6/6/2018 10 Things To Know About Privacy And Data Security Practice | Above the Law

PRIVACY

10 Things To Know About Privacy And Data

Security Practice
There are always exciting things happening in U.S. and international privacy law,
so the topic never gets boring.
By LINDSEY GILLESPIE

Dec 19, 2017 at 2:07 PM

    


Ed. note: Welcome to the latest installment of Better Know A Practice Area, a series introducing
readers
 to different practice areas. Each post is written by an editor at Practical Law who
previously practiced in that area and currently writes about it. Prior columns have covered

capital markets and corporate governance, securities litigation and enforcement, patent

litigation, executive compensation, commercial transactions, labor and employment, real estate,
startup law, bankruptcy, antitrust, being an in-house generalist, employee benefits law,

entertainment law, tax, working overseas, consumer financial regulatory practice, federal
clerkships, and corporate M&A practice.

Today’s topic: privacy and data security practice.

1. What do you do in a typical day?

https://abovethelaw.com/2017/12/10-things-to-know-about-privacy-and-data-security-practice/?rf=1 1/8
6/6/2018 10 Things To Know About Privacy And Data Security Practice | Above the Law

Privacy lawyers work in a variety of capacities. For example, some handle regulatory
compliance matters, others deal with privacy issues in corporate transactions, and some

handle litigation-related privacy issues. This makes it difficult to describe a typical day for a
privacy lawyer.

For a privacy lawyer doing regulatory compliance work, a typical day often involves projects
geared toward helping clients comply with the relevant state, federal, and global privacy
laws.  This work encompasses very small projects like drafting a website privacy policy or a
consent clause to collect personal information. This also involves very large projects like
helping a multi-national company develop and implement a global privacy compliance
program. A lawyer working in this capacity typically manages many projects at once.

For litigators who work on privacy issues, a typical day also varies significantly. These
lawyers might, for example, advise clients on how to respond to data breaches, defend
litigation involving data breaches and other privacy-related causes of action, and handle
privacy issues involved in cross-border litigation.

2. Who do you work with?

In a law firm setting, junior associates typically work with senior associates and sometimes
partners. After gaining knowledge and experience, senior associates typically manage some
projects on their own with minimal partner oversight, and often have regular client contact. 
When
 interacting with clients, it is common to communicate with members of the in-house
legal team and internal stakeholders, members of different business units, and information

technology (IT) personnel. Privacy lawyers working on regulatory compliance issues
typically
 only interact with the client. However, litigators and lawyers handling privacy
issues in transactions may communicate with clients and opposing counsel, or the business

team on the other side of a deal.

Privacy lawyers working in-house often work with business units needing privacy advice, IT
personnel, and the chief privacy officer and chief information security officer. In-house
privacy lawyers also frequently rely on outside counsel to draft privacy policies, help with
data breach preparation and response, and help litigate privacy-related issues.

3. What does a common career path look like?

https://abovethelaw.com/2017/12/10-things-to-know-about-privacy-and-data-security-practice/?rf=1 2/8
6/6/2018 10 Things To Know About Privacy And Data Security Practice | Above the Law

Privacy lawyers commonly start their careers in a law firm, gradually taking on more
responsibility and gaining experience in the various areas of privacy law. Some lawyers ×
might focus on privacy law in litigation, while others focus on privacy law in IT and
outsourcing transactions. Still others may focus on the regulatory compliance aspects of
privacy. It is possible to specialize in one area of privacy law, such as financial privacy,
health privacy, or student privacy. Some privacy lawyers do not specialize and focus on all
aspects of U.S. and international privacy law. After gaining experience, it is common to
either stay with a law firm on the partnership track or sometimes in a non-track role, or
work as an in-house privacy lawyer or for the government. Some lawyers move on to a chief
privacy officer position at a company.

4. If variety is the spice of life, how spicy is this practice area?

In recent years, privacy law has become one of the most popular areas on which lawyers
focus. Cybersecurity and data breach issues are in the news on a daily basis, and companies
are taking privacy more seriously than in the past. The amount of attendees at legal privacy
conferences in the last few years has also skyrocketed because so many attorneys want to
enter this area.

Privacy is also a fast-paced, evolving area of law, which sometimes makes advising clients a
challenge. Projects often involve analytical thinking and problem solving, requiring lawyers
to come up with creative solutions to address clients’ business needs. A client’s business
needs and appetite for regulatory risk vary, making no two projects the same.

5.
 How much wear and tear?
 pace and intensity of the work varies depending on the environment in which the
The
lawyer practices, the types of privacy issues they handle, and their clients. Identifying and

responding to a data breach, for example, often involves intense time pressure because

companies must identify, mitigate and contain the data breach and then notify affected
individuals within a certain time frame. Often, privacy lawyers advise clients on topics
where there is some legal uncertainty or where it is not possible for the client to achieve
100% compliance, requiring the lawyers and business team to make strategic decisions.
However, not all projects are high pressure and time sensitive. Because of the wide variety of
types of projects, lawyers usually have a good balance.

https://abovethelaw.com/2017/12/10-things-to-know-about-privacy-and-data-security-practice/?rf=1 3/8
6/6/2018 10 Things To Know About Privacy And Data Security Practice | Above the Law

6. Of the people in this practice group who hate it, what exactly do they hate about
it?

Privacy law is constantly evolving, which makes it challenging to advise clients. While some
lawyers may not like this aspect of privacy practice, the constantly changing nature of
privacy law also attracts many lawyers to the practice. Certain areas of privacy, such as
advising on information security and data breach prevention, also require some technical
knowledge, which lawyers may not like.

7. Of the people in this practice group who love it, what exactly do they love about it?

Most privacy lawyers enjoy their work because of the wide variety of projects and because
the constantly evolving law provides new challenges and learning opportunities. There are
always exciting things happening in U.S. and international privacy law, so the topic never
gets boring.

8. Are there common avenues out of this practice area?

Privacy and data security lawyers who no longer want to practice in a law firm are well
positioned to go in-house with a company. Lawyers with more experience may seek a
position as the chief privacy officer of a company. Some lawyers with a privacy background
may also seek a position with a regulatory agency such as the Federal Trade Commission.

9. What are some market trends that impact this practice area?

Several
 factors can affect this area of practice. Data security breaches, data security breach
litigation, and the large settlements that often result from these cases certainly have an

impact on how companies approach data security. Consumers’ desire for increased

transparency and control over how companies handle their personal data also has an
impact, particularly with respect to things like behavioral advertising and consumer

tracking. Increased regulatory enforcement actions also impact how companies approach
privacy issues.

10. If you had to recommend one candidate from a room crowded with recent bar
exam graduates, what specific qualities would he or she have that would ensure
success in this practice area?

https://abovethelaw.com/2017/12/10-things-to-know-about-privacy-and-data-security-practice/?rf=1 4/8
6/6/2018 10 Things To Know About Privacy And Data Security Practice | Above the Law

Besides a genuine interest in privacy and data security law, a good candidate would have
good research skills and a desire to always be learning and be challenged by complex
projects. A good candidate would also possess good analytical thinking and problem solving
skills, and display creativity in their problem solving.

Lindsey Gillespie is a senior legal editor on Practical Law’s Privacy & Data Security team.
She focuses on US and global privacy and data security matters. Prior to joining Practical
Law, she was privacy counsel for Potomac Law Group, PLLC and a senior privacy
associate with Baker & McKenzie, LLP.

    


TOPICS


Advice, Better Know A Practice Area, Career Advice, Data Security, Job Searches, Lindsey Gillespie, Practical Law, Practical Law
Company (PLC), Privacy


EVOLVE THE LAW DIRECTORY

CONSULTING LEGAL OPERATIONS ANALYTICS

Customers Customers Customers
Biglaw, Small Law Firms, Solo Biglaw, Corporations, Government,
Practitioners Small Law Firms, Solo Practitioners

https://abovethelaw.com/2017/12/10-things-to-know-about-privacy-and-data-security-practice/?rf=1 5/8
6/6/2018 10 Things To Know About Privacy And Data Security Practice | Above the Law
Biglaw, Small Law Firms,
Solo Practitioners


Facebook

 Love ATL? Let's make it official.

Sign up for our newsletter.
Your email address Subscribe
News (daily updates) Legal Technology

Bonus Alerts (real-time alerts) ATL Law Schools

Partner Issues ATL Careers

Small Law Firms ATL Small Firm Resource Center

In-House Counsel

We will never sell or share your information without your consent. See our privacy policy.

POPULAR ARTICLES
 
Salary Wars New York To $190K Biglaw Raises Are
Scorecard: Which — No, Cravath Didn’t Getting Real, Y’all —
Firms Have Make The First Move See Also
Announced Raises?
(2018)


FROM THE ABOVE THE LAW NETWORK



Lawline’S June Bridge Is It Time For Your Law 9 Ways to Be More 3 Reasons Why You
TheGap Event Is Office To Draft A “Love Productive With The Should Consider Adding
Designed For Today’S Contract”? New Clio Experience Startups And Small
Modern Lawyer THOMSON REUTERS CLIO Business To Your
LAWLINE CLE Practice
THOMSON REUTERS

https://abovethelaw.com/2017/12/10-things-to-know-about-privacy-and-data-security-practice/?rf=1 6/8
6/6/2018 10 Things To Know About Privacy And Data Security Practice | Above the Law
8 Legal Tech Tips for 5 Time (And Money) Leveled-Up Features Privacy has long been an
Law Office Saving Tips That All and New Partners underappreciated issue,
Administrators Modern Law Firms Know CLIO and that’s about to
CLIO THOMSON REUTERS change.
THOMSON REUTERS

NEWSLETTER SIGNUP
Subscribe and get breaking news, commentary, and opinions on law firms, lawyers, law schools, lawsuits,
judges, and more.

Submit
We will never sell or share your information without your consent. See our privacy policy.

EDITORIAL STAFF

Managing Editor
David Lat

Editors
Staci Zaretsky
Joe Patrice

Breaking Media Editor at Large

Elie Mystal



OUR SITES


https://abovethelaw.com/2017/12/10-things-to-know-about-privacy-and-data-security-practice/?rf=1 7/8
6/6/2018 10 Things To Know About Privacy And Data Security Practice | Above the Law

© 2018 Breaking Media, Inc. All rights reserved. Registration or use of this site constitutes acceptance of our Terms of Service and Privacy
Policy.




https://abovethelaw.com/2017/12/10-things-to-know-about-privacy-and-data-security-practice/?rf=1 8/8