Researching IT law


by Keith Lacy   |   Michigan Bar Journal

Information technology law is a broad field of legal rules and practice relating to computers and digital networks. Sometimes referred to as computer law or cyberlaw, IT law does not represent a substantive body of law such as contracts or criminal law. In 1996, U.S. Seventh Circuit Court of Appeals Judge Frank H. Easterbrook memorably argued that there was no “computer law” in the same way that there was no “law of the horse.”1

Recognition of IT law as a distinct field instead comes from an awareness that 1) the effects of information communication technologies (ICTs) are increasingly ubiquitous and important to our lives and 2) from a legal perspective, there are unique practical and conceptual problems implicated in these effects. Some of these challenges arise from the mechanical aspects of the technology, where correct application of the law requires specialized understanding of the mathematics, engineering, or physics of the hardware and software. Other challenges are more metaphysical — how the intangible, interconnected nature of ICTs raises novel questions of economics, individual rights, and jurisdiction.2

The rapid rate at which new developments in ICTs can occur compounds these challenges. This column highlights some useful resources when working with IT law matters.


As mentioned above, a major characteristic of ICTs is their speed — important developments in IT law can happen quickly as a result. Fortunately, there’s an abundance of reporting on technology topics. Websites such as Ars Technica,3 the Guardian’s technology section,4 and Wired5 are popular technology news outlets that regularly publish informed reports and explanation pieces not hidden behind paywalls. Legal outlets Law 360 and also cover IT law topics in their technology sections but require subscriptions.

Many law schools publish at least one journal focusing on IT law. For example, the University of Michigan School of Law publishes The Michigan Technology Law Review.6 A common trend with these journals is making entire issues available to read for free on the journal’s website, including recent publications. When looking for articles about a particular topic, it’s most efficient to search the journals section of databases such as Lexis+, Westlaw, or HeinOnline. Law libraries frequently offer public access to some of the materials on these subscription services.

In addition to traditional periodicals, blogs and social media from practitioners, researchers, and interest organizations can be an excellent way to stay up-to-date. A few notable ones include:


ICTs facilitate access to information — sometimes in ways that transgress personal and social boundaries. The state of the art is ever advancing and also includes technology capable of evading legitimate access (e.g., encryption.) Governments have struggled to adequately define these boundaries with effective rules that do not frustrate the tremendous opportunities afforded by ICTs.

Two major data privacy and security regimes — with differing approaches to rulemaking — are distinguishable: The European Union’s omnibus approach to data privacy, and the United States’ sectoral approach.7 The U.S. regime is covered in more detail below, but for information on other jurisdictions, a good starting point is the worldwide data protections tool and handbook published by DLA Piper.8


The U.S. approach is characterized by a mix of subject-specific laws at both the state and federal levels.9 At the federal level, there is no explicit guarantee of a right to privacy. However, the Supreme Court has recognized implicit “zones of privacy” in the language of the Bill of Rights.10 To date, Congress has not passed any comprehensive legislation addressing data privacy. A few major federal data privacy laws include:

  • Computer Fraud and Abuse Act of 1986 (CFAA), 18 USC 1030 et seq., which prohibits unauthorized access to protected computers.
  • Fair Credit Reporting Act (FCRA), 15 USC 1681 et seq., which regulates the collection and use of data in credit reports.
  • Children’s Online Privacy Protection Act (COPPA), 15 USC 6501 et seq., which applies to online data collected about children under the age of 13.

This is necessarily a very incomplete list. Congressional Research Service reports are an excellent way to learn more about federal privacy and security laws.11 Updated, in-depth reports are available through a free searchable database at For consumer regulatory actions, the Federal Trade Commission is the most active agency in this area.12

A list of state constitutional provisions addressing data privacy is available on the National Conference of State Legislators website.13 Some states have moved more aggressively than the federal government in passing comprehensive data privacy laws for consumers. To date, three states — California, Colorado, and Virginia — have enacted such laws.14 The International Association of Privacy Professionals maintains a tracker for all states considering comprehensive privacy legislation that includes charts and links to bills and statutes.15 Currently, only California’s Consumer Privacy Act (CCPA) has taken effect.16 The law — which requires certain entities doing business in California to provide residents with the company’s data policy and options to control which information about them is retained — has already prompted businesses and organizations to alter their online practices to achieve compliance. This past March, the California Office of the Attorney General issued its first interpretative opinion on the law.17


There are numerous quality treatises on IT law. In addition to covering U.S. law, many of these treatises will have substantial discussions of international considerations. These are often the best resources to consult when researching the law outside the U.S. A few recommended titles are:

  • Bender, “Computer Law: A Guide to Cyberlaw and Data Privacy Law” (Matthew Bender 2022, also available on Lexis+)
  • Nimmer, “Information Law” (West 2021, also available on Westlaw)
  • “Scott on Information Technology Law” 3d (Wolters Kluwer 2022, also available on Westlaw)
  • Stuckey, “Internet and Online Law” (Law Journal Press 2021, also available on Lexis+)
  • Costello, “Data Security and Privacy Law” 2021–2022 ed. (West, also available on Westlaw)
  • Furi-Perry, “Social Media Law: A Handbook of Cases and Use” 3d (ABA 2019)
  • VitalLaw, “Guide to Computer Law” (VitalLaw e-subscription only)
  • Tsagourias, “Research Handbook on International Law and Cyberspace” 2d (Edward Elgar 2021)

1. Easterbrook, Cyberspace and the Law of the Horse, 1996 U Chi Legal F 207 (1996).

2. See Standler, What is Computer Law? Jan 24, 2009 All websites last accessed March 8, 2022.

3. Ars Technica .

4. Technology (US edition), The Guardian

5. Wired Magazine

6. Mich Tech L Rev, previously known as the Michigan Telecom­munications and Technology Law Review.

7. 6 Bender Computer Law: A Guide to Cyberlaw and Data Privacy Law § 54.03 (2021).

8. DLA Piper, Data Protection Laws of the World https://www.dlapiperdataprotec­

9. Klosowski, The State of Consumer Data Privacy Laws in the US (And Why It Mat­ters)

10. Griswold v Connecticut, 381 US 479, 484 (1965).

11. See Mulligan & Linebaugh, Data Privacy Law: An Introduction, CRS Report IF11207

12. Federal Trade Commission,

13. NCSL, Privacy Protections in State Constitutions,­search/telecommunications-and-information-technology/privacy-protections-in-state-constitutions.aspx.

14. NCSL, State Laws Related to Digital Privacy,­vacy.aspx.

15. Lively, US State Privacy Legislation Tracker, IAPP

16. Cal Civ Code 1798.100 et seq.

17. Unpublished CA OAG Opinion No 20-303, March 10, 2022,