I started my career as a young attorney working for Garrigues in Spain in the 90s. At the time, the first national data protection law (which preceded the EU 1995 Data Protection Directive) was being implemented. I was working in the corporate group and had an interest in new technologies, so I volunteered to help the senior attorney who was leading the effort to interpret the requirements for our clients. I remember having a conversation as to the notification requirements and discussing where the disclosures should be included (there were no privacy notices at the time.)
The privacy field was fascinating to me, and still is, because there are so may ethical questions embedded in the legal requirements and policies that must be considered.
In terms of career highlights from the point of view of recognition, being appointed to serve as a member of the board of the California Privacy Protection Agency (CPPA) was a major highlight. After working and researching privacy law with a focus on California and EU for years, and becoming a nationally recognised expert, the appointment was a tremendous recognition of that effort.
Choosing to join Santa Clara Law as the inaugural privacy fellow was an incredible opportunity to help develop their outstanding privacy offerings and another major highlight of my career. Santa Clara Law has heavily invested in creating what I believe to be the strongest privacy law programme amongst US law schools and participating in it has not only enabled me to develop the curriculum for the innovative comparative privacy class I currently teach but also gave me an opportunity to mentor students and see them successfully start their careers in privacy.
Ultimately though, the culmination of all my training and experience was the establishment of my own law firm, Golden Data Law. The firm is a benefit corporation created to serve the needs of the non-for-profit community that brings together my passion for expertly and effectively guiding clients to enable ethical uses of data for the common good and mentoring young professionals seeking carers in privacy. Just recently I onboarded a fantastic academic development partner and we are working closely to help our inaugural legal fellow achieve her career goals.
I always tell young professionals that data is not a career for everybody. To be successful in data you must be very comfortable operating with a significant degree of uncertainty, as legal frameworks constantly evolve and data-powered technology cycles are fast. I recently read that although the internet was invented half a century ago, around 90% of the word’s data was only produced in the last two years. Having a good understanding of the practical implications of data protection and privacy principles is an essential tool for data professionals seeking to help clients successfully navigate this ever-changing landscape.
In addition, privacy lawyers need to have a keen interest in understanding how technology works. Not so long ago, I had lunch with a chief privacy officer of a Fortune 500 company and asked her what the best predictor of career success for young professionals in her organisation was. She responded without hesitation understanding the underlying technology was the best predictor and added that, if after one year a business unit her team supported provided as feedback that one of her attorneys did not understand the technology he or she was advising on, it was highly likely that attorney would be asked to leave the team.
The biggest challenge currently is that it is very difficult to find experienced data lawyers. The demand for professionals with over three years of experience keeps growing exponentially, yet there are very few educational institutions offering strong privacy programmes and law firm privacy teams are so overwhelmed with work that they do not have time to train new lawyers.
By design, Golden Data Law is a law firm built to emphasise training. That means, among other things, that I would not take new billable work at the expense of not being able to dedicate time to train fellows. That is a conscious choice that aligns with the goals of my organisation as a benefit corporation, and I fully embrace it. That in many ways insulates my organisation from the staffing challenges that other law firms encounter.
A trend I am following closely is the use of artificial intelligence (AI), because I have been assigned by the CPPA board to serve in the subcommittee that is working on developing rules for, among other things, automated decision-making. AI has enormous potential to serve the common good and, in fact, we are going to need AI to solve some of the most pressing challenges that our society faces, including climate change. Yet it can also be used to unfairly discriminate and, particularly in the context of governmental uses, it can lead to encroaching on individual’s privacy in ways that are misaligned with the principles of democratic societies. There are many ethical open questions surrounding how or even if it needs to be regulated that I am currently closely following.
I personally do not perceive a gender gap in the legal privacy field. There are many females leading corporate privacy departments here in the Silicon Valley and I do not perceive a gender imbalance in the law firm teams with which I am familiar.
That said, I understand recent IAPP studies indicate an emerging trend towards a gender pay gap among privacy professionals, which is concerning to me.
A good example of how gender gave me a different perspective on a data protection issue would be the effective training of remote workers. In many ways, remote work has helped working parents better balance work/life challenges. However, it also presents added privacy, security and data protection concerns. Effective training for a remote work environment is essential yet can be challenging.
As a working mom during covid, I became very aware of the time constrains of other women who, like myself, were home-schooling their kids while working from their kitchens. Traditional training (where you must set time aside to watch a video and answer questions) may not be effective when your workers cannot find time to complete online modules given the many competing demands you operate under. A flexible approach (where reminders of best practices are provided for example in the context of regularly scheduled group meets) may be a more effective approach but it is important for organisations to remember to document that training was provided to ensure they can demonstrate their own compliance with existing legal requirements.
The data field has offered enormous opportunities over the last decade for women professionals that choose to invest in a career in privacy and will continue to do so. There are many female privacy leaders that can serve as role models to young women in the profession and so many of us find mentoring the next generation to be our responsibility.
I always tell young lawyers that they will find a successful career in the intersection of what they love to do and what they are good at. Young lawyers who know what they are passionate about and seek opportunities that align with their interest are set up for success right from the start because they will likely have some level of proficiency and understanding of the underlying technology.