how to become a data privacy lawyer

by Miss Jacinthe Fay 7 min read

Here are a few tips:

  1. Take a course in information privacy law. [Warning: shameless plug because I teach such a course and have authored textbooks .] Learn about the field and the different laws ...
  2. Obtain an IAPP certification (a certified information privacy professional, or CIPP). This is another way to demonstrate that you know something.
  3. Dabble in privacy issues where you’re currently working. If you’re at a law firm, seek out privacy law opportunities. ...
  4. Look for fellowships, policymaking positions, and other non-traditional types of jobs. Organizations like IAPP and the Future of Privacy Forum (FPF) have fellowships that can provide useful experience. ...
  5. Familiarize yourself with the technologies. Lawyers with backgrounds in technology are in high demand. If you can code, you will be particularly in demand. ...
  6. Immerse yourself in the community. Go to conferences. Meet people. This is a great way to learn about opportunities and where hiring needs are. ...
  7. Publish. Try your hand at publishing an article. Writing gives you exposure and distinguishes you from the rest of the pack.

Full Answer

How do I become a privacy lawyer?

JS: Our overall goal is for all group members to be data security and privacy generalists (meaning they can issue spot data security and privacy issues) who have specific specialty areas. So we have lawyers with deep expertise in FTC investigations, state AG investigations, class action litigation, data security and data breach preparation and response, HIPAA, COPPA, CCPA, …

How do I become a cybersecurity lawyer?

Aug 27, 2013 · Here are a few tips: 1. Take a course in information privacy law. [Warning: shameless plug because I teach such a course and have authored... 2. Obtain an IAPP certification (a certified information privacy professional, or CIPP). This is another way to... 3. Dabble in privacy issues where you’re ...

Should every law school have an information privacy law course?

Gain the knowledge needed to address the widest-reaching consumer information privacy law in the U.S. GDPR Training. Learn the legal, operational and compliance requirements of the EU regulation and its global influence. Privacy Law Specialist Training (PLS) Meet the stringent requirements to earn this American Bar Association-certified designation.

What does a privacy lawyer do?

Sep 29, 2014 · 6. BUILDING A PRIVACY CAREER. Become an active member of the privacy professional community. A number of people recommended that it helps to be active in the privacy professional community, such as attending events, writing articles, speaking, networking, etc. As one person stated, you should “become active in IAPP.

image

Is privacy law a good career?

Privacy has transformed from being an afterthought to a full-time job to a full-time job for an entire team! The result is that there's a big demand for lawyers versed in privacy issues. If you know something about privacy, these are good times to live in.Aug 27, 2013

How do I get a job in data privacy?

Steps to becoming a data protection officer Education A BA or BS degree in information security, computer science or a similar field. Alternatively, a bachelor's degree or J.D. or the equivalent work experience in privacy, compliance, information security, auditing, or a related field will often be considered.Sep 15, 2021

What is data and privacy law?

Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data.

What does a privacy professional do?

As part of compliance the privacy professional is able to advise all aspects of the business and run privacy programmes, while liaising with training, audit, HR, legal and other functions in a neutral capacity.Dec 6, 2013

What is the salary of DPO?

Employees as Second Officer Dpo earn an average of â‚ą30lakhs, mostly ranging from â‚ą30lakhs per year to â‚ą30lakhs per year based on 2 profiles. The top 10% of employees earn more than â‚ą30lakhs per year.

What is the largest GDPR fine?

€746 million1. Amazon – €746 million. Amazon was handed a mammoth €746 million EU GDPR fine by Luxembourg's National Commission for Data Protection in July 2021 and it dwarfs all previous breaches.Mar 3, 2022

What country has the best privacy laws?

How Norway achieved top honors for internet privacyThe country set up the Norwegian Data Protection Authority, which is an independent public authority created with the purpose of protecting individual's privacy.To collect or process any personal data in Norway, consent must be given.More items...

What is RA 10173 all about?

Republic Act No. 10173, otherwise known as the Data Privacy Act is a law that seeks to protect all forms of information, be it private, personal, or sensitive. It is meant to cover both natural and juridical persons involved in the processing of personal information.

Does America have privacy laws?

There is no comprehensive national privacy law in the United States. However, the US does have a number of largely sector-specific privacy and data security laws at the federal level, as well as many more privacy laws at the state (and local) level.

What skills does a DPO need?

Qualifications for DPOsExpertise in national and European data protection laws and practices including an in-depth understanding of the GDPR;In-depth understanding of how their organisation processes personal data;Understanding of information technologies and data security;More items...

How long does it take to get CIPP certification?

Why take the CIPP/E? Once you're up to speed with the basics above, start planning your study schedule. The IAPP recommends allowing 30 hours to study for this exam. However, our community members report spending anywhere from 30-80 hours studying.May 26, 2021

Who can be a data protection officer?

The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level. A DPO can be an existing employee or externally appointed. In some cases several organisations can appoint a single DPO between them.

How many years of experience do you need to be a privacy lawyer?

Many employers want 2-5 years of experience in privacy law, but folks with such experience are very hard to come by and very in demand. That’s because privacy law is a great club to be in, but getting in the door and getting that initial few years of experience is challenging. The field desperately needs more entry points.

How to learn privacy law?

1. Take a course in information privacy law. [Warning: shameless plug because I teach such a course and have authored textbooks .] Learn about the field and the different laws and regulations. Find ways to demonstrate that you actually know something. 2.

What is IAPP law?

The International Association of Privacy Professionals (IAPP) is growing at a breakneck pace. Privacy law practices are flourishing at law firms. Nearly every organization these days has personal data, and federal and state regulation is sprouting up rapidly and agencies are stepping up enforcement. Companies are realizing that privacy matters ...

Who is Daniel Solove?

Daniel J. Solove is the John Marshall Harlan Research Professor of Law at George Washington University Law School, the founder of TeachPrivacy, a privacy/data security training company, and a Senior Policy Advisor at Hogan Lovells.

Why was there no recipe for a dish?

Back in the early days, there was no recipe because the dish was being invented from scratch. Today, the lack of common pathways toward pursuing a career in privacy remains. And that shouldn’t be the case anymore. Privacy law has matured too much.

What does a privacy professional do?

A privacy professional often needs to deal with other people — convincing upper management about the value of privacy and the importance of compliance and having adequate resources; training employees at all levels about privacy/security; and dealing horizontally with many different departments and personalities.

How to seek out privacy work?

As one person aptly recommends, “if you are currently employed in a non privacy-related position, seek out privacy work by speaking with the privacy officer or counsel involved in privacy matters.”

What is a fellowship in privacy?

Fellowships are short-term positions after one has graduated that can provide valuable experience and serve as a launching pad to future career opportunities in the field. A person writes: “Some that have fellowships in privacy are FPF, EPIC, CDT, CIS, and Microsoft. Sure there are others now as well.”.

How to know if someone has a deep knowledge of the field?

Become an expert. It’s fairly easy to tell in a short conversation whether someone has a deep knowledge of the field or has just a cursory understanding. If you want to work in privacy for a living, demonstrate to people that you want it by knowing about it.

What to do if you see an opportunity to do interesting work?

If you see an opportunity to do interesting work, you might offer your services for free or low pay. Maybe it’s just helping out in a limited part-time way, but you can gain valuable experience this way and show people what you can do.

Is it hard to get into the privacy industry?

Most jobs seem to require a few years of experience, but the privacy profession is still relatively new, and getting this experience can be difficult because there are not many clear paths to entry. Once in the field, the demand is high for privacy professionals with experience. But there is a bottleneck in getting into the club.

Can law students publish their journal notes on privacy?

One person says: “For law students, I would suggest that they try to publish their journal note on privacy or pair up with a professor at their school (or elsewhere) that is conducting research on privacy.

What is SANS certification?

SANS offers certifications and trainings in six areas: cyber defense, industrial control systems, penetration testing, digital forensics and incident management, developer, and management and leadership. This list is not exhaustive.

What is Krebs on Security?

As for cybersecurity news, Krebs on Security provides detailed news coverage on the latest cyber threats, cyber-attacks, and investigative journalism on cyber-related issues.

Can a cybersecurity lawyer be a litigator?

As a cybersecurity lawyer, one can work either as a litigator or advisor. What’s the difference between the two you ask? The lawyer who litigates also advises; however, the lawyer who advises usually does not litigate. At a minimum the advisor may assist a company or law firm with pre-litigation matters.

What are the duties of a data protection officer?

Data protection officer responsibilities include: 1 Providing in-house legal advice on privacy, privacy by design, data-sharing, and transfer of data. 2 Engaging in the drafting, negotiating and reviewing of any commercial agreement containing protected information. 3 Advising and drafting data protection-related documentation including contract due diligence for either GDPR or CCPA. 4 Providing guidance and support on various new compliance reporting/data tracking requirements and updating internal codes of conduct. 5 Familiarity with all applicable privacy laws.

What degree do I need to become a security analyst?

Education A BA or BS degree in information security, computer science or a similar field. Alternatively, a bachelor’s degree or J.D. or the equivalent work experience in privacy, compliance, information security, auditing, or a related field will often be considered.

Why is a DPO required?

The appointment of a DPO is mandatory for public authorities and companies processing large amounts of special categories of personal data. The language of GDPR indicates that the size of an organization is not what compels the need for a DPO, but rather the size and scope of data handling.

What is the job of a DPO?

The DPO candidate must have a proven track record in one or more of the areas of data protection, privacy advocacy, cybersecurity, information security, and regulatory compliance. Data protection officer responsibilities include : Providing in-house legal advice on privacy, privacy by design, data-sharing, and transfer of data.

Why is a legal background important?

At a minimum, a legal background is helpful for understanding and interpreting the complex legal requirements surrounding data privacy. In addition to knowing what the various laws and regulations say, a DPO must also have knowledge about how these laws are interpreted and applied in case law.

When did the GDPR become enforceable?

The GDPR was adopted on April 14, 2016, and became enforceable beginning May 25, 2018. In addition to EU members, it is important to note that any company that markets goods or services ...

Is data privacy enterprise or industry dependent?

The risk associated with data privacy can be enterprise and industry dependent. It is important that the DPO enjoys a good understanding of the enterprise’s business operation and the data handling needs of that specific industry. Experience within that organization and that industry are important qualifiers.

Litigation Tracker

In-depth strategic insight and benchmarking of your markets, clients and competitors.

Signal

In-depth strategic insight and benchmarking of your markets, clients and competitors.

Subscribe to The Lawyer

Access breaking news, comment and unrivalled data-rich analysis about the stories happening in the legal market by subscribing to The Lawyer today.

The Lawyer Awards Shortlist 2021 Revealed

Did you make the shortlist? Check the list of contenders for this year’s The Lawyer Awards.

Join the In-house Community Hub

Read peer-to-peer stories, case studies and advice from and for in-house counsel.

Video Channel

Watch expert opinion shorts from private practice and in-house lawyers, plus on-demand webinars from The Lawyer’s events.

Unveiled: The Hot 100 2016

This year’s Hot 100 gathers together the best lawyers in the business – the cream of the crop from in-house, private practice and the bar.

Why do privacy lawyers work?

Most privacy lawyers enjoy their work because of the wide variety of projects and because the constantly evolving law provides new challenges and learning opportunities. There are always exciting things happening in U.S. and international privacy law, so the topic never gets boring.

What is the focus of privacy law?

Some lawyers might focus on privacy law in litigation, while others focus on privacy law in IT and outsourcing transactions. Still others may focus on the regulatory compliance aspects of privacy. It is possible to specialize in one area of privacy law, such as financial privacy, health privacy, or student privacy.

How does consumer desire affect privacy?

Consumers’ desire for increased transparency and control over how companies handle their personal data also has an impact, particularly with respect to things like behavioral advertising and consumer tracking. Increased regulatory enforcement actions also impact how companies approach privacy issues.

What is a junior associate in law?

In a law firm setting, junior associates typically work with senior associates and sometimes partners. After gaining knowledge and experience, senior associates typically manage some projects on their own with minimal partner oversight, and often have regular client contact.

Is privacy law changing?

Privacy law is constantly evolving, which makes it challenging to advise clients. While some lawyers may not like this aspect of privacy practice, the constantly changing nature of privacy law also attracts many lawyers to the practice.

Do privacy lawyers specialize in all aspects of privacy?

Some privacy lawyers do not specialize and focus on all aspects of U.S. and international privacy law. After gaining experience, it is common to either stay with a law firm on the partnership track or sometimes in a non-track role, or work as an in-house privacy lawyer or for the government.

OCI Chances!?!?

I'm top 3% at Princeton Law School. I had 50 screeners, but I only received 39 call backs... All of my call backs were yesterday, but I still haven't heard anything back yet. Starting to panic because all 39 of the faceless, generic law firms I did a call back with are my DREAM firm.

Nice

For current and former Law School Redditors. Ask questions, seek advice, post outlines, etc. This is NOT a forum for legal advice.

image