The 30-credit Master of Studies in Law in Cybersecurity, Data and Privacy Law (M.S.L. Cyber) consists of 12 courses and is completed in two years (or six terms) on average. The first two courses in legal processes give students a solid foundation for legal studies as a whole, and the following courses dive into specific legal aspects of cybersecurity, data protection and privacy.

The M.S.L. Cyber curriculum equips students with a foundation in legal thinking, mastery of specialized legal terminology and practical strategies for applying what they’ve learned to real-world situations. This degree is intended for professionals who would like to incorporate legal knowledge into their skill set. Please note that the M.S.L. is not designed to train you to be a practicing lawyer and will not qualify you to sit for the bar examination in any state.

Course Format

The M.S.L. blends asynchronous and synchronous components, giving students the chance to pursue their degree while they work.

Each course is 15 weeks long, with students completing a module of asynchronous lectures, readings and assessments each week. They also have the opportunity to participate in five live class sessions with their instructor and peers. These sessions, which are recorded for on-demand access, are held between Monday and Thursday from 8:30 p.m. to 10 p.m. ET. Live sessions are optional, but encouraged.

New York City Summer Immersion

While all coursework takes place online, the M.S.L. program features one in-person experience at the Cardozo Law School campus. During the summer immersion, students spend two days in New York City meeting their peers and faculty and taking part in academic workshops and social activities. The summer immersion is an excellent opportunity for students to get to know one another and personalize their time in the program.

Course Descriptions

This course covers the variety of laws and regulations governing information privacy in the United States, including tort law, communications privacy statutes, actions of the Federal Trade Commission, sector-specific laws such as HIPAA and state laws such as the California Consumer Privacy Act. Students will learn to identify when particular laws are triggered, what such laws require and how such laws are enforced.

This course covers the different laws and regulations governing data security. Students will learn about the different sources of legal and regulatory risk that can arise from inadequate data security, the standards used to assess whether data security is adequate and how to respond to a data breach. The course will also cover both how cybercriminals are prosecuted and some of the broader policy questions that arise when trying to address cybersecurity on a national or international scale.

The Internet and other modern communications technologies have become a pervasive part of society and social interactions. This course examines legal issues that have arisen as a result, including the liability of online platforms for the content they carry, restrictions on access to online systems and the application of constitutional law in online and digital settings.

This course covers privacy and data protection laws from multiple jurisdictions around the world, with a particular emphasis on Europe and the General Data Protection Regulation (GDPR). Students will learn when activities in one country potentially trigger the laws of another country and what steps companies need to take to comply with the GDPR and other global data protection laws.

This course explores the legal and practical challenges faced by companies managing data. Students will learn how to translate a world of legal, regulatory and business requirements into concrete policies and procedures, in order to address global and domestic data privacy, cybersecurity, investigations and discovery, records management, business continuity and other forms of legal, regulatory and business risk.

This course examines crimes committed on or through computers and the Internet. Some of these are traditional crimes such as theft, fraud, copyright infringement or harassment that can be facilitated through technology. Others are computer-specific crimes such as unauthorized access or denial of service attacks. The course also examines the tools and authority used in investigating and prosecuting computer-mediated crimes, particularly from the perspective of an entity receiving a government request or order.

This course explores cybersecurity law and policy in a broader national and international context, considering how a variety of laws and policies interact in addressing issues such as detecting and deterring state-sponsored attacks and protecting critical infrastructure. The course also examines the policy considerations that underlie different approaches to cybersecurity law with an eye toward helping students to understand and adapt to future changes in law or policy.

This course focuses on the workflow that follows a data security incident. The course covers the legal and practical components that inform a data breach response, such as breach notification laws and cyber insurance coverage. The course also explores the tasks and phases in an overall incident response, such as initial detection, board briefing, coordination with law enforcement, invoking insurance coverage and required notifications.

This course examines privacy and cybersecurity issues that arise in the workplace. Privacy issues covered include background checks, drug testing, employee monitoring and surveillance and the protection of employee data. The course also considers the role of employee training and other measures designed to minimize the risk of employee-mediated breaches. Students will investigate the common law, constitutional, as well as state and federal statutory provisions that apply to and govern these issues.

In this course, students will integrate the knowledge and skills developed in previous classes into a comprehensive body of knowledge, and they will produce tangible evidence of competencies in cybersecurity, data and privacy law. The capstone project will include four components: 1) a brief proposal and project schedule; 2) the main project deliverables; 3) a final presentation; and 4) a reflection on the student’s cybersecurity, data and privacy law skills and competencies.

Please note: curriculum and course offerings are subject to change.