Between 2013 and 2016, an estimated three billion accounts were affected by a data breach at Yahoo. This was just one of many data breaches that were reported in 2018, impacting billions of pieces of personal informationlegal careers relating to data collection and privacy are on the rise. For law students and lawyers, this increase provides an opportunity in terms of both traditional attorney and JD Advantage careers. Industry research shows that while data privacy is still a relatively new field, 35% of privacy officers who came to their work from another field came from a legal background. The same industry research shows that hiring and salaries are on the rise.
Opportunities: What Does a Data Privacy Professional Do?
Lawyers in the data privacy space handle a variety of issues — from regulatory compliance to privacy issues — in business transactions and litigation of privacy breaches. JD Advantage roles focus mainly on the compliance aspect of data privacy. Privacy officers work with business heads or clients to craft internal and external privacy policies as well as those long, check-the-box consent forms that we all need to click through when using websites that collect individual information. Projects can also involve helping a client comply with applicable global, federal, and state privacy laws and conducting a compliance audit. On a broader scale, a data privacy professional might be called upon to develop and implement a global privacy compliance program that ensures compliance with a diverse set of rules and regulations crossing national borders.
While private law firms and government agencies employ attorneys and privacy officers, compliance-heavy industries also have a great need to hire data privacy professionals. These industries include healthcare, e-commerce, technology, social media, finance, auditing, and human re-sources — basically any industry that captures data on individuals and companies for commercial purposes. There are myriad regulations impacting legal and compliance work in data privacy, including a slew of acronyms that candidates should familiarize themselves with, such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI) regulations, and the Federal Trade Commission (FTC) Act. Europeanand U.S. state regulations that are already in effect and upcoming regulations expected at the U.S. federal level are further in-creasing opportunity for lawyers and law school graduates to explore data privacy careers.
Preparing for a Career in Data Privacy
To prepare for a career in data privacy, law students and lawyers in transition can focus not only on courses specifically in data privacy or cybersecurity but also on courses in such related areas as international law, intellectual property, constitutional law, e-discovery, or other related technology. Practicing attorneys and law students can also attend CLE courses or take non-law courses in computer science or business. Understanding how privacy and data protection impact one’s own life can be a great way to learn more about the cutting-edge and practical aspects of the work of data privacy professionals. While a technical background can be helpful, it is not required.
Among the most sought-after credentials in data privacy are the Certified Information Privacy Professional (CIPP) certificationsoffered by the International Association of Privacy Professionals (IAPP), which can be earned while still in law school. The IAPP is an industry leader in certifications and designations in the privacy space. When searching for a position in data privacy, practicing attorneys and law students should review job postings with titles ranging from privacy officer or manager to data protection officer (or DPO) for required qualifications and skills, such as specific experience with regulations, con-tract management and drafting, data licensing, business judgment, and project management.
Finally, practicing attorneys and law students should gain practical experience through internships, fellowships, article-writing, industry conferences, and networking, just as they would when investigating any practice area. The combination of academic training, practical experience, and additional certifications can lay solid groundwork for understanding the applicable laws and regulations and building a career in data privacy.