Copyright © 2017 IAPP

v. 2.0.0

Asia Privacy Certification

Authoritative Resource List

Introduction
The IAPP and its certification advisory board compiled the following list of books, periodicals, white
papers, reports and Web sites for the purpose of furthering education in information privacy. These
selections support the Certified Information Privacy Professional/Asia (CIPP/A) credentialing program
which assesses candidates’ understanding of information privacy laws and practices that apply to
Singapore, Hong Kong and India.

The CIPM Authoritative Resource List is divided into three sections:

(1) Authoritative Texts: Core publications that encompass the domains on the CIPM body of
knowledge;

(2) Supplemental Privacy Materials: Privacy-related publications, websites and other resources
that augment the authoritative texts; and,

(3) The link to The IAPP Resource Center.

Who Should Review

 Certification Candidates: The authoritative texts address the information privacy and
information security concepts and issues referenced in the CIPP/A body of knowledge. While
the IAPP does not draw from a single source to develop exams, we recommend these
publications to candidates studying for their exams.

 Certified Professionals (current IAPP credential holders): Each of the items listed in this
reading list may be applied toward the continuing privacy education (CPE) requirements
mandated under your credential. Upon submission to the IAPP for approval, credits will be
awarded based on a formula where 50 pages of written text = 1 CPE credit. Simply tally the
total number of pages from your selection and submit for approval using the authorization
form available at http://www.privacyassociation.org.
 Copyright © 2017 IAPP
v. 2.0.0

Authoritative Texts
While we recommend these resources as comprehensive, widely-recognized privacy texts that cover the
topics outlined in the CIPP/US body of knowledge, candidates for certification must understand that no
published text can keep pace with the rapidly-changing privacy landscape. We continuously adjust our
exam content to represent the latest regulatory and technological changes and we expect candidates for
IAPP certification to know about the important developments in their sector that may modify or
supplant information in the authoritative texts.

 Baker & McKenzie’s Global Privacy Handbook, 13th Edition. Baker & McKenzie, 2013. Has
sections on India, Singapore.
 Greenleaf, Graham. “Asian Data Privacy Laws: Trade and Human Rights Perspectives.” 1st Ed.
Oxford: Oxford University Press, 2014.

Supplemental Privacy Resources

SINGAPORE

Thomson Reuters Practical Law, Data Protection in Singapore: Overview. http://uk.practicallaw.com/6-

579-6345

Personal Data Protection Commission (PDPC) Singapore website: https://www.pdpc.gov.sg/legislation-

and-guidelines

PDPC website: Main Advisory Guidelines: https://www.pdpc.gov.sg/legislation-and-guidelines/advisory-

guidelines/main-advisory-guidelines

Monetary Authority of Singapore Notice SFA03AA-N01, Prevention of Money Laundering and Countering
the Financing of Terrorism- the Depository.
http://www.mas.gov.sg/~/media/MAS/Regulations%20and%20Financial%20Stability/Regulatory%20an
d%20Supervisory%20Framework/Anti_Money%20Laundering_Countering%20the%20Financing%20of%2
0Terrorism/MAS%20Notice%20SFA03AAN01%20January%202016.pdf

Model Data Protection Code Implementation and Operational Guidelines, PDPC:

http://media.mofo.com/files/PrivacyLibrary/1582/SINGAPORE_Model-Data-Protection-Code.pdf

Privacy International, Universal Period Review: The Right to Privacy in Singapore.

https://www.privacyinternational.org/sites/default/files/Singapore_UPR_PI_submission_FINAL.pdf
 Copyright © 2017 IAPP
v. 2.0.0

HONG KONG

Hong Kong (PCPD) website: https://www.pcpd.org.hk/index.html Contains information and PDFs on the
PDPO

PCPD, New Guidance on Direct Marketing:

https://www.pcpd.org.hk/english/publications/files/GN_DM_e.pdf

PCPD, Hong Kong Personal Data Protection Regulatory Framework: An Approach to Consultative
Regulation.https://www.pcpd.org.hk/english/news_events/whatison/files/PCPD_Georgetown_Universit
y_7Apr2016.pdf

Thomson Reuters Practical Law, Data Protection in Hong Kong: Overview. http://uk.practicallaw.com/9-
505-7567?source=relatedcontent#a835591

Hogan Lovells Overview of HK Data Protection Law:

http://www.hoganlovells.com/files/Uploads/Documents/14.03_PDPO%20Key%20Questions%20for%20
Businesses.pdf

Linklaters on Hong Kong Data Protection:

https://clientsites.linklaters.com/Clients/dataprotected/Pages/HongKong.aspx#nationalleg

INDIA

India’s Information Technology Act:

http://www.meity.gov.in/content/information-technology-act
http://meity.gov.in/writereaddata/files/itbill2000.pdf

India’s IT Act, 2008 amendment:

http://meity.gov.in/writereaddata/files/it_amendment_act2008%20%281%29_0.pdf

Ministry of Communications and Information Technology (DeitY) Notification, G.S.R. 313(E): Information
Technology (Reasonable Security Practices and procedures and sensitive personal data or information)
Rules, 2011. http://www.wipo.int/edocs/lexdocs/laws/en/in/in098en.pdf

DeitY Notifications and Guidelines: http://meity.gov.in/meity-notifications

International Comparative Legal Guides, India: Data Protection 2016. http://www.iclg.co.uk/practice-

areas/data-protection/data-protection-2016/india

DLA Piper, Data Protection Handbook: India. https://www.dlapiperdataprotection.com/#handbook/law-

section/c1_IN

IAPP RESOURCE CENTER

 Copyright © 2017 IAPP
v. 2.0.0

The IAPP Resource Center is a searchable Privacy Library containing the most up to date articles,
research, and practical guidance on a wide range of privacy topics and issues. Certification candidates
are advised to supplement their preparation by referring to this valuable content. The Resource Center
also houses the IAPP Glossary of Privacy Terms, which contains important definitions and descriptions
catalogued by certification designation.