Recently, the International Association of Privacy Professionals (IAPP) released a ranking of law schools based on their educational programs in privacy law. Although I applaud the effort to focus more attention on the issue of teaching privacy law in law schools, there are many aspects of the project that I would do differently. In this post, I will discuss the elements of what I believe would constitute a robust privacy law educational program at law schools.
First, a bit of background about IAPP’s rankings. IAPP ranks schools into three tiers. Tier 1 is for schools offering a “certification or formal concentration in privacy law.” Tier 2 is for schools that “offer at least one three-credit course in privacy annually.” Tier 3 is for schools that “have a privacy offering, such as a one-credit seminar” rather than a three-credit offering or that have offered privacy courses but not on a “consistent basis.”
Unfortunately, the data that IAPP has assembled thus far is incomplete and needs quite a number of corrections. For example, many schools listed in Tier 3 have a 3-credit annual offering.
Additionally, I don’t agree with the set of criteria used to rank the schools. Having a certificate doesn’t put a school’s program in the top tier. There are many other factors to consider. Presenting the data in a rankings format is counterproductive because the data needs a lot of correcting plus the criteria are incomplete and not properly weighted. I think a more useful endeavor would be to improve the data, gather data on some other criteria, and just present the data rather than try to rank. IAPP’s project is just a starting point, and I hope that my suggestions here are constructive and will help shape the project.
