Law Degrees for Privacy Professionals: Must Haves or Nice to Haves?

Published at 16:29 on 04 Nov 2022

Candidates with law degrees have been highly sought by employers looking to fill privacy roles for the past decades. But there’s a fierce debate currently raging about whether law degrees for privacy professionals are must-haves or nice-to-haves. And we’re sharing our two cents in this post. 

A Law Degree is Essential for Some Aspects of Privacy Practice 

There are certain elements of privacy practice where lawyers should be involved. Data breach notifications are a good example of this – since there are precise legal requirements your organisation must meet. There is also a great deal of legal risk that comes with a data breach, especially where government regulators have or may get involved or where individuals have a right of action against your organisation (like in California).  

However, there are aspects of almost every role across all industries that require input from lawyers. And those elements can be outsourced to legal counsel (with privacy expertise) when they arise.  

Most Privacy Professionals Don’t Require a Law Degree 

We firmly believe that most aspects of day-to-day privacy practice can be handled by professionals who do not have a law degree. Examples of tasks that require little to no interpretation of laws include data mapping, privacy impact assessments, privacy program implementation, and handling requests from individuals who wish to manage their privacy.  

Privacy Job Advertisements Requiring Law Degree Trending Lower in Australia 

In our most recent quarterly jobs report, the number of privacy jobs being advertised with law degrees listed as a requirement decreased. Meanwhile, the number of positions for which privacy or security certifications were listed as either required or desirable has been steadily increasing over the past year.  

“29% of roles referred to privacy (or security) certifications being desirable or required…. This is consistent with the 28% we saw last quarter, demonstrating that these qualifications are becoming a standard consideration in the privacy space.” 

However, the number of privacy jobs advertised which seek or prioritise candidates with a law degree remains high overall.  

There is one requirement that appears to be more important to employers in Australia than either a privacy or security certification or a law degree: experience.  

Most jobs advertised since we began collecting data about privacy jobs in Australia call for candidates with several years of experience in privacy. A minimum of five years of privacy experience was the most common requirement in our most recent report.  

Should Privacy Professionals Have a Law Degree? 

With all that being said – should privacy professionals have a law degree?  

In our opinion – it is not essential. There is (and likely always will be) a time and a place for lawyers to get involved in the practice of privacy. However, there are other skills that are more important than legal training.  

It seems the Office of the Victorian Information Commissioner agrees with our viewpoint too. Their information page about The Role of the Privacy Officer highlights:  

“There is no prescribed academic or working background required to be a privacy officer. However, as an effective privacy officer, you will need to have a range of ‘hard’ and ‘soft’ skills.” 

Get Your Privacy Certification Training with Privacy 108 

Privacy 108 offers privacy certification training to privacy professionals looking to develop their hard and soft skills. Find out more about our upcoming training sessions led by Dr Jodie Siganto, one of Australia’s foremost privacy experts, or contact us: 

  • We collect and handle all personal information in accordance with our Privacy Policy.

  • This field is for validation purposes and should be left unchanged.

Privacy, security and training. Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.