Related Posts
Additional Posts in Privacy Law
Can you incorporate SCCs by reference in a DPA?
Anyone take the CIPM recently? How was it?
Anyone else dying this week 😅
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.





I second all these sentiments. I have a combined decade that splits the difference between both, and they are – for better or worse – very distinct tracks.
Depends on where it is. If it’s a firm that only does incidents, potentially — you may just end up managing logistics of incident response rather than actually learning privacy laws. If it’s breach response + litigation/advisory/etc, that might be a good role to start with
This is also what I’ve heard. Expert to work odd and long hours with high stakes and exposure
No. Different track. Overlap for sure but at most large companies they aren’t hiring from the IR track for privacy counseling roles. It’s a competitive disadvantage bc others will have more experience that’s more relevant/aligned. You also won’t appear the same way in searches by agencies.
Agree with this. My colleagues at my old firm that did purely IR are having a difficult time getting into advisory roles. I did both and I’m in-house now.
F
IR work opened doors for me during COVID times. Not many were in this area. I serve in a dual capacity now. Cyber work overlaps into privacy obligations if data gets breached. If you have zero privacy experience, you can leverage IR work to get at least an interview. But you will definitely need to shore up on your understanding of privacy.
Just my two cents, I started in privacy consulting and now am in house counsel / CPO
Same
Likely pigeonholed. Possible in the right group with a broader practice to do well in IR and then try to expand from there but really depends on group structure and group / firm culture.
F
I'm in IR right now. It can be a stepping stone but getting directly into a more traditional privacy role is much better if that's your end goal
For what it’s worth I started in a predominantly IR role and I’m now doing 90% privacy advisory work at a new firm.
Sure!
I do advising in another area of law right now, but privacy and cybersecurity issues come up sometimes. I think I’ll stick where I’m at and try and get experience that way until something better comes along.