Jason Edwards

Certified: The IAPP CIPT Audio Course

Certified: The IAPP CIPT Audio Course is an audio-first study and skills course built for privacy professionals who need a practical, modern understanding of privacy in technology. It’s designed for people who work near products, data, or security and want to speak confidently about how privacy actually gets implemented—product managers, engineers, architects, analysts, security practitioners, and privacy program staff. If you’re moving from policy into product, supporting a privacy team as a technologist, or preparing for the IAPP Certified Information Privacy Technologist credential, this co...

Author

Jason Edwards

Category

Technology

Latest episode

Feb 22, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

Welcome to Certified: The IAPP CIPT Audio Course 22.02.2026

Certified: The IAPP CIPT Audio Course is an audio-first study and skills course built for privacy professionals who need a practical, modern understanding of privacy in technology. It’s designed for people who work near products, data, or security and want to speak confidently about how privacy actually gets implemented—product managers, engineers, architects, analysts, security practitioners, and...

Episode 63 — Review Code and Monitor Runtime for Privacy Regressions 22.02.2026

This episode closes the series by focusing on preventing privacy regressions through disciplined code review and runtime monitoring, because CIPT scenarios often assume that privacy commitments can fail quietly after release if nobody is watching. We define a privacy regression as any change that causes the system to collect more than intended, share data beyond approved recipients, retain longer...

Episode 62 — Build Data Inventories and ROPA That Stay Current 22.02.2026

This episode explains data inventories and Records of Processing Activities as living assets that enable nearly every other privacy control, which is why CIPT scenarios often treat “know your data” as the first practical step to risk reduction. We define a data inventory as a catalog of systems, data categories, sources, and recipients, and a ROPA as structured documentation of processing purposes...

Episode 61 — Manage SDLC Privacy Risks from Idea to Sunset 22.02.2026

This episode focuses on privacy risk management across the full software development lifecycle, because CIPT scenarios often test whether you can prevent problems early and maintain controls as systems evolve and eventually retire. We define SDLC privacy risk as the set of failures that occur when privacy requirements are missing, misunderstood, or not validated during design, build, test, deploy,...

Episode 60 — Model Data Flows Accurately from Source to Sink 22.02.2026

This episode teaches data flow modeling as an essential privacy engineering skill, because the CIPT exam repeatedly relies on your ability to reason about where data comes from, where it goes, and what transformations and disclosures occur along the way. We define a data flow as the movement of data through collection points, processing services, storage systems, and external recipients, including...

Episode 59 — Apply NIST Privacy Objectives to Daily Operations 22.02.2026

This episode connects NIST privacy objectives to practical daily work, because CIPT scenarios often require you to use framework language to guide decisions without turning the framework into an academic exercise. We define core privacy objectives as outcomes your program and systems must achieve, such as managing data processing, enabling appropriate control, supporting transparency, and reducing...

Episode 58 — Adopt Value-Sensitive Design for Trustworthy Products 22.02.2026

This episode introduces value-sensitive design as a way to build systems that reflect human values like autonomy, dignity, and fairness, which aligns with CIPT expectations when questions require balancing business goals with privacy harms and user expectations. We define value-sensitive design as integrating values into technology design through stakeholder analysis, identifying potential harms,...

Episode 57 — Test Privacy Usability Thoroughly with Audio-First Methods 22.02.2026

This episode explains privacy usability testing as a way to verify that people can understand and operate privacy controls, because the CIPT exam expects you to recognize that a control is not effective if users cannot use it correctly. We define privacy usability testing as evaluating whether notices, consent prompts, preference settings, and rights workflows are comprehensible and actionable, th...

Episode 56 — Analyze UX Privacy Impacts Without Visual Aids 22.02.2026

This episode focuses on analyzing user experience privacy impacts using clear mental models, because CIPT scenarios frequently ask what is confusing, misleading, or missing in an interaction even when you are not given a diagram. We define UX privacy impact as the way interface choices influence user understanding, choice, and control, and we connect that to privacy outcomes like valid consent, ef...

Episode 55 — Set Measurable Goals and Align System Specifications 22.02.2026

This episode teaches how to turn privacy requirements into measurable system goals and specifications, a core privacy engineering skill that the CIPT exam often tests through scenarios involving ambiguous requirements and competing stakeholder demands. We define goals as the outcomes you need, such as limiting exposure, honoring choices, or enabling accountability, and specifications as the testab...

Episode 54 — Implement Privacy by Design Across Product Roadmaps 22.02.2026

This episode focuses on making Privacy by Design real across ongoing product development, because the CIPT exam expects you to embed privacy into decisions early and repeatedly rather than patching issues at the end. We define Privacy by Design as proactively building privacy principles into architecture, workflows, and defaults, and we connect it to practical outcomes like minimizing data, limiti...

Episode 53 — Complete DPIAs with Sharp, Decision-Ready Analysis 22.02.2026

This episode teaches Data Protection Impact Assessments as an applied risk process, because CIPT questions often present DPIAs as the moment where privacy engineering, governance, and product reality meet. We define a DPIA as a structured assessment of processing that is likely to result in high risk, focusing on purpose, necessity, proportionality, risks to individuals, and mitigations that reduc...

Episode 52 — Define and Monitor KRIs and KPIs That Matter 22.02.2026

This episode focuses on measurement as a privacy program control, because CIPT scenarios often test whether you can translate privacy outcomes into metrics that guide decisions and reveal emerging risk. We define KPIs as measures of performance toward program goals and KRIs as measures that signal increasing risk, then we explain why both need clear definitions, consistent collection, and an agree...

Episode 51 — Run Privacy Audits That Drive Real Remediation 22.02.2026

This episode explains how to conduct privacy audits that actually improve controls, because the CIPT exam expects you to understand assurance as an operational capability, not a once-a-year checklist. We define a privacy audit as a structured evaluation of whether policies, processes, and technical safeguards are implemented and effective, and we connect that to evidence, sampling, and repeatable...

Episode 50 — Guide Safer Social Media and Online Gaming Practices 22.02.2026

This episode applies privacy engineering thinking to social media and online gaming contexts, which CIPT-style scenarios may include because these platforms combine identity, behavior, communication, and often minors or vulnerable populations. We define the kinds of data commonly processed, including account identifiers, social graphs, voice and chat content, gameplay telemetry, location signals,...

Episode 49 — Secure Communications and Mobile Messaging End-to-End 22.02.2026

This episode explains how to secure communications channels so personal data is protected in transit and in use, a common CIPT scenario because messaging, notifications, and mobile workflows often leak data through convenience features and weak defaults. We define key concepts like encryption in transit, end-to-end encryption, metadata exposure, device security, and message retention, and we conne...

Episode 48 — Evaluate AI and Machine-Learning Privacy Trade-Offs 22.02.2026

This episode focuses on privacy risk in AI and machine learning systems, which CIPT scenarios increasingly include because models can memorize, infer, and amplify harm even when traditional controls seem in place. We define the key privacy risks: training data exposure, membership inference, attribute inference, model inversion, data drift, and secondary use of data collected for one purpose but r...

Episode 47 — Monitor Web and In-App Tracking Transparently 22.02.2026

This episode explains web and in-app tracking as both a technical system and a governance challenge, because CIPT questions often require understanding how trackers operate, what data they collect, and how to control them in line with notices and choices. We define tracking mechanisms such as cookies, pixels, device identifiers, fingerprinting signals, and SDK events, and we discuss how tracking b...

Episode 46 — Manage Location Tracking Risks Across Devices and Apps 22.02.2026

This episode focuses on location data as a uniquely sensitive category, because CIPT exam scenarios often test whether you understand that location can reveal behavior, relationships, and vulnerability even when it seems like “just coordinates.” We define different forms of location data, including GPS coordinates, Wi-Fi and Bluetooth signals, cell tower data, IP-based approximations, and derived...

Episode 45 — Navigate Biometrics Safely: Capture, Storage, and Use 22.02.2026

This episode teaches biometric processing as a high-risk domain that requires careful design, because CIPT scenarios involving face, voice, fingerprints, or behavioral biometrics often test whether you understand sensitivity, irreversibility, and downstream misuse risk. We define biometrics as characteristics used to identify or authenticate individuals, and we emphasize how biometric templates, e...

Episode 44 — Evaluate Surveillance and IoT Sensors Without Overcollection 22.02.2026

This episode addresses surveillance and IoT privacy risk, a recurring CIPT theme because sensors and ambient data create collection that is continuous, hard to notice, and easy to repurpose. We define IoT and sensor data broadly, including cameras, microphones, environmental sensors, wearables, smart home devices, and workplace monitoring, and we explain how the privacy risk often comes from scale...

Episode 43 — Assess E-Commerce Checkout and Loyalty Privacy Risks 22.02.2026

This episode applies privacy engineering to e-commerce scenarios, which appear frequently in CIPT contexts because checkout flows, payment data, loyalty programs, and marketing attribution create dense, high-risk processing. We define the typical data elements involved, including identity, contact details, purchase history, device signals, location, and payment-related information, then we highlig...

Episode 42 — Vet Service-Provider Privacy with Measurable Controls 22.02.2026

This episode builds your ability to evaluate service providers with evidence and measurable controls, because the CIPT exam expects you to go beyond “review the contract” and understand how vendor processing creates real exposure. We define what to vet: the data types accessed, the purposes supported, where processing occurs, how access is granted, how logs are handled, how incidents are managed,...

Episode 41 — Control Change Management Risks in Data Processing 22.02.2026

This episode focuses on change management as a privacy control, because CIPT scenarios often involve a “small” product or vendor change that quietly alters collection, use, sharing, or retention in ways that create compliance and trust failures. We define change management as the structured process for proposing, reviewing, approving, implementing, and validating changes, and we connect it to priv...

Episode 40 — Deploy Intrusion Detection That Respects Privacy Signals 22.02.2026

This episode explains how intrusion detection supports privacy by reducing the time attackers or insiders can access personal data, while also requiring careful design so monitoring does not become overcollection. We define intrusion detection in practical terms, including host, network, and application monitoring, and we connect it to privacy outcomes like early detection of exfiltration, account...

Listen to the Certified: The IAPP CIPT Audio Course podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.