What do you do?
I use my litigator’s perspective to help clients mitigate and manage risks related to data privacy and cybersecurity. This entails assessing their risks, helping them implement policies and procedures, and defending their practices if they are challenged.
I was interested in data privacy, pure and simple. I got my first privacy assignment when I was a young associate, and it occurred to me that learning this area of law was something that would be applicable to more than one client. So I just kept at it.
What’s keeping you busy?
Advising clients on the constant stream of new, proposed, and actual privacy laws in the US is one thing that has generated a lot of client interest. Additionally, I serve as defence counsel in several privacy-related lawsuits pertaining to both alleged statutory violations and data breaches.
What mentors or other influential figures have helped you get where you are today?
I’ve had a number of colleagues who have taught me what it is to be a lawyer, and how to interact with clients. It starts with the first lead partner I ever worked with, Barbara Steiner. She taught me how to balance work and life, while also always demanding excellence. Heidi Wachs has been a friend and guide throughout my transition from young, litigation associate to privacy law practitioner. Megan Poetzel and Ross Bricker showed me how to interact with clients, and manage matters.
If you could change one data-related law, how and why would you change it?
Just one? How about one aspect? I’d take a look at any data privacy law that has a private right of action in it and ask whether that provision really helps people or whether it is just a tool for lawyers to make a profit. Too many data privacy laws could lead to billions of dollars of potential liability for technical violations that don’t actually harm anyone. We should be asking ourselves whose interests a private right of action really serve rather than just assuming it is a good thing.
How has covid-19 affected what you do?
Covid-19 shone a gigantic spotlight on the business disruption readiness of companies. Companies that had sound business disruption plans were able to move seamlessly into our mostly virtual world. For those that were not as prepared, they turned to privacy lawyers in droves looking for guidance on how to secure systems, to make them available to remote work forces, and how to safeguard information when not everyone was going into an office.
What’s the next big thing – what data opportunities are companies now looking at?
Is it cliché to say data analytics? I feel like this has been the answer for some time, but there are some really smart engineers out there who keep coming up with new ways to interpret, slice, and understand data. Many companies with which I work have only just scratched the surface of tapping into the real utility of the information at their disposal.
What’s keeping companies worried at the moment – what are some key data risks?
I don’t think it’s an exaggeration to say that the unpredictability of the data privacy space is causing significant concern. Companies spent years getting ready for GDPR and getting Privacy Shield certified only to see the Privacy Shield undone. And here in the US, the race amongst the states to enact their own, comprehensive privacy regimes is causing a lot of handwringing.
What do you do to relax?
I have two small children, and they keep me busy when I’m not at work. Whether it’s an organised activity like baseball or softball or whether it’s working together on Lego, that’s time that I look forward to every day. Otherwise, a good TV series or televised sporting match is how I unwind.