Privacy In-House Counsel Forum

[jagpaw]

I understand that the privacy/cybersecurity skill set is highly sought after by corporations right now. On the flip side, however, I've had a few recruiters tell me that they've had multiple privacy in-house counsel try to lateral TO big law firms because they feel like they're being overworked and underpaid in house.

Can anyone confirm whether this is the case?

[oblig.lawl.ref]

Privacy is highly in demand; both in-house and, for experienced professionals, in many law firms.

In my experience, many people who go straight in-house and never work in a firm are at least curious about the experience and many of those want to try it out. That being said, I really don't think there is chronic over-worked-ness in the in-house sector. To me, that's a law firm talking point. There will be some overworked privacy counsel but I don't think it's endemic.

I have definitely seen straight-in-house privacy attorneys go to a firm but I would bet it is a combo of (a) not having worked in a firm, (b) somewhat rare spots of over-worked in-house attorneys, and (c) the in-demand-ness of privacy and lack of experience in firms that drives those numbers.

I do not think it is because being an in-house privacy counsel is so bad.

[JHP]

I'm not in house nor a privacy lawyer, but used to work in house with counsel who had to do privacy work for the company. This is just anecdotal and may be unique to the company I worked at, but the "privacy counsel" was not a trained privacy counsel, so they were wearing many hats and I felt they were often stretched pretty thin, work-wise and also resource-wise. They were an IP specialist but were tapped to do all the privacy work too, and I get the sense that they felt kind of on their own in terms of discovering resources, staying up to date with a lot of what was going on in the privacy sector, etc. (which are issues that tend to be true for all in-house roles, I think).

[Anonymous User]

I work with privacy in house counsel fairly regularly from the firm side (since I dabble in a privacy work). They don’t seem any more or less stretched than any of the other in house people I work with, though a lot is changing at the moment, so there’s a lot to keep track of.

[albanach]

Agree with the above. It's pretty rare that in-house would have a lawyer acting as full-time privacy counsel. You might find a lawyer acting as privacy officer full-time, but that's a different engagement. So someone being overstretched is likely due to competing demands on their time and an under-resourced law department.

If in-house counsel is overstretched handling just privacy work, I would want to look at the strength of the compliance and IT Security teams. For example, is there a dedicated privacy officer and a CISO?

[Anonymous User]

Agree with the above. It's pretty rare that in-house would have a lawyer acting as full-time privacy counsel. You might find a lawyer acting as privacy officer full-time, but that's a different engagement. So someone being overstretched is likely due to competing demands on their time and an under-resourced law department.

If in-house counsel is overstretched handling just privacy work, I would want to look at the strength of the compliance and IT Security teams. For example, is there a dedicated privacy officer and a CISO?

Anon from above who does some privacy work. While there are plenty of companies that have privacy issues handled by a multi-hatted lawyer, any established company in one of the industries that is heavily regulated from a privacy perspective (eg, financial institutions, consumer facing tech companies, companies with lots of health information) should have *at least* one dedicated privacy counsel these days. Most companies I work with have multiple, and I even see mid-stage startups hiring dedicated privacy counsel.

[1styearlateral]

I’m in-house counsel at a smallish startup and can confirm all of the above about being multi-faceted, meaning that in-house lawyers generally don’t specialize in any given area of law unless you work for a very large company with a huge legal department (Apple, Amazon, JPMorgan, etc.). I’m one of two attorneys at the company and have a privacy cert, so I am the defacto privacy attorney/DPO, although I don’t spend all my time doing privacy work. In-house attorneys service all of the company’s departments, so being “overworked” can be a thing as a result of the inherent struggle to keep up with your demand.

[Anonymous User]

In case anyone is reading this now.... privacy counsel at my major tech company are extremely overworked and very tired & consider going to firms to be paid better for all the work they are doing lol so literally what OP said. It’s definitely happening in house. Definitely have multiple but they’re still stressed & the legal department is not small.