Professional certifications have several benefits, but they require substantial time, money, and energy—it's hard to know whether they're worth the investment.
The International Association of Privacy Professionals (IAPP) offers several certifications for privacy practitioners, including the CIPP/US, CIPP/E, CIPM, and CIPT. These certifications can help you break into the privacy field, gain knowledge about foundational privacy concepts and topics, and more.
But are IAPP certifications right for you?
This post walks you through some common benefits of IAPP certifications. These benefits depend on where you're at in your career and your goals. Keep in mind, IAPP certifications may not always make sense, depending on your situation.
Why Should You Get an IAPP Certification?
You can be a very successful privacy practitioner with zero IAPP certifications.
This may be surprising, especially coming from someone with 4 IAPP certifications. However, I believe that IAPP certifications are not strictly required to become a privacy practitioner, find interesting or fulfilling work, or land a well-paying privacy job—but they can be nice to have for several reasons.
IAPP certifications can be a great option for people just starting their privacy career, or for seasoned practitioners looking to expand their knowledge. Based on my experience and anecdotes, the top 4 reasons to get an IAPP certification are:
- Break into privacy and meet hiring criteria
- Demonstrate transferable knowledge
- Personal development
- Everyone else is doing it. Why not me?
The decision to get an IAPP certification should be a personal one. Let's dig in.
Break Into Privacy and Meet Hiring Criteria
IAPP certifications are most beneficial to people breaking into the privacy field.
While the idea of privacy is timeless, the privacy discipline has rapidly developed in the past few years. Nowadays, building effective privacy programs requires more than just a team of attorneys.
Privacy programs today require various cross-disciplinary roles, including product managers, program managers, software engineers, privacy engineers, and privacy analysts—you get the idea.
Where does all this privacy talent come from?
When I started at Google, there was no such thing as an ideal privacy background. Google hired more on mindset and problem-solving skills vs. hiring people with a 10+ year track record building privacy engineering systems—good luck finding and hiring these people.
Today, there are few academic institutions with dedicated privacy curricula. When academic privacy programs do exist, they often produce too few candidates to satisfy the growing demand from the industry. No surprises here.
So how should organizations identify and hire privacy talent?
Since there's not a strong academic pipeline for privacy, most privacy practitioners start in non-privacy fields and make a mid-career transition to privacy.
Organizations look toward signals like IAPP certifications to identify potential candidates. Most often, this manifests itself as IAPP certifications being listed as preferred or required qualifications for jobs, especially entry-level roles.
IAPP certifications are typically not required to get a job, but they can help.
If you're trying to break into privacy, IAPP certifications provide a helpful overview of relevant topics and foundational concepts. These certifications also may help organizations recognize your interest and commitment to making a career change.
Demonstrate Transferable Knowledge
Organizations' privacy programs are at various stages of maturity.
Because of this, organizations have nascent and unique ideas of what a privacy practitioner does. Organizations may not have defined job families for privacy roles, and they may just be developing how they hire and evaluate talent.
The industry is still determining what roles should exist, and the required qualifications and knowledge—why does this matter?
Well, once you've worked in privacy for a while, you probably don't need IAPP certifications to get past hiring filters. However, IAPP certifications can help demonstrate transferrable knowledge between organizations.
What does this mean?
Since privacy roles have expanded rapidly, organizations have different titles and job responsibilities for similar positions. From a resume, it may not always be clear whether a candidate has the requisite skills and knowledge for a particular role.
IAPP certifications help establish a common knowledge bar across organizations. For example, if someone has the CIPP/E, I have a pretty good idea of their knowledge about the GDPR, relevant definitions and requirements, etc.
While this benefit is less tangible, consider using IAPP certifications to craft your career narrative. They can help you articulate your knowledge and expertise in a shifting landscape of different job titles and responsibilities.
The most overarching benefit of IAPP certifications is personal development.
So far, we've considered the benefits of IAPP certifications through an employment-focused lens—to increase your desirability and marketability as a candidate for future jobs.
But you can pursue IAPP certifications for pure personal development as well.
Maybe you're in a privacy-adjacent role and read about "HIPPA" (sic) on Twitter. Or maybe you're a privacy practitioner, happy with your current position, but want to learn about privacy laws in a different jurisdiction, e.g., Canada or Asia.
Want to learn more about privacy? IAPP certifications can be a good starting point. They provide a structured format and goal to learn about new topics.
When I got my first IAPP certification, I focused mostly on meeting hiring criteria and demonstrating transferable knowledge. Nowadays, I'm considering getting the CIPP/C because it's interesting and something new to learn. Your motivation for certifications can (and will) change throughout your career.
Getting an IAPP certification doesn't have to be tied to a specific career goal or job change. You could consider getting them just because you like learning new things.
Everyone Else Is Doing It. Why Not Me?
I've talked to several people that want to get certified because everyone else is.
Individual contributors think they need certifications to be taken seriously, get promoted, etc. and managers encourage certification for continuous development.
Are these valid reasons? Well. Maybe. But I'd challenge you to think more deeply.
There are plenty of good reasons to consider getting an IAPP certification. We've talked about a few good reasons already. However, the decision to get an IAPP certification should be personal and depend on your specific career goals.
Think about this before joining the masses on your quest for certification.
Could you gain the same knowledge by picking up a new project in your day-to-day work? Would you get more satisfaction and fulfillment if you devoted the required study time to your family, friends, or hobbies?
Certifications aren't right for everyone and you don't need them to be successful.
I sincerely hope this post was accessible, useful, and practical for you. If you have any feedback on this post, please let me know. Cheers.