My name is K and I am a privacy counsel.
Most of the time when people ask what I do, they have no clue when I say "I am a privacy counsel." Confession time, I usually only say I'm an attorney, but sometimes they want to know what I practice. I don't practice. I am in-house. For those that don't know, in-house means that I am not with a law firm and do not take clients. I work for a company as an employee. The company is my client.
And given that I blog about privacy, I have to always disclaim that my views are not those of my employer.
But back to the question, what is a privacy counsel anyway? If I said I was an employment counsel or IP counsel, people would not be confused. I work in privacy. That is what is confusing, because people in the U.S. don't get privacy and I'm a dork.
Working in Silicon Valley does make for a little more acceptance. With the number of global companies here, they all pretty much have people doing what I do. It's kinda cool. There are lots of other privacy counsels.
Okay, Okay - back to the question. It means I make sure that the laws of the nations who have privacy laws are followed. Every other country who has privacy laws at all approach privacy vastly different than does the U.S. We look at data on a sectoral level - health care, education, financial. There is no national privacy law in the U.S. and no national protections for general data on individuals. The states are a little different. 46 states have data breach laws - and they have many commonalities and some differences. The strongest data protection laws are in California, Texas, and Massachusetts.
So in the U.S., I make sure we abide by sectoral laws and state laws. Globally, I deal with the laws of the European Union (28 or so different sets of law for the various countries, if you include the EEA 30 or so), APAC, Canada, Mexico, etc. etc. And I love it.
As stated above, I love privacy law. I caution people not to think of it as privacy, because most people tend to have tunnel vision. Think of it as personal data management - and in many cases, the most sensitive data I deal with (and thus, protect) is that of employees.
But like any area of compliance, it is always an uphill battle. Compliance is a cost center not a money maker. Ensuring certain protections are in place can slow down innovation and development. And especially given that most would prefer to build the house, then add the fence for privacy - we (privacy professionals) would prefer you to bring us the blueprints and make sure you are not building on someone else's property and/or get the right permits. Privacy by Design, or Privacy by Default. Build the product right to begin with. Then I am not a roadblock, I am a roadsign. I can point you in the right direction if you come to me early. If you come to me when you are ready to roll it out...well, I have to come up to speed on the product, check the contracts, vet the vendors, and know every data element you collect, how, when, what, where you get it, share it, and store it, how to send it, back it up, and delete it.
So that is what a privacy counsel does.
It is one of the fastest growing fields in the world.
And when it is me - you get all this personality with the package. fun time, my friends, fun times.
No comments:
Post a Comment