Skip to main content


Licensed and in good standing to practice law in North Carolina as of the date of application.


During the five years immediately preceding application:

Average of at least 400 hours a year to the practice of privacy and information security law.

Minimum of 300 hours in any one year.

Practice equivalents may be accepted for the following:

  • Full-time employment as a compliance officer for one year or more.
  • Service as a law professor for one year or more.


During the three years preceding application:

At least 36 hours of CLE in Privacy and Information Security Law and related fields.

No less than six credits in Privacy law in any one year.

Of the 36 hours, at least 18 hours in Privacy law.

The remaining 18 hours may be in related-field CLE or technical (non-legal) continuing education (CE). Applicant may request recognition of an additional field as related to Privacy and information security law for the purpose of meeting the CLE standard.


Must provide the names of ten lawyers or judges who are familiar with the competence and qualification of the applicant in privacy and information security law.

All references must be licensed and in good standing to practice law and must have significant legal or judicial experience in privacy and information security law.

A reference may not be related by blood or marriage to the applicant nor may the reference be a colleague at the applicant’s place of employment at the time of the application.


2 Components:

Completion of the *IAPP CIPP/US exam

Completion of an NC Specific component:

3 hour objective and short essay exam,

9 AM to 12 PM OR 2 PM to 5 PM

Exam administered at the NC State Bar building.

* Applicants for certification can complete the IAPP CIPP/US exam in the calendar year before, during or after applying for NC certification. (Example: a lawyer applying for NC certification in 2019 can pass the CIPP/US exam in 2018, 2019 or 2020.) Certification will be granted upon completion of all certification requirements.

Grandfathering earlier CIPP/US certification: Applicants will be able to use earlier CIPP/US exam results if they have maintained IAPP/CIPP Certification consistently since the time of initial certification. 


Additional provisions may apply, so please review the certification standards set forth in 27 NCAC Subchapter 1D, Sections .3305.