In July 2017, Equifax suffered a data breach. As one of the largest credit bureaus in the United States, Equifax holds our most sensitive personal information, including Social Security numbers, birth dates, addresses, drivers’ license numbers, credit card data. Suffice it to say, the breach was serious. The personal information of 150 million people was exposed.
The verdict: Equifax failed on a number of data security and response protocols. It failed to fix the vulnerability that allowed the hackers initial access, its system was not segmented so the hackers could move easily in the system, and it was far too slow in reporting the breach. Ultimately, Equifax agreed to pay $575 million as part of a global settlement with federal and state agencies. Equifax is still trying to repair the damage to its reputation.
The stakes are high when it comes to data privacy. The reality of our time is that our information is increasingly being stored online, making us vulnerable. Yet, data breaches seem to occur with alarming frequency.
That is why data privacy may be an area of practice that you should consider. If you are looking to move in-house, or if you are in-house and open to new opportunities, having a data privacy facet to your portfolio could be a game-changer.
In this article, we will discuss why data privacy and protection is an emerging area, what a data privacy practice is like, and how it could help your in-house career. In short, if you are looking for a specialization that will help you stand out in a crowd, data privacy might be the ticket.
Data Privacy and Data Protection is an Emerging Area
A number of things occurred in 2020 that have put data protection and privacy at the forefront. First and foremost, the pandemic. The ongoing coronavirus crisis has pushed our healthcare system to the breaking point. With such a high demand for medical services, the need to protect patient data has been more profound than ever. We all generally understand the strictures of the Health Insurance Portability and Accountability Act (HIPAA). Yet, the pandemic has forced companies to take a much more careful look at how to disseminate information about safety in the workplace while protecting the medical information of their employees.
Second, the pandemic has also encouraged a wave of employees to work remotely. Once a carefully proscribed luxury for employees in certain circumstances, remote work is now our general way of life. Further, all reports seem to suggest that remote work is something that is here to stay.
Third, the State of California recently passed the California Privacy Rights Act (CPRA). Heavily influenced by the European General Data Protection Regulation (GDPR) legislation passed by the European Union several years ago, the California law has placed many new burdens on businesses. Specifically, it allows consumers to direct businesses not to disclose their personal information, and it introduces the concept of non-personalized advertising.
Those and other data privacy events in 2020 demonstrate the incredibly high demand for data protection and privacy professionals. Moreover, the demand is for professionals who understand both data privacy technology and data privacy law.
What Is an In-House Data Privacy Practice Like?
The ultimate goal of an in-house attorney with regard to data privacy is to:
- Put the appropriate data privacy protections in place,
- Ensure that they comply with the law, and
- Respond to legal issues that arise when protections turn out to be ineffective.
Indeed, a practice focused on data privacy, either in-house or at a firm, involves an interesting mix of understanding of the landscape of data privacy legislation, like the CPRA and GDPR, while keeping up to date with the latest in data protection technology.
The CPRA is also a taste of things to come. There is a general growth of data privacy legislation worldwide, and companies will need to work hard in the short term to meet the challenges of the new global landscape. In short, businesses will need to have in place general privacy practices that are consistent across all privacy laws.
That is where your legal expertise could come into play.
What Would a Data Privacy Focus Mean for Your In-House Career?
There is a clear demand for data privacy professionals, particularly those who understand national and international privacy laws, and companies are having difficulty keeping up. According to a recent study, 99 percent of in-house attorneys agree that a data privacy plan is of utmost importance, but only 20 percent of in-house departments state that they have such a plan in place.
Thus, focusing your career on data privacy matters could be the perfect way to distinguish yourself if you are looking to move in-house, or you want to find the next step in your in-house counsel career. In fact, you may find that your data privacy prowess will be your primary selling point to corporations desperately in need of talent in the data privacy and protection space.
All companies today are understandably afraid of becoming the next Equifax story. Accordingly, an attorney with a head for data privacy issues and experience with data protection cases is precisely the kind of attorney that companies are looking for now and in the next three to five years.
If you have the chance to shift your area of practice to data privacy, you may find that it could be just the skill set that advances your in house career.