The University of Maine School of Law has a broad curriculum with courses available in a wide range of areas. The Information Privacy Track for LL.M. students is designed to prepare students for careers in the fast-growing fields of information privacy and cybersecurity. Maine Law is one of the few law schools that offer this cutting-edge specialization to LL.M. students and has a strong connection with the world’s largest privacy organization – the International Association of Privacy Professionals (IAPP).

LL.M. students who complete the Information Privacy Track have access to the following:

  • Sponsorship to IAPP events;
  • A path to IAPP training and certification, which requires completion of a separate certification exam at one of over 800 testing centers worldwide; and
  • Connections to a network of Maine Law alumni and privacy professionals with positions all over the world in companies such as Apple, Starbucks, Naspers, Accenture, and OneTrust.


This specialized track is taught by a number of internationally recognized faculty and experts, including Director Scott Bloomberg, Peter Guffin, Professor Christine Davik, Professor Rita Heimes, and Maine Law alumnus and IAPP president and CEO, Trevor Hughes.

The Information Privacy Track is open to current LL.M. students. The required coursework is:

1. Completion of the Information Privacy Law course:

3 credits

Information privacy is one of today’s critical legal subjects. The rapid pace of technology development has raised far-reaching questions about the future of privacy. The role of law is central to answering many of these questions. In the past few decades, many new laws have been passed, hundreds of cases have been decided, and fascinating new issues have arisen. This class is designed to provide you with an introduction to the study of information privacy law and to equip you with the broad issue-spotting and other practical skills needed to navigate the complex array of legal, business, and public policy issues in this area. Students in this class will be eligible to take the Certified Information Privacy Professional (CIPP) exam following completion of the course.

Information Privacy Law must be taken on a graded basis to receive the Certificate.

2. Completion of the Summer Information Privacy Institute (6 credits, 2 of which must be in Global Privacy Law)

3. Completion of the Introduction to U.S. Law course (required for all foreign LL.M. students):

3 credits

This course is intended to introduce foreign-trained lawyers and law students to the American legal system. The American legal system is different in many significant respects from the civil law system which developed in continental Europe and then spread to large parts of Latin America, Asia, and Africa. The principal goals of the course are to introduce students to the way that Americans think about law, to learn how American lawyers and judges perform legal tasks (like legal analysis, legal argumentation, finding and using legal authority, etc.), and to understand the role that law and lawyers play in the American economy and public life.Students will learn about the American legal system by reading landmark cases in different areas of public and private law ( e.g., Marbury v. Madison, Erie v. Tompkins, Brown v. Board of Education, Pierson v. Post, Palsgraf v. The Long Island Railroad Company) and canonical legal documents ( e.g., the Declaration of Independence, the Constitution) and texts ( e.g., The Federalist Papers, Tocqueville’s Democracy in America, Holmes’ The Path of the Law). Students will do a number of writing assignments that replicate the work of the American law student and lawyer (e.g., memorandum of law, opinion letter to client).The course will also feature visits to a law firm and to courts to observe the actual practice and application of the law. Since the course is intended for foreign students, for almost all of whom English is not their native language, considerable emphasis will be placed on improving English-language skills, particularly reading English-language legal materials (cases, statutes, law review articles, and other types of legal documents) as well as written and oral expression in a legal context.

4. At least three credits from the following list of elective courses:

3 credits

This course examines the nature of the rights protected under federal copyright law and the types of work that qualify for protection, including literary, artistic, and musical works. This course also covers copyright duration, ownership, formalities, remedies for infringement, and principles of international protection. The Copyright Act of 1976 as amended forms the core statutory material covered by the course.

3 credits

This course will focus on the investigative phase of criminal proceedings. We will examine the law that governs police conduct, including search and seizure, arrest and interrogation of suspects. The class will emphasize the interplay between abstract constitutional principles as interpreted by the courts and law enforcement on the street.

1 credit

This course provides an introduction to cyber security law, with a focus on the nuts and bolts of how to plan for and deal with cyber incidents. It is designed to teach the student the basic skills needed to be able to assess an organization’s incident response readiness, to assist organizations with incident response planning and execution, and to deal with the technical and legal issues that typically come up during an incident as it is unfolding, as well as its aftermath, including data breach notification, regulatory investigations and enforcement and litigation. Actual case studies will be used. Several faculty members of USM’s Maine Cyber Security Cluster have collaborated with the Law School in designing this course and will participate in teaching this course. We will cover some of the key technology fundamentals that lawyers need to understand to be able to work effectively with cyber technical experts to assess privacy and cyber security risks and to analyze the legal implications arising from cyber incidents.

1 credit

This course presents a survey of the driving forces revolutionizing the practice of law, examines the impact of Facebook, Google, Amazon, and IBM Watson on legal search strategies, evaluates the growing threat from cyber terrorism, and highlights the changing employment landscape for practicing attorneys.

It is said that there are two kinds of companies today; those know they have been hacked, and those that do not know (yet).   98% of all data are now created electronically, in the form of social media, big data, new communication forms that can create, and destroy, messages in seconds, and monitoring software that collects, synthesizes, reports, and stores an unimaginable volume and type of data about a company, its employees, their activities, intellectual property, business processes, and client data.   An increasing number of actors want access to that data, including government agencies, regulatory bodies, international policing institutions, audit committees, marketing organizations, outside counsel, opposing counsel and hackers, state sponsored or otherwise. Companies (small, mid- size and large) are turning to machine learning, artificial intelligence and related technologies to monetize data and capture it for compliance needs, research and development, and driving efficiencies across all business units.  Newly minted attorneys must develop real world capabilities to confront the fast pace of technology apparent in nearly every aspect of business operations and growth.  Some of the subjects examined will be ediscovery and cybersecurity practices, lawyers’ ethical obligations vis-a-vis electronic data, changes to the Federal Rules of Civil Procedure to take into account electronically stored information, and advising clients in this environment.

3 credits

The course examines the goals of the US health care system, which is designed to provide high-quality, affordable and accessible health care. We will explore the regulation of health care professionals and institutions. The course will also discuss the contract, tort, and administrative law issues that come up in cases of informed consent, liability, malpractice, and end-of-life care. The course will also examine legal efforts to make health care affordable and accessible. We will study the regulation of both public and private insurance systems and use basic insurance principles to explore this area of law. Health law is complex for many reasons, including because it involves the interactions of state and federal statutes (and regulations) with longstanding principles of contract and tort law. The intersections between state and federal statutes and policies are also challenging. The 2010 Affordable Care Act will of course be a focus of the course.

This course is designed to cover the “how” of being a privacy lawyer, including the ethics challenges confronted by in-house privacy counsel serving roles like Chief Privacy Officer and Data Protection Officer.  Students will develop practical skills using real world problems in the information privacy and cybersecurity areas.  Pragmatic guidance will be provided from experienced in-house and outside privacy counsel.  Students will assume the roles of lawyers to perform tasks in hypothetical situations.  The goal is to give students the chance to integrate legal theory, practical skills and ethics while engaging in a number of professional skills in a classroom setting.

Case studies will be drawn from various real world examples such as: Cambridge Analytica/Facebook, Equifax data breach and compliance with GDPR to form the basis for a number of different exercises.  The exercises will focus on key areas of privacy and cybersecurity legal practice.  By way of example, such exercises might focus on the following topics:

Privacy impact assessments – providing advice with respect to when and how to use them, how to go about completing them, tools available for completing assessments and how to utilize the results of the assessment, including action steps to take based on the assessment.

Commercial transactions between parties involving the transfer and handling of personal information – drafting and negotiating contract provisions (from the perspective of both parties) that address privacy and data security concerns (e.g. Data processing agreements) and the related regulatory and other risks associated with handling personal information.

Data breach notification – providing end to end advice to a business that is the victim of a data breach, beginning with the initial notification of the security incident, working with the IT and forensics teams to figure out what happened and how to contain the incident, determining whether there are any breach notification obligations, crafting the breach notification letter, responding to regulatory inquiries and enforcement actions, crafting notice of claim to insurance carriers of third party providers that may be at fault, pursuing insurance claims, defending and bringing litigations, and negotiating resolution of such claims and disputes.

3 credits

This course focuses on the essential role of insurance as an institution in the United States. Substantively, the course focuses on insurance contract interpretation, regulation, and various types of insurance including liability, health, life, and disability insurance. The course will deal with both theoretical issues involving the law and policy of insurance, and with practical issues such as how to read insurance contracts. The role of insurance in litigation will receive particular emphasis.

3 credits

This course provides a broad survey of the three main branches of intellectual property law, namely trademark, copyright, and patent law.  We will explore the similarities and differences among these varied systems of intellectual property protection, as well as examine the challenges brought about by new technologies.  This course provides a foundation for advanced intellectual property courses but is also appropriate for students who seek only a general understanding of intellectual property law.  A science or technical background is not necessary.

2 or 3 credits

This seminar will cover a variety of issues related to the protection of intellectual property on a worldwide basis.  Topics to be covered include (1) the extraterritorial protection of intellectual property rights, including the concept of globalization; (2) international mechanisms for the acquisition of intellectual property rights; (3) international enforcement of intellectual property rights by rights holders, including parallel imports and gray market goods; (4) disputes between states; and (5) the future of international intellectual property law and policy, in particular issues related to domain names and Internet websites.

2 or 3 credits

This course provides a broad survey of the numerous issues arising from the rapid growth of the Internet and other online communications.  We will explore whether the application of existing legal rules to new technologies is appropriate or if completely novel approaches are necessary when dealing with problems that arise in cyberspace.  Topics to be examined include jurisdiction, the domain name system, regulation of online service providers and digital content creators, freedom of speech, as well as privacy.

3 credits

Issues of risk management and compliance are attracting increasing focus and attention throughout society and legal practice.  Government regulation and regulatory oversight, industry-based codes of ethics, and standards of social responsibility and conduct all have been proliferating in recent years.  These developments raise many issues for lawyers.  This course will explore the law and practice relevant to these issues, principally from a transactional lawyer’s perspective.  After a general introduction to risk and risk management, we will address a number of specific topics such as the reputational, operational and enterprise implications of risk, the transactional lawyer’s role in helping clients develop and manage appropriate and effective risk management and compliance programs, the tools available to the transactional lawyer to identify and help manage risks in the client’s transactions and business operations, and the transactional lawyer as “whistle blower” or “gate keeper.”  Finally, we will examine the transactional lawyer’s own management of the risks she or he encounters in client representation (including the “bad actor” client, conflicts of interest, engagement letters and advance waivers, theories of attorney liability, transactional legal opinions, audit letter responses, and dealing with wayward partners and associates).  We will use actual case studies to supplement our discussions.

Please note that not all courses are offered every semester.