INTERNATIONAL ASSOCIATION OF PRIVACY PROFESSIONALS (IAPP)

Established in 2000, the International Association of Privacy Professionals (IAPP) is a not-for-profit, non-policy, professional association with a mission to define, support and improve the privacy profession globally. Based in Portsmouth, New Hampshire, and with an office in Brussels, Belgium, the IAPP currently has more than 45,000 individual members in 100 countries around the world. It provides privacy and data protection training, certification, publications, research, events and networking opportunities for its members.

Under U.S. law, not-for-profit entities do not have owners or shareholders. To be economically viable, not-for-profit entities still need to maintain profitability or find alternative means of financing, but in the absence of owners they do not distribute their earnings, instead using them to generate organic growth. The IAPP has indeed been profitable and continues to grow robustly in terms of membership, products and services and number of employees. The not-for-profit sector in the U.S. includes many academic institutions (e.g., Harvard University) and healthcare facilities (e.g., the Mayo Clinic in Rochester, Minnesota).

The IAPP is policy neutral. It does not advocate or lobby for any policy position on issues related to privacy. As a professional association, the IAPP has members from all paths of the privacy ecosystem; from nimble start-ups to the largest companies in the world; from government agencies to NGOs; from privacy supervisory authorities to ad-tech innovators; from various academic disciplines and different regions across the world. The IAPP thus views and conducts itself as a “big tent” for privacy discussions, allowing different voices to be heard without staking a policy claim. It stages sessions at conferences and provides publication opportunities for proponents of widely varying views. But it does not itself espouse a policy position beyond its mission to define, support and improve the privacy profession globally.

Established in 2000 to serve the small but budding privacy profession, the IAPP grew to 10,000 members in 2012 and more than 45,000 in 2018. For each of the past two years, fueled by the implementation of the General Data Protection Regulation (GDPR) and the ascendance of data privacy to the top of the policy agenda worldwide, the IAPP experienced 45% year-on-year membership growth. For their annual membership fee, which is set at $275, IAPP members obtain unlimited access to resources, publications and research, as well as price discounts for additional products such as conferences and training.

The IAPP has developed and launched the only globally recognized ISO/ANSI accredited credentialing programs in information privacy: the Certified Information Privacy Professional (CIPP), the Certified Information Privacy Manager (CIPM) and the Certified Information Privacy Technologist (CIPT). The CIPP, CIPM and CIPT are the leading privacy certifications for more than 21,000 professionals around the world who serve the data protection, information auditing, information security, legal compliance and risk management needs of their organizations. In 2018, with GDPR coming into focus, the most sought-after certification, not only in Europe but also in the U.S., was the EU-flavored CIPP/E. The IAPP sold more than 18,000 certification exams just this year (not all of which have been delivered yet).

The IAPP offers a range of training products. This includes public, private, live virtual and online certification training for privacy professionals; as well as an online library of enterprise, role-based, modular training sessions branded “Privacy Core”.

The IAPP’s main conference, the annual Global Privacy Summit in Washington, DC, draws nearly 5,000 participants; the IAPP’s Europe Data Protection Congress is the largest privacy conference of the year in Europe with more than 2,000 attendees. The IAPP also runs annual events on the West Coast of the U.S. (Privacy. Security. Risk.); London, Munich and Paris (IAPP Data Protection Intensives), Canada (IAPP Canada Privacy Symposium) and Singapore (IAPP Asia Privacy Forum).

The IAPP enables local “KnowledgeNet chapters,” which are volunteer-led local professional groups, in more than 120 location in 50 countries around the world. The KnowledgeNets provide daily local-generated networking and continuing education opportunities for thousands of privacy professionals.

Together with leading graduate programs in law, computer science and business, the IAPP established the Privacy Pathways program, intended to serve as an on-ramp to the profession for students who take a group of courses in privacy, complete an externship or an internship and pass a certification exam. The IAPP’s sections, the Privacy Law Bar Section and the Privacy Engineering Forum, convene professionals from these respective disciplines to advance knowledge and share best practices. This year, the American Bar Association (ABA) accredited the IAPP to certify lawyers in the specialty area of Privacy Law. This means that U.S. attorneys who meet the IAPP’s specialist designation requirements are permitted under the professional responsibility rules of more than 25 states to advertise their specialization in privacy law.