Privacy Compliance

The MLS in Cybersecurity and Data Privacy at the Cleveland State University College of Law is an online program for professionals who work in legal data privacy and cybersecurity. The flexible MLS is led by faculty from the Center for Cybersecurity and Privacy Protection at Cleveland State University College of Law, and other leading practitioners in the field, with relevant, real-world experience. Students learn and graduate with the legal knowledge to comply with data privacy and cybersecurity regulations.

The co-founder and director of the Center for Cybersecurity and Privacy Protection at CSU College of Law, Professor Brian Ray, interviewed Holly Drake, a member of the Center’s Advisory Board and the Chief Privacy Officer at The Ohio State University, in a recent webinar discussing how to get started in privacy compliance.  

Holly’s Role at the Ohio State University Office of Compliance and Integrity

Holly is not a lawyer. This isn’t unusual for Chief Privacy Officers, because privacy compliance in most large organizations sits within the broader compliance framework that was initially based on the Federal Sentencing Guidelines for Organizations (FSGO). It may sound strange that most compliance programs, which now encompass laws and regulations relating to everything from data privacy to anti-money laundering, are based on a criminal regulatory framework. 

This is due in part to the fact that violations of many of these laws can result in criminal sentences, and the FSGO provides a structured set of rules that tell organizations how to qualify for reduced sentences. According to the FSGO, companies that have “an effective compliance program” will face reduced consequences if they’re convicted of an offense. 

When someone at Ohio State has a privacy concern, they reach out to the Office of University Compliance and Integrity, and Holly works closely with her program’s assigned privacy lawyer to interpret privacy law. Her role as the Chief Privacy Officer is to implement the privacy lawyer’s advice.

The University also works with Title IX, which “protects people from discrimination based on sex in education programs or activities that receive federal financial assistance.” Holly states, “we’re making sure we’re being considerate of all the different populations that visit Ohio State.”

Holly also works closely with the University’s Medical Center. The Ohio State Medical Center HIPAA privacy officer focuses on patient privacy. The duties of both offices overlap where communication with medical students or participant research issues are concerned. 

How Certifications Help Privacy Compliance Careers

Holly is a member of the International Association of Privacy Professionals (IAPP) and has several certifications which are advantageous for privacy professionals. Maintaining certifications requires continuing education, so she’s always up-to-date in the privacy space.

Brian noted that the IAPP is well-known in the industry and is recognized as the leading group for certifications in both privacy and security. Though legal compliance careers do not currently require IAPP certifications, compliance careers prove core understanding of these areas.

While the certifications are a career bonus, a degree program will give you more practical and employable skills. The certifications can’t teach you how to persuade people to follow potentially inconvenient security protocols. The MLS in Cybersecurity and Data Privacy teaches techniques for how to ask and convince a client to comply with risk requirements.

Key Skills Compliance Officers Should Have

“Wherever you work, you have to spend time thinking about the culture of the institution or the company,” said Holly, identifying a skill that is very important in compliance. Different work environments and industries require different methods of persuasion. Sometimes, asking a team to do something simply because it’s a compliance requirement is ineffective. As a compliance officer, you need to discern what resonates with the industry.

For instance, values resonate with higher education. Will their data be used ethically? Will the privacy program support free speech or a healthy democracy? These questions need to be addressed in higher education to get them on board with compliance regulations. Healthy democratic support within a privacy program, however, might not be as important to a financial institution.

It’s helpful to be nimble when working in compliance. With changing rules and regulations and new areas of privacy laws, sometimes you have to pivot. Curiosity about how compliance works in new and different industries helps to discover unique perspectives and approaches to comply with the law.

“I look for team members who love to read, have a natural curiosity, and can develop creative solutions,” said Holly. Communication is also essential. In the MLS program, students learn and practice excellent writing and presentation skills that make complicated regulations seem easy.  

An Overview of the MLS Cybersecurity and Data Privacy Courses

Brian Ray describes the MLS program as a 360-degree view of cyber security and privacy covering both fields’ legal, technical, business, and operational aspects. Most students start with Introduction to American Law, a survey of the major areas of law you would encounter as a first-year law student and as a legal professional. The Legal Writing course provides a thorough grounding in the law for non-lawyers.

On the technical side, Cybersecurity I and II give you an in-depth understanding of how cybersecurity and privacy work together. The Cybersecurity courses help to familiarize you with how the technical side operates so that you’ll collaborate better with those involved.

Privacy Law and Management is an upper-level course on the legal business side focused on significant privacy laws. The course is taught by Kirk Herath, recently appointed to the position of Cybersecurity Strategic Advisor by the Ohio Governor, Mike DeWine.

Corporate Compliance I and II cover how privacy and cybersecurity fit within compliance. The courses also help to prepare you to become a certified compliance professional. Cyber Law teaches criminal law and procedure, national security law, and international law. Criminals and bad actors are responsible for most cyberattacks, so the focus on criminal law is crucial

Finally, the Cybersecurity Technical Capstone is a hands-on course that teaches ethical hacking using the Ohio Cyber Range. You gain experience and understanding of how cyberattacks work, where they come from, and how to respond.

To learn more about the MLS in Cybersecurity and Data Privacy program, listen to the webinar.

CSU College of Law’s Master of Legal Studies in Cybersecurity and Data Privacy

CSU College of Law’s innovative online Master of Legal Studies (MLS) in Cybersecurity and Data Privacy takes an integrative approach to education, preparing professionals to understand the technical and business dimensions of cybersecurity and privacy as well as current laws and regulations. 

The part-time and fully online program is led by faculty from the Center for Cybersecurity and Privacy Protection at Cleveland State University College of Law and other leading practitioners in the field, with a focus on relevant, real-world experience. Also, the MLS degree is designed for professionals who must understand the significant legal and business risks posed by cybersecurity and data privacy. Lastly, the program prepares graduates with the knowledge and necessary skills to enter these fast-growing fields and to advance to senior positions within organizations.