By Joel Wuesthoff, Esq. and Sankara Shanmugam
Data privacy has been front page news in the wake of massive data breaches. In one case, hackers nabbed credit card information from some 40 million unsuspecting customers of a large retailer. This breach is just one example of why the growing number of organizations that are handling sensitive data for everything from data hosting to payment processing to cloud storage and beyond are looking to counsel who understand the intricacies of data privacy – and can effectively manage the associated risks.
Due to the explosion in data, through traditional and new forms of media, combined with the ever-evolving regulatory landscape, privacy and data protection are fast-growing areas in the legal profession.
Here are a few trends to watch in this hot practice area:
Security Audits: Increasingly, large financial and health institutions are considering, and in some cases, requiring, outside law firms to undergo security audits to assess their maturity to withstand information security threats. These requirements have been fairly routine for many third-party service providers but only recently have started being applied to law firms. These security audits require a high degree of collaboration and knowledge-sharing between and among legal professionals (e.g., lawyers, in-house and outside) as well as technical security professionals to ensure that privacy and notification requirements are considered simultaneously with a robust and deep technical dive into systems, applications, hosting environments, firewall and malware protections, and both preventative and detective mechanisms.
Legal professionals with data privacy experience are in high demand. With data breaches a clear and present danger for virtually every business, many law firms across the nation are building privacy and data security practices. They are seeking attorneys and paralegals with experience in data privacy laws and regulations and information security expertise to better serve their corporate clients. Likewise, corporate legal departments are on the lookout for professionals who can develop internal privacy policies, assess business security and privacy risks and advise on compliance issues in light of ever-changing regulations. As a result, tech-savvy attorneys and other legal professionals specializing in data privacy are in high demand for their ability to use advanced analytics and monitoring technologies to manage privacy audits, privacy litigation, data security breaches, and issues dealing with employee privacy, employee monitoring, healthcare privacy, direct marketing policies, and more.
- New data privacy job titles are popping up throughout the legal profession. As awareness regarding the importance of data privacy and security increases, a number of new legal job titles are emerging throughout law firms, corporations and government agencies, including:
- Privacy Officer
- Privacy Compliance Officer
- HIPPA Privacy Officer
- Privacy Manager/ Privacy Specialist
- Government Privacy Analyst
- Privacy Program Analyst
- Data Governance Director
- Industry organizations focused on privacy and security provide information and resources. A number of professional privacy/security associations offer educational resources, information and news to help organizations develop best practices to manage technology risks and safeguard critical information – for example, the International Association of Privacy Professionals (IAPP) and the Information Systems Security Association (ISSA)®. Additionally, the ABA furnishes privacy and security information, news, updates, and analysis of current developments through its Privacy and Information Security Committee.