Along with the growing complexity of regulatory compliance across the globe, the demand for legal counsel specializing in privacy has also grown. Worldwide, there has been a 33 percent growth rate in the number of in-house privacy staff. The International Association of Privacy Professionals and Bloomberg Law conducted a survey
of 353 privacy professionals to get their take on the current scene. Although it’s not a market as large as intellectual property or contract management, it’s growing – fast.
Privacy lawyers are popular:
More than three quarters reported they were using outside counsel to handle their privacy and data protection. Globally, large and medium-sized companies are more likely to use outside lawyers, than small organizations, which believe they can handle it on their own. If smaller organizations can afford it they do employ a privacy lawyer, otherwise they make do with what they’ve got. However, this can be a risky practice if nobody within the organization has sufficient knowledge.
What privacy lawyers are good for:
Respondents were most likely to use privacy lawyers for litigation, assisting with cross-border data transfers, interacting with regulators, and drafting/reviewing contracts with vendors. The biggest difference is that U.S.-based companies were likely to use a privacy lawyer respond to security incidents, but non-U.S. organizations were not. This indicates that breaches are more feared as a privacy risk in the U.S. because of the maze of notification laws. What is worth watching is if whether the data privacy officer role will grow with the implementation of the General Data Protection Regulation in the E.U.
Small and medium-sized organizations are concerned less with the prestige and size of their privacy lawyer’s group. What matters to them is their privacy lawyer’s experience responding to a data breach and relationships with regulators.
Worries about being the victim of a data breach continue to be mostly relevant to U.S organizations, due to the large number of breach notification laws with which U.S.-based companies must comply. Time will tell if the breach notification rules described in the EU General Data Protection Regulation will cause concerns to grow in the EU.
The market for law firms specializing in data privacy is even larger outside the U.S., where almost a third of companies engage with firms specializing in this area. This is in line with the fact that privacy and data protection is a relatively new and specialized area, so it should be expected to grow in the coming years. Source: IAPP & Bloomberg Law
In the E.U., uniform laws that have come into effect may contribute to a change in the legal industry because of the way lawyers deal with the General Data Protection Regulation. An organization may decide to hire experts in-house to deal with ongoing privacy matters instead of turning to external counsel. Once considered an add-on to intellectual property and technology law, data privacy is now on the map as a specialized field. Legisway recognizes that it has become a growing concern among general counsel, which is why we developed an additional module for Data Privacy. It allows organizations to register and control their processes that involve the use of privacy-sensitive data. The result is that they are compliant by having a full overview of their processes.