Home / California Privacy Policy


The California Consumer Protection Act (“CCPA”) requires specific disclosures to California residents. These required disclosures are organized separately for convenience and to reflect terminology used in the CCPA but ISACA’s privacy notice will provide additional detail on ISACA’s Privacy Practices. If you wish to request more information from ISACA or inquire on exercising your rights under CCPA, you can reach out to ISACA by accessing the Data Subject Access Request Portal; e-mailing ISACA at privacy@isaca.org or by calling ISACA (toll free) at +1.844.472.2246.

The categories of personal information that may be collected from you are as follows:

A. Information You Directly and Voluntarily Provide to Us.

Membership: If you provide your Personal Information to ISACA to become a member of ISACA, or if you sign up to become a registered user of any website operated by ISACA, you will be required to provide certain information as part of the registration process. This information may include your first and last name, email address, and business or home address. We may also request that you voluntarily provide other information, such as your phone number, year of birth, demographic information, educational background, work experience, information about your non-ISACA certifications, or courses or areas of study in which you may be interested and information about your company as it relates to ISACA’s products and services and your ISACA membership. Membership information is used to communicate with you, to design content and activities that we believe would be of interest to you, and to ensure that ISACA will not violate any applicable U.S. sanctions in providing you access to ISACA’s goods and services. If you wish to opt-out of receiving these communications from us, please follow the instructions contained in an applicable communication you receive from us or go to the Preference Center, go to the Data Subject Access Portal and submit a request or email privacy@isaca.org.

Events and Conferences: ISACA may host events that include in-person and virtual conferences, training, knowledge sharing and webinars. If you register for an ISACA event and you are an ISACA member, we will access the information in your member account to provide you with information and services associated with the event. If you register for one of our events and you are not an ISACA member, we will collect your first and last name, email address, business or home address, information about the type of business you work for or with and your role in that business, which we will use to provide you with information and services associated with the event.

Publications: We offer various publications and materials through our Sites. Some of these publications and materials are publicly accessible, however, others require that you to be an ISACA member, or that you create an account and subscribe to receive these publications and materials. If you are not an ISACA member and you create an account for this purpose, you will be required to provide certain information as part of your account registration, which may include your first and last name, email address, and business or home address and professional information. You may manage your ISACA subscriptions by subscribing or unsubscribing at any time. Please use the Preference Center, Data Subject Access Portal or email privacy@isaca.org to modify or cancel such subscriptions.

Exams and Certification: When you register to take an ISACA certification exam, we will collect your first and last name, email address, phone number, business address, home address, demographic information and professional and education history. We may also collect and store information you provide to us about special accommodations that you may request. Only authorized employees within ISACA have access to your certification exam scores and personal information pertaining to any special accommodations you may request. ISACA will collect your exam results and, in conjunction with maintaining your certification(s), your record of participation in continuing professional education.

Certification Status: If you hold an ISACA certification, we may share your certification status with third parties that ask about your status. We only share your certification status with third parties due to ANSI requirements that are applicable to our certifications in order to provide you with the applicable certification.

Communications with ISACA: If you communicate or correspond with us by email, through postal mail, via phone or through other forms of communication, including our customer service center, we may collect the information you provide as part of those communications, specifically the reason for your communication, contact information and the resolution of the concern. For example, if you correspond with us through email, we may collect and store the email address you use to send the applicable correspondence and use it to respond to your inquiry; to notify you of ISACA conferences, publications, or other services; or to keep a record of your complaint, accommodation request, and similar purposes.

B. Information We Automatically Collect from You.

We may automatically collect information about you when you use our Sites or our services. For example, if you access the Sites through a computer, we will automatically collect information such as your browser type and version, computer and connection information, IP address, pages you have visited and standard web log information. We may use remarketing tools that will serve ads to you based on your location, the content you have explored on our site to render ads to you after you have left our Site. If you access the Sites through a mobile device, we may also be able to identify the location of your mobile device. You may choose not to share your location details with us by adjusting your mobile device’s location services settings. For instructions on changing the relevant settings, please contact your service provider or device manufacturer.

This information that we automatically collect from you is used to enhance the performance of ISACA’s website. ISACA also uses your location information (if shared with ISACA) to identify the geographic locations from which our content is accessed so that we can better understand what content topics may be most relevant in that region, and to ISACA members generally, and to develop resources around those content topics.

We may automatically collect information from you when you use the Sites using “cookies” and other similar technologies, such as web beacons. Cookies are small amounts of data that are stored within your computer’s Internet browser and that are accessed and recorded by the websites that you visit so that they can recognize the same browser navigating online at a later time. The cookies are not able to execute code or access other information stored on the computer. Web beacons are transparent pixel images that are used in collecting information about website usage, email response and tracking.

Information that may be collected by cookies when you use the Sites may include, without limitation:

  • the pages you visit within the Sites;
  • the date and time of your visit to the Sites;
  • the amount of time you spend using the Sites;
  • the Internet Protocol (IP) address used to connect your computer to the Internet; and/or
  • your computer and connection information such as your browser type and version, operating system and platform.

This information is collected to enhance the site performance and end user experience. You can set your browser to reject cookies or to notify you when you are sent a cookie. To learn more about your ability to manage cookies and web beacons, please consult the privacy features in your browser. In addition, to find out more about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org. View our Ad and Cookie Policy.

ISACA will not associate identifiers from cookies or similar technologies with sensitive identifiers about you, such as race, religion, sexual orientation or health.

C. Information Collected by Third Parties through Third-Party Links and Content.

The Sites may include links to other websites and other content from third-party businesses and can offer direct interaction with external websites, networks or platforms that are outside ISACA’s control. These third-party businesses may use cookies, web beacons or other similar technology to collect information about you. ISACA does not have access to or control over these third parties or the cookies, web beacons or other technology that these third parties may use. We are not responsible for the security, privacy of the information collected by these third parties or the privacy practices of these third parties or the content on any third-party website. You are encouraged to review the privacy policies of the different websites you visit and of the advertisers whose ads you may choose to click while on our Sites (see Section 3 below for additional information about Online Advertising).

D. Information Collected by Third-Party Analytics Services.

We may work with third-party analytics services to help us understand how the Sites are being used, such as tracking the frequency and duration of use of the Sites. We may use Adobe Analytics and Google Analytics, and web analytics services provided by Adobe and Google (“Analytics Tools”) to collect information about your use of the Sites. These Analytics Tools may use cookies to collect information about the content you view, what websites you visit immediately prior to and after visiting the Sites, and your system information and geographic information. The information generated by these cookies about your use of the Sites will be transmitted to and stored by the applicable analytics services. The information collected by these analytics services allows us to analyze your use of the Sites. The Analytics Tools may also transfer this information to third parties where required to do so by law, or where such third parties process the information on their behalf. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of the Sites. At the moment that you cancel your ISACA membership or withdraw your consent for the processing of personal information, ISACA will not be able to access the personal information processed by third-party analytics. By using the Sites, you consent to the processing of data about you by Adobe and Google in the manner and for the purposes set out above. You can opt-out of Google Analytics by installing Google’s opt-out browser add-on, and out of interest-based Google ads using Google’s Ads Settings.

E. Information You Share on Third-Party Websites or through Social Media Services.

The Sites may include links to third-party websites and social media services where you will be able to post comments, stories, reviews or other information outside of ISACA’s control. Your use of these third-party websites and social media services may result in the collection or sharing of information about you by these third-party websites and social media services. ISACA is not responsible for the security or privacy of any information collected by other websites or other services. Information collected by third parties is governed by their privacy practices. We encourage you to review the privacy policies and settings on the third-party websites and social media services with which you interact to make sure you understand the information that may be collected, used, and shared by those third-party websites and social media services.

F. Information You Post on the Sites.

If you post information on public areas of the Sites, that information may be collected and used by ISACA, other users of the Sites, and the public generally. In addition, if you are an ISACA member or registered user and choose to participate in our professional networking features, which are provided by our third-party vendor and volunteer platform provider, Higher Logic (located in the United States, for privacy information on Higher Logic contact: privacy@higherlogic.com), postings you make in connection with those features will be associated with the personal information in your public member profile (which includes your name, user name, and other optional information you may choose to include). Higher Logic collects information for the volunteer management platform and other ISACA platforms on the instruction of ISACA. ISACA may share the following personal data with Higher Logic for this volunteer management platform and other ISACA platforms: your name, state, zip code, country, phone number, bio, email, job title, company, ISACA and non-ISACA certifications, education (university or school and degree), areas of interest, membership level, chapter membership, chapter leader role, chapter ID, work experience, date of birth, photo and staff membership.

If you decide to participate in our platforms and professional networking features, keep in mind that your personal information (for example, your name and online user name), along with any substantive information you disclose in the communication you decide to post, will be publicly accessible and viewable by others who visit that area. In addition, we may highlight certain users’ postings or contributions to other members of the ISACA professional networking features. For example, users who participate actively in our social networking features, like contributing materials and engaging in certain online activities, will be listed as “active members” in a roster that is viewable by all other registered users. It is possible that your posting may result in unsolicited messages from third parties. We strongly recommend that you do not post any information on the public areas of the Sites that allows strangers to identify or locate you or that you otherwise do not want to share with the public.

G. Information You Provide to Payment Processors.

All payments made to ISACA are processed by a PCI/DSS-compliant (these are payment card industry security standards) payment processing service engaged by ISACA. All information collected by these third-party providers for purposes of processing your payments is not available to us, unless you have otherwise provided this information to us in connection with your use of the Sites or our products and services.

H. Personal Information Provided by Third Parties.

We may receive personal information about individuals from third parties. This may happen if your employer pays and registers you for training, certification, or membership, however, we will only share information about you with your employer if you consent in advance to our sharing this information. Our third-party training partners may also share your personal information with ISACA when you sign up for training, certification or membership through the applicable training partner.

I. Online Advertising; Tracking

ISACA and third-party businesses may use the information collected through the Sites using cookies, web beacons, and other similar technologies to help manage online advertising programs. This information may enable ISACA and our third-party advertising services and other third-party businesses to track the actions of users online over time and across different websites or platforms to measure statistics relating to marketing efforts, and to deliver electronic advertisements that may be more relevant to individual consumers and that will improve the consumer experience. For information about how tracking works for online advertising purposes, and what happens when you elect a do-not-track option, visit www.aboutads.info/choices. In addition, some third-party businesses may provide a mechanism to opt-out of their technology. For more information about the opt-out process, you may visit the Network Advertising Initiative website, available at: www.networkadvertising.org/managing/opt_out.asp.

Do Not Track: Your browser may allow you to adjust your browser settings so that “do not track” requests are sent to the websites that you visit. However, ISACA does not respond to “Do Not Track” (DNT) signals. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

The Purposes for Which Your Information May be Shared with Others

Except as set forth in this Privacy Notice or when specifically agreed to by you, we will not disclose personal information we gather from you to third parties unless ISACA is required to share this information to complete your request or for legitimate business purposes. ISACA shares personal information in the following circumstances:

Services Provider. We may share your information with vendors or third parties who deliver or provide goods and services or otherwise act on behalf of or at the direction of ISACA. These third parties may include, for example, our third-party technology providers, including our mobile application vendor, exam-testing agencies and training providers and partners, product-fulfillment companies, and third-party event hosts, hotels for conference registrants, sponsors, co-sponsors, electronic credential badge issuer and exhibitors. These third-party service providers will only have access to the information needed to perform these limited functions on our behalf. If you do not wish to have your information included in an attendee list or to receive information from sponsors, co-sponsors and/or exhibitors, you can express your preferences when you register for events or you may contact ISACA directly at privacy@isaca.org or through the Data Subject Access Portal.

Volunteers and Board Members. We may share your information with our affiliates, subsidiaries and ISACA volunteers and board members for purposes of conducting ISACA’s internal business operations. ISACA also makes publicly available the names, titles, country and business affiliations of officers, committee members and others who have assisted with initiatives or projects.

Other ISACA Organizations. We may share your information with your local ISACA chapter so that they may offer membership and associated services to you pursuant to your membership in that Chapter, the IT Governance Institute as well as ISACA subsidiaries and affiliates to provide information regarding their programs and initiatives. If you participate in our “Enterprise Participation Program,” your information, particularly with respect to the goods and/or services your company has purchased from ISACA for your benefit, will be shared with your organization’s program coordinator.

ISACA Events. If you are an event attendee, speaker, or sponsor, certain items of your information may be included in the event roster, which will be publicly disclosed, and may also be shared with third-party event sponsors and exhibitors. Your information may also be shared with the TripBuilder conference application. ISACA provides conference attendee information to TripBuilder ( First Name, Last Name, Company Name, Country, ISACA Certifications Held, Email address (not publicly visible unless the user chooses to make it publicly visible to other app users), Session selections (Conference specific)) during conference registration. TripBuilder administers the conference mobile application and validates that you are an attendee before this application can be downloaded by you. Any data TripBuilder collects is deleted by TripBuilder after the event takes place. Further, by registering and attending an ISACA event, you agree irrevocably, with no compensation to you, that ISACA or any third party who is acting on ISACA’s behalf may create images, videos and/or sound recordings of you (“works”) at the event for marketing purposes. This grant of rights in the works also includes the rights to adapt, reproduce, distribute, perform, make available to the public, broadcast, retransmit or sublicense the works to ISACA’s affiliates. This grant of rights in the works also includes all current and future media and is not restricted to time or territory.

Potential Employers. If you use our Career Center services, the information you include in your profile will be shared with our Career Center site vendor and will be subject to the vendor’s privacy policies. When you provide information in the Career Center, your information may be accessible to potential employers or recruiters. ISACA will only share information about you with potential employers or recruiters if you consent in advance to our sharing of this information.

Response to Subpoenas, Court Orders, Government Requests or to Protect Rights and to Comply with Our Policies. To the extent permitted by law, we will disclose your information to government authorities or third parties if: (a) required to do so by law or regulation, or in response to a subpoena or court order or any other enforceable governmental request or order; (b) we believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, to protect the property or other rights of us or other users, third parties or the public at large; or (c) we believe that you have abused the Sites by using them to attack other systems or to gain unauthorized access to any other system, to engage in spamming or otherwise to violate applicable laws. You should be aware that, following disclosure to any third party, your information may be accessible by others to the extent permitted or required by applicable law.

Business Transfers; Bankruptcy. In the event of a merger, acquisition, bankruptcy or other sale of all or a portion of our assets, any user information owned or controlled by us may be one of the assets transferred to third parties. Unless you are residing in the European Economic Area, we reserve the right, as part of this type of transaction, to transfer or assign your information and other information we have collected from users to third parties. ISACA will still ensure the confidentiality and security of any user information. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred user information will be subject to this Privacy Notice.

Aggregate Information. We may share your information with affiliated or unaffiliated third parties on an anonymous, aggregate basis. While this information will not identify you personally, in some instances these third parties may be able to combine this aggregate information with other data they have about you, or that they receive from third parties, in a manner that allows them to identify you personally.

Where we do share your personal data with third parties, ISACA takes steps to ensure that they use appropriate safeguards to protect your personal data.

Request Your Data

Pursuant to Section 1798.110 of the CCPA, a California resident may make personal information requests to ISACA regarding collection and usage of the California resident’s personal information. A California resident may request the following types of information about themselves from ISACA. Please be aware that in order to prevent unauthorized parties from accessing your information, ISACA may ask for verification of a California consumer’s identity.

  • Categories of personal information collected about you;
  • Categories of sources from which personal information about you is collected;
  • Business or commercial purpose of collecting or selling, if applicable, personal information;
  • Categories of third parties with whom ISACA shares personal information;
  • Categories of personal information shared with vendors for a business purpose;
  • Personal information collected about you;
  • Categories of personal information that ISACA sold about you, if applicable;
  • Categories of third parties who were sold personal information by ISACA, if applicable

Under the CCPA, ISACA may not treat you differently than other customers where you have exercised your right to request data under the CCPA.

Request the Deletion of your Personal Information

If you wish to request the deletion of your personal information, reach out to ISACA by accessing the Data Subject Access Request Portal ; e-mailing ISACA at privacy@isaca.org or by calling ISACA at +1.844.472.2246. Please understand that ISACA may need to keep limited data to fulfill tax and other obligations and that the CCPA allows continued internal uses of personal information in specified instances.

Opt-out – Do Not Sell My Data

If you want to opt-out of ISACA sharing your information with third parties for their own marketing purposes, you can opt out by contacting privacy@isaca.org.

Request Fulfillment

Upon verification and confirmation of your request, ISACA will process your request. The CCPA requires a request to be “verifiable”, this means that ISACA make inquiries of you in order to confirm your identity before fulfilling your request. ISACA has forty-five days from the data a verifiable request is received to respond to your request. In some circumstances, ISACA may extend the time needed to fully meet your request of up to ninety additional days where necessary. The CCPA indicates that ISACA is obligated to respond to two requests in any twelve-month period. You may submit these requests to us via our Data Subject Access Portal, by emailing privacy@isaca.org or contacting ISACA at +1.844.472.2246.