Skip to main content

Privacy and Information Security Law Exam Guide

In order to become a board-certified specialist in privacy and information security law, applicants must meet all of the NC State Bar specialization requirements, which include passing (i) a three-hour North Carolina exam, which focuses specifically on the law of North Carolina relating to privacy and information security, as well as (ii) the IAPP CIPP/US exam, which addresses privacy and information security law and practice throughout the United States, as more specifically described by the IAPP here.

Applicants for certification can complete the IAPP CIPP/US exam in the calendar year before, during, or after applying for NC certification. (Example: a lawyer applying for NC certification in 2022 can pass the CIPP/US exam in 2021, 2022, or 2023.) Certification will be granted upon completion of all certification requirements.

*Grandfathering earlier CIPP/US certification: Applicants will be able to use CIPP/US exam results from a time period earlier than the immediately preceding calendar year if they have maintained CIPP/US certification from the IAPP consistently since the time of initial certification.

North Carolina Privacy and Information Security Law Exam Structure

  • The privacy and information security law exam is offered with ExamSoft Remote Proctoring preferred.
  • Three hours long (two 90-minute modules).
  • Exam Sessions will begin around 8 AM and finish prior to 12 PM.

Morning Module 1

  • 40 multiple choice questions worth 4 points each.

Morning Module 2

  • One essay questions worth 90 points each.

Subject Matter of North Carolina Exam

The North Carolina examination may cover the applicant's knowledge and application of the law in topics that include, but are not limited to, knowledge and application of the following: 

Privacy and Security of Personal Information  

  • Identity Theft Protection Act - N.C. Gen. Stat. §75-60 et seq. 
  • Identity Theft Criminal Law - N.C. Gen. Stat. §14-113.20 et seq. 
  • Telephone Communications - Telephone Records Privacy Protection Act—N.C. Gen. Stat. §14-113.30 et seq.
  • Unfair and Deceptive Trade Practices - N.C. Gen. Stat. §75.1-1 et seq. 
  • Standing in data security breach cases  

Financial Privacy          

  • Insurance Information and Privacy Protection Act - N.C. Gen. Stat. Ch 85 Art. 39
  • NC Financial Privacy Act - N.C. Gen. Stat. § 53B-1 et. seq.

Marketing Privacy        

  • Telemarketing/ NC "Do Not Call" - N.C. Gen. Stat. § 75-102  
  • NC "Do Not Fax" - N.C. Gen. Stat. § 75-116  

Privacy of Employee Information        

  • Expungement / Prohibited Practices by Employers, Educational Institutions and Government Agencies.  N.C. Gen. Stat. §15A-153  
  • Lawful Use of Lawful Products Statute – N.C. Gen. Stat. §95-28.2
  • References - N.C. Gen. Stat. §14-355 (criminal blacklisting statute); N.C. Gen. Stat. §1-539.12 (immunity from civil liability)
  • Background Checks - N.C. Gen. Stat. §131 E-265

Privacy Torts   

  • Misappropriation/Right of Publicity 
  • Intrusion upon Seclusion 
  • Statute of Limitations on Invasion of Privacy - N.C. Gen. Stat. §1-52(2) 
  • Intentional Infliction of Emotional Distress
  • Negligent Infliction of Emotional Distress 
  • Cyberbullying (Unconstitutional) - N.C. Gen. Stat. §14-458.1; N.C. v. Bishop 787 S.E.2d 814 (N.C. 2016)
  • Cyberstalking - N.C. Gen. Stat. §14-196.3
  • Revenge Porn Statute

Privacy of Health Information 

  • Persons with Disabilities Protection Act - N.C. Gen. Stat. §168A 
  • Communicable Diseases/AIDS/HIV - N.C. Gen. Stat. §§130A- 143, 148(i)
  • Confidentiality of Health Records - N.C. Gen. Stat. § 130A-12  
  • Mental disabilities - N.C. Gen. Stat. §122C-52
  • Drug Testing—and the Controlled Substance Examination Regulation Act - N.C. Gen. Stat. §95-230 et. seq. and 13 NCAC §20.0101 et. seq.; 13 NCAC §20.0503
  • Mail of nursing home patients and state mental health facility clients - N.C. Gen. Stat. §122C-62, §131D-21(10), §131E-177(8)
  • Workers Compensation—and the protection of medical information - N.C. Gen. Stat. §97-25.6 

Public Records             

  • NC Public Records Act—and the protection of state employee personnel files - N.C. Gen Stat §126-22 (§131E-257.2)
  • N.C. Public Records Law - N.C. Gen. Stat. §132-1 et. seq., §132-1.2, §132-1.10
  • NC Driver’s license protection - N.C. Gen. Stat. §20-43.1 

Computer Fraud and Wiretapping       

  • NC Computer Trespass Act - N.C. Gen. Stat. §14-453 et seq
  • NC Electronic Surveillance Act - N.C. Gen. Stat. §15A-287, §296; N.C. Gen. Stat. §14-155

Commercial Privacy     

  • NC Trade Secrets Protection Act - N.C. Gen. Stat. §66-152 et. seq. 
  • NC Property Protection Act ("Ag-Gag") - N.C. Gen. Stat. § 99A-2; PETA v. Stein, 2017 U.S. Dist. LEXIS 66310)

Privacy of Parties and Third Parties in Civil and Criminal Proceedings            

  • Protective Orders—under N.C R.  Civ. P. 26
  • Local Court Rules on filing documents with personal information (state and federal)
  • Subpoenas (N.C R  Civ. P. 45)
  • Search warrants

Privacy of Educational Records           

  • Student Records - N.C. Gen. Stat. §115C-400 et. seq.

Exam Preparation Tips

Please study the exam topics listed above. Additional exam guide information will be added later. Please note that the NC exam focuses only on the above-listed NC topics; the IAPP’s exam focuses on these topics.