Tech/Privacy Law Forum

[Anonymous User]

What are some good firms to target for tech/privacy law in NYC? Boutique or biglaw - I don't care either way. If I'm going to be working my butt off as a junior associate, I'd rather it be in a field that I love rather than just another practice group. Thanks!

[RedGiant]

IME, privacy law is mostly reserved for partners or senior associates--most clients don't want to pay biglaw prices for what amount to relatively straightforward regulatory queries. You may update a memo on say, NY's SHIELD law or CCPA developments as an associate or do client alert research, but it's the type of biglaw that is truly client counseling, and therefore, partners are on the phone with clients answering questions, and associates may do some of the behind the scenes work drafting policies and whatnot, but you're not going to have a huge privacy practice as an associate--it'd be part of a larger tech-focused practice. A lot of privacy solutions are handled by legal tech these days too--so you not only don't need biglaw, you may even have off-the-shelf policies and solutions you can pay for in a product (cookie consents, etc.). There's tons and tons of privacy law in-house and so my advice, if you were trying to break into this, would be to see if there's a Chambers ranking for Privacy, see who the speakers are for PLIs on Privacy, see who the speakers were for the recent TechGC forum on Privacy from firms, etc. and target that way. Another way would be to pick a historically tech-focused law firm that has a NY outpost (WSGR, Fenwick, Goodwin, Cooley, Gunderson, etc.) and try to get into the tech transactions groups at those firms. There will not be many "pure play" privacy slots for new grads. This is likely your best bet. My apologies, but I don't know the NY tech offices well from afar anymore--I haven't been on the East Coast for a few years yet, so I can't give specifics on which of those is most likely.

But truly--do informational interviews, take the time to get your CIPP when you have time off in law school to signal interest in the field. Most pratcitioners fell that CIPP is a stupid credential but it does have a good signaling effect. It's less than $1000.

[Anonymous User]

Thank you, that is so clear and helpful! I've been thinking about the CIPP for a while now so I think I'll go ahead with that. I also found a list of privacy law fellowships that I plan to look into further.

[gunrun]

I disagree that most privacy issues amount to relatively straightforward regulatory queries. In fact, I have found that privacy law is one of the more intellectually challenging areas of the law. It depends on what you're doing, of course, but in my experience, clients are willing to pay a lot for firms to deal with privacy's dense, vague, and conflicting laws and regulations. It does take a lot of runway for an associate to start making meaningful contributions to the firm, though. You need a fairly comprehensive understanding of the various laws and potential issues.

[Anonymous User]

IME, privacy law is mostly reserved for partners or senior associates--most clients don't want to pay biglaw prices for what amount to relatively straightforward regulatory queries. You may update a memo on say, NY's SHIELD law or CCPA developments as an associate or do client alert research, but it's the type of biglaw that is truly client counseling, and therefore, partners are on the phone with clients answering questions, and associates may do some of the behind the scenes work drafting policies and whatnot, but you're not going to have a huge privacy practice as an associate--it'd be part of a larger tech-focused practice. A lot of privacy solutions are handled by legal tech these days too--so you not only don't need biglaw, you may even have off-the-shelf policies and solutions you can pay for in a product (cookie consents, etc.). There's tons and tons of privacy law in-house and so my advice, if you were trying to break into this, would be to see if there's a Chambers ranking for Privacy, see who the speakers are for PLIs on Privacy, see who the speakers were for the recent TechGC forum on Privacy from firms, etc. and target that way. Another way would be to pick a historically tech-focused law firm that has a NY outpost (WSGR, Fenwick, Goodwin, Cooley, Gunderson, etc.) and try to get into the tech transactions groups at those firms. There will not be many "pure play" privacy slots for new grads. This is likely your best bet. My apologies, but I don't know the NY tech offices well from afar anymore--I haven't been on the East Coast for a few years yet, so I can't give specifics on which of those is most likely.

But truly--do informational interviews, take the time to get your CIPP when you have time off in law school to signal interest in the field. Most pratcitioners fell that CIPP is a stupid credential but it does have a good signaling effect. It's less than $1000.

2nd year privacy associate-- the above has not been my experience. There are certainly privacy policies, etc that need to be done but there are also a vast array of laws at various levels [federal, state, and international] and privacy associates do a lot of work drafting advice for clients related to those laws. As gunrun said, this can be challenging because some of these laws are pretty new and/or poorly worded so you'll need to really think things through without having a bunch of case law or firm guidance to rely on (from either the courts or the FTC). Exactly what you're doing will depend on your clients and your practice group-- not every client is doing cutting edge work, but you'd be surprised where some interesting privacy questions can arise outside of the tech industry.

I can't give a good answer on firms in NYC-- most of my interactions are SF/SV and DC and I'm sure firms vary in how they divide up work among offices. One thing to keep in mind is that some firms are more focused on the regulatory and advice side of things and others do most of their privacy (or cyber) work in the litigation space-- generally defending against the FTC or consumer lawsuits. Informational interviews will help inform you where a firm does most of their work and how much of it is done out of their NYC office. Chambers and Vault both have lists for Data Privacy practices that can serve as a starting place for identifying a handful of firms.

CIPP is not required. Maybe there could be a benefit if you go to a firm with a very small privacy practice to get your foot in the door? But that's just speculation.

[Anonymous User]

IME, privacy law is mostly reserved for partners or senior associates--most clients don't want to pay biglaw prices for what amount to relatively straightforward regulatory queries. You may update a memo on say, NY's SHIELD law or CCPA developments as an associate or do client alert research, but it's the type of biglaw that is truly client counseling, and therefore, partners are on the phone with clients answering questions, and associates may do some of the behind the scenes work drafting policies and whatnot, but you're not going to have a huge privacy practice as an associate--it'd be part of a larger tech-focused practice. A lot of privacy solutions are handled by legal tech these days too--so you not only don't need biglaw, you may even have off-the-shelf policies and solutions you can pay for in a product (cookie consents, etc.). There's tons and tons of privacy law in-house and so my advice, if you were trying to break into this, would be to see if there's a Chambers ranking for Privacy, see who the speakers are for PLIs on Privacy, see who the speakers were for the recent TechGC forum on Privacy from firms, etc. and target that way. Another way would be to pick a historically tech-focused law firm that has a NY outpost (WSGR, Fenwick, Goodwin, Cooley, Gunderson, etc.) and try to get into the tech transactions groups at those firms. There will not be many "pure play" privacy slots for new grads. This is likely your best bet. My apologies, but I don't know the NY tech offices well from afar anymore--I haven't been on the East Coast for a few years yet, so I can't give specifics on which of those is most likely.

But truly--do informational interviews, take the time to get your CIPP when you have time off in law school to signal interest in the field. Most pratcitioners fell that CIPP is a stupid credential but it does have a good signaling effect. It's less than $1000.

D.C. biglaw data privacy junior (1-2 year) associate. This hasn't been my experience at all. The issues are insanely complex, and definitely not just reserved for senior associates or partners. It's also not just tech trans. Data breaches take up a huuuge amount of time to adequately address--and the issues involved are very nuanced legal inquiries.

[Anonymous User]

How is the prospect of being a tech trans/privacy assoiate at biglaw? I'm interested in the field but it seems like transactional privacy law is very, very niche. I'd join the corporate group at my firm (NYC) but I don't know which particular group I'd be assigned. Would you say transactional practice in tech/privacy is better than M&A and cap market if I plan to go in-house after a few years at the firm?

IME, privacy law is mostly reserved for partners or senior associates--most clients don't want to pay biglaw prices for what amount to relatively straightforward regulatory queries. You may update a memo on say, NY's SHIELD law or CCPA developments as an associate or do client alert research, but it's the type of biglaw that is truly client counseling, and therefore, partners are on the phone with clients answering questions, and associates may do some of the behind the scenes work drafting policies and whatnot, but you're not going to have a huge privacy practice as an associate--it'd be part of a larger tech-focused practice. A lot of privacy solutions are handled by legal tech these days too--so you not only don't need biglaw, you may even have off-the-shelf policies and solutions you can pay for in a product (cookie consents, etc.). There's tons and tons of privacy law in-house and so my advice, if you were trying to break into this, would be to see if there's a Chambers ranking for Privacy, see who the speakers are for PLIs on Privacy, see who the speakers were for the recent TechGC forum on Privacy from firms, etc. and target that way. Another way would be to pick a historically tech-focused law firm that has a NY outpost (WSGR, Fenwick, Goodwin, Cooley, Gunderson, etc.) and try to get into the tech transactions groups at those firms. There will not be many "pure play" privacy slots for new grads. This is likely your best bet. My apologies, but I don't know the NY tech offices well from afar anymore--I haven't been on the East Coast for a few years yet, so I can't give specifics on which of those is most likely.

But truly--do informational interviews, take the time to get your CIPP when you have time off in law school to signal interest in the field. Most pratcitioners fell that CIPP is a stupid credential but it does have a good signaling effect. It's less than $1000.

2nd year privacy associate-- the above has not been my experience. There are certainly privacy policies, etc that need to be done but there are also a vast array of laws at various levels [federal, state, and international] and privacy associates do a lot of work drafting advice for clients related to those laws. As gunrun said, this can be challenging because some of these laws are pretty new and/or poorly worded so you'll need to really think things through without having a bunch of case law or firm guidance to rely on (from either the courts or the FTC). Exactly what you're doing will depend on your clients and your practice group-- not every client is doing cutting edge work, but you'd be surprised where some interesting privacy questions can arise outside of the tech industry.

I can't give a good answer on firms in NYC-- most of my interactions are SF/SV and DC and I'm sure firms vary in how they divide up work among offices. One thing to keep in mind is that some firms are more focused on the regulatory and advice side of things and others do most of their privacy (or cyber) work in the litigation space-- generally defending against the FTC or consumer lawsuits. Informational interviews will help inform you where a firm does most of their work and how much of it is done out of their NYC office. Chambers and Vault both have lists for Data Privacy practices that can serve as a starting place for identifying a handful of firms.

CIPP is not required. Maybe there could be a benefit if you go to a firm with a very small privacy practice to get your foot in the door? But that's just speculation.

[Anonymous User]

How is the prospect of being a tech trans/privacy assoiate at biglaw? I'm interested in the field but it seems like transactional privacy law is very, very niche. I'd join the corporate group at my firm (NYC) but I don't know which particular group I'd be assigned. Would you say transactional practice in tech/privacy is better than M&A and cap market if I plan to go in-house after a few years at the firm?

This is the anon you quoted- I’m not sure. Most tech trans folks I know are corporate attorneys and not privacy attorneys. I’m sure there may be people who split between the two practices, but I don’t know enough to give an outlook regarding how common it is or how to approach that split. From the privacy side, I’ve only been involved in deals as part of diligence for a company’s privacy and cyber policies/practices.

As to which is better for going in-house, it depends on what you want to do. If you want to go in-house to work on privacy issues, you’ll be a stronger candidate with a privacy background. Many corporate attorneys work across issue areas- so perhaps just getting a foot in the door could help but it might not be the most direct route.

[Anonymous User]

I'm the anon who quoted you. Thank you so much for the insight. Are you a transactional privacy associate in your firm's privacy & cybersecurity group? Do you exclusively work for privacy/cybersecurity matters?

How is the prospect of being a tech trans/privacy assoiate at biglaw? I'm interested in the field but it seems like transactional privacy law is very, very niche. I'd join the corporate group at my firm (NYC) but I don't know which particular group I'd be assigned. Would you say transactional practice in tech/privacy is better than M&A and cap market if I plan to go in-house after a few years at the firm?

This is the anon you quoted- I’m not sure. Most tech trans folks I know are corporate attorneys and not privacy attorneys. I’m sure there may be people who split between the two practices, but I don’t know enough to give an outlook regarding how common it is or how to approach that split. From the privacy side, I’ve only been involved in deals as part of diligence for a company’s privacy and cyber policies/practices.

As to which is better for going in-house, it depends on what you want to do. If you want to go in-house to work on privacy issues, you’ll be a stronger candidate with a privacy background. Many corporate attorneys work across issue areas- so perhaps just getting a foot in the door could help but it might not be the most direct route.

[Anonymous User]

I’m a privacy and cyber associate. Most of my work is regulatory in nature but there are also government investigations and occasional transactional diligence work. The vast majority of the work I do is not transactional but I do occasionally get pulled in as a privacy or cyber specialist on certain deals to take a look at policies/practices. Spend long enough in the group and you’ll be on one of those matters, so I don’t consider myself a transactional privacy associate.

I do some work with another non-corporate practice group but 2/3 of my work is privacy/cyber.

I'm the anon who quoted you. Thank you so much for the insight. Are you a transactional privacy associate in your firm's privacy & cybersecurity group? Do you exclusively work for privacy/cybersecurity matters?

How is the prospect of being a tech trans/privacy assoiate at biglaw? I'm interested in the field but it seems like transactional privacy law is very, very niche. I'd join the corporate group at my firm (NYC) but I don't know which particular group I'd be assigned. Would you say transactional practice in tech/privacy is better than M&A and cap market if I plan to go in-house after a few years at the firm?

This is the anon you quoted- I’m not sure. Most tech trans folks I know are corporate attorneys and not privacy attorneys. I’m sure there may be people who split between the two practices, but I don’t know enough to give an outlook regarding how common it is or how to approach that split. From the privacy side, I’ve only been involved in deals as part of diligence for a company’s privacy and cyber policies/practices.

As to which is better for going in-house, it depends on what you want to do. If you want to go in-house to work on privacy issues, you’ll be a stronger candidate with a privacy background. Many corporate attorneys work across issue areas- so perhaps just getting a foot in the door could help but it might not be the most direct route.