Trailblazing Your Path To Optimal Cyber Risk
For those preparing for the CIPM certification, the privacy program management textbook is a valuable resource. Since its first edition there have been a lot of incremental changes made to reflect the current state of privacy. The latest third edition of the book offers much more clarity, better flow, and additional content for the changing landscape. This Part-I post provides a summary of all the changes compared to the second edition.
To begin with, the major notable change in the current edition is that the 10 chapters have been reorganized. This new order of the chapter makes more sense, in terms of the flow of the content. This arrangement was also intended to map to the privacy governance life cycle methods - assess, protect, sustain, and respond.
While chapters 1-4 have remained in the previous order, rest of them have been reorganized to support the body of knowledge (BoK) and privacy operational life cycle content. Read along for an overview of the chapter arrangement as compared to the previous edition of the textbook.
Chapter 8 - Protecting Personal Information is the chapter 5 in the new edition. The placement of this chapter makes sense as it comes right after the "Data Assessments" chapter that discusses deeply about data governance, data lifecycle, and assessments. The information about the data is essential to engineer it's protection that forms the protecting personal information chapter.
Policies are a form of control that help protecting organizational assets. This was chapter 5 and has been moved to chapter 6 in the 2nd edition.
Monitoring and Auditing was the last chapter in 2nd edition but now it is chapter 7. Auditing comes on the heels of the policies chapter and begin the sustainment phase of the privacy program lifecycle.
Chapter 8 addresses training and awareness.
Data subject rights play a critical role in the respond phase of privacy governance. This forms chapter 9 of the guide, which was chapter 6 in the previous version.
The last chapter covers data breach incident handling tied to the respond phase of the governance cycle.
The details on the content additions and updates made to each of the chapters will be covered in the next post.
© 2025 All Rights Reserved. CYRVANA® is a registered trademark of Cyrvana Inc. All other trademarks, service marks, and logos used on this site are the property of their respective owners. The use of customer and partner logos does not imply endorsement by or affiliation with Cyrvana. Privacy | Terms | Legal | Cookie Preferences
