2021年,国内颁布并实施《数据安全法》和《个人信息保护法》等相关数据隐私安全相关法案,持有海量用户数据的各大企业开始花重金探索如何构建数据隐私治理及合规体系,毕竟现在有法可依,都不想去触及法律底线,从而不光彩地获得执法部门的天价罚单。一时之间,数据隐私治理和合规话题如春笋般涌出,众说纷纭。在短短一年不到的时间里,国内数据隐私合规培训及认证如日中天,各家论坛,各抒己见。大家都在盼望争先获得国家新政策的红利。目前国内有相关组织在力推PIP、CDPO等个人数据保护方面的证书,也有律师事务所、咨询服务公司及个人都在积极推动数据隐私合规的专业培训,亦有将国内证书联合国际证书如DPO和IAPP等创造课程新卖点的市场营销模式,这些足以让初学者感到无从选择、不知所谓,无疑增加了大家的学习选择成本。IAPP,全称为International Association of Privacy Professionals。也就是国内法律和合规从业者口中常说的国际隐私专业协会。IAPP协会主要开展注册信息隐私专家(CIPP),注册信息隐私管理师(CIPM)和注意信息隐私技术专家(CIPT)等认证。其中注册隐私管理专家CIPM考试内容及参考教材将在2022年迎来新一轮的变化。在新版教材出来之前,相信绝大多数考生采用的都是IAPP协会推荐的2019年版本CIPM备考学习教材。
在过去三年,大家都亲眼目睹了国际上隐私合规领域的发展已经取得了诸多改变和进步,在前面也提到了国内也先后实施了相关隐私法律。所以,随着新的理论和技术及立法条款的出现,CIPM备考学习教材也是时候加以更新和完善了,这大概也是本次CIPM教材更新变化所想要体现的内容。我们通过对比IAPP协会发布注册隐私管理专家CIPM的《Outline of the Body of Knowledge》和《Examination Blueprint》内容,进行了基本梳理。
2022年10月1日起,CIPM考试新增以下考查内容:
Complaints including file reviews |
Create “record of authority” of systems processing personal information within the organization |
|
Review contractual and data sharing obligations |
Risk and control alignment |
Post integration planning and risk mitigation |
Integrate privacy through business processes |
Communicate with stakeholders the importance of PIAs and PbD |
Determine and implement guidelines for secondary uses (ex: research, etc.) |
Define policies related to the processing (including collection, use, retention, disclosure and disposal) of organization’s data holdings, taking into account both legal and ethical requirements |
Implement appropriate administrative safeguards, such as policies, procedures, and contracts |
Utilize and report on regulator compliance assessment tools |
Complaints including file reviews |
|
|
Perform containment activities |
Identify and implement remediation measures |
Notify regulator, impacted individuals and/or the responsible data controller |
| |
Identify, catalog and maintain documents requiring updates as privacy requirements change | Ensure employees have access to policies and procedures and updates relative to their role |
Internal policy compliance | Assess policy compliance against internal and external requirements |
Who has access to personal information | Review and set limits on vendor internal use of personal information |
Implications of cloud computing strategies | Technologies and processing methods deployed (eg Cloud Computing) |
Technical security controls | Technical security controls (including relevant policies and procedures) |
Knowledge of audit processes | Knowledge of audit processes and maintenance of an “audit trail” |
通过以上对比和分析,明显了解到CIPM新版教材还是有很大的改变的,教材页码也有原来到不到300页增加到363页,至少增加了20%的新内容。所以,大家需要抓紧机会~尽量赶在新教材新内容适用于新考题之前参加考试。当然,这并不代表CIPM持证人士就可以侥幸地认为自己可以不学新的内容了,要保持与时俱进的学习热情,才能始终让自己保持在专业的前沿。唯有变化,才是永恒不变的自然法则;不断学习,才能让自己屹立于璀璨的职场。想要了解CIPM变化的更多内容,关注我们,我们会持续与您分享更多精彩内容~