Lawyers Can Call Themselves Privacy Specialists, American Bar Association Decides

CourtPrivacy law attorneys can soon advertise themselves as privacy specialists after the American Bar Association approved the International Association of Privacy Professionals’ privacy law specialist accreditation plan.

The ABA’s House of Delegates narrowly approved the privacy specialist resolution for a five-year term at its Feb. 5 mid-year meeting. The privacy certification is the ABA’s 15th legal specialty. The ABA already recognizes legal specialties in bankruptcy, trial advocacy, medical liability, child welfare, and 10 other areas.  A total of 30,000 U.S. attorneys are certified specialists under various programs, Barbara Howard, chair of the ABA Standing Committee on Specialization, said at the meeting.

States ultimately determine whether lawyers can claim legal specialization.

Under the ABA Model Rules of Professional Conduct, a lawyer is able to represent themselves as a specialist if they have “been certified as a specialist by an organization” accredited by the ABA. The IAPP, a not-for-profit, nonadvocacy membership association for privacy professionals, will be the accredited certification organization for the privacy certificate.

As of August 2017, nearly 10,000 attorneys had received Certified Information Privacy Profession certification from the IAPP for U.S. privacy law.

IAPP offers various certification programs, including Certified Information Privacy Professional/U.S., Certified Information Privacy Technologist (CIPT), Certified Information Privacy Manager (CIPM), and Certified Information Privacy Professional/European Union.

To earn the designation, an attorney must be admitted in good standing to at least one U.S. state bar, pass the CIPP/U.S. exam as well as the CIPT or the CIPM exam, pass the IAPP’s ethics exam, demonstrate in an essay that the attorney has been “substantially involved” in practicing privacy law for at least the prior three years, provide five qualified references, and submit evidence of at least 36 hours in privacy-related continuing legal education during the prior three years.


To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg Law Privacy and Security Update.

By George R. Lynch