Just joined a small Pharma company as Product Counsel and am going to be groomed to be the Privacy Officer/Privacy Counsel. I’m a 6th year healthcare regulatory and transactional attorney for referenced and have been in house in Pharma for two years now, previously in a regulatory role. Any advice for getting into this new role quickly?

like
Posting as :
works at
You are currently posting as works at

First - get familiar with your company’s products, services, etc. what data is collected from consumers, what data comes in from partners, and if you have employees in california, what data you collect from employees. If your engineering team has a data map, read it and get familiar with it. Build relationships with your it, it engineering, product, and marketing teams.

Law/Regulation Wise -

If global - get familiar with GDPR, check regulator fines for companies similar to yours and what they were fined for, if there’s AI involved get familiar with EU AI act.

Just US - get familiar with CCPA/VCDPA. IMO every state law on the books falls into a CCPA style or VCDPA style law. Upcoming laws (like Maryland) stray away slightly.

Overall - If you’re doing cyber/data breach - get familiar with those laws and thresholds, get familiar with common contractual terms you’ll be reviewing/negotiating - items I look for in DPAs (in no particular order):
1) audit rights
2) breach notification
3) Limitation of Liability
4) Data transfer terms (if there are any)
5) With the new DOJ rule, if any vendors you do business with fall into those categories
6) other commercial terms (insurance, etc.)
7) any downstream data sharing
8) check if any sub processors downstream are using AI

AI likely will fall within your remit too so… how its used, if there are any vendors the biz is looking to do a PoC on - input/output ownership rights, data ownership, any training on your data, how the biz intends to use it.

Also get comfortable with privacy impact assessments/data protection impact assessments.

like

Nothing besides I hope to follow in your footsteps soon as a rising midlevel

like

Hmmm I mean brush up on things you might not expect, like marketing or kids stuff, but I think you’ve got all the bones there to be great!

like

when do you think they’ll transition you to Privacy Counsel? is there a set number of years you need under your belt?

Basically immediately. My boss isn’t concerned and felt that going for the CIPP/US was unnecessary at this stage.

Related Posts

Cool to see new agencies launching in Toronto during (in spite of?) the pandemic!

Post Photo
likeuplifting

Hello, One of my client is the greater Philadelphia area is looking to fill two roles: 1. Senior Manager Category Management, 8+ YoE
2. Procurement analyst 2-4 YoE.

like

Hi folks,

Is there any vacancy on .net with 7yoe in cognizant.
If so please send a link or refer me

TIA

like

Hello All,

Looking for a refferal in
Genpact .

Please let me know if anyone can help. I have the job ID.

Currently an HR Generalist looking for a second remote job. Does anyone know of any opportunities? I’m currently freelancing as well.

like

do you have any coping mechanisms you’d recommend for students at an alternative school? We have a lot of meltdowns and apathy and lack of motivation

like

Most important bec topics??

like

Best resources for platform dev 1? I failed in 3 times and have to wait until spring. I’ve got 9 other certs(5 yoe) but this one is kicking my butt

like

Hi everyone,
I'm looking for team lead role (content moderation) for google client.

Can anyone please give the referral..

like

Can any help me to get in CGI as am serving my notice period in Genpact

like

Deloitte Anyone from deloitte applied for National Interest Exception(NIE) and approved under H1b category

likefunny

Hello everyone,
Is there anyway to get help for devops assignment

like

Need help on how I transition my career from Audit to Management Consultancy. I have only completed BCom and ACCA (UK Chartered Accountant) and have worked for over 2 years at EY.

like

Hi All,

If i accept the offer of company Abc (MNC) to get a counter offer and after getting better offer then if declined company Abc offer, then any penalty needs to be pay for 2 month?

Could you please help me out here.

like
like

Is it only me who has shifted to Pune?😂
It's so boring to sit at home alone with office not starting soon.
If anyone who has shifted feels the same😂 let's meet🥂

like

Any referral available for a BA role. At present I'm also persuing PGDBA from Great Lakes.

Hi, I want to learn how to build ETL pipelines with Pyspark and Azure. As right now i have experience in feature engineering only with SQL and Pyspark.

Can anyone suggest anything online from where i can learn and do hands on?@

Hi Fishes,
Could you please help me with how is the wlb and job security in DBS? I have got an offer in treasury & market unit as an application developer. Thanks in advance

like

Additional Posts in Privacy Law

What circumstances under the Gramm Leach Bliley Act would trigger reporting to the FTC, if at all?

like

How can I stop data brokers from selling my information to political campaigns & other Ad compaigns? I don't live in California so CCPA does not apply to me..

like

How Much Can You Sue an
Employer for Not Paying You?

like

Has anyone been successful negotiating a “breach notification costs” provision in contracts with vendors? What are some good args to include it? I feel like vendors generally flat out say “no”, but I have seen some contracts where vendors were willing to include it and I’m wondering how that happened 😁

like
like

Is anyone involved in IAPP’s young privacy professionals group? Is there an age cutoff? They keep emailing but I wouldn’t consider myself “young”! Will they stop emailing when I turn 40?

likefunny

Anyone else dying this week 😅

like

Anyone have any CIPP/US practice questions besides the 30 from the IAPP?

like

Govt attorney here. Trying to jump into privacy now. In house or big law ? Pros and cons in the world of privacy ?

like

Planning to take the CIPP and CIPM. Will be doing self-study. What is the “book” everyone refers to for studying? Is it just the “study guide” the IAPP sells? Does anyone know if the study guides and sample questions you can buy on amazon are sufficient to use for passing? Appreciate any and all advice.

like

In terms of taking the next step to elevate your career- what items are you heavily focusing on? I have speciality in data governance as well as product counseling, but curious to know what others find most helpful in their practice areas.

likehelpful

Anyone have any suggestions on how to break into this field as a mid-level commercial litigator? I was thinking of taking the CIPP-US test but would that be enough to get some interview traction?

like

So as a 30ish yo with a government/PE/tech background and CIPM/CIPP… I’m finding privacy work is just much easier and interesting than other kinds, but still pays plenty well.

Is it too late/inadvisable to go to law school to specifically aim for privacy work?

I just find some firms are unwilling to entertain the idea that anyone but a lawyer has anything relevant to contribute in this space…

like

Can anyone share a salary range for a non-attorney with a JD and 1 YOE handling incident response and contract negotiations?

like

I’m currently doing IR work but would like to do something more on the technical side (ie: more forensics or technical). Does anyone know if forensics firms or any firm that offers a mix ? I have both a Cipp-Us and cyber/ Sec+ certs.

like

Low billable, low pressure work in privacy law? Slowly realizing that as my boys get older, the money isn’t worth what I’m missing out on. Currently a tech litigation associate with lots of hearing, depo and trial experience (I’ve appeared on my own at hearings/depos) at a well respected firm. I have limited privacy experience despite being hired for that reason… Have my CIPM and CIPP/US /E and /C. Remote preferred; hubs is pilot with cool intl transfer opportunities. Money isn’t issue.

funnylike

For anyone who has the CIPP/US certification, how long did you study for the exam?

like

Can you incorporate SCCs by reference in a DPA?

like

IAPP is such trash. Why does everyone recommend getting the CIPP certs when they mean nothing??

like

Anyone here work at Meta? Looking for a referral for a privacy role

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal