The privacy field has exploded with opportunity. Around the world, in virtually every industry, protecting personal information has become a vital concern. Consequently, the need for qualified, highly trained attorneys with a heightened knowledge of privacy law and policy has never been greater.

At the University of Maine School of Law, students pursuing our Certificate in Information Privacy Law develop skills in a highly sought-after niche of the legal realm.

Academic Requirements

To receive the Certificate in Information Privacy Law, Classes of 2025 and beyond must complete the following requirements for the Certificate in Information Privacy Law.

The below requirements only apply to the classes of 2023 and 2024:


Required courses:

3 credits

Information privacy is one of today’s critical legal subjects. The rapid pace of technology development has raised far-reaching questions about the future of privacy. The role of law is central to answering many of these questions. In the past few decades, many new laws have been passed, hundreds of cases have been decided, and fascinating new issues have arisen. This class is designed to provide you with an introduction to the study of information privacy law and to equip you with the broad issue-spotting and other practical skills needed to navigate the complex array of legal, business, and public policy issues in this area. Students in this class will be eligible to take the Certified Information Privacy Professional (CIPP) exam following completion of the course. This course is a prerequisite for the Information Privacy Law Practicum (LAW 735).

Information Privacy Law must be taken on a graded basis to receive the Certificate.

6 credits (2 credits must be for Global Privacy Law if offered)

The Center for Law + Innovation hosts a unique Summer Institute in privacy law that brings scholars from around the world to teach students about global privacy and cybersecurity law.

Any Summer Privacy Institute courses that are offered as graded courses must be taken on a graded basis to receive the Certificate.

Nine credits from these courses:

3 credits

This course examines the nature of the rights protected under federal copyright law and the types of work that qualify for protection, including literary, artistic, and musical works. This course also covers copyright duration, ownership, formalities, remedies for infringement, and principles of international protection. The Copyright Act of 1976 as amended forms the core statutory material covered by the course.

3 credits

This course will focus on the investigative phase of criminal proceedings. We will examine the law that governs police conduct, including search and seizure, arrest and interrogation of suspects. The class will emphasize the interplay between abstract constitutional principles as interpreted by the courts and law enforcement on the street.

1 credit

This course provides an introduction to cyber security law, with a focus on the nuts and bolts of how to plan for and deal with cyber incidents. It is designed to teach the student the basic skills needed to be able to assess an organization’s incident response readiness, to assist organizations with incident response planning and execution, and to deal with the technical and legal issues that typically come up during an incident as it is unfolding, as well as its aftermath, including data breach notification, regulatory investigations and enforcement and litigation. Actual case studies will be used. Several faculty members of USM’s Maine Cyber Security Cluster have collaborated with the Law School in designing this course and will participate in teaching this course. We will cover some of the key technology fundamentals that lawyers need to understand to be able to work effectively with cyber technical experts to assess privacy and cyber security risks and to analyze the legal implications arising from cyber incidents.

1 credit

This course presents a survey of the driving forces revolutionizing the practice of law, examines the impact of Facebook, Google, Amazon, and IBM Watson on legal search strategies, evaluates the growing threat from cyber terrorism, and highlights the changing employment landscape for practicing attorneys.

It is said that there are two kinds of companies today; those know they have been hacked, and those that do not know (yet). Ninety-eight percent of all data are now created electronically, in the form of social media, big data, new communication forms that can create, and destroy, messages in seconds, and monitoring software that collects, synthesizes, reports, and stores an unimaginable volume and type of data about a company, its employees, their activities, intellectual property, business processes, and client data. An increasing number of actors want access to that data, including government agencies, regulatory bodies, international policing institutions, audit committees, marketing organizations, outside counsel, opposing counsel and hackers (state sponsored or otherwise). Companies (small, mid-size and large) are turning to machine learning, artificial intelligence, and related technologies to monetize data and capture it for compliance needs, research and development, and driving efficiencies across all business units. Newly minted attorneys must develop real world capabilities to confront the fast pace of technology apparent in nearly every aspect of business operations and growth.  Some of the subjects examined will be eDiscovery and cybersecurity practices, lawyers’ ethical obligations vis-a-vis electronic data, changes to the Federal Rules of Civil Procedure to take into account electronically stored information, and advising clients in this environment.

3 credits

The course examines the goals of the U.S. health care system, which is designed to provide high-quality, affordable, and accessible health care. We will explore the regulation of health care professionals and institutions. The course will also discuss the contract, tort, and administrative law issues that come up in cases of informed consent, liability, malpractice, and end-of-life care. The course will also examine legal efforts to make health care affordable and accessible. We will study the regulation of both public and private insurance systems and use basic insurance principles to explore this area of law. Health law is complex for many reasons, including because it involves the interactions of state and federal statutes (and regulations) with longstanding principles of contract and tort law. The intersections between state and federal statutes and policies are also challenging. The 2010 Affordable Care Act will of course be a focus of the course.

This course is designed to cover the “how” of being a privacy lawyer, including the ethics challenges confronted by in-house privacy counsel serving roles like Chief Privacy Officer and Data Protection Officer.  Students will develop practical skills using real world problems in the information privacy and cybersecurity areas.  Pragmatic guidance will be provided from experienced in-house and outside privacy counsel.  Students will assume the roles of lawyers to perform tasks in hypothetical situations.  The goal is to give students the chance to integrate legal theory, practical skills and ethics while engaging in a number of professional skills in a classroom setting.

Case studies will be drawn from various real world examples such as: Cambridge Analytica/Facebook, Equifax data breach and compliance with GDPR to form the basis for a number of different exercises.  The exercises will focus on key areas of privacy and cybersecurity legal practice.  By way of example, such exercises might focus on the following topics:

Privacy impact assessments – providing advice with respect to when and how to use them, how to go about completing them, tools available for completing assessments and how to utilize the results of the assessment, including action steps to take based on the assessment.

Commercial transactions between parties involving the transfer and handling of personal information – drafting and negotiating contract provisions (from the perspective of both parties) that address privacy and data security concerns (e.g. Data processing agreements) and the related regulatory and other risks associated with handling personal information.

Data breach notification – providing end to end advice to a business that is the victim of a data breach, beginning with the initial notification of the security incident, working with the IT and forensics teams to figure out what happened and how to contain the incident, determining whether there are any breach notification obligations, crafting the breach notification letter, responding to regulatory inquiries and enforcement actions, crafting notice of claim to insurance carriers of third party providers that may be at fault, pursuing insurance claims, defending and bringing litigations, and negotiating resolution of such claims and disputes.

3 credits

This course focuses on the essential role of insurance as an institution in the United States. Substantively, the course focuses on insurance contract interpretation, regulation, and various types of insurance including liability, health, life, and disability insurance. The course will deal with both theoretical issues involving the law and policy of insurance and with practical issues such as how to read insurance contracts. The role of insurance in litigation will receive particular emphasis.

3 credits

This course provides a broad survey of the three main branches of intellectual property law, namely trademark, copyright, and patent law.  We will explore the similarities and differences among these varied systems of intellectual property protection, as well as examine the challenges brought about by new technologies.  This course provides a foundation for advanced intellectual property courses but is also appropriate for students who seek only a general understanding of intellectual property law.  A science or technical background is not necessary.

2 or 3 credits

This seminar will cover a variety of issues related to the protection of intellectual property on a worldwide basis. Topics to be covered include (1) the extraterritorial protection of intellectual property rights, including the concept of globalization; (2) international mechanisms for the acquisition of intellectual property rights; (3) international enforcement of intellectual property rights by rights holders, including parallel imports and gray market goods; (4) disputes between states; and (5) the future of international intellectual property law and policy, in particular issues related to domain names and Internet websites.

2 or 3 credits

This course provides a broad survey of the numerous issues arising from the rapid growth of the Internet and other online communications.  We will explore whether the application of existing legal rules to new technologies is appropriate or if completely novel approaches are necessary when dealing with problems that arise in cyberspace.  Topics to be examined include jurisdiction, the domain name system, regulation of online service providers and digital content creators, freedom of speech as well as privacy.

3 credits

Issues of risk management and compliance are attracting increasing focus and attention throughout society and legal practice.  Government regulation and regulatory oversight, industry-based codes of ethics, and standards of social responsibility and conduct all have been proliferating in recent years.  These developments raise many issues for lawyers.  This course will explore the law and practice relevant to these issues, principally from a transactional lawyer’s perspective.  After a general introduction to risk and risk management, we will address a number of specific topics such as the reputational, operational and enterprise implications of risk, the transactional lawyer’s role in helping clients develop and manage appropriate and effective risk management and compliance programs, the tools available to the transactional lawyer to identify and help manage risks in the client’s transactions and business operations, and the transactional lawyer as “whistle blower” or “gate keeper.”  Finally, we will examine the transactional lawyer’s own management of the risks she or he encounters in client representation (including the “bad actor” client, conflicts of interest, engagement letters and advance waivers, theories of attorney liability, transactional legal opinions, audit letter responses, and dealing with wayward partners and associates).  We will use actual case studies to supplement our discussions.

3 credits

This course examines business ethics and attempts to develop practical solutions to ethical issues that confront today’s global managers. This course also examines legal issues including such topics as drug testing in the workplace, an employee’s right to privacy, sexual harassment, and the rights and responsibilities of officers and directors.

The Certificate Supervisor may approve additional courses with a substantial focus on privacy. Note that not all courses are offered every year. 


Candidates must publish a paper on a privacy-related topic in a publication read by privacy professionals. The paper can range from a blog post or newsletter entry to a law review article.

International Association of Privacy Professionals (IAPP) Certification

At graduation, a candidate must have one of the following IAPP certifications in good standing: CIPP, CIPM, or CIPT. For additional information view the Higher-Ed Program at the IAPP document.

Experiential Learning

The experiential learning component can be satisfied in one of two ways:  Either: (a) The candidate must apply for and complete an externship that relates substantially to privacy issues; the externship must be pre-approved by the Certificate Supervisor and the Maine Law externship program director. Or (b) the candidate may complete this requirement by working at a pre-approved job during law school (at least 150 working hours) focused on privacy issues. It is expected that the job will involve attending meetings, regular attendance in an office, supervision, and feedback.