Cybersecurity and data privacy are two of the fastest growing and exciting areas of the law, which means that there are plenty of opportunities for law students to begin their career. One of the main reasons why this field is growing so rapidly, is that laws and regulations are being created all the time to respond to emerging issues.
Unlike traditional areas of law such as tax and real estate which have decades if not centuries of case law, the cybersecurity and privacy laws have all been created within the past couple of decades. While having a technological background in a field like computer science may be very helpful for some cybersecurity legal jobs, it is far from a requisite. Most employers care more about your ability to show your passion for this field than your scientific background.
The following pieces of advice will not only allow you to show your passion on a resume, but will help educate your knowledge of this rapidly growing industry.
Many law schools are beginning to offer more and more courses relating to data privacy and cybersecurity. Law students should be on the lookout for technology related courses such as Forensics Investigations, Emerging Technology, and E-commerce, as these classes will not only teach you important laws but also familiarize you with important language and concepts.
In addition to technology related legal courses, students should consider taking criminal procedure (because of the focus on the 3rd & 4th Amendments, which are pivotal to privacy rights), insurance law (because insurance carriers are almost always involved whenever there’s an incident or breach), as well as international laws because some foreign laws like the General Data Privacy Regulation (GDPR) and Law on the Protection of Personal Data (LPPD) have long-arm clauses which could impact U.S. corporations.
Even if your law school does not provide some of the technological courses mentioned above there are other ways to further your legal education while at law school. As a member of a law journal, students can write papers relating to cybersecurity and data privacy (in addition to law review, journals relating to technology or business law might encourage a paper on this topic).
Law students should be encouraged to reach out to professors who may have a relation to privacy or cybersecurity. Often professors will help guide and mentor a student through an independent research paper, which the student could try to get published (in some schools, students may even be able to earn academic credit for a project like this).
Data privacy and cybersecurity legal societies are forming in law schools around the country. These organizations are the perfect platform for students to show their interest in the field. If your school does not yet have an organization, you should start one. Employers will find your initiative as a sign of not only your passion but also your work ethic and drive.
These legal societies provide students with a place to learn more about this emerging area of the law. It is also one of the easier ways to begin growing your network. Professionals who are willing to speak to law students through an organization are often very receptive to students who try to connect to learn more about the field.
Networking while in law school is most likely the single most valuable thing a student can do. In addition to meeting professionals through a structured student organization, law students should engage their deans and professors to see if they could introduce them to alumni. An informational conversation with an attorney while a student is still in law school, builds a relationship and foundation for help down the line.
Alumni are not the only attorneys who can be in your network. Organizations such as The International Association of Privacy Professionals (IAPP), The American Bar Association, and your local city or state bar association often host webinars and events relating to cybersecurity (which may even be free for law students).
In particular, the Tort Trial & Insurance Practice Section (TIPS) of the ABA has an Outreach to Law Students Committee and a Cybersecurity & Data Privacy Committee which welcome law student member participation. And
young attorneys are encouraged to attend monthly Zoom meetings held by the Cybersecurity and Data Privacy Committee on every third Wednesday from 1-2 pm (PST) via Zoom.
Industry and bar events are a great place to learn about cutting edge legal issues relating to this area of law, as well as an opportunity to meet likeminded attorneys.
Building a network is only step one. Many law students overlook the second, and much more important step, which is maintaining that network. Keeping in regular communications with your network is a great way to build a relationship (one where they may even help you get a job one day). Not only is the size of your network important, but the quality of your relationships with those people is important as well.
In addition to studying in law school, law students should consider becoming a Certified Information Privacy Professional (CIPP). This certification is offered by IAPP and has different regional and technological types. Not only does this certification show that you care about this industry, but it also confirms a base level of knowledge. In fact, having this certification is so ubiquitous that many employers demand you have it before even considering your resume.
While there are law firms that have privacy and cybersecurity departments, there are many JD advantage opportunities for law students to enter the field. Many of the business consulting firms hire lawyers to help in privacy and cybersecurity compliance. These employers often value JD’s because of their legal acumen and proven analytical and writing abilities.
Additionally, corporations are growing their privacy and cybersecurity departments. Corporations are unlikely to hire students right out of law school in their general counsel’s office, but they may hire them in a privacy or compliance department.
These are great opportunities for young lawyers to better understand the impact of these emerging laws on a company or a sector as a whole.