To receive the Certificate in Information Privacy Law, a candidate must complete the following:


Required courses:

3 credits

This course is an introduction to privacy law. The course will place privacy within a social and legal context and will investigate the complex mesh of legal structures and institutions that govern privacy at state, national, and international levels. Students will be taught how to critically analyze privacy problems and make observations about sources of law and their interpretation. Students will be provided with the technological details needed to explore information security and management issues.

Information Privacy Law must be taken on a graded basis to receive the Certificate.

6 credits (2 credits must be for Global Privacy Law if offered)

The Center for Law + Innovation hosts a unique Summer Institute in privacy law that brings scholars from around the world to teach students about global privacy and cybersecurity law. The Center will host the eighth annual Summer Institute in information privacy and security law from May 22 – June 9, 2017.

Any Summer Privacy Institute courses that are offered as graded courses must be taken on a graded basis to receive the Certificate.

Nine credits from these courses:

3 credits

This course examines the nature of the rights protected under federal copyright law and the types of work that qualify for protection, including literary, artistic, and musical works. This course also covers copyright duration, ownership, formalities, remedies for infringement, and principles of international protection. The Copyright Act of 1976 as amended forms the core statutory material covered by the course.

3 credits

This course will focus on the investigative phase of criminal proceedings. We will examine the law that governs police conduct, including search and seizure, arrest and interrogation of suspects. The class will emphasize the interplay between abstract constitutional principles as interpreted by the courts and law enforcement on the street.

1 credit

This course presents a survey of the driving forces revolutionizing the practice of law, examines the impact of Facebook, Google, Amazon, and IBM Watson on legal search strategies, evaluates the growing threat from cyber terrorism, and highlights the changing employment landscape for practicing attorneys.

It is said that there are two kinds of companies today; those know they have been hacked, and those that do not know (yet). Ninety-eight percent of all data are now created electronically, in the form of social media, big data, new communication forms that can create, and destroy, messages in seconds, and monitoring software that collects, synthesizes, reports, and stores an unimaginable volume and type of data about a company, its employees, their activities, intellectual property, business processes, and client data. An increasing number of actors want access to that data, including government agencies, regulatory bodies, international policing institutions, audit committees, marketing organizations, outside counsel, opposing counsel and hackers (state sponsored or otherwise). Companies (small, mid-size and large) are turning to machine learning, artificial intelligence, and related technologies to monetize data and capture it for compliance needs, research and development, and driving efficiencies across all business units. Newly minted attorneys must develop real world capabilities to confront the fast pace of technology apparent in nearly every aspect of business operations and growth.  Some of the subjects examined will be eDiscovery and cybersecurity practices, lawyers’ ethical obligations vis-a-vis electronic data, changes to the Federal Rules of Civil Procedure to take into account electronically stored information, and advising clients in this environment.

3 credits

The course examines the goals of the U.S. health care system, which is designed to provide high-quality, affordable, and accessible health care. We will explore the regulation of health care professionals and institutions. The course will also discuss the contract, tort, and administrative law issues that come up in cases of informed consent, liability, malpractice, and end-of-life care. The course will also examine legal efforts to make health care affordable and accessible. We will study the regulation of both public and private insurance systems and use basic insurance principles to explore this area of law. Health law is complex for many reasons, including because it involves the interactions of state and federal statutes (and regulations) with longstanding principles of contract and tort law. The intersections between state and federal statutes and policies are also challenging. The 2010 Affordable Care Act will of course be a focus of the course.

3 credits

This course is designed to develop students’ practical research, analytical, writing and oral presentation and communication skills using real world problems in the information privacy and cybersecurity areas.  A significant part of the learning relies on students assuming the roles of lawyers and performing law-related tasks in hypothetical situations.  The goal is to give students the chance to integrate legal theory, practical skills and ethics while engaging in a number of professional skills in a classroom setting.

Case studies will be drawn from various real world matters and will form the basis for a number of different student exercises which will conducted in class or prepared by students out of class.  The exercises will focus on key areas of practice in this area.  By way of example, such exercises might focus on the following topics:

Privacy impact assessments – providing advice with respect to when and how to use them, how to go about completing them, and how to utilize the results of the assessment, including action steps to take based on the assessment.

Commercial transactions between parties involving the transfer and handling of personal information – drafting and negotiating contract provisions (from the perspective of both parties) that address privacy and data security concerns and the related regulatory and other risks associated with handling personal information.

Data breach notification – providing end to end advice to a business that is the victim of a data breach, beginning with the initial notification of the security incident, working with the IT and forensics teams to figure out what happened and how to contain the incident, determining whether there are any breach notification obligations, crafting the breach notification letter, responding to regulatory inquiries and enforcement actions, crafting notice of claim to insurance carriers of third party providers that may be at fault, pursuing insurance claims, defending and bringing litigations, and negotiating resolution of such claims and disputes.

Information Privacy Law (Law 777) is a prerequisite for this course.

3 credits

This course focuses on the essential role of insurance as an institution in the United States. Substantively, the course focuses on insurance contract interpretation, regulation, and various types of insurance including liability, health, life, and disability insurance. The course will deal with both theoretical issues involving the law and policy of insurance and with practical issues such as how to read insurance contracts. The role of insurance in litigation will receive particular emphasis.

3 credits

This course provides a broad survey of the three main branches of intellectual property law, namely trademark, copyright, and patent law.  We will explore the similarities and differences among these varied systems of intellectual property protection, as well as examine the challenges brought about by new technologies.  This course provides a foundation for advanced intellectual property courses but is also appropriate for students who seek only a general understanding of intellectual property law.  A science or technical background is not necessary.

2 or 3 credits

This seminar will cover a variety of issues related to the protection of intellectual property on a worldwide basis. Topics to be covered include (1) the extraterritorial protection of intellectual property rights, including the concept of globalization; (2) international mechanisms for the acquisition of intellectual property rights; (3) international enforcement of intellectual property rights by rights holders, including parallel imports and gray market goods; (4) disputes between states; and (5) the future of international intellectual property law and policy, in particular issues related to domain names and Internet websites.

2 or 3 credits

This course provides a broad survey of the numerous issues arising from the rapid growth of the Internet and other online communications.  We will explore whether the application of existing legal rules to new technologies is appropriate or if completely novel approaches are necessary when dealing with problems that arise in cyberspace.  Topics to be examined include jurisdiction, the domain name system, regulation of online service providers and digital content creators, freedom of speech as well as privacy.

3 credits

This course examines business ethics and attempts to develop practical solutions to ethical issues that confront today’s global managers. This course also examines legal issues including such topics as drug testing in the workplace, an employee’s right to privacy, sexual harassment, and the rights and responsibilities of officers and directors.

3 credits

This course integrates five perspectives of leadership: individual differences and diversity; transactional leadership; power and politics; transformational leadership; and the physical, psychological, and spiritual dimensions of leader well-being.

The Certificate Supervisor may approve additional courses with a substantial focus on privacy. Note that not all courses are offered every year. 


Candidates must publish a paper on a privacy-related topic in a publication read by privacy professionals. The paper can range from a blog post or newsletter entry to a law review article.

International Association of Privacy Professionals (IAPP) Certification

At graduation, candidates must have one of the following IAPP Certifications: Certified Information Privacy Professional – U.S. Private Sector (CIPP/US), Certified Information Privacy Professional – U.S. Government (CIPP/G), or Certified Information Privacy Manager (CIPM).

Experiential Learning

Students complete the experiential learning component by completing a privacy-related externship or working at a pre-approved job focused on privacy issues.