data protection Credit: Joe Therasakdhi/Shutterstock.com.
|

Looking to jump-start your legal technology career but don't know how? Jared Coseglia of TRU Staffing Partners writes a monthly column on certifications to know and training to acquire in the industry for Legaltech News. This month's piece takes a look at IAPP's Privacy Law Specialist certification.

 

In its 2018 inaugural class, the International Association of Privacy Professionals (IAPP) accepted and then granted the Privacy Law Specialist certification to 27 members. “We received a really big response for the first class,” states Doug Forman, certification director at the IAPP. Now, in only its second year on the market, the PLS is held by approximately 75 attorneys.

What distinguishes the PLS from the body of other privacy certifications available through the IAPP is that it is recognized by the American Bar Association (ABA) and intended only for lawyers practicing in the United States. Privacy law is only the 15th specialty accredited by the ABA.

The PLS distinction carries with it an acknowledgment that an attorney has successfully demonstrated knowledge of relevant privacy laws, regulation and technology; a commitment to staying ahead of new developments in the field; and substantial time devoted to practicing law related to safeguarding personal information. For lawyers in privacy, especially up-and-comers early in their career, this certification ranks you instantly among the elite. U.S. attorneys who meet the IAPP's rigorous specialist designation requirements may be permitted under their state's rules of professional responsibility to advertise their specialization in privacy law.

In order to apply, attorneys must meet the following requirements: The attorney must be admitted in good standing in at least one U.S. state bar; must hold a CIPP/US, plus either a CIPM or CIPT (Certified Information Privacy Manager or Technologist) designation from the IAPP; must pass the PLS Ethics Exam administered by the IAPP or submit a recent MPRE score of 80+; must provide proof of “ongoing and substantial” involvement practicing privacy law (at least 25 percent of full-time practice over the last three years); must supply evidence of at least 36 hours of continuing education in privacy law for the three-year period preceding the application; and finally, must provide a personal statement and at least five peer references from attorneys, clients or judges attesting to the individual's privacy law experience.

Though the ABA has requirements of its own in order to approve the PLS specialty certification, largely based on traditional CLE (continuing legal education), the IAPP still maintains high subjective standards before assigning the PLS certification to any of its members. According to Forman, “Our review board takes a close look at the personal statement and peer reviews, and there is still an opportunity for the reviewers to say, 'No, this individual has not quite demonstrated a depth and breadth in privacy necessary to warrant the PLS distinction.'”

So, who is on the review board?  The IAPP has a group called the “privacy bar forum,” and its members are some of the most experienced and recognized privacy lawyers in the country. “We formed three separate review pods from that group of lawyers to distribute the applications, assess and judge,” adds Forman. Applications are not anonymous. Transparency is core to the process, especially since there is no additional test required, other than the ethics exam, to receive the PLS, assuming applicants have already passed the tests required to achieve CIPP/US and CIPM or CIPT status with IAPP, which are necessary for PLS designation.

If the review board feels an application is incomplete and lacking in detail, “[they] may ask for more information from certain candidates,” continues Forman. Additionally, because privacy is a small but growing community of peers, if members of the review board have established professional or personal relationships with applicants, they can and will recuse themselves from reviewing that particular person's application in order to ensure no bias is given.

There are four application periods a year, one per quarter. Submission periods last three months. “At the end of each quarter we take applications and distribute them to the review boards,” says Forman. “There is no limit to how many we will accept in a period.”

With no limit to the amount of applicants that can achieve the PLS, why are there less than 100 in existence to date?  One challenge to vast adoption and pursuit of the PLS from the existing privacy community is simply awareness. “We did a lot of messaging early on about it. We had a good couple of first periods, and then we have had slightly more modest numbers of applicants,” says Forman, “but that is mainly a matter of not that many people knowing about this accreditation.”

Another challenge to broad subscription to the certification comes from the increasingly diminishing but still palpable gap between highly seasoned privacy lawyers and new entrants to the space. “Some lawyers will say, 'I've been doing this for years, I don't need to be called a specialist. My firm has an established practice,'” observes Forman. Conversely, Forman finds that “the early adopters do seem to be people earlier in their careers. They have been doing privacy since law school and want to distinguish themselves.”

Around three to four years of practicing privacy experience appears to be the tipping point for attorneys applying for the PLS. Most lawyers who hold the PLS distinction are coming from major law firms. “We get smatterings from consultancies and in-house counsel, but for the most part they are from familiar law firm name brands, not as many or very few that are in private practice.”

Another challenge in evangelizing the PLS is that, like many ABA-approved specialty certifications, only about 25 to 27 states recognize the distinction and allow attorneys to advertise it. California, one of the legislative pioneers in privacy with the California Consumer Privacy Act of 2018, is not one of those states. Neither is Minnesota. Neither is Washington state (view a state-by-state specific requirements here). “California and Washington are two of our largest member bases,” says Forman. “We are strategically approaching these states individually to foster acceptance of the program.”

Whichever states have the most IAPP attorney members are the ones the IAPP will go to first to win buy-in for the PLS accreditation. The reason Washington and California top the charts is this is often where the tech companies are headquartered and tech companies are under the greatest scrutiny with regard to privacy law. “Facebook, Amazon, Google – all in California and Washington,” comments Forman. Despite California and Washington not yet recognizing the PLS through the ABA, Forman notes that a good number of applicants were still based in California. “Even people in states that don't recognize the PLS through ABA are still applying for the distinction,” outlines Forman, “They still see value in the training and education. In a sense, this wasn't just an approval of a cert, it was also a recognition that privacy law was a specialty that needed to be recognized.” Privacy is one of the fastest-growing job segments of the legal industry today.

The next submission period to become an ABA-accredited specialist ends March 31, 2019—just in time for the IAPP Global Privacy Summit taking place the last week in April/first week of May. Those interested in pursuing their PLS should contact [email protected] to start the process. The current application window ends March 31.

 

Jared Coseglia is the founder and CEO of TRU Staffing Partners, an Inc 5000 Fastest Growing American Company 2016 & 2017 and National Law Journal's #1 Legal Staffing Agency. Jared has over 15 years of experience representing thousands of professionals in e-discovery, cybersecurity and privacy throughout the world.