Complete Your Registration


The CIPM is the world’s first and only certification in privacy program management.  When you earn a CIPM, it shows that you don’t just know privacy regulations – you know how to make it work for your organization.

Course Overview
Principles of Privacy Program Management is the how-to training on implementing a privacy program framework, managing the privacy program operational lifecycle and structuring a knowledgeable, high-performing privacy team. Those taking this course will learn the skills to manage privacy in an organization through process and technology – regardless of jurisdiction or industry.

Note: Your contact information must be provided to the IAPP and will be used by IAPP for membership services fulfillment in accordance with IAPP’s policies.


How You’ll Benefit By Attending:

This in-depth training will empower you to:

  • Understand exactly what’s needed to safeguard your practice.
  • Protect patients’ valuable data from dangerous breaches.
  • Recognize privacy and security risks – and the potential employee errors that may leave you exposed.
  • Build a solid understanding of the Privacy Framework – the foundation for an effective privacy program.
  • Approach your program with solid privacy principles that apply to your regulatory environment (HIPAA, SOC 2, PCI, etc.).
  • Increase your confidence at being able to handle this important role.
  • Gain peace of mind that you’re properly managing your organization’s privacy and security program.
  • Get a jumpstart on preparing to sit for the CIPM if you choose.*
  • Walk out the door ready to create your organization’s privacy and security plan.


What You’ll Learn

  • Your 10 main areas of responsibility as a privacy program manager
  • The real costs of poor privacy … and what most organizations overlook
  • Why privacy management is such a hot topic and growing industry – and why your organization can’t afford to ignore it anymore
  • The difference between “personal information” and “personal data” – and why your privacy program must protect both
  • Why privacy strategies must be customized to your organization (and why copying what another organization is doing leaves you vulnerable)
  • Ways to use technical and physical controls to protect information
  • Why audits are an important part of a proper privacy program … and how to pick your auditor
  • 7 questions to ask to ensure you identify and minimize the risk presented by business associates
  • The key privacy data protection laws you need to be aware of – including HIPAA
  • Who most organizations overlook when designing and implementing privacy programs – and why this mistake could be fatal to your organization
  • Why keeping a data inventory is critical – and how to create your quickly and easily
  • What your organization must master to be able to ensure that patient information remains secure
  • The “CIA” Information Security Triad … and how to use it within your organization to improve data security
  • How to calculate and analyze the true Return on Investment (ROI) in your privacy and security program
  • What you’re legally required to do when a privacy breach occurs
  • The 5 most common ways breaches occur … click here to see the full list.
  • The 2 domains in CIPM Certification … and why you should care about both (even if you never plan to become certified)
  • The top 3 reasons organizations begin privacy programs
  • How your location affects what you’re required to do to protect “sensitive” personal information
  • The 3-step process for establishing a privacy program
  • Why a vision or mission statement is vital to creating a strong privacy program … and the 4 key elements to include
  • How to develop a privacy strategy for personal information
  • The 7 most common elements included in data protection regulations
  • 4 critical steps to developing a privacy framework
  • 6 phases for building a privacy team
  • What data inventories and risk assessments are … and how they help you get a handle on what you’re supposed to be protecting
  • The 9 key elements of a data inventory … and what most organizations overlook
  • How to establish the current baseline of what you’re doing to protect patient information … and use it to guide your next steps
  • The 4 phases of the privacy policy life cycle … and what you should do in each phase
  • What a privacy assessment is … and how to tell if your organization needs one
  • The difference between “education” and “awareness” when it comes to your privacy program … and the role that each plays in protecting patient information
  • 7 steps to starting a privacy maturity model
  • How to determine the privacy legal requirements you need to follow by asking 7 powerful questions
  • Think privacy is only your responsibility? No! These 6 departments all play a role
  • The 5 characteristics of good metrics … and how they’ll make it easier to monitor the effectiveness of your privacy program
  • The 10 types of metrics you need to develop to fully understand how well you’re protecting data
  • The #1 thing you need to know about your organization to interpret how the various privacy requirements affect you
  • Who within your organization should be involved in privacy (hint: you should not be the only one!)
  • The types of data that gets collected in each department … and how to make sure everyone is conforming to regulatory practices when collecting, using and sharing information
  • The 11 principles of the proper management of data and information
  • The potential standards that determine how risk is identified, controls are selected and implemented, and risk is tracked
  • Two forms of privacy controls … and when to use each
  • 14 critical competency areas that need to be developed to improve information security … and what needs to be done in each area
  • The 7 fundamental principles of privacy by design … and how using them strengthens your privacy program
  • Which processes need to be analyzed with privacy metrics
  • The 5-step metric life cycle … and which most often get missed
  • One of the easiest ways to choose the metrics you’ll develop
  • 5 potential errors you can make when using metrics – and how to protect against them all
  • Your choices for how you’ll monitor metrics … and how to pick the right form for your organization’s needs and situation
  • Strategies for monitoring and analyzing the trends in your organization’s privacy and security program
  • What factors to consider when defining the value of an information asset
  • The 3 types of audits you need to conduct – and how often to use them
  • The most commonly overlooked and underestimated component of any privacy program
  • 3 things you must do when reviewing and monitoring the framework of your privacy and security program – and how often these things should happen
  • 11 stakeholders to notify when a breach occurs
  • A proven 5-step process for handling privacy and security incidents
  • 8 activities your response team should undertake as soon as a breach is discovered

And much more – reserve your spot now.



What You’ll Receive

  •  Instruction from a top privacy and security expert, Roger Shindell, M.S., CHPS, CISA, CIPM, the CEO of Carosh Compliance Solutions.
  • A spot in this 2-day, limited-seating training workshop. To make sure you get plenty of personal attention to have your questions answered, we keep the group small. (A $2,500 value)
  • A workshop binder containing slides, worksheets, checklists, resources and other tools. Capture your notes in the binder and refer to these materials again and again once you get back to the office. (A $500 value)
  • Breakfasts and lunches. We’ll arrange these meals so that you can maximize the time you spend networking with your peers. (Dinners are on your own.) (A $100 value)
  • A cocktail and networking reception. As the designated privacy officer for your organization (whether that’s your title or not), you bear a serious responsibility – and face numerous challenges few understand. Here’s a fun opportunity to meet, commiserate and brainstorm with your peers. (A $50 value)


To help you prepare for the CIPM exam, you’ll also receive:

  • An electronic copy of Privacy Program Management: Tools for Managing Privacy Within Your Organization, the textbook that IAPP uses for the CIPM. You’ll receive 24/7 access through the MyIAPP portal. (A $75 value)
  • A one-year membership in the IAPP, the largest and most comprehensive global information privacy community and resource. (A $275 value)
  • A test voucher to take the CIPM one time. (The IAPP warns that the exam is difficult and may require taking multiple times to pass.) (A $550 value)


Payment Information
Pay in full ($3,399) or provide a deposit ($250) to secure your spot.
Full payment is due 48 hours prior to the event.
For alternative payment arrangements, please call (877) 778-1816.

Frequently Asked Questions

What You'll Learn
  • Common Principles and Approaches to Privacy
  • How to Develop and Implement a Privacy Program Framework
  • Jurisdiction and Industries
  • Information Security: Safeguarding Personal Information
  • Online Privacy: Using Personal Information Websites and with Other Internet-related Technologies
  • Privacy Program Governance
  • How to Measure Performance
  • Privacy Program Operational Life Cycle
What's Included?
  • Light breakfasts and lunches
  • Coffee and water available
  • Certificate of attendance
  • IAPP voucher to take the CIPM exam*
  • Flashcards of CIPM glossary terms
  • Printed powerpoint slides and helpful resources organized in a binder*Please note that one CIPM exam cost is covered within the fee of this course.  You will need to book your exam via the IAPP Web site at: https://iapp.org/certify/get-certified/cipm/

MODULE 1: Fundamentals of Information Privacy

  • Unit 1: Common Principles and Approaches to Privacy
  • Unit 2: Jurisdiction and Industries
  • Unit 3: Information Security: Safeguarding Personal Information
  • Unit 4: Online Privacy: Using Personal Information on Websites and with Other Internet-related Technologies

MODULE 2: Privacy Management

  • Unit 1: Privacy Program Governance
  • Unit 2: Privacy Operational Life Cycle
Venue Information

Training Location for Des Moines:
The Wildwood Lodge
Address: 11431 Forest Ave, Clive, IA 50325
Phone: (515) 222-9876 – Discounted hotel room rates available – limited availability
Web Address: https://thewildwoodlodge.com

Training Location for Omaha:
Steak & Grapes
Address: 16920 Wright Plaza #118, Omaha, NE 68130
Phone: (402) 884-8966
Web Address: https://www.steakandgrapesomaha.com/

Suggest an Alternative Location

If you are unable to attend this training, please provide an alternative location that is convenient for you.

* Required

Media Inquires
For more information contact:

Mary-Louise Harkins
E-mail: Media@carosh.com
Phone: (219) 440-1701