I often get asked by recent law school grads how to get into the field of privacy law and I’ve spoken about my journey from theater major at university to IP law firm practice to privacy. This blog post is about mid-career opportunities in privacy, AI and data security. Are you or someone you know feeling a mid-career slump and ready for a change? Many people have recently lost a job or are re-evaluating work and personal life post pandemic. There are also those who have taken time off from a career to raise kids or care for a loved one and are now wanting to return to the workforce.
Consider the growing fields of privacy, AI, and cybersecurity – industries that need talented lawyers as well as business and technical professionals. As the world hurtles toward increased digitization, privacy continues to evolve from a niche interest to a mainstream policy issue with many relevant opportunities at the intersections of law and technology. What’s more, you don’t have to be a techno-geek or passionate about coding to contribute. Chances are your resume is more relevant than you think.
You may already have transferable skills
As one indication of the demand for privacy professionals, the U.S. National Institute of Standards and Technology recently created a Privacy Workforce Public Working Group. In describing likely candidates for the field, Dylan Gilbert, Privacy Policy Advisor described the qualifications of likely candidates as “. . . requiring broad knowledge and skills that range from compliance to IT to communications. In that sense, it extends beyond traditional notions of a ‘privacy workforce.” Privacy is a dynamic and multi-disciplinary field, with fast changing regulatory domains and future jobs that may not yet be imaginable. An ability be flexible, agile, and adaptive supersedes the need for narrow specialization.
Intellectual Property Attorney. If you have experience with litigation and transactional practice in areas such as trademark, copyright and trade secrets, you are probably already familiar with issues of privacy, security, and confidentiality. Because your role may be to help clients navigate the complex legal landscape of protecting their data, which involves a range of regulations, laws, and industry standards, the tacit knowledge and conceptual thinking you already have is valuable and can be mapped onto new and developing technologies.
In fact, this is the path I followed. As a theater major at Northwestern University, I never expected to end up in the privacy field. After a stint as a grunt making my way into the entertainment industry I got the bright idea to go to law school and pursue entertainment law. I graduated law school at the height of the tech boom and living in San Francisco I took advantage of IP litigation and transactional work at my first law firm job. Gradually, over my career, I transitioned to in house roles and took on more dedicated data, privacy and data security work. I currently lead a team of attorneys at Autodesk and we support our global privacy, security, data use and data ethics programs. My team is diverse in that they come from IP transactional, litigation, cyber-insurance practice, and general privacy practices. Most of us made an early or mid-career transition to focus on privacy and data security.
Technology Transaction Attorney provides obvious transferable skills. Drafting and negotiating contracts, familiarity with data protection concepts and regulations as well as customer sensitivities are all foundations on which to build a career in privacy law. If you have experience working with technology companies and start-ups, you may already have a strong understanding of the technical and programmatic aspects of software development, data governance and data management. This can be helpful in understanding data strategy and development of privacy and data protection programs.
Cyber Insurance or Compliance Attorney. Understanding what goes into insurance coverage and claims, documentation, and providing guidance on risk management and regulatory compliance is another valuable knowledge base that makes it relatively easy to segue into the privacy field.
In short, if you are familiar with legal principles, regulations, standards, and how to apply them in practice, have experience with data concepts, contract negotiations or compliance programs -- you are already well prepared. Melanie Ensign, Founder & CEO of a company that helps organizations adopt communications strategies to improve security and privacy outcomes, found that studying sharks for her degree in marine biology came in handy. As she puts it, “I learned how to talk to people effectively about things that scare them and things they don’t understand. That is literally what my company does today.”
What about a technology background? An engineering or computer programming background certainly helps, especially as AI governance and compliance becomes part of the privacy practice. While a technology background is not necessary, you should be at least interested and committed to engaging with technology and learning some basic concepts.
How to get started
Be exploratory. It’s best to start with small steps. That way there’s less risk to your current position and you will have the opportunity to find your areas of interest and comfort. For that reason I suggest proactively seeking out opportunities in privacy, even if only short term and even if it is in addition to your “day job”. These opportunities can provide exposure to privacy, AI and data security issues, on the job training, and often open doors to other opportunities.
Be curious. Resist the urge to get bogged down with the “day to day” parts of the job such as negotiating contracts or completing and reviewing privacy impact assessments. Find time to ask questions and engage with your business colleagues to learn more about what they are doing and what their concerns might be. The more you know, the more you learn how to apply the law and provide practical and impactful advice.
Be willing to learn. Take at least one of the Certified Professional Privacy Professional (CIPP) exams offered by the International Association of Privacy Professionals (IAPP). Your resume will stand out if you have these certifications as it demonstrates interest and commitment to learning the domain. The IAPP offers training sessions for the exams in a variety of modalities: online at-your-own-pace, online live, in person, or with a group.
Be informed. Start following privacy experts and leaders on LinkedIn to stay in the know about new laws, trends, and hot topics.
Be current. Listen to privacy and technology law podcasts and attend webinars that are often offered for free by law firms and privacy tech vendors. This helps to keep up with the latest developments. Podcast options abound.
Be humble. If possible, seek out a mentor in the field.
So, if you’re looking for a change or career boost you might want to review--and ramp up--your resume. Identify your transferable skills and experiences. Search for privacy, AI and data security job openings. Stay informed and curious. And good luck!
Comments