The highlights from my career thus far are the data breaches and technical errors where I was valued as much for my technical creativity as my legal analysis. For example, I worked a breach matter where an attacker broke into the network through a common medical device, and I worked methodically with the engineering team to trace communications and data adjacencies from an attacker’s access perspective. I’ve also assisted an IT equipment leader with a potential supply chain attack, where our team spent months looking for an attacker presence in the company’s production environment. And I’ve helped many Fortune 500 companies with design-based privacy and security matters working directly with engineering teams to proactively operationalise legal compliance in product design. I’m often asked by in-house counsel to talk to their engineering teams because they received difficult feedback from colleagues that legal compliance is not possible or appropriate standards compliance isn’t practical on the network. I enjoy asking engineering teams to roll up their sleeves, teach me relevant operations, data flows, and systems architecture, then I help uncomplicate operationalising compliance.
Data doesn’t differ from other practice areas; it permeates everyone’s practice and successful lawyers are seeing digital transformation issues in nearly every legal discipline. At Alston, our colleagues are coming to us with data matters from nearly every practice group and industry area. For example, I’ve dealt with employment lawyers that are concerned about their use of artificial intelligence tools in hiring. Energy companies securing their transmission operational technology and transmission data infrastructure. And there are transactions where data privacy and security risk can make or break a company sale. In short, data isn’t a practice area – it’s a whole-firm challenge as all companies heavily rely on data and information technology.
Less than 10 years ago, my biggest challenge was working with clients to get appropriate data processes in place. In my practice, many of our clients now have data privacy, security, and governance infrastructure. This is a major feat. My current challenge is getting some clients from a minimum viable product compliance posture to a true data governance process that will scale.
There are a few pillars of advice that I’ve lived by as a data lawyer helping clients adapt to increased data compliance needs (and regulators’ expectations). Firstly, automate what you can: there will never be enough staffing for data compliance. Secondly, in any data compliance automation workflow, think through where there may be logical approval points to inject nuance, as necessary. Finally, take advantage of a data privacy or security crisis – funding and staffing will never be as abundant as when crisis strikes.
Trends I continue to follow include how to secure and embed emerging technology into a client’s compliance infrastructure. I’ve been working on matters regarding Internet of Things device development, digital transformation (mainly, modernising physical IT and operational technology architecture to cloud computing/virtualisation/service-level deployments), artificial intelligence, and vehicle automation. Why? Our clients are in the middle of transformation, bringing products to market or simply upping their digital efficiency, and these technologies are being deployed at a rapid pace. Our legal advice needs to meet the speed of innovation.
In terms of challenges to gender equity in the field, I wish there was simply a large looming challenge to overcome. The difficulty with gender equity is how different it is for everyone: some face more concerns with implicit bias, sexual harassment, pay equity, caregiver equity, imposter syndrome, and many more inequity challenges. I choose to focus on the positive. I am grateful that I am now able to help young women (and men) rising through the professional ranks. My challenge is for every rung in the ladder of employment that I climb, I want to pull up young professionals with me. My colleague Kim Peretti and I developed a women’s networking group to help do this for professionals in enterprise cyber security risk. What will ultimately help meet gender equity challenges is more women in leadership (and male allies) who are willing to help recognise, coach and ultimately, promote strong female talent.
The data field has changed over the last decade in that now, I’m not the only woman in the room. It makes me smile and I’m delighted at how far our profession has come. We are not “there” yet. But incremental progress is progress.
A piece of advice I would give aspiring data lawyers and professionals is: Don’t quit. Keep showing up, do your best, and opportunities will come. When my children were babies while I was both running a legal security breach practice while a law firm chief information security officer, every day was a struggle with very little sleep and a long list of challenges. The immediate crisis time passed and I’m still here with my family, work, and myself intact. My key to sanity is personal grace – you will never be a good mother, wife, daughter, attorney, and friend all in the same day.