Anonymous User wrote:Hey, thanks for taking questions.
For privacy work, what do you think big law employers are looking for on a resume? Advocacy or compliance experience? Certification?
It really depends on what kind of law you want to do. Do you want to do data breach litigation? Do you want to do more corporate work? Do you want to work in biglaw? Boutique? Nonprofit? Government? I don't think it's so much about those kinds of experiences, because it all can be so general. I think what they're looking for is knowledge. One reason why its difficult to get into privacy is because its such a new area of law and is so technical (literally, not just in the legal sense) that experience with privacy as a subject is much more impressive than general experience in a specific type of work (e.g., compliance). If I was hiring, I would look for someone who had a good grasp of policy making as well, because data and privacy laws are still coming out and interpretation of laws are key. If you want to do litigation, try out nonprofit watchdog orgs like Public Knowledge, EFF, and CDT. If you want to do more compliance and transaction do FPF or IAPP.
It's basically set in the field that you should have an IAPP certification. That being said, employers are relaxed when it comes to fresh graduates. Its a hard exam to pass the first time and if you show subject matter knowledge, the certification doesn't really matter. I got hired into biglaw without it and will be taking the test soon to cover my bases.
mister logical wrote:- what types of documents/agreements do you draft/work with?
- what is your typical day to day like?
- what types of clients do you work with?
- what advice would you give to someone in biglaw with a corp background who wants to break into privacy law in a big law firm?
thank you for taking questions
2. Typical day is filled with a lot of project juggling. I could be dealing with two emergency data breaches, some client meetings, writing time-sensitive memos or policies, and various other projects in the same day. Just today, I dealt with two data breaches inbetween calls and playing a kid's mobile app game to check it for privacy issues. Unlike other practices, I work on several projects with several different partners at the same time. A lot of other practices only have big projects with few partners. It depends on how you want to shape your experience. I know some partners or associates that all they do is data breaches. That is all they do. I don't want to be like that so I do data breaches here and there, but make sure I do other work too. I usually have time to go to the gym or play video games, but it depends.
3. Clients vary. Data breaches give a steady stream of various clients. My firm also takes on start ups and smaller companies as well as Fortune 100, so it's kind of all over the place. I also do pro bono work for DACA immigrants through my firm, so some clients are very much normal people or really important. Although I do a lot of client-facing projects, I'm still junior and not the usual go-to for clients unless they click with me and prefer to talk to me over the partner, who obviously knows more.
4. I think it depends on what kind of corp work you do and which biglaw you work for. A lot of big law firms don't have robust privacy practices. They're trying to catch up. So it might be that a firm won't want general corp people to do privacy because it still needs experts to drum up work first. That being said, I think its all about getting an in with the right people. Bring up privacy and data security issues at any point you think there's a problem. Know enough to suggest a solution. Write blog posts. Find out who in the firm does this sort of work and ask them to enlighten you. Don't just ask for the work. That shows interest, but no willingness to really do well. People don't have a lot of time to train and teach privacy. It's such a different way of looking at things because of its nature. So try to discuss it as much as possible rather than just saying "I'm interested." Read privacy-related books, fiction and non-fiction. Get IAPP certified. Go to conferences. You may be able to lateral into the field. Make friends in the field. You'll get a better idea of what track you want to take and who can get you there. I know an associate who only did securities for the first two years of being at the firm, but because he was willing to do blog posts and always talked to the IP partners, he now is a fourth year exclusively doing IP, which is exactly what he wanted. Most things like this take time. But it will come as long as you keep engaged.
Anonymous User wrote:I'm a third year commercial lit associate at a boutique in NYC. I went to a TTT but have law review, moot court, and some other accolades. I have some privacy experience, but most of my privacy exp. is in the form of publications with other privacy attorneys. I'm also heavily involved in a bar association privacy group and a CIPP/US. I would like to transition my practice into more data privacy/cybersecurity work, but I am finding it difficult to gain any traction in the space, even with the recent boom in privacy positions in the last year or so (GDPR deadline is imminent). I suspect my lack of traction is because most privacy positions call for tech trans/corporate contract exp., and while I do get some transactional work, I'm 80% litigator. I've been advertising my "passion" for data privacy work and crisis management skills, which has helped, but it doesn't seem to be enough to get past a phone interview. What things would you suggest in order to "break out" into the field? I'm even considering taking the risky plunge into "temp" privacy work (if I can even get that) in order to build my resume; is it crazy to leave my stable job and risk it all to do whatever it takes to get into privacy law?
I can't really say why employers aren't biting since these things can be subjective. However, there are ways to bolster your experience and marketability. I'm not sure what your goals are. Do you want to stay in a law firm? A lot of people hiring right now are actually in-house. If you know about the GDPR, you can find good jobs at startups like TrustArc, eTrust, and other compliance companies that help in-house counsel. A lot of people go in-house from those jobs. Check out http://www.ilpfoundry.us/jobs/
. Look into tech law jobs. It won't necessarily be privacy, but those jobs usually have privacy elements and you can leverage that to get into privacy. Being a litigator doesn't necessarily bar you from this work. privacy and data security is literally everywhere. Check out firms like Edelson PC that specialize in data breach litigation. Check out boutique firms like ZwillGen. They have a fellowship program where they are willing to take on someone with less experience but a lot of interest and there's room to lateral elsewhere with that experience or get hired on as an associate. I can't tell you whether its crazy to leave your stable job for something your passionate about. I will say though that I chose to go to a nonprofit right after law school instead of try to do OCI or get a big law job because I knew none of the big law jobs would put me directly into tech law or privacy work and that working a nonprofit that specialized in privacy would get me more substantive work in a subject area I cared about. I got a big law job after a year are the nonprofit. Sometimes taking a risk totally works out, but its about picking the right place that will take you there.