PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Privacy Law in Law Schools

UPDATE: A follow-up letter was sent to all U.S. law school deans in 2023.  Read more about the follow-up letter here

Recently a group of legal academics and practitioners in the field of privacy law sent a letter to the deans of all U.S. law schools about privacy law education in law schools.  My own brief intro about this endeavor is here in italics, followed by the letter. The signatories to the letter have signed onto the letter, not this italicized intro.

Although the field of privacy law grown dramatically in past two decades, education in law schools about privacy law has significantly lagged behind.  Most U.S. law schools lack a course on privacy law. Of those that have courses, many are small seminars, often taught by adjuncts.  Of the law schools that do have a privacy course, most often just have one course. Most schools lack a full-time faculty member who focuses substantially on privacy law.

This state of affairs is a great detriment to students.  I am constantly approached by students and graduates from law schools across the country who are wondering how they can learn about privacy law and enter the field. Many express great disappointment at the lack of any courses, faculty, or activities at their schools.

After years of hoping that the legal academy would wake up and respond, I came to the realization that this wasn’t going to happen on its own. The following letter [click here for the PDF version] aims to make deans aware of the privacy law field. I hope that the letter is met with action.

If you are a law student who wants more privacy law opportunities, circulate this letter at your school and speak up. If you’re a faculty member who believes that your school should be doing more in this area, please recommend expanding faculty and curriculum in the field. Consider teaching a privacy law course yourself. If you’re a dean, a visionary thing that you can do is to direct attention and focus to this area: appoint faculty, expand curriculum, and help develop other activities and opportunities in this area.  The letter explains in greater detail the things than can be done.  If you act on these suggestions, it will be a tremendous benefit to your students. 

 

An Open Letter to Law School Deans
about Privacy Law Education in Law Schools

[PDF Version]

November 11, 2019

Dear Dean,

We are a group of privacy law academics and practitioners who are writing to you and other law school deans to raise awareness about the importance of privacy law in modern legal practice and the need to educate students in this rapidly growing field.

Privacy law is this century’s IP law. In the 1980s and 1990s, many law schools that offered only general survey courses in intellectual property law began to recognize the field’s growing economic importance—and its increasing importance in the job market for both new law graduates and more seasoned lawyers. They adjusted their curricula and their hiring practices accordingly. Today, most law schools offer not just one general survey course in IP but also core courses in copyright, patent, and trademark law and advanced courses in international IP, IP transactions and other topics. Most have at least one full-time faculty member specializing in IP, and many have more than one.

Today, the rapid expansion of privacy law demands a similar realignment. Privacy has become one of the principal frames that the law (and legal practice) have used to grapple with the digital revolution and the opportunities and threats it has presented for every consumer of legal services in the world. The field of privacy law has been growing at a staggering rate over the past two decades. For many years, privacy has been one of the most active areas of legislation and regulation in the U.S. and worldwide.  Privacy is also a vast body of law. Domestically, it encompasses constitutional and tort law, more than 30 federal laws, and thousands of state laws. Internationally, 57% of countries have comprehensive privacy laws, and many countries have numerous narrower privacy laws. Yet many law schools offer only the most basic coverage of privacy law, and most offer only occasional courses taught by adjuncts. Dozens of law schools evidently have no curricular offerings in privacy. Fewer than a quarter of law schools have a full-time faculty member who focuses heavily on privacy law.

Privacy law is a large and rapidly growing field with nearly boundless job opportunities. Even during the legal market slowdown, jobs in privacy expanded at an astounding pace.  There are plentiful career opportunities for law graduates in law firms, consulting firms, government agencies, public interest organizations, and in-house legal departments.  For example:

  • 96 of the AmLaw top 100 firms have privacy and cybersecurity practices. Many have 30+ attorneys. There are entire boutique law firms that specialize in privacy.
  • Most large organizations employ many full-time privacy professionals, including many lawyers. In many private sector companies, the Chief Privacy Officer has become a C-level position and part of upper management.
  • Most executive branch agencies have a Chief Privacy Officer as well as a team of lawyers working on privacy. There are numerous lawyers in regulatory agencies who focus on privacy enforcement and rulemaking.
  • The International Association of Privacy Professionals has 50,000 members, and it is growing by 25-30% or more each year.
  • Privacy law is one of just 15 specialty areas accredited by the ABA.

Law schools that offer real and deep education in privacy law are reaping important competitive advantages.  Although many law schools are not offering enough education about privacy law and related subjects—and their students and recent graduates are missing out on opportunities in one of the most rapidly-growing legal fields—those that do offer such education have seen clear gains.

Many law schools that offer a regular 3- or 4- unit privacy law survey course—for example, Berkeley, Chicago, GW, Penn, and Washington University in St. Louis, among others—routinely have class enrollments of between 50-80 students. Those that offer experiential education in privacy law—for example, BU, Georgetown, Minnesota, and New York Law School, among others—find those courses oversubscribed. Those that offer concentrations or other special programs in information technology-related law—for example, Fordham, Georgetown, Northeastern, Ohio State, Penn, and Santa Clara, among others—have seen student interest in privacy-related concentrations and careers grow exponentially. Those that offer non-JD programs focusing on such topics as compliance—for example, Colorado, Fordham, Northwestern, and the University of Washington, among others—also have seen skyrocketing interest in privacy. Students at all levels benefit from interdisciplinary, cross-campus research initiatives, such as those at Berkeley, NYU, and the University of Washington, among others.

Prospective law students are seeking out schools that are prominent in privacy law teaching and privacy law research, and students graduating with backgrounds in privacy law are in high demand. Santa Clara Law School, which offers a certificate in privacy law, had 100% of its students from the program employed within 4 months of graduating. New York Law School, which also offers a privacy certificate, has placed its graduates in both top 20 law firms and corporations like Nielsen, Moody’s, and various financial services firms.

There is a clear path forward.  At minimum, every law school should offer at least one 3+ credit privacy law survey course. Privacy is too vast a field to be covered in just one course, however. A deeper curriculum might include courses such as those listed below:

  • Cybersecurity Law
  • Consumer Privacy Law
  • Health Privacy Law
  • Financial Privacy Law
  • International/Comparative Privacy Law
  • Computer Crime
  • Privacy Compliance Counseling
  • Data Breach Response

At minimum, a law school should have at least one full-time faculty member who writes a majority of their scholarship on privacy topics.  There is a talented pool from which to recruit such faculty. The Privacy Law Scholars Conference (PLSC), now in its 13th year, has about 300 participants, many entry-level scholars, and workshops 80 papers each year.

It’s worth noting also that, as privacy has moved to the forefront of the news, many foundations and large companies are eager to fund scholarship, conferences, and student education in privacy law, and there are a significant number of NSF and private foundation grants for research on privacy issues. Law schools that have developed strong privacy programs that include events, speakers, internship opportunities in the local community, academic centers, and formal certificates or concentrations in privacy law, have found many eager sources of support. Legal scholars who focus on privacy have begun cross-campus collaborations with their colleagues in departments and schools of computer science, engineering, communications, information, psychology, philosophy, economics, and business, creating rich opportunities for interdisciplinary research.

* * *

We hope that you will consider these factors in determining your hiring priorities in the next several years.

If you have any questions, many of us would be delighted to answer them and discuss the field with you.

Sincerely,

 

Academics

 Anita Allen
Vice Provost for Faculty and Professor of Law
University of Pennsylvania Law School

Jack Balkin
Knight Professor of Constitutional Law and the First Amendment
Yale Law School

Ryan Calo
Lane Powell & D. Wayne Gittinger Associate Professor of Law
University of Washington School of Law

Danielle Keats Citron
Professor of Law
Boston University School of Law

Julie E. Cohen
Mark Claster Mamolen Professor of Law and Technology
Georgetown Law

Eric Goldman
Professor of Law
Santa Clara University School of Law

Woodrow Hartzog
Professor of Law and Computer Science
Northeastern University

Dennis D. Hirsch
Professor of Law
Ohio State Moritz College of Law

Chris Jay Hoofnagle
Adjunct Professor of Information & Law
UC Berkeley

Margot E. Kaminski
Associate Professor
University of Colorado School of Law

Matthew Kugler
Associate Professor
Northwestern Pritzker School of Law

William McGeveran
Associate Dean for Academic Affairs
Julius E. Davis Professor of Law
University of Minnesota Law School

Paul Ohm
Professor and Associate Dean for Academic Affairs
Georgetown Law

Joel Reidenberg
Stanley D. and Nikki Waxberg Chair in Law
Fordham Law School

Neil Richards
Koch Distinguished Professor of Law
Washington University in St. Louis

Paul M. Schwartz
Jefferson E. Peyser Professor of Law
UC Berkeley Law School

Daniel J. Solove
John Marshall Harlan Research Professor of Law
George Washington University Law School

Lior Strahilevitz
Sidley Austin Professor of Law
University of Chicago Law School

Katherine J. Strandburg
Alfred Engelberg Professor of Law
New York University School of Law

Peter Swire
Elizabeth & Tommy Holder Chair of Law and Ethics
Scheller College of Business
Georgia Institute of Technology

Ari Ezra Waldman
Professor of Law
New York Law School

 

Practitioners 

Jocelyn Aqua
Principal
PwC (Privacy and Cybersecurity)

Jennifer Archie
Partner
Latham & Watkins

Ian C. Ballon
Co-Chair, Global Intellectual Property & Technology Practice Group
Greenberg Traurig, LLP

Kaylee Cox Bankston
Counsel, Privacy and Data Security Practice
Manatt, Phelps & Phillips, LLP

Bret Cohen
Partner
Hogan Lovells US LLP

Christopher G. Cwalina
Global Co-Head of Data Protection, Privacy, and Cybersecurity
Norton Rose Fulbright US LLP

Tanya Forsheit
Chair of the Privacy & Data Security Group
Frankfurt Kurnit Klein & Selz PC

Reed Freeman, Jr.
Partner; Co-Chair, Cybersecurity and Privacy Practice Group
Co-Chair, Big Data Practice Group
WilmerHale

Sue Glueck
Senior Director, Academic Relations
Microsoft

Adam Greene
Partner
Davis Wright Tremaine LLP

Meredith Halama
Partner, Co-Chair Ad Tech & Data Management Group
Perkins Coie LLP

Jim Halpert
Partner
DLA Piper

Laura E. Jehl
Partner, Global Head of Privacy and Cybersecurity Practice
McDermott Will & Emery LLP

Natasha Kohne
Partner and Co-Chair of Cybersecurity, Privacy and Data Protection Practice
Akin Gump Strauss Hauer & Feld LLP

Travis LeBlanc
Board Member, Privacy and Civil Liberties Oversight Board
Partner, Cooley LLP

Ronald Lee
Partner
Arnold & Porter

Nancy Libin
Chair, Privacy & Security Practice
Davis Wright Tremaine LLP

Edward R. McNicholas
Data, Privacy & Cybersecurity Practice Group Leader
Ropes & Gray LLP

Jon Neiditz
Partner and Privacy Co-Leader
Kilpatrick Townsend & Stockton LLP

Lydia Parnes
Co-chair of the Privacy and Cybersecurity Practice
Wilson Sonsini, LLP
Former Director of the Bureau of Consumer Protection, Federal Trade Commission

Harriet Pearson
Partner, Hogan Lovells US LLP
Former Chief Privacy Officer, IBM Corporation

Andy Serwin
Partner and Co-chair, Global Data Protection, Privacy and Security Practice
DLA Piper

Lisa J. Sotto
Partner
Hunton Andrews Kurth LLP

Gerard M. Stegmaier
Partner – IP, Tech & Data
ReedSmith LLP
Senior Research Fellow & Practitioner-in-Residence, Program on the Economics of Privacy
Scalia Law School, George Mason University

Heather Egan Sussman
Global Co-head of Cyber, Privacy & Data Innovation
Orrick, Herrington & Sutcliffe LLP

Donna L. Wilson
CEO and Managing Partner
Co-Leader, Privacy and Data Security Practice
Manatt, Phelps & Phillips, LLP

Kurt Wimmer
Co-Chair, Data Privacy and Cybersecurity Practice
Covington & Burling LLP

Christopher Wolf
Senior Counsel, Privacy and Information Management Practice
Hogan Lovells US LLP

Marc J. Zwillinger
Founder
ZwillGen PLLC