Brian Ray, Director of Cleveland State University’s Center for Cybersecurity and Privacy Protection, and Julie DiBiasio, Director of the Master of Legal Studies (MLS) Program, recently hosted a webinar featuring Doug Meal, a leading figure in cybersecurity litigation. Known as the “Dean of the Data Privacy Litigation Bar,” Doug shared valuable lessons from his career at the forefront of data breach cases and cybersecurity law.
A Career Shaped by Major Cases
Doug’s journey into cybersecurity law began in 2006, after a massive data breach at TJX Companies, the parent company of retail giants like TJ Maxx. This breach, one of the largest in retail history, marked the beginning of Doug’s expertise in cybersecurity litigation. Despite his initial reluctance to specialize in this emerging field, Doug’s firm, Ropes and Gray, soon became a key player in handling major data breach incidents, including those involving Home Depot and Target.
Doug reflected on how the field of cybersecurity litigation was in its early stages at the time, with few legal and forensic resources available to navigate such complex cases. As he took on these groundbreaking cases, Doug and his team worked to shape the landscape of cybersecurity law, gaining invaluable experience along the way. His work in the field has helped to define best practices and set legal precedents for dealing with data breaches and cybersecurity incidents.
The Evolution of Cybersecurity Law
The field of cybersecurity law has grown exponentially since Doug’s early involvement. As data breaches have become more frequent and severe, the legal landscape has had to evolve. Cybersecurity litigation today covers a wide range of issues, from regulatory investigations to class action lawsuits. As the frequency and complexity of data breaches continue to rise, so too does the importance of having legal experts who can navigate these challenges.
Doug noted how the Federal Trade Commission (FTC) has played a pivotal role in shaping cybersecurity law. The agency’s shift from focusing on deceptive trade practices to including practices deemed “unfair” has been a major development in the field. This shift has allowed the FTC to address cases where inadequate cybersecurity practices are at fault, even if no deceptive intent was involved. As the field has matured, both regulatory scrutiny and class action lawsuits have grown in sophistication.
Teaching the Next Generation
Doug’s expertise extends beyond private practice into academia, where he teaches cybersecurity litigation at Cleveland State University School of Law. His course offers students unique insights into the legal complexities of cybersecurity, from regulatory enforcement to class action lawsuits. His ability to connect real-world experience with legal education ensures that students are well-equipped to navigate the rapidly evolving field of cybersecurity law.
He shared that transitioning from practicing law to teaching was both rewarding and intellectually stimulating; he enjoys being able to contribute to the development of future lawyers, emphasizing the importance of continuously learning and staying updated with the fast-paced changes in cybersecurity law. His class provides students with practical knowledge, drawing on Doug’s decades of firsthand experience in high-stakes data breach cases.
Cleveland State’s MLS Program: Bridging Law and Technology
The MLS program at Cleveland State provides an exceptional opportunity for students to specialize in cybersecurity and privacy law. Combining legal knowledge with technical expertise, the program prepares students for the unique challenges of the field. Courses like Cybersecurity 1 and Privacy Law and Management help students understand the broader legal landscape, while specialized classes like HIPAA and Privacy dive into specific regulatory environments.
Students in the MLS program benefit from a curriculum that is both flexible and comprehensive. Some courses are fully asynchronous, allowing students to learn at their own pace, while others offer live sessions for real-time interaction with professors and peers. This blend of learning options ensures that students can tailor their education to their schedules while still engaging deeply with the material.
The Legal-Technical Disconnect in Cybersecurity
One of the key challenges discussed during the webinar was the ongoing disconnect between legal obligations and the technical realities of cybersecurity. Doug explained that while legal standards often set high expectations for companies’ cybersecurity practices, the technical limitations of implementing these standards can be significant. This gap creates unique challenges for both legal professionals and technical experts.
Doug’s teaching at Cleveland State bridges this gap by integrating legal and technical perspectives. His students—often from diverse backgrounds, including both law and technology—discuss the complexities of translating legal standards into practical cybersecurity measures. This collaborative environment helps students gain a deeper understanding of how the legal and technical sides of cybersecurity must work together to protect sensitive information.
Real-World Expertise in the Classroom
Doug emphasized the value of having non-lawyer students, particularly those with technical backgrounds, in his class. These students contribute to the class discussions by illustrating the challenges faced by technical professionals when implementing legal standards for cybersecurity. Conversely, they gain a greater appreciation for the legal framework that governs cybersecurity, making it clear that understanding both the legal and technical sides is crucial in this rapidly evolving field.
Cleveland State’s MLS program is uniquely positioned to equip students with this balanced knowledge. By focusing on both the legal and technical aspects of cybersecurity and data privacy, the program ensures that students are prepared to navigate the complexities of the modern cybersecurity landscape. The program offers a comprehensive education that addresses real-world challenges, including how to effectively handle cybersecurity litigation, regulatory compliance, and the intersection of law and technology.
Join the Program: Apply Now for Fall 2025
For those interested in advancing their careers in cybersecurity law, Cleveland State University’s MLS program offers a clear path to expertise. Applications for the Fall 2025 semester are now open. With a straightforward online application process, the program is ready to help students gain the specialized knowledge needed to succeed in the growing fields of cybersecurity and data privacy law.
With a flexible curriculum, expert faculty, and real-world insights, the program equips students to meet the challenges of cybersecurity law head-on. Apply today and start shaping the future of cybersecurity law with the guidance of professionals.
