    - ‘Prescribed consent’
    - Rights of data subject
  • Personal Data (Privacy) (Amendment) Ordinance 2012
    - ‘The New Guidance on Direct Marketing’
  • Major Exemptions
    - Staff planning and Employment related (including Personal References)
    - Relevant process (Evaluation)
    - Crime, etc.
    - Legal proceedings, etc.
    - Legal professional Privilege and Self-incrimination
    - Health and Emergency
    - Statistics and Research
    - Journalism and news media

- Key concepts and practices

  • Six Data Protection Principles (DPPs) and the Internet Data Guidance
    - DPP1: Data Collections
    - DPP2: Accuracy and retention
    - DDP3: Data Use
    - DPP4: Data security
    - DPP5: Openness
    - DPP6: Data access and correction
  • Due diligence exemption and exercise
  • Guidance on Personal Data Erasure and Anonymisation
  • Guidance on employment matters
  • Data Transfer/Export, Ordinance Section 33
    - Data processors
    - Model contracts
Enforcement - The Office of the Privacy Commissioner for Personal Data
- Commissioner rules
- Commissioner guidance and published positions
  • Octopus Rewards Ltd.

- Decisions in appealed commissioner rulings, complaints
- Personal Data (Privacy) Advisory Committee
- Managing consent opt-out mechanisms: their use and limitations, consent to new purposes and documentation
- Enforcement notice
- Policy development and implementation

  • Law reform proposals for third-party benefit exception

- Privacy incidents: trends in commissioner expectations

India Privacy Law and Practices
Legislative history and origins - Indian government and legal system
  • Political structure

- Social attitudes toward privacy and data protection
- Surveillance and identification

  • Credit Information Companies (Regulation) Act 2005

- Constitutional protections

  • Article 21
  • The Right to Information Act 2005
  • The Protection of Human Rights Act 1993

- Common law protections (e.g. 2017 Supreme Court judgment on the Right to privacy - Puttaswamy judgment)
- Information Technology Act 2000 (IT Act) and Information Technology
Amendment Act 2008 (ITAA)
Digital Personal Data Protection Act 2023 (DPDPA) - Application and scope: replaces section 43A from the Information
Technology Act 2000
  • Right to access information about personal data
  • Right to correction and erasure of personal data
  • Right of grievance redressal
  • Right to nominate other individuals to act on their behalf
  • Right to withdraw consent
  • Children’s data
  • Exemptions
    - Processing of publicly available personal data
    - Processing of personal data for research/statistical purpose (i.e., training AI)
    - Research, archiving and statistical purposes
    - Judicial, investigation, mergers & acquisitions purposes
    - Non-digital data

- DPDPA Rules

  • Privacy notices and consent: Rules 3-4
  • Exemptions for state agencies to process personal data: Rule 5
  • Security safeguards and notification procedures for data breaches: Rules 6-7
  • Retention period and erasure of personal data: Rule 8
  • Contact info for Data Protection Officer: Rule 9
  • Parent/guardian consent, consent exemptions for children: Rules 10-11
  • Annual data protection impact assessments, audits: Rule 12
  • Right to access, correct, delete personal data: Rule 13
  • Regulating cross-border transfer of personal data: Rule 14
  • Exemptions for research purposes: Rule 15
  • Data Protection Board setup, Board appeal process: Rules 16-21
  • Allows government to request information from Data Fiduciaries for purposes in the Seventh Schedule: Rule 22
  • Information Technology (Intermediary Guidelines and DigitalMedia Ethics Code) Rules 2021
Enforcement

- The Ministry of Communication and Information Technology
- The Department of Electronics and Information (DeitY)
- The Telecom Regulatory Authority of India (TRAI) and Do Not Call Registry

  • Banning Free Basics and Net Neutrality

- Data Protection Board
- Commissioner rulings, appeals and complaints
- Penalties and sanctions

  • DPDPA Chapter VIII

- Commissioner guidance and published positions
- Grievance officers
- Managing consent opt-out mechanisms: their use and limitations, consent to new purposes and documentation
- Policy development and implementation

  • Data transfers: doctrine of privity of contract for third-parties

- Public-sector exemption

Common themes among principle frameworks
Comparing protections and principles - Sensitive data protections
- Children’s data protections
- Natural persons vs. legal persons
- Data breach notification
- Public Registers
- Surveillance
  • National identity systems
    - SingPass
    - HKID
    - India’s UIDAI
  • Legislation
  • Hong Kong: PCPD Code of Practice on Identity Card Number and Other Personal Identifiers, 1997

- Data processing and export
- Intermediaries
- Extraterritorial operations
Rights of the data subject - ‘Domestic’ use
- Breadth of exemption
  • Hong Kong
    - Chinese central government organisations
    - Media
  • Singapore
    - Public-sector
    - Public authorities
    - Publicly available information
    - ‘Public agency’
    - Business contracted by Singapore government
  • India
    - Public sector
    - Public authorities
    - Publicly available information
    - Section 17(3): Specific businesses especially exempted by government, such as ‘startups’

To ensure success in IAPP Information Privacy Professional/Asia certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for IAPP Certified Information Privacy Professional/Asia (CIPP-A) exam.

Rating: 5 / 5 (75 votes)