Privacy Law Specialist

The next submission period to become an ABA-accredited specialist ends September 30, 2019.

Minnesota to recognize IAPP PLS certification

(Jun. 26, 2019) The IAPP received confirmation Tuesday that its Privacy Law Specialist certification has been granted accreditation by the Minnesota Board of Legal Certification. The approval comes following a final review of the IAPP’s application for approval during a monthly board meeting June 20. Full Story

The IAPP is accredited by the American Bar Association to certify lawyers in the specialty area of Privacy Law. U.S. attorneys who meet the IAPP’s rigorous specialist designation requirements may be permitted under their state’s rules of professional responsibility to advertise their specialization in privacy law.

Privacy Law is the 15th specialty accredited by the ABA. The Privacy Law Specialist designation instantly places you among the elite in privacy law. It’s the first designation that verifies you’ve met stringent experience and knowledge requirements in this crucial and rapidly growing area of the law.

Application requirements:

  • Be an attorney admitted in good standing in at least one U.S. state
  • Earn/Hold a CIPP/US designation from the IAPP, plus either a CIPM or CIPT designation
  • Pass the PLS Ethics Exam administered by the IAPP, or submit a recent MPRE score of 80+
  • Provide proof of “ongoing and substantial” involvement practicing privacy law (at least 25% of your full-time practice over the last three years)
  • Supply evidence of at least 36 hours of continuing education in privacy law for the 3-year period preceding your application
  • Provide at least 5 peer references from attorneys, clients or judges attesting to your privacy law qualifications


Need the requisite credentials? Prepare with the PLS Online Bundlekeyboard_arrow_down Already certified? Apply now to earn the distinctionkeyboard_arrow_down



Accreditation by the ABA indicates solely that the IAPP’s Privacy Law Specialist designation has met the ABA’s standards.

Not all states allow attorneys to claim specialization even if certified by an ABA accredited body like the IAPP. You should check the Rules of Professional Conduct of your state (typically covered in Rule 7) to see what your state’s requirements are regarding advertising specialization.


  • expand_more Requirements for outside counsel and in-house lawyers with transactional practice:

    Preparation and review of privacy notices, policies and programs:

    • Minimum 5% of full-time practice

    Contract negotiation and compliance:

    • Minimum 5% of full-time practice

    Privacy advice in compliance with state and federal laws:

    • Minimum 5% of full-time practice

    Elements of the 25% minimum may also include:

    • Conducting privacy impact assessments and advising about them
    • Risk assessment regarding use and potential misuse of personally identifiable information, and corresponding legal advice
    • Counseling on cross-border data transfers, and other compliance with international privacy laws pertaining to data transfer
    • Counseling on cybersecurity issues, breach preparedness and breach remediation
    • Legislative or regulatory public policy engagement
    • Advice about cyber insurance and negotiating cyber insurance policies
  • expand_more Requirements for attorneys engaged in data breach response, adversarial proceedings and/or litigation:

    Minimum of 20% of applicant’s full-time practice must include:

    Internal breach investigation and evaluation:

    • Minimum 10% of full time practice

    Litigation of data protection and data breach matters in state, federal, international and administrative tribunals:

    • Minimum 5% of full-time practice

    Regulatory investigations and defense:

    • Minimum 5% of full-time practice

    Elements of the 25% minimum time requirement in privacy law practice may also include:

    • Privacy tort litigation
    • Advice about cyber insurance and negotiating cyber insurance policies