⚔️ 5 Key Takeaways: What A First-Time GC Needs To Know About Privacy
Last Thursday, we hosted an intriguing and informative discussion with Peter Day (Global Chief Privacy Officer, DGC, SHEIN), and Jordan Mazur (GC, Lively, INC.) moderated by fellow Lawtrader and Fractional Privacy Officer, Ben Isaacson. They dove into the basic legal concepts and touched on the nitty-gritty practices surrounding privacy. Here’s what we learned.
1. Know Your Stuff
As a GC, you have to establish yourself as someone people can come to about privacy questions. To do that, you need to have some baseline knowledge. If you don’t, you’ll find yourself saying, “No, we can’t do that” to everything, without good reason or alternative suggestions and no one will want to approach you. Pick up a few books or jump on some webinars to get up to speed. You’ll never know everything there is to know but if you have a working framework of the understanding you can reach out to an expert for the specifics.
Some questions to ask your business include:
What do we want to do with data?
How do we monetize data?
How do we collect data?
👋 Hey There
Want to learn more about Lawtrades? Sign up for a 15-minute call with a member of our team and you’ll get 10 free hours of legal service, on us.
2. Acquaint Yourself
If your business is trading in multiple countries, it can be tricky to design a privacy strategy that works in every jurisdiction. European Laws have been a headache for US legal teams in recent years, from the ePrivacy Directive to GDPR, the Digital Markets Act, and the Digital Services Act. In the past, you could design your privacy strategy around European law and pretty much be safe in any jurisdiction but it’s getting more complicated. Every jurisdiction has slightly different laws that can trip you up.
There are loads of new state-level laws coming out all the time in the US like the new Utah privacy law. You should keep very open tabs on them. Hot tip: read the whitepapers that Law firms send out to summarize new regulations. It’s smart to grant the most generous protections to everyone, regardless of state, rather than applying different things in different states.
If you have operations in Europe, you’ll likely need a data protection officer. There’s a huge debate as to whether DPOS can be sufficiently independent of the operational side of a business to help individuals vindicate their data rights. If you are a small team, it’s easiest to hire an outside, part-time DPO to ensure they are independent. If you’re likely to interact with local data protection authorities or if you have a team in Europe and there are likely to be time zone issues, it is probably best to hire someone in Europe. But if your headquarters and operations are in the US and you just have a lot of European data, you can stick nationally.
🗓 It’s Gonna Be May
Well, we’re just a bit late. Keep up-to-date with our next events:
How to Build a High-Performing Legal Team: Thu, May 12th, 3 pm ET
Join our own Matt Margolis as he moderates a discussion with Nili T. Moghaddam (GC, Bungalow) and Shaun Sethna (DGC, Altisource) for a deep dive into their experiences developing successful teams.
👉 RSVP here.
How Non-JDs Can Save You Time & Money: Thu, May 26th, 3 PM ET
Join our own Lauren O’Neill as she moderates this discussion with Trina Walker (Director, Legal Change, TriNet), Kelsey Copeland (Sr Corporate Counsel, NASCAR), and Eric Lentell (DGC, Archer) as they discuss the importance of non-JD roles as well as how much time and money they can save.
👉 RSVP here.
3. Map Your Data
Regulators are demanding more and more transparency and it’s difficult to keep tabs on how data is used internally. Many companies are not equipped to answer the tough questions. There are huge benefits to doing manual data mapping. That means speaking to an engineer on every team in your business and asking them 3 questions:
Where are we getting the data?
Where are we sending the data?
What are we doing with the data in between?
The major challenge is that the information is obsolete the moment you gather it since things are constantly changing. You might also get pushback. Use those conversations to build a network of people in the company that you can use for data mapping, spread the word that privacy is important, and show that you can be a useful resource.
🔄 If We Could Turn Back Time
While we can’t turn back time, we can bring you back to our past events you may not have been able to attend. Check out the How to Market Your Legal Team as a Team of YES. Our panelists shared why it's important to brand your legal team, and their best tips on how to do it successfully.
If you’d like to see more full-length replays, snippets, and more — subscribe to our YouTube channel.
4. Reach Out For Help
If you find yourself constantly explaining your business to outside counsel, it might be time to hire. An in-house privacy lawyer can signal to a counterparty that you take privacy seriously. But it won’t come cheap — privacy lawyers are in demand. If you’re spending 2.5x a regional privacy lawyer’s salary on outside counsel, that could also signify that it’s time to bring someone on board. On the other hand, if you’re dealing with international jurisdictions, you’ll need to hire outside counsel to inform you of specific regional laws.
There’s also software out there that can help you with your privacy program, such as One Trust. The cost of that kind of software varies from free trials right the way up to 6-figure contracts. They’re often either handy or disappointing. It’s important to realize they won’t replace the on-the-ground work of building a strategy and understanding the data process in your businesses, and they’ll never be as valuable as a good outside lawyer or privacy program manager.
🏘 We’ve Expanded
Did you notice? Our full replays just got a bit fuller. The full-length podcast and video replay now come attached. Oh, and we’ll be highlighting key snippets later this week. Check out our LinkedIn for a first glance.
5. Keep Your Tabs Open
To IAPP, or not to IAPP? Let’s face it, IAPP conferences are not the end-all, be-all of privacy … but their website is full of useful information and their books can be a godsend. Another great resource to find cutting-edge news? LinkedIn. There are many privacy influencers that give access to the latest news and provide helpful (not to mention free) resources. Don’t be afraid to reach out to your network with questions, you’d be surprised at who is willing to lend a helping hand.
Who to follow:
Brian Levine (Managing Director, Cybersecurity & Data Privacy, EY-Parthenon)
Law firms’ privacy teams put out useful content. Field Fisher, for example, does lots of Adtech content.
Enjoy these recaps? Share them with your network!
Until next time,
🤝 The Lawtrades Team