Privacy and Data Security Attorney

Privacy and data security attorneys are also known as privacy law specialists, e-commerce attorneys and cybersecurity lawyers. Because privacy and data security covers such a wide variety of issues, one such lawyer might handle different aspects of cases than another. Some might handle matters having to do with regulatory compliance, while others might deal with privacy issues relating to corporate transactions. Some handle litigation-related issues of privacy.

Privacy and data security lawyers work for clients of all types, including big business, the public sector, nonprofit organizations, and private companies. As cybersecurity and data breaches become all too common, privacy and data security lawyers have much more work now than ever before. For attorneys who specialize in cybersecurity, information technology knowledge and training can be vital to success, whether you work as a litigator or as an advisor.

Education Required to Become a Privacy and Data Security Attorney

Privacy and data security attorneys must first earn their undergraduate degree. This can be within any major. Having some information technology knowledge can be vital to the success of a privacy and data security attorney, so consider at least taking some IT courses, if not majoring within that area. Some privacy and data security lawyers go so far as to become certified in a cybersecurity area, such as CompTIA Security+. Virtual training in cybersecurity through programs like SANS, even without certification, can also benefit you in your future practice endeavors.
Once your undergraduate degree is obtained, you must pass the Law School Admission Test and apply for law school (usually one accredited by the American Bar Association). Consider a school in which you can specialize in privacy and data security law or cybersecurity law. For example, there is one ABA-approved law school clinic in cyberlaw, at Harvard Law School, called the Cyberlaw Clinic at the Berkman Klein Center for Internet and Society. Students at this law school who participate in this clinic can gain valuable experience they can take with them into practice after graduation.

After earning a Juris Doctor degree, you then must pass a bar exam for any state in which you wish to practice privacy and data security law. Some students take their education in cybersecurity law even further, pursuing a L.L.M. (Master of Laws) program in Cybersecurity Law. A recent list of all such specialized L.L. M. in Cybersecurity Law programs can be found here, and include University of Southern California Gould School of Law, University of Maryland Francis King Carey School of Law, and Albany Law School in New York.

Specialization in privacy law is also attainable through the International Association of Privacy Professionals (IAPP), a program which has been accredited by the ABA. In order to qualify to become certified, you must first be a member of the bar in good standing in at least one state, earn CIPP/US certification through the IAPP, then a CIPM or CIPT designation, pass an ethics examination, show evidence that you are involved in practicing privacy law, show 36 hours of continuing education in privacy law for the previous three years, and provide five to eight peer references.

Choose from the links below, depending on your education level, to further examine your educational options:

Job Description & Skills Required for a Privacy and Data Security Attorney

Privacy and data security attorneys work with a variety of security matters, as noted above. The job description for this type of attorney may therefore vary from one title to another. Skills and duties that are typically involved as well as knowledge required include:

Thorough knowledge of international, federal and state laws and regulations regarding data protection, privacy and data security
Advising clients on legal and regulatory developments that impact data security and privacy
Identify trends and potential impacts on risk management activities for a client
Guide business leaders on data privacy and data security legal requirements for new products/services
Provide legal guidance on a client’s global data privacy and business
Advice on data privacy/security legal requirements for client’s third-party risk management program, involving drafting and reviewing global data privacy and security provisions and agreements with other third-party providers
Work with compliance colleagues
Manage potential liability related to data privacy and data security incidents
Respond to regulatory inquiries and serve as liaison with regulators on data privacy and security issues
Develop/update data privacy templates
Work well individually and as part of multiple teams
Effective interpersonal communication skills, both orally and in writing
Familiarity with information technology developments, including cybersecurity
Technical certifications such as Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP) are a plus in this position

Privacy and Data Security Attorney Salary & Career Outlook

The U.S. Department of Labor’s Bureau of Labor Statistics (BLS) states that as of May 2019, the annual mean wage for lawyers of any type was $122,960. Law Crossing quotes the average salary for a cybersecurity attorney as of 2020 to be $92,300. Cities in which privacy and data security/cybersecurity attorneys earn wages higher than this national average include:

San Francisco, CA: $112,000
Washington, DC: $112,000
Los Angeles, CA: $107,000
Seattle, WA: $104,000
San Diego, CA: $99,000
Chicago, IL: $95,000
Atlanta, GA: $93,000

The job outlook for lawyers, the BLS says, is average, with a four percent increase expected between 2019 and 2029. It is predicted that the demand for cybersecurity attorneys and privacy/data security lawyers will remain high, as cybersecurity is expected to remain a hot field with, unfortunately, many data breaches occurring worldwide for years to come.

General Resources

Law Exams

Lawyer Career Specialties