Loyola University Chicago

School of Law


To successfully complete the Certificate in Privacy Law, students must complete 8 credit hours of approved privacy coursework from the following privacy courses. Certificate students may start their studies during any of our three online terms (spring, summer or fall) and pace their studies as they wish, taking up to all 8 credits in a single term or taking a minimum of 2 credits (one course) per term. 

European Union Regulation 2016/679 was adopted by the European Parliament and European Council in 2016 and has world-wide privacy law implications, not merely for activities inside the European Union. The law seeks to protect natural persons when their personal data is used by any regulated entity doing business in the EU. The law also requires regulated entities to have organized compliance efforts on a global scale. The course will examine: (a) the history of privacy law in the EU, (b) the response of the EU member states to past EU privacy directives and the current law, (c) the current EU privacy law’s impact on business and data storage around the world, (d) the compliance organizational structures needed to respond to the law, and (e) liability associated with non-compliance. No background on EU law is needed; the course will begin with teaching the basic legal and constitutional structure of the European Union in order to situate the course privacy law material.

This course will cover health information law and policy as it pertains to data security and privacy of electronic health records in the United States. Students will examine how individual health information is collected, maintained, and transferred in this electronic information age, and the ramifications when such information is improperly protected, stolen, and misused.

In this course, students will explore the regulatory and civil practice laws governing electronic health information. The course will include a brief overview of the political and social forces behind the digitization of electronic health information. Students will learn the relevant legal definitions and terms associated with electronic health information and the obligations imposed upon healthcare providers who create, manage and store electronic health data. The course will include in depth analysis of the statutory requirements governing e-health information, such as the Federal Rules of Civil Procedure and the HITEC Act of 2009. Materials will include relevant journal articles, statutes, and case law. Upon completion of the course, students will understand the issues faced by healthcare providers with the explosion of electronic health data, the legal obligations of healthcare providers, and how to develop a legally sound e-health information program.

An examination of current data privacy laws and regulations, general risk management strategies, and emerging practical trends with respect to collection, management and retention practices regarding corporate information. In addition, the course will utilize real world contracts and other documents in order to provide students with practical solutions to evolving data privacy compliance and risk management issues. 

A breach of privacy is considered inappropriate use or disclosure of personal data. Numerous laws regulate what constitutes a breach and the legal obligations if there is a breach. This course will examine: (a) what constitutes a "breach" or "incident" under a variety of scenarios and industries, (b) what legal obligations regulated entities have to act on a breach or incident, (c) what liabilities in tort or contract may exist as the result of breaches, (d) corrective actions to manage breaches and minimize recurrence, (e) electronic security measures to minimize breaches and incidents, (f) a survey of the most common cyberattacks for students to gain familiarity with trends in electronic breaches, and (g) practice in drafting notices, incident reports, and corrective actions.

This course explores advanced concepts in privacy and security law and is designed as a continuation of either of the introductory privacy courses (LAW 918 or LAW 823). This course will present a complex compliance privacy and security scenarios in each module which the student must analyze and comment upon.  LAW 918 or LAW 823 is a prerequisite.

All coursework will be graded and students will be expected to complete all assignments and course requirements. In line with current policies, all certificate students will be expected to maintain a GPA of 2.0 (C or better), both to continue studies and to earn a certificate. Students who fail a class will be required to retake the course and earn a passing grade in order to earn a certificate.