top of page

CIPP/US Free Study Guide

Updated: Jun 3

Prepared for Privacy Professional Training LLC


Introduction to U.S. Privacy Law & the CIPP/US Exam


The Certified Information Privacy Professional / United States (CIPP/US) certification from the IAPP is the gold standard for understanding U.S. privacy laws, regulations, and standards. It is ideal for professionals who manage or advise on compliance with U.S. data protection frameworks.


Key Benefits of Certification:

  • Build a strong foundation in U.S. privacy law

  • Understand the roles of federal and state regulators

  • Learn how laws like HIPAA, GLBA, and FCRA affect data governance

  • Position yourself as a leader in privacy compliance


Exam Overview:

  • 90 multiple-choice questions

  • 2.5-hour time limit

  • Delivered online or in Pearson VUE test centers


Exam Domains:

  1. Introduction to the U.S. Privacy Environment

  2. Limits on Private-Sector Collection and Use of Data

  3. Government and Court Access to Private-Sector Information

  4. Workplace Privacy

  5. State Privacy Laws


U.S. Privacy Environment & Regulatory Landscape


U.S. Legal System Overview

  • Federal and state laws co-exist, creating a complex regulatory environment

  • Sectoral approach: Specific laws apply to specific industries

  • Sources of law: Constitution, legislation, regulations, case law


Regulatory Authorities

  • Federal Trade Commission (FTC): Enforces consumer protection and privacy through the "unfair and deceptive practices" standard

  • State Attorneys General: Enforce state consumer protection and privacy laws


Foundational Privacy Concepts:

  • Notice and Choice: Organizations must provide clear privacy notices and obtain consent where applicable

  • Data Minimization: Collect only data necessary for a specific purpose

  • Reasonable Security Measures: Organizations are required to protect personal data with administrative, technical, and physical safeguards


Major U.S. Privacy Laws


Health Insurance Portability and Accountability Act (HIPAA)

  • Applies to covered entities and their business associates

  • Protects PHI (protected health information)

  • Enforced by the HHS Office for Civil Rights


Gramm-Leach-Bliley Act (GLBA)

  • Regulates financial institutions

  • Requires notice of privacy practices and safeguards for customer information


Children's Online Privacy Protection Act (COPPA)

  • Applies to websites and services directed to children under 13

  • Requires parental consent for data collection


Fair Credit Reporting Act (FCRA)

  • Regulates the collection and use of consumer credit information

  • Covers consumer rights and permissible uses of credit data


CAN-SPAM Act

  • Sets rules for commercial email communications

  • Requires opt-out mechanisms and accurate sender identification


State Privacy Laws, Workplace Privacy, and Data Access by Government


State Privacy Laws

  • California Consumer Privacy Act (CCPA/CPRA): Provides broad consumer rights, including access, deletion, and opt-out of sale

  • Other states like Colorado, Connecticut, and Virginia have enacted similar privacy laws


Workplace Privacy

  • Employers must balance business needs with employee privacy rights

  • Policies should address monitoring (e.g., emails, cameras), background checks, and BYOD scenarios


Government Access to Private-Sector Data

  • USA PATRIOT Act: Expands surveillance powers for national security

  • Electronic Communications Privacy Act (ECPA): Regulates wire, oral, and electronic communication interception

  • Foreign Intelligence Surveillance Act (FISA): Governs the collection of foreign intelligence data


Exam Preparation & Sample Practice Questions


Study Tips

  • Master the five CIPP/US domains listed by the IAPP

  • Focus on understanding U.S. privacy law applications—not just definitions

  • Review real-world cases and enforcement actions by the FTC

  • Read statutes like HIPAA, FCRA, and CCPA directly for deeper comprehension


Privacy Professional Training LLC To support your journey, Privacy Professional Training LLC offers:

  • Self-paced CIPP/US training modules

  • Practice quizzes and legal reference guides


Note: Our programs are tailored to align with the official IAPP Body of Knowledge and uphold high standards of legal and ethical accuracy. We do not recommend external courses or unofficial materials.


Sample Practice Questions & Answer Key

Our 15 FREE Practice Questions will appear here once provided.


This study guide is for educational purposes only and does not guarantee exam results. For official certification information, visit www.privacyprofessionaltraining.com.



bottom of page