Info-privacy law is hot —and Missouri law students are into it

From massive data breaches at Yahoo to the use of Facebook account data by political campaigns, information privacy is becoming a hot area of law — and Missouri law students are catching the fever.

Particularly at Saint Louis University and Washington University in Saint Louis, students are forming groups, hosting events and forging links to professional networks devoted to the topic.

Their interest may give them a professional boost: As they prepare to enter the job market, new regulations are taking effect. Europe’s sweeping General Data Protection Regulation came into force in May, and with it an explosion of new data-protection-officer positions inside companies that do business there. In June, California passed its own Consumer Privacy Act, which will begin in 2020.

And at the American Bar Association’s recent mid-year meeting, the specialization committee approved a certification program in data privacy. Obtaining that certificate will make graduates more attractive to big law firms adapting to a new landscape, said SLU School of Law Professor Matthew Bodie.

“When they’re hiring, they recognize this as valuable expertise,” Bodie said.

Students at Wash U appear to be the first in Missouri to have organized a student group, which they call the Technology and Privacy Society. They held a “crypto party” in March in which various experts (including a certified ethical hacker, a former CIA contractor and in-house counsel from large local corporations) discussed data security with students, according to Casey Waughn, one of the group’s co-presidents.

While that event drew about 60 people, Waughn said, a larger group of about 90 attended a panel discussion several weeks ago on Carpenter v. United States, in which the U.S. Supreme Court ruled that a warrant is required for police to access geolocation data created by a cellphone’s communication with cell towers.

Waughn, a second-year law student, said she first became intrigued with this area before law school, when she was working in finance and saw companies respond to the Equifax breach.

“I’m interested in data-privacy litigation and helping companies comply with sectoral regulation,” Waughn said.

Over at SLU, 2L student Julia McFarland said the news item that piqued her curiosity was the revelation that Cambridge Analytica drew on user data from millions of Facebook accounts to influence voters in 2016 during the Brexit referendum and the U.S. presidential campaign.

McFarland and a fellow student are set to launch a student group next semester called eLaw, which will be devoted to topics ranging from e-discovery to data security.

Bodie, their faculty mentor, teaches the school’s information-privacy course. This year, his students are staging a “privacy fair,” an event akin to a science fair in which students set up booths to present topics such as the privacy of genetic information or social media.

“The nice thing about the course [for millennial students] is that it’s not only an area where there are job opportunities,” Bodie said. “They intuitively understand it. They grew up with it. They’re more familiar with the tech.”

Bodie helped to make SLU Law one of only 11 schools nationwide (and the only one in Missouri) to participate in Privacy Pathways, a pilot program with the International Association of Privacy Professionals, or IAPP. It’s designed to give students an “on-ramp into the privacy profession” through training, networking and other opportunities. Through the IAPP, students can also earn a Privacy Law Specialist certification, which the ABA recently approved.

That IAPP credential carries weight, said Daniel C. Nelson, a partner at Armstrong Teasdale and co-founder of the firm’s Privacy and Data Security practice group.

“It’s something that’s well within their grasp,” said Nelson, who has taught at the University of Missouri School of Law. “They’ll learn a lot about the law and demonstrate to potential employers and clients they have some knowledge and commitment in that space.”

Nelson disagreed with the common perception that millennials don’t care about privacy. He said a fundamental idea in privacy is the ability to do what one chooses with one’s data, and he sees his own millennial children exercise that choice, for example, by using Snapchat, which has a default setting that automatically deletes data after a short period of time.

“It’s a misunderstanding to think that because millennials don’t conform to someone else’s notion of privacy that they don’t care deeply about it,” Nelson said.

Correction: A previous version of this story misspelled Julia McFarland’s name. We regret the error.