What do you do?
Businesses today – across industries – own and process myriad personal data in unimaginable volumes. I guide them through the lifecycle of this data, from the transactions that can bring that data in, including in acquisitions, diligence and post-acquisition context; through my privacy and cybersecurity counselling practice, including as my firm’s go-to expert on CCPA, CPRA, and covid-19 privacy concerns; and through litigation when things may go wrong, at least in others’ eyes.
In some ways, my specialty chose me. I’ve always done big tech litigation, but as privacy and cybersecurity laws became in narrower focus following the passing of GDPR, many of my clients were forced into compliance conundrums, and I naturally fell more deeply into the field. Being in the heart of Silicon Valley, I was drawn to the novelty of the laws, the unique application of them by each client, and finding that the area really touches all industries, in different ways.
I obtained my [IAPP] CIPP/US certification for foundational knowledge, and have enjoyed the global nature of my practice, which has allowed me to work with our colleagues across the world, while keeping my focus largely with big tech companies in my backyard, which are at the heart of the work I do.
What’s keeping you busy?
Covid-19! The virus has changed the world in so many ways, including presenting unique problems for companies and how they monitor and track employees and visitors. Just about every US company (not to mention abroad) is trying to figure out how to make these decisions (whether to collect vaccination status for an event, whether to ask employees their status). Meanwhile, businesses are also managing ever-changing laws that keep their attorneys and business partners up at night. As CCPA changes over time, CPRA quickly approaches, and states are frequently considering additional laws – there’s a lot to consider from a business management, product development, and programmatic perspective.
What mentors or other influential figures have helped you get where you are today?
On a personal level, my mom has really been a beacon helping me navigate everything from going to law school, to managing a high-profile practice with young kids at home. I’ve also had close friends and former colleagues who went in-house, showed me the ropes, and gave me a chance at working in this field with them as clients, which really secured my practice area focus. And at the firm, I’ve also had great sponsors through our practice and office leaders who have helped guide and promote me to where I am today.
If you could change one data-related law, how and why would you change it?
In their haste to get passed, certain recent privacy laws necessarily have ambiguities and holes, such that even as someone who studies the law deeply, I still struggle with the practical implementation in my clients’ needs, while trying to adhere to the intended goals of the law. There are great opportunities for changing this through regulations, but sometimes that takes time.
How has covid-19 affected what you do?
Covid-19 opened a whole new world of data privacy. It has become one of the major topics of concern for my clients in the privacy space, and has changed everything from the questions I ask to evaluate risk of a potential target company, to the projects I evaluate for compliance purposes. It has also provided an amazing opportunity to work with my labour and employment colleagues on foundational questions for businesses looking to open their doors again. Beyond that, it hasn’t changed much about my practice, except the window I look out of most days.
What’s the next big thing – what data opportunities are companies now looking at?
It has been discussed as the next big thing for a bit now, but it continues to be so: AI/machine learning. We’re starting to see more and more laws proposed governing this data, but also more opportunities. The volumes of data needed for ML necessarily require considerations relating to privacy, but obviously provide huge opportunity for businesses in medicine, tech, or otherwise. Even with COVID-19 and employers, we’re seeing great uses of data with AI/ML for reopening purposes.
What’s keeping companies worried at the moment – what are some key data risks?
The areas overlap with a lot of what is keeping me busy: COVID-19 and new privacy laws. Many states want a seat at the table, and even when laws are passed, they are changing rapidly (eg CCPA to CPRA). Keeping abreast of changes – and implementing a global compliance programme, where laws may conflict or require unique incremental changes – certainly worry companies dealing with a significant amount of data, which is becoming more of a norm.
What do you do to relax?
I like escaping into nature, and experiencing something far from my bedroom where I’m also working in light of covid! I just got back from a trip to Fairbanks, Alaska with my family to see the aurora borealis, and we were treated to an unexpected G2 flare – it was the most amazing sight I’ve ever seen.