Starting in Privacy Law: What I Tell Law Students
After my first semester of law school went hilariously awry, I was terrified I would never get a job. I spent the rest of law school networking like crazy with practicing attorneys gracious enough to share their time. So, when law students ask me how to get into privacy law, I’m more than happy to pay it forward. Here's what I tell them:
Question: Did you always know you wanted to do privacy law?
Answer: Nope. I started out as a corporate generalist and noticed that the more specialized the lawyer, the better work/life balance they tended to have. My patent and tax lawyer friends seemed have better hours and nicer bosses partly because there always seemed to be enough work to go around. That realization planted the seed of looking for a niche so that, when I got the chance in-house to specialize in privacy, I took it. That said, I never would have gotten the in-house role without my corporate background, so there is something to be said for generalist training.
Q: Fine, but I don’t have a job. How do I get privacy law experience?
A: Privacy Law in its current form is relatively new as opposed to, for example, M&A which has decades of accumulated law and entrenched players. This is great for a student because it means there is relatively less material to absorb. With that in mind:
1. Take any and all privacy law classes at your school.
2. Consider getting a CIPP-US or CIPP-E if you can afford it. It’s not a difficult test or too expensive, and it’s a great way to show you’re serious about the field.
3. Join your local IAPP chapter as a student for free and go to all its meetups. Find local conferences on privacy law and attend them at the student rate. Show up with business cards and ask questions.
4. If you network with someone, read everything they have written and know the latest news on their specialty. For example, if we were meeting, it would be a good idea to read the SK&S blog.
5. Become familiar with CCPA and GDPR. Read the statutes, follow the excellent privacy law blogs from Husch Blackwell and Greenberg Traurig, and absorb their backlogs.
6. Set Google Alerts for “Privacy Law”, “CCPA”, “GDPR”, or whatever strikes your fancy.
7. Pick a privacy policy of a company that is subject to several privacy laws, like Airbnb or LinkedIn. The CCPA and GDPR (along with their regulations) have a list of requirements for privacy policies. Tick and tie each provision of the applicable law to a section of your chosen privacy policy. Don’t stop until you understand why each provision is in there. Bonus points if you can find an element in the regs missing from the privacy policy.
8. Don’t ask for a job, ask who else you should be talking to.
9. Folllow up about once a quarter to build a relationship and, per Brad Bernthal, give first.
Q: Should I be looking at Big or Small Firms?
A: When you’re looking at a job, you’re looking for a person more than a firm. Specifically, you’re looking for a mentor who will not just redline your screw-ups but talk you through a process to avoid repeating them. Talk to former associates, ask what kind of issues you’ll be working on, and accept that your job will be simple details that may not compare to the kind of high-minded content you encountered in Con Law. Look for someone with the ability and willingness to sacrifice billable time to train you. Ask associates if they’re happy; run away if they equivocate. Happy paralegals and staff are a great sign, but although they will teach you a ton about being a lawyer they should not be your sole source of training.
Good luck out there, and as a random lawyer taking his fourth different state bar exam said to me in line before my bar exam, “It’s a low bar”.