Lawyers May Soon Be Able to Fly Privacy Specialist Banner

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Jimmy H. Koo

Lawyers doing privacy work may soon be able to hold themselves out as privacy specialists if the American Bar Association delegates approve a proposal next week.

The number of attorneys involved in representing clients on privacy and data security issues has grown dramatically over the last several years. Establishing such work as a specialty would allow attorneys to meet ethical requirements that limit what lawyers may say in ads and other public announcements while also establishing a verifiable privacy specialty certification standard on which potential clients could rely to assure competency in the subject area.

The ABA House of Delegates is scheduled to vote Aug. 14 on a recommendation from its Standing Committee on Specialization to accredit a privacy law specialist designation.

The resolution would allow the privacy competency certification designation of the International Association of Privacy Professionals (IAPP) to act as the standard for a lawyer to market themselves as a privacy specialist. The ABA’s Standing Committee on Specialization Oct. 22 unanimously recommended IAPP’s designation for formal accreditation.

In many states, legal specialist certification programs must gain ABA and state regulatory approval, or both, the specialization committee said. Additionally, even though attorneys may be certified by a private program, states have different rules governing how lawyers may communicate their certification.

Some of the ABA-accredited private certification programs include specializations in professional liability, estate planning, and trial advocacy.

Privacy professionals told Bloomberg BNA that the IAPP certification testing process provides a good benchmark because it is very rigorous and requires dedicated preparation.

Mark G. McCreary, chief privacy officer of Fox Rothschild LLP in Philadelphia and the co-chair of the firm’s privacy and data security practice, said the the certification is “not a rubber stamp” that professionals can obtain by “merely signing-up.”

Similarly, Ed Lavergne, principal and co-manager of Fish & Richardson PC’s regulatory and government affairs practice in Washington, told Bloomberg BNA that the IAPP certification process reminded him of the bar exam “in terms of the level of studying and the difficulty of the tests.”

Both McCreary and Lavergne are IAPP-certified.

Certification Process

The IAPP’s exams are “comprehensive and cover both every day and fairly obscure laws and topics,” McCreary told Bloomberg BNA. “It’s the only exam I have studied for since the bar exam,” he said.

Lavergne added that much like continuing legal education requirements for attorneys, IAPP requires continuing privacy education to maintain their certification. “Any attorney going through the process of IAPP certification has earned a right to market themselves,” he said.

McCreary agreed. “Allowing the privacy competency certification designation of the IAPP as a standard for a lawyer to market herself as a privacy specialist is both a good approach and a meaningful indicator that the attorney has sufficient competency to practice in this field of law,” he said.

IAPP— a not-for-profit, non-advocacy membership association for privacy professionals—offers various certification programs, including Certified Information Privacy Professional/United States, Certified Information Privacy Technologist, and Certified Information Privacy Manager.

To earn the IAPP specialist designation, an attorney must be admitted in good standing to at least one U.S. state bar, pass the CIPP/US exam as well as the CIPT or the CIPM exam, pass the IAPP’s ethics exam, demonstrate in an essay that the attorney has been “substantially involved” in practicing privacy law for at least the prior three years, provide five qualified references, and submit evidence of at least 36 hours in privacy-related continuing legal education during the prior three years.

The number of privacy professionals with these certifications is consistently rising, according to data provided to Bloomberg BNA by IAPP. More than 7,000 attorneys are IAPP members, accounting for approximately 40 percent of its total membership.

To contact the reporter on this story: Jimmy H. Koo in Washington at

To contact the editor responsible for this story: Donald Aplin at

For More Information

Full text of the summary of resolutions is available at

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security