Exit Options for Privacy Attorneys Forum

[Anonymous User]

I am wondering what kinds of exit options are available for privacy attorneys. I've been at a law firm for a few years now and I am starting to burn out. What are my options? I'm CIPP certified and work with some of the major privacy laws on a daily basis (GDPR, CCPA, etc.), but I have less experience with other laws like GLBA, FCRA, etc. I do not do any breach response work and have little desire to do so. Does anyone have experience actually working on privacy issues in-house or as a privacy officer? What are the hours and pay like? How much experience is typically expected before jumping ship? Anon because there are not that many of us out there and I guess I'm generally paranoid.

[The Lsat Airbender]

I'm borderline spitballing here but I've seen consultancies that would value this kind of expertise (boutique mostly but I imagine BCG et al are also interested in the space). F500 companies or governments bring them onboard to help overhaul IT/compliance regimes. There's probably room for experienced attorneys who can "translate" regulatory regimes into policy and do general advisory work. Almost certainly would require a paycut compared to biglaw, obviously.

eta: in-house roles might be harder to come by in the short term because, in addition to COVID, a lot of big companies ramped up their privacy/IT departments to comply with GDPR and probably aren't keen on adding even more headcount

[oblig.lawl.ref]

I am wondering what kinds of exit options are available for privacy attorneys. I've been at a law firm for a few years now and I am starting to burn out. What are my options? I'm CIPP certified and work with some of the major privacy laws on a daily basis (GDPR, CCPA, etc.), but I have less experience with other laws like GLBA, FCRA, etc. I do not do any breach response work and have little desire to do so. Does anyone have experience actually working on privacy issues in-house or as a privacy officer? What are the hours and pay like? How much experience is typically expected before jumping ship? Anon because there are not that many of us out there and I guess I'm generally paranoid.

Can't speak to current market or openings exactly or exactly what would make a privacy team interested, and perhaps I'm naive, but as an in-house lawyer at a technology company I can't imagine a much better speciality for going in-house generally than a law firm privacy associate. Opportunities probably depend on the reputation of your firm but I would think even that's a low bar. Privacy experience is tough to come by as far as I know. Tech companies in the Bay Area are always looking for privacy specialists. Have you checked out "product counsel" roles? Those are generally privacy focused roles. I really think they would care most about CIPP certified and GDPR and CCPA experience and I doubt not doing breach response work would be a deal breaker for many. I got past round one in a couple product counsel interviews as a corporate associate because Bay Area tech companies couldn't find anyone with any privacy experience. I don't even think you would need that much experience compared to other specialities. Probably less than corporate.

The market may be a bit tougher now but tech companies are probably hiring more than most.

It depends company to company but I think Bay Area tech companies typically pay privacy/product counsel well for in-house and the hours are typically 8/9 - 5/6-ish. YMMV but I think that's pretty typical.

[hangtime813]

Banking/FI's definitely have a need for privacy attorneys. CCPA/GDPR/GLBA, etc. affect a lot of the financial industry work and we actively look for those credentials.

[mardash]

Big tech would be a good option.