The CIPP Guide provides reliable and accurate information to the privacy professional arena. We hope individuals seeking the Certified Information Privacy Professional designation will find further substance specifically targeted at their CIPP pursuit.
Please review the user agreement for the forums and testing services.  CIPP Guide requires registration before use of the testing services.  We hope you find this service useful, and good luck on the exam!


Phishing and Whaling

Phishing for Information

Phishing scams are an attempt to acquire personal and sensitive information such as credit-cards, usernames and passwords, or identification/account details, from individuals or businesses. Also known as Business E-Mail Compromise (BEC), these attacks are most often realized with the use of email spoofing or online instant messaging. Such scams are usually carried out by tech savvy hackers as part of an increasingly important social engineering aspect of breaches. Comprising 30% the practice of impersonations and identity fraud often constitutes the proverbial “pointy end of the spear”. A phishing scheme will masquerade as a request for information from a [...]


Clinton e-Mail Scandal: Who Cares?

In March 2015, the American public first heard about Hillary Clinton and a personal email account possibly used for government work. Quickly, the story unraveled, and is still in the headlines one year later. Mrs. Clinton, while serving from 2009-2013 as the US Secretary of State, used a personal email address to conduct government business. Not only that, the server was physically located in her home, hosting her domain The discovery came during a House committee investigation of the 2012 attack on the US Consulate in Benghazi, Libya. Islamist militants organized that attack, killing Ambassador J. Christopher Stevens and three [...]


The Concept and Process of Privacy by Design and Privacy by Redesign

Dr Ann Cavoukian, considered as one of the pioneer privacy experts on the globe, is famously recognized for the concept she initially introduced, ‘Privacy by Design’. Twenty years passed since it was first introduced, with the expectation that Privacy should be offered by default, from the beginning, and should not be added later on demand or as an afterthought. She presented the foundational principles in her paper Privacy by Design,where she offered guidance and clarification, presenting a reference framework of the idea to system designers. Cavoukian propagated the idea that system designers should be encouraged to embed privacy proactively in [...]


Protecting Whistleblowers: The Dodd-Frank Act

In an unprecedented action, the Security and Exchange Commission raised the bar when it comes to protecting whistleblowers.  Houston-based engineering and tech firm Kellog Brown & Root, Inc. (KBR) received a cease and desist order and a $130,000 penalty for language in a confidentiality agreement employees were required to sign in 2015.

KBR is one of the largest government contractors with over 25,000 employees across 40 countries.  Between 2002-2011, they won nearly $40 billion in federal work in Afghanistan and Iraq.  A former employee brought about allegations that KBR and Halliburton (KBR’s former parent company and one of the world’s largest [...]


Personal Health Information and the Department of Health and Human Services

How safe is your personal health information?  Two studies by the US Department of Health and Human Services (HHS) Office of Inspector General (OIG) point out perceived deficiencies in the way Americans’ health information is protected and secured under the Health Insurance Portability and Accountability Act (HIPAA).  The reports, made public in October 2015, target the audit process and lay out plans to revamp the audit program in early 2016.

Protected health information (PHI) includes a patient’s name, age, gender, prognosis, and payment for treatment.  This information, whether communicated orally, electronically, or in written form, when handled by health care providers, [...]