Graduate certificate in information privacy law and policy

Technological developments increasingly pose new challenges to privacy in various contexts from business to law enforcement to social interactions. Experts in information privacy law and policy are needed to determine how our legal system should properly balance these often-competing interests.

The explosive growth in digital technologies and applications has led to hundreds of new information privacy laws in the United States and internationally. Compliance with these laws, management of privacy in areas not yet regulated by law, resolving conflicts among privacy laws, and articulating new privacy laws and policies have led to the creation and rapid expansion of information privacy law careers throughout the private and public sectors at the local, national, and international levels. There is a growing need for individuals with formal background in information privacy law and policy to both understand the current regulations and to thoughtfully develop new information privacy law and policy frameworks as technological developments continually disrupt prior conceptions of privacy.

The Maurer School of Law and Indiana University Bloomington are uniquely placed to answers these demands because of deep and broad experience in education and research on cybersecurity and information privacy. Recognized by the federal government as a National Center of Academic Excellence in Cyber Defense Education (CAE-CDE) and National Center of Academic Excellence in Cyber Defense Research (CAE-R), IU's cybersecurity and information privacy programs are distinguished by their interdisciplinary approach, including integration of law, business, and computer science.

The Information Privacy Law and Policy Certificate can be earned on campus in Bloomington or online from anywhere in the world. Maurer School of Law will award a graduate certificate to students who complete at least 12 credit hours in courses specified below while maintaining a minimum grade point average of 3.0. All credits earned as a certificate student can be applied toward the 30 credits required for a Master's of Science in Cybersecurity Risk Management.

Courses required for certificate

Required courses

All students must take one of the following two core courses (and may take both):

Students without a technology background must take:

Students without prior legal experience, who are not concurrently enrolled in the JD program, must complete at least one credit of Introduction to U.S. Law.

Elective courses

Students must select from a list of designated courses to satisfy the balance of the 12 credit hours required for the certificate. These courses include:

Center affiliation

As a condition of admission to the certificate program, JD students must apply to and be accepted as a JD affiliate of an IU Research Center with cybersecurity or information privacy as a principal area of focus. These include the long-established Center for Applied Cybersecurity Research and the Ostrom Workshop Program on Cybersecurity and Internet Governance. Non-Maurer School of Law students are not required to affiliate with a Research Center to earn the graduate certificate.

How to apply

Current Maurer School of Law students:

Complete this center affiliation application, then submit it to Sarah Portwood at

All other applicants:

  1. Click here to visit the University Graduate School admissions page. From the drop-down menu, choose the semester in which you would like to start your studies.
  2. Click the Apply Now button to be taken to the Indiana University Graduate CAS sign in page. Create an account or sign in to your existing account.
  3. Type “cybersecurity law” into the search bar to find the Cybersecurity Law and Policy Maurer Graduate Certificate. Click the plus sign (+) next to the certificate name to add it to your application.
  4. Click on the “My App” tab to finish building your application.

For more information, please contact:
Joseph A. Tomain
Lecturer in Law
Director of Cybersecurity and Information Privacy Law Programs
Maurer School of Law Indiana University
(812) 855-0466  

Learning outcomes

All students will be expected to demonstrate:

  • Familiarity with U.S. federal and state laws and regulations and major judicial opinions concerning information privacy law;
  • Familiarity with major U.S. federal and state regulators with responsibility for information privacy, their regulatory powers and jurisdiction, and other tools available to them;
  • Familiarity with major models of information privacy law in other parts of the world, and specifically their likely impact on U.S. institutions;
  • Familiarity with resources regarding information privacy issues, technologies, threats, and law, and the ability to assess their relevance, accuracy, and reliability;
  • The ability to assess information privacy laws, regulations, and judicial decisions in terms of their likely effectiveness, their impact on institutions and individuals, their efficiency, their cost-effectiveness, and other legal or policy issues they might raise;
  • The ability to assess new technologies, applications, products, and services in terms of the information privacy issues they may present and their lawfulness under existing law; and
  • An understanding of the broader context in which information privacy issues occur and other values that are likely to be implicated by efforts to address information privacy challenges, including cybersecurity, freedom of expression and association, Fourth and Fifth Amendment rights, efficient commerce, and national security.

In addition:

Students lacking familiarity with U.S. law will be expected to demonstrate:

  • A general understanding of the basic structure of U.S. law and the U.S. legal system

Students lacking familiarity with information technologies will be expected to demonstrate:

  • A general understanding of computers, networks, and mobile devices, and how they interconnect;
  • A basic understanding of “big data” analytics and algorithms; and
  • A basic understanding of authentication tools.