Privacy Law Specialist

The next submission period to become an ABA-accredited specialist ends December 31, 2018.

The inaugural class of Privacy Law Specialists is unveiled

(Aug 28, 2018) For the first time in IAPP history, 27 members were named Privacy Law Specialists Aug. 10. The designation carries with it an acknowledgment that a candidate has successfully demonstrated a knowledge of relevant privacy laws, regulation and technology; a commitment to staying ahead of new developments in the field; and substantial time devoted to practicing law related to safeguarding personal information. Read More

The IAPP is accredited by the American Bar Association to certify lawyers in the specialty area of Privacy Law. U.S. attorneys who meet the IAPP’s rigorous specialist designation requirements may be permitted under their state’s rules of professional responsibility to advertise their specialization in privacy law.

Privacy Law is the 15th specialty accredited by the ABA. The Privacy Law Specialist designation instantly places you among the elite in privacy law. It’s the first designation that verifies you’ve met stringent experience and knowledge requirements in this crucial and rapidly growing area of the law.

Meet the program requirements:

  • Be an attorney admitted in good standing in at least one U.S. state
  • Earn/Hold a CIPP/US designation from the IAPP, plus either a CIPM or CIPT designation
  • Pass the PLS Ethics Exam administered by the IAPP, or submit a recent MPRE score of 80+
  • Provide proof of “ongoing and substantial” involvement practicing privacy law (at least 25% of your full-time practice over the last three years)
  • Supply evidence of at least 36 hours of continuing education in privacy law for the 3-year period preceding your application
  • Provide at least 5 peer references from attorneys, clients or judges attesting to your privacy law qualifications


Earn the distinction. Stand out from your peers.

If you’re interested in becoming a candidate, email to get the process started. We will reply with the forms you’ll need to submit between October 1, 2018 and the end of the third submission period on December 31, 2018. All applications will be reviewed at that time.

If your application is approved, you will receive a digital designation badge from the IAPP to add to your credentials, and the opportunity to be included in a searchable directory of specialists on the IAPP website.

For details on applying to become a Privacy Law Specialist, including a complete review of all requirements and forms, email For questions about how to earn the required IAPP certifications, you can email



Accreditation by the ABA indicates solely that the IAPP’s Privacy Law Specialist designation has met the ABA’s standards.

Not all states allow attorneys to claim specialization even if certified by an ABA accredited body like the IAPP. You should check the Rules of Professional Conduct of your state (typically covered in Rule 7) to see what your state’s requirements are regarding advertising specialization.


  • expand_more Requirements for outside counsel and in-house lawyers with transactional practice:

    Preparation and review of privacy notices, policies and programs:

    • Minimum 5% of full-time practice

    Contract negotiation and compliance:

    • Minimum 5% of full-time practice

    Privacy advice in compliance with state and federal laws:

    • Minimum 5% of full-time practice

    Elements of the 25% minimum may also include:

    • Conducting privacy impact assessments and advising about them
    • Risk assessment regarding use and potential misuse of personally identifiable information, and corresponding legal advice
    • Counseling on cross-border data transfers, and other compliance with international privacy laws pertaining to data transfer
    • Counseling on cybersecurity issues, breach preparedness and breach remediation
    • Legislative or regulatory public policy engagement
    • Advice about cyber insurance and negotiating cyber insurance policies
  • expand_more Requirements for attorneys engaged in data breach response, adversarial proceedings and/or litigation:

    Minimum of 20% of applicant’s full-time practice must include:

    Internal breach investigation and evaluation:

    • Minimum 10% of full time practice

    Litigation of data protection and data breach matters in state, federal, international and administrative tribunals:

    • Minimum 5% of full-time practice

    Regulatory investigations and defense:

    • Minimum 5% of full-time practice

    Elements of the 25% minimum time requirement in privacy law practice may also include:

    • Privacy tort litigation
    • Advice about cyber insurance and negotiating cyber insurance policies