Graduate certificate in information privacy law and policy

The explosive growth in digital technologies and applications has led to hundreds of new information privacy laws in the United States and internationally. Compliance with these laws, management of privacy in areas not yet regulated by law, resolving conflicts among privacy laws, and articulating new privacy laws and policies have led to the creation and rapid expansion of information privacy law careers throughout the private and public sectors at the local, national, and international levels. There is a growing need for individuals with formal background in information privacy law and policy to both understand the current regulations and to thoughtfully develop new information privacy law and policy frameworks as technological developments continually disrupt prior conceptions of privacy.

Maurer School of Law and Indiana University Bloomington are uniquely placed to answers these demands because of deep and broad experience in education and research on cybersecurity and information privacy. Recognized by the federal government as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) and National Center of Academic Excellence in Cyber Defense Research (CAE-R), IU's cybersecurity and information privacy programs are distinguished by their interdisciplinary approach, including integration of law, business, and computer science.

The Information Privacy Law and Policy Certificate can be earned on campus in Bloomington or online from anywhere in the world. Maurer School of Law will award a graduate certificate to students who complete at least 12 credit hours in courses specified below while maintaining a minimum grade point average of 3.0. All credits earned as a certificate student can be applied toward the 30 credits required for a Master's of Science in Cybersecurity Risk Management.

Courses required for certificate

Required courses

All students must take one of the following two core courses (and may take both):

Students without a technology background must take:

Students without prior legal experience, who are not concurrently enrolled in the JD program, must complete at least one credit of Introduction to U.S. Law.

Elective courses

Students must select from a list of designated courses to satisfy the balance of the 12 credit hours required for the certificate. These courses include:

Center affiliation

As a condition of admission to the certificate program, JD students must apply to and be accepted as a JD affiliate of an IU Research Center with cybersecurity or information privacy as a principal area of focus. These include the long-established Center for Applied Cybersecurity Research and the new Ostrom Workshop Program on Cybersecurity and Internet Governance. Non-JD students are not required to affiliate with a Research Center to earn the graduate certificate.

How to apply

Non-JD Students must apply by:

  1. Creating an Account or using existing IU credentials at: Indiana University's online graduate and professional admissions application
  2. Selecting “Law Special Programs” in the dropdown menu
  3. Selecting “Information Privacy Law and Policy Graduate Certificate” in the dropdown menu
  4. Selecting the term you wish to enroll.
  5. Clicking “Next Page”
  6. Completing the application. When completing the online application, please make sure to:
    1. Attach your personal statement and résumé to IU's online admissions application; and
    2. Identify at least one person as a reference (please note: an online reference form is emailed to the person(s) listed only after an application is submitted).

Standardized test scores (e.g., GRE or LSAT) are not required.

The application deadline is July 1.

JD Students apply by completing this application and submitting it to Sarah Portwood:

For more information, please contact:
Joseph A. Tomain
Lecturer in Law
Director of Cybersecurity and Information Privacy Law Programs
Maurer School of Law Indiana University
(812) 855-0466  

Learning outcomes

All students will be expected to demonstrate:

  • Familiarity with U.S. federal and state laws and regulations and major judicial opinions concerning information privacy law;
  • Familiarity with major U.S. federal and state regulators with responsibility for information privacy, their regulatory powers and jurisdiction, and other tools available to them;
  • Familiarity with major models of information privacy law in other parts of the world, and specifically their likely impact on U.S. institutions;
  • Familiarity with resources regarding information privacy issues, technologies, threats, and law, and the ability to assess their relevance, accuracy, and reliability;
  • The ability to assess information privacy laws, regulations, and judicial decisions in terms of their likely effectiveness, their impact on institutions and individuals, their efficiency, their cost-effectiveness, and other legal or policy issues they might raise;
  • The ability to assess new technologies, applications, products, and services in terms of the information privacy issues they may present and their lawfulness under existing law; and
  • An understanding of the broader context in which information privacy issues occur and other values that are likely to be implicated by efforts to address information privacy challenges, including cybersecurity, freedom of expression and association, Fourth and Fifth Amendment rights, efficient commerce, and national security.

In addition:

Students lacking familiarity with U.S. law will be expected to demonstrate:

  • A general understanding of the basic structure of U.S. law and the U.S. legal system

Students lacking familiarity with information technologies will be expected to demonstrate:

  • A general understanding of computers, networks, and mobile devices, and how they interconnect;
  • A basic understanding of “big data” analytics and algorithms; and
  • A basic understanding of authentication tools.