🚀 Early Adopter Price: $39/mo for life --d --h --m --s Claim Your Price →
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
Continuing Education Coming Soon

CE Cybersecurity Data Privacy Law

The course equips licensed attorneys with practical knowledge of federal and state privacy statutes, breach notification rules, attorney‑client privilege in digital communications, e‑discovery, and cybersecurity compliance frameworks, enabling them to counsel clients on technology‑driven risks.

Who Should Take This

It is designed for practicing lawyers—particularly those in corporate, litigation, or data‑privacy practice—who have a solid grounding in general law and seek to deepen their expertise in navigating privacy regulations, managing breach responses, and integrating cybersecurity considerations into client counseling and litigation strategy.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

65 learning goals
1 Federal Privacy Law Frameworks
2 topics

CCPA and CPRA fundamentals

  • Recognize the key definitions under the CCPA including personal information, consumer, business, and service provider as they apply to legal practice.
  • Comprehend the consumer rights established by the CCPA and CPRA including the right to know, delete, opt-out, and limit use of sensitive personal information.
  • Analyze whether a specific business qualifies as a covered entity under CCPA thresholds and determine applicable compliance obligations.
  • Comprehend the CPRA amendments including the California Privacy Protection Agency, expanded opt-out rights, and data minimization requirements.

Federal sectoral privacy laws

  • Recognize the scope and applicability of HIPAA, FERPA, GLBA, and COPPA and identify which sectors each statute governs.
  • Comprehend the interplay between federal sectoral privacy laws and state comprehensive privacy statutes when both apply to the same data processing activity.
  • Analyze a data processing scenario to determine which federal and state privacy laws apply and identify potential preemption issues.
  • Synthesize a compliance assessment methodology for organizations subject to multiple overlapping federal sectoral privacy laws with differing breach notification and consent requirements.
2 State Privacy Laws and Data Breach Notification
2 topics

State comprehensive privacy laws

  • Recognize the key features of state comprehensive privacy laws including Virginia VCDPA, Colorado CPA, Connecticut CTDPA, and their consumer rights provisions.
  • Comprehend the variations in opt-in versus opt-out consent models across state privacy statutes and their implications for multi-state compliance.
  • Synthesize a multi-state privacy compliance framework that reconciles differing consumer rights, enforcement mechanisms, and exemptions across jurisdictions.

Data breach notification requirements

  • Recognize the elements of a data breach notification statute including triggering events, notification timelines, content requirements, and regulatory reporting obligations.
  • Comprehend the variations in state data breach notification laws regarding the definition of personal information, harm thresholds, and safe harbor provisions for encrypted data.
  • Analyze a data breach incident to determine notification obligations across multiple jurisdictions including timing, content, and recipient requirements.
  • Synthesize an incident response plan addressing breach detection, forensic investigation, legal hold, notification drafting, and regulatory communication.
3 Attorney-Client Privilege in Digital Communications
2 topics

Privilege in electronic environments

  • Recognize how attorney-client privilege applies to email, text messages, collaboration platforms, and cloud-stored communications.
  • Comprehend the reasonable expectation of confidentiality standard for determining whether privilege attaches to communications sent via various digital channels.
  • Analyze scenarios involving inadvertent disclosure of privileged digital communications and determine whether privilege has been waived under FRE 502.
  • Synthesize protocols for preserving attorney-client privilege when using cloud-based communication tools, shared document platforms, and AI-assisted legal research.

Privilege and third-party technology providers

  • Comprehend the conditions under which sharing privileged information with third-party technology vendors does or does not waive attorney-client privilege.
  • Analyze whether privilege is maintained when a law firm uses AI-powered legal tools that process client data on external servers.
  • Recognize the ethical obligations when retaining cloud service providers that may access privileged client communications during service delivery.
4 E-Discovery and Digital Evidence
2 topics

E-discovery obligations and process

  • Recognize the stages of the EDRM model including identification, preservation, collection, processing, review, analysis, production, and presentation.
  • Comprehend the duty to preserve electronically stored information upon reasonable anticipation of litigation and the consequences of spoliation.
  • Analyze proportionality factors under FRCP Rule 26(b)(1) to determine the appropriate scope of e-discovery in cases involving large data volumes.
  • Synthesize a litigation hold protocol that addresses ESI identification, custodian notification, collection procedures, and defensibility documentation.

Technology-assisted review and AI in e-discovery

  • Recognize the types of technology-assisted review including predictive coding, continuous active learning, and clustering used in document review.
  • Comprehend the legal standards for defensibility of TAR methodologies including validation protocols, recall metrics, and judicial acceptance criteria.
  • Analyze whether a proposed TAR workflow meets proportionality and defensibility standards for a given litigation scenario.
5 Cybersecurity Frameworks and Compliance
2 topics

NIST and industry cybersecurity standards

  • Recognize the five functions of the NIST Cybersecurity Framework — Identify, Protect, Detect, Respond, Recover — and their relevance to legal compliance.
  • Comprehend how NIST CSF implementation tiers relate to organizational risk management and legal standards of reasonable security.
  • Analyze whether an organization's cybersecurity posture meets the standard of reasonable security as interpreted by the FTC, state AGs, and courts.
  • Recognize the requirements of industry-specific frameworks including PCI DSS, SOC 2, and ISO 27001 and their relevance to legal due diligence.

Cybersecurity regulatory enforcement

  • Comprehend the FTC's authority to enforce cybersecurity standards under Section 5 and the evolution of its unfairness and deception doctrines in data security cases.
  • Recognize the role of state attorneys general in enforcing data security and privacy laws including common enforcement actions and settlement patterns.
  • Analyze a cybersecurity incident to determine potential regulatory exposure across federal and state enforcement regimes.
  • Synthesize a regulatory response strategy for organizations facing simultaneous enforcement actions from multiple federal and state cybersecurity regulators.
6 Ethical Obligations for Data Protection
2 topics

Attorney ethical duties in cybersecurity

  • Recognize the ethical obligation of attorneys to implement reasonable cybersecurity measures to protect client data under Model Rules 1.1 and 1.6.
  • Comprehend the duty of technological competence as applied to data protection including understanding encryption, access controls, and secure communication.
  • Analyze whether an attorney's data protection practices meet the evolving standard of technological competence in light of current cybersecurity threats.
  • Synthesize a law firm cybersecurity policy addressing encryption standards, multi-factor authentication, vendor management, training, and incident response.

Ethical considerations in data privacy practice

  • Comprehend the ethical considerations when advising clients on privacy compliance including competence in rapidly evolving privacy law.
  • Analyze scenarios where an attorney's duty to maintain client confidentiality conflicts with mandatory data breach reporting obligations.
  • Synthesize ethical guidelines for attorneys advising on cross-border data transfers that implicate conflicting legal obligations across jurisdictions.
7 International Data Privacy and Cross-Border Issues
2 topics

GDPR and international frameworks

  • Recognize the key principles of the GDPR including lawfulness, purpose limitation, data minimization, accuracy, storage limitation, and accountability.
  • Comprehend the mechanisms for lawful cross-border data transfers under the GDPR including adequacy decisions, standard contractual clauses, and binding corporate rules.
  • Analyze a multinational organization's data processing activities to determine GDPR applicability and identify required compliance measures.
  • Comprehend the EU-US Data Privacy Framework and its requirements for self-certification, recourse mechanisms, and compliance verification.

Emerging global privacy regulations

  • Recognize the key features of emerging privacy frameworks in jurisdictions including Brazil LGPD, China PIPL, and India DPDPA.
  • Analyze a cross-border data transfer scenario to determine whether adequate safeguards exist under applicable international privacy frameworks and identify required remediation steps.
  • Synthesize a global privacy compliance strategy that addresses overlapping and conflicting requirements across US, EU, and emerging international privacy regimes.
8 Cybersecurity Litigation and Risk Management
2 topics

Privacy litigation and class actions

  • Recognize the standing requirements for data breach class actions including Article III injury-in-fact and the evolution of harm theories.
  • Comprehend the common causes of action in privacy litigation including negligence, breach of contract, statutory claims, and state consumer protection acts.
  • Analyze a data breach scenario to assess litigation risk, identify viable claims, and evaluate potential defenses including safe harbor provisions.
  • Synthesize a litigation risk assessment framework for data breach incidents that integrates standing analysis, damages models, regulatory exposure, and insurance coverage evaluation.

Cyber insurance and risk transfer

  • Recognize the key coverage components of cyber insurance policies including first-party and third-party coverages, exclusions, and sublimits.
  • Comprehend the role of cyber insurance in an organization's overall risk management strategy and the legal implications of coverage disputes.
  • Analyze a cyber insurance policy to determine whether a specific data breach event triggers coverage and identify potential coverage gaps.
9 Sector-Specific Cybersecurity Compliance
2 topics

Healthcare and financial services cybersecurity

  • Recognize the cybersecurity requirements of the HIPAA Security Rule including administrative, physical, and technical safeguards for protected health information.
  • Comprehend the cybersecurity obligations imposed by GLBA Safeguards Rule and NYDFS Cybersecurity Regulation on financial institutions and their counsel.
  • Analyze a healthcare entity's cybersecurity posture to determine HIPAA Security Rule compliance and identify gaps requiring remediation.
  • Synthesize a cross-sector cybersecurity compliance program for an organization operating in both healthcare and financial services that addresses overlapping HIPAA and GLBA requirements.

Critical infrastructure and government cybersecurity

  • Recognize the legal requirements for cybersecurity incident reporting under CIRCIA and SEC cybersecurity disclosure rules.
  • Comprehend the legal obligations of critical infrastructure entities under Executive Orders and sector-specific cybersecurity directives.
  • Synthesize a comprehensive cybersecurity compliance program for an organization subject to overlapping federal, state, and industry-specific cyber requirements.

Scope

Included Topics

  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) including consumer rights, business obligations, and enforcement provisions.
  • State comprehensive privacy laws including Virginia VCDPA, Colorado CPA, Connecticut CTDPA, and emerging state privacy statutes.
  • Data breach notification requirements across all 50 states including triggering events, notification timelines, content requirements, and regulatory reporting.
  • Attorney-client privilege in digital communications including email, cloud platforms, collaboration tools, and AI-assisted legal research.
  • E-discovery obligations and procedures including the EDRM model, preservation duties, proportionality, technology-assisted review, and ESI management.
  • NIST Cybersecurity Framework and industry standards including PCI DSS, SOC 2, and ISO 27001 as they relate to legal compliance.
  • Ethical obligations for attorneys regarding data protection, technological competence, and client data security under Model Rules 1.1 and 1.6.
  • International data privacy frameworks including GDPR, EU-US Data Privacy Framework, and emerging global privacy regulations.
  • Cybersecurity litigation including data breach class actions, standing requirements, common causes of action, and cyber insurance coverage.
  • Sector-specific cybersecurity compliance including HIPAA, GLBA, CIRCIA, and SEC cybersecurity disclosure requirements.

Not Covered

  • Technical implementation details of cybersecurity tools, network architecture, or penetration testing methodologies.
  • Software engineering or coding practices for secure application development.
  • Detailed cryptographic algorithms or mathematical foundations of encryption.
  • Non-US privacy laws in depth beyond their intersection with US legal practice and cross-border data transfer.
  • Criminal hacking statutes (CFAA) beyond their intersection with civil data privacy litigation.

CE Cybersecurity Data Privacy Law is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified