Privacy Law Specialist

The next submission period to become an ABA-accredited specialist ends September 30, 2019.

IAPP announces new wave of Privacy Law Specialists

(Feb. 20, 2019) The IAPP introduced nine new Privacy Law Specialists Feb. 7. The member directory now reflects all members who have obtained the PLS designation, which can be accessed at the Full Story link below. The distinction carries with it an acknowledgment that a candidate has successfully demonstrated knowledge of relevant privacy laws, regulation and technology; a commitment to staying ahead of new developments in the field; and substantial time devoted to practicing law related to safeguarding personal information. Those interested in pursuing their PLS should contact to start the process. The current application window ends September 30, 2019. (IAPP member login required.) Full Story

The IAPP is accredited by the American Bar Association to certify lawyers in the specialty area of Privacy Law. U.S. attorneys who meet the IAPP’s rigorous specialist designation requirements may be permitted under their state’s rules of professional responsibility to advertise their specialization in privacy law.

Privacy Law is the 15th specialty accredited by the ABA. The Privacy Law Specialist designation instantly places you among the elite in privacy law. It’s the first designation that verifies you’ve met stringent experience and knowledge requirements in this crucial and rapidly growing area of the law.

Application requirements:

  • Be an attorney admitted in good standing in at least one U.S. state
  • Earn/Hold a CIPP/US designation from the IAPP, plus either a CIPM or CIPT designation
  • Pass the PLS Ethics Exam administered by the IAPP, or submit a recent MPRE score of 80+
  • Provide proof of “ongoing and substantial” involvement practicing privacy law (at least 25% of your full-time practice over the last three years)
  • Supply evidence of at least 36 hours of continuing education in privacy law for the 3-year period preceding your application
  • Provide at least 5 peer references from attorneys, clients or judges attesting to your privacy law qualifications


Need the requisite credentials? Prepare with the PLS Online Bundlekeyboard_arrow_down Already certified? Apply now to earn the distinctionkeyboard_arrow_down



Accreditation by the ABA indicates solely that the IAPP’s Privacy Law Specialist designation has met the ABA’s standards.

Not all states allow attorneys to claim specialization even if certified by an ABA accredited body like the IAPP. You should check the Rules of Professional Conduct of your state (typically covered in Rule 7) to see what your state’s requirements are regarding advertising specialization.


  • expand_more Requirements for outside counsel and in-house lawyers with transactional practice:

    Preparation and review of privacy notices, policies and programs:

    • Minimum 5% of full-time practice

    Contract negotiation and compliance:

    • Minimum 5% of full-time practice

    Privacy advice in compliance with state and federal laws:

    • Minimum 5% of full-time practice

    Elements of the 25% minimum may also include:

    • Conducting privacy impact assessments and advising about them
    • Risk assessment regarding use and potential misuse of personally identifiable information, and corresponding legal advice
    • Counseling on cross-border data transfers, and other compliance with international privacy laws pertaining to data transfer
    • Counseling on cybersecurity issues, breach preparedness and breach remediation
    • Legislative or regulatory public policy engagement
    • Advice about cyber insurance and negotiating cyber insurance policies
  • expand_more Requirements for attorneys engaged in data breach response, adversarial proceedings and/or litigation:

    Minimum of 20% of applicant’s full-time practice must include:

    Internal breach investigation and evaluation:

    • Minimum 10% of full time practice

    Litigation of data protection and data breach matters in state, federal, international and administrative tribunals:

    • Minimum 5% of full-time practice

    Regulatory investigations and defense:

    • Minimum 5% of full-time practice

    Elements of the 25% minimum time requirement in privacy law practice may also include:

    • Privacy tort litigation
    • Advice about cyber insurance and negotiating cyber insurance policies