What is CIPP/US?
The CIPP/US (Certified Information Privacy Professional / United States) is a professional certification issued by the International Association of Privacy Professionals (IAPP) covering United States information-privacy law. It is the leading credential for demonstrating expertise in the sectoral U.S. federal privacy framework and the rapidly expanding patchwork of U.S. state comprehensive privacy laws.
What does CIPP/US cover?
The CIPP/US Body of Knowledge spans: (i) the U.S. legal framework (federal vs. state, common law privacy torts, FTC Section 5 enforcement); (ii) federal sector laws including HIPAA, GLBA, COPPA, FERPA, FCRA, TCPA, CAN-SPAM and ECPA; (iii) state comprehensive laws including the CCPA/CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Texas TDPSA and others; (iv) workplace privacy; and (v) international cross-border issues affecting U.S. organisations.
Who should hold CIPP/US?
CIPP/US is targeted at U.S. in-house privacy counsel, outside privacy lawyers, compliance leads, DPOs of U.S. operations, and non-U.S. privacy professionals advising on U.S. data flows. For Turkish-headquartered companies with U.S. customer or employee data, CIPP/US complements CIPP/E and provides the framework for U.S. state-law compliance.
Exam format
The CIPP/US exam contains 90 multiple-choice questions delivered through Pearson VUE in 2.5 hours, with a scaled passing score of 300/500. The IAPP publishes a detailed Body of Knowledge and recommends approximately 30–60 hours of preparation, depending on the candidate’s background in U.S. law.
U.S. privacy landscape
The U.S. lacks a single, comprehensive federal privacy statute; instead, CIPP/US holders must navigate a sectoral federal framework plus a growing number of state laws (more than 15 comprehensive state privacy laws by 2025). The CIPP/US curriculum is regularly updated to reflect new state legislation and FTC enforcement priorities.