Trailblazing Your Path To Optimal Cyber Risk
The previous post introduced the new structure of the CIPM textbook at the chapter level. In this post the specific additions and adjustments in each of the chapters of the textbook are elaborated. Below is the chapter organization comparison as a recap:
General updates include additional discussions/content added and new statistical data where new reports are available (Poneman, IAPP-EY Governance Report, Verizon Report, Wombat, etc.). New references were added that were largely removed in the last edition. As mentioned in the previous post, the chapters were reorganized to better support the BOK and privacy operational life cycle content. In some areas content was consolidated.
The section 1.6 - "Awareness, Alignment and Involvement" was renamed to "Championing Privacy".
The section 2.1 Create an Organizational Privacy Vision and Mission Statement, has new examples for vision and mission statements.
Sections 2.3 through 2.6 have been reshuffled. 2.3 is now "Develop a Privacy Strategy", which was section 2.6 in the 2nd edition. The smaller section 2.7 Structure the Privacy Team, and section 2.8 Governance Models were merged into one consolidated section 2.7. The following pictures depicts the changes in chapter 2.
2.4.3 Privacy Program Management Solutions which introduces the Privacy by Design (PbD) concept is now included in the 2.5.1 Principles and Standards section.
References of new privacy regulations around the world added throughout the book where appropriate including LGPD, CCPA, CPRA, Colorado, Nevada, Canada, Latin America (LGPD), East Asia (including China, South Korea, Japan, Malaysia, Singapore, and Thailand), New Zealand and Australia.
The section "3.4 Commonalities of International Privacy Laws" has been removed but it is ideal to know the commonalities between each of these major laws. For instance, requirements for ensuring individual rights (i.e., access, correction and deletion), and obligations are common.
Chapter 4 has three major additions - 4.1 Data Governance, 4.4.6 Assessing Artificial Intelligence, 4.6.1 Assessing Cloud Computing Vendors, and 4.6.3 Assessing Vendors under the CCPA. All these new additions are relevent to the changing privacy landscape.
This was the chapter 8 in the old version and covers the privacy by design concept. Under the section "5.4.4 Information Security Standards and Guidelines", a list of NIST Guidelines were included in addition to the ISO standards that were previously there. No other major additions were made except for minor expansions to few sub-sections.
As discussed earlier, this chapter 5 in the 2nd edition is now chapter 6. As with other chapters, content was expanded in some sections with additional references. The sections 6.7.2 Developing a Vendor Contract, and 6.7.3 Vendor Risk Management now have additional content.
No major changes were made to this chapter. A new sub section 7.2.14 Training Data was added that discusses the importance of gathering data to boost employee engagement.
The chapter includes some additional content but notably revised the methods listed in section 8.8 Training and Awareness Methods.
Sections on the CCPA, and Virginia's CDPA and other recently enacted privacy laws have been included. These are sections 9.4.2.5 and 9.4.2.6 respectively. Section 9.5.7 Right to Restriction of Processing and section 9.5.8 Right to Data Portability has new content referencing GDPR articles. "Section 9.8.1 Data Subject Rights Outside the United States and Europe" has been expanded to cover additional country specific changes that occurred in the recent times.
This probably is the chapter with least number of changes overall.
Our team at Cyrvana created a two page document that provides and overview of the CIPM content. Many of our trainees find it very helpful and we call it "CIPM On A Page" (well two pages actually!). Please download it and good luck with your CIPM exam!
© 2025 All Rights Reserved. CYRVANA® is a registered trademark of Cyrvana Inc. All other trademarks, service marks, and logos used on this site are the property of their respective owners. The use of customer and partner logos does not imply endorsement by or affiliation with Cyrvana. Privacy | Terms | Legal | Cookie Preferences
