10 Things To Know About Privacy And Data Security Practice
There are always exciting things happening in U.S. and international privacy law, so the topic never gets boring.
Ed. note: Welcome to the latest installment of Better Know A Practice Area, a series introducing readers to different practice areas. Each post is written by an editor at Practical Law who previously practiced in that area and currently writes about it. Prior columns have covered capital markets and corporate governance, securities litigation and enforcement, patent litigation, executive compensation, commercial transactions, labor and employment, real estate, startup law, bankruptcy, antitrust, being an in-house generalist, employee benefits law, entertainment law, tax, working overseas, consumer financial regulatory practice, federal clerkships, and corporate M&A practice.
Today’s topic: privacy and data security practice.
- What do you do in a typical day?
The Business Case For AI At Your Law Firm
Privacy lawyers work in a variety of capacities. For example, some handle regulatory compliance matters, others deal with privacy issues in corporate transactions, and some handle litigation-related privacy issues. This makes it difficult to describe a typical day for a privacy lawyer.
For a privacy lawyer doing regulatory compliance work, a typical day often involves projects geared toward helping clients comply with the relevant state, federal, and global privacy laws. This work encompasses very small projects like drafting a website privacy policy or a consent clause to collect personal information. This also involves very large projects like helping a multi-national company develop and implement a global privacy compliance program. A lawyer working in this capacity typically manages many projects at once.
For litigators who work on privacy issues, a typical day also varies significantly. These lawyers might, for example, advise clients on how to respond to data breaches, defend litigation involving data breaches and other privacy-related causes of action, and handle privacy issues involved in cross-border litigation.
- Who do you work with?
Sponsored
Early Adopters Of Legal AI Gaining Competitive Edge In Marketplace
The Business Case For AI At Your Law Firm
Navigating Financial Success by Avoiding Common Pitfalls and Maximizing Firm Performance
Navigating Financial Success by Avoiding Common Pitfalls and Maximizing Firm Performance
In a law firm setting, junior associates typically work with senior associates and sometimes partners. After gaining knowledge and experience, senior associates typically manage some projects on their own with minimal partner oversight, and often have regular client contact. When interacting with clients, it is common to communicate with members of the in-house legal team and internal stakeholders, members of different business units, and information technology (IT) personnel. Privacy lawyers working on regulatory compliance issues typically only interact with the client. However, litigators and lawyers handling privacy issues in transactions may communicate with clients and opposing counsel, or the business team on the other side of a deal.
Privacy lawyers working in-house often work with business units needing privacy advice, IT personnel, and the chief privacy officer and chief information security officer. In-house privacy lawyers also frequently rely on outside counsel to draft privacy policies, help with data breach preparation and response, and help litigate privacy-related issues.
- What does a common career path look like?
Privacy lawyers commonly start their careers in a law firm, gradually taking on more responsibility and gaining experience in the various areas of privacy law. Some lawyers might focus on privacy law in litigation, while others focus on privacy law in IT and outsourcing transactions. Still others may focus on the regulatory compliance aspects of privacy. It is possible to specialize in one area of privacy law, such as financial privacy, health privacy, or student privacy. Some privacy lawyers do not specialize and focus on all aspects of U.S. and international privacy law. After gaining experience, it is common to either stay with a law firm on the partnership track or sometimes in a non-track role, or work as an in-house privacy lawyer or for the government. Some lawyers move on to a chief privacy officer position at a company.
- If variety is the spice of life, how spicy is this practice area?
Sponsored
Legal AI: 3 Steps Law Firms Should Take Now
Is The Future Of Law Distributed? Lessons From The Tech Adoption Curve
In recent years, privacy law has become one of the most popular areas on which lawyers focus. Cybersecurity and data breach issues are in the news on a daily basis, and companies are taking privacy more seriously than in the past. The amount of attendees at legal privacy conferences in the last few years has also skyrocketed because so many attorneys want to enter this area.
Privacy is also a fast-paced, evolving area of law, which sometimes makes advising clients a challenge. Projects often involve analytical thinking and problem solving, requiring lawyers to come up with creative solutions to address clients’ business needs. A client’s business needs and appetite for regulatory risk vary, making no two projects the same.
- How much wear and tear?
The pace and intensity of the work varies depending on the environment in which the lawyer practices, the types of privacy issues they handle, and their clients. Identifying and responding to a data breach, for example, often involves intense time pressure because companies must identify, mitigate and contain the data breach and then notify affected individuals within a certain time frame. Often, privacy lawyers advise clients on topics where there is some legal uncertainty or where it is not possible for the client to achieve 100% compliance, requiring the lawyers and business team to make strategic decisions. However, not all projects are high pressure and time sensitive. Because of the wide variety of types of projects, lawyers usually have a good balance.
- Of the people in this practice group who hate it, what exactly do they hate about it?
Privacy law is constantly evolving, which makes it challenging to advise clients. While some lawyers may not like this aspect of privacy practice, the constantly changing nature of privacy law also attracts many lawyers to the practice. Certain areas of privacy, such as advising on information security and data breach prevention, also require some technical knowledge, which lawyers may not like.
- Of the people in this practice group who love it, what exactly do they love about it?
Most privacy lawyers enjoy their work because of the wide variety of projects and because the constantly evolving law provides new challenges and learning opportunities. There are always exciting things happening in U.S. and international privacy law, so the topic never gets boring.
- Are there common avenues out of this practice area?
Privacy and data security lawyers who no longer want to practice in a law firm are well positioned to go in-house with a company. Lawyers with more experience may seek a position as the chief privacy officer of a company. Some lawyers with a privacy background may also seek a position with a regulatory agency such as the Federal Trade Commission.
- What are some market trends that impact this practice area?
Several factors can affect this area of practice. Data security breaches, data security breach litigation, and the large settlements that often result from these cases certainly have an impact on how companies approach data security. Consumers’ desire for increased transparency and control over how companies handle their personal data also has an impact, particularly with respect to things like behavioral advertising and consumer tracking. Increased regulatory enforcement actions also impact how companies approach privacy issues.
- If you had to recommend one candidate from a room crowded with recent bar exam graduates, what specific qualities would he or she have that would ensure success in this practice area?
Besides a genuine interest in privacy and data security law, a good candidate would have good research skills and a desire to always be learning and be challenged by complex projects. A good candidate would also possess good analytical thinking and problem solving skills, and display creativity in their problem solving.
Lindsey Gillespie is a senior legal editor on Practical Law’s Privacy & Data Security team. She focuses on US and global privacy and data security matters. Prior to joining Practical Law, she was privacy counsel for Potomac Law Group, PLLC and a senior privacy associate with Baker & McKenzie, LLP.
