What about you? What is it that you do currently, and what is your educational and current certification background? Are you a nonpracticing attorney working as an e-discovery project manager? Do you have two complimentary certifications through the International Association of Privacy Professionals (IAPP)? Are you finishing your MBA or an LLM? Do you have a budget for a certification program (or three)?
What do you want to do? Are you transitioning to a new practice area or interested in doing so? Are you retiring from a seemingly related area and think e-discovery sounds interesting? Have you been approached by recruiters for privacy positions and want to put your best foot forward in a way over which you have control?
What is your appetite for going above and beyond? Certifications are additive in information law in a way that, for example, the security profession is not. That is, your employer may not pay for these—and certainly may not respect how much night and weekend time it might take to study for even one certification.
Are you interested in one particular area of information law, or do you want to aim for a broader focus? Information law is generally considered to include e-discovery, data privacy, data security, and information governance. Opinions certainly differ, but advice normally focuses on these four quadrants when considering certification and organizational membership.
If you want to focus on one area, the recommended steps are as follows:
- If you want to solidify your bona fides in e-discovery, start with the CEDS (Certified E-Discovery Specialist) credential from the Association of Certified E-Discovery Specialists (ACEDS), followed by the CMLAW-ECP credential from the Cleveland Marshall School of Law.
- If you want to demonstrate a stronger foundation in information governance (IG), the CRM (Certified Records Manager) from the Institute of Certified Records Managers (ICRM) is still the first credential for IG practitioners; this is followed by the IGP (Information Governance Professional) offered by Association of Records Managers and Administrators (ARMA) and the CIP (Certified Information Professional) provided by the Association for Information and Image Management (AIIM).
- If data security is your aim, the CISSP (Certified Information Systems Security Professional) designation offered by the Information Systems Security Certification Consortium (ISC) is the broadest, most significant credential. There are, however, a myriad to choose from, many of which are very task- or system-specific—and should be treated as such.
- If data privacy is either your practice or your aspiration, the International Association of Privacy Professionals (IAPP) has a host of offerings, ranging from the CIPP/US (Certified Information Privacy Professional–US) to the CIPM (Certified Information Privacy Manager). Becoming credentialed in multiple IAPP disciplines can also lead to both the FIP (Fellow of Information Privacy) designation as well as the recently offered PLS (Privacy Law Specialist) ABA accreditation that the IAPP now facilitates.
Value of Certification
Know what you are getting. None of these certifications will make you an expert; rather, they signify that you have put in the time, that you answered questions on a test correctly (as far as the test key goes), that you met the criteria, and sometimes that you are current with membership dues. But you do cultivate a kind of default expected proficiency, where, for example, a CIPP holder is assumed to have some devotion to privacy rather than simply indicating some interest. This is valuable when moving the conversation from a potential to something actual.
Range of Options
Know what you are missing. This article is not exhaustive, and some information law practitioners swear by the PMP (Project Management Professional) designation, Six Sigma belts or other Lean approaches, Kaizen methodology, or even some combination. Some have an MBA; there are also plenty of practitioners that pursued LLMs in related disciplines that were happy to have done so. If you are interested in specific topics, spend a weekend reading up, and then look to a more focused approach if one is warranted.
Know what else you are getting—in a word, community. In particular, members are often surprised by the warmth and appreciation they receive from the governing bodies’ membership, both when attending events and when reaching out for professional guidance or opportunities. With membership also comes a sense of solidarity: When you go through a credentialing process and come out the other side, you have become one of a select few. This makes that job interview or transition, pitch or proposal, or professional networking opportunity that much smoother. And while that particular issue does not come up on any of the tests, it is guaranteed to be one of the answers.
James A. Sherer is a partner at Baker & Hostetler LLP in New York, New York. The views expressed in this article are solely those of the author; should not be attributed to his place of employment, colleagues, or clients; and do not constitute solicitation or the provision of legal advice.