Data Privacy & Information Governance Officer

Job Description:

Responsibilities include but are not limited to:

Data Privacy

• Advising on applicable national, state and local data privacy laws and regulations, including the EU General Data Protection Regulation (“GDPR”), UK GDPR, HIPAA, California Consumer Privacy Act and other state laws, and monitoring for updates to regulatory guidance and statutory and case law developments in the areas of data privacy and data protection laws.
• Overseeing the firm’s compliance with applicable data privacy laws and regulations in its global operations, including development and oversight of necessary processes, procedures and documentation.
• Working with the firm’s designated Data Privacy Officers (“DPOs”) in jurisdictions where they are required to be appointed.
• Conducting data privacy impact assessments and transfer impact assessments as needed.
• Reviewing and negotiating data processing agreements and Standard Contractual Clauses in connection with vendor engagements.
• Managing responses to data subject access, rectification and erasure requests.
• Updating relevant policies and notices addressing data privacy issues for the firm.
• Providing input and guidance as requested on related business functions, including but not limited to cyber insurance procurement, vendor management, and information systems design.
• Providing training to firm personnel on data privacy laws and compliance.
• Assisting with incident response and notifications in the event of a data breach.
• Information Governance
• Overseeing the ongoing development and implementation of an information governance program that addresses client and administrative data across all repositories, focusing on risk management, retention, destruction programs and compliance.
• Working closely with the Information Services Department in designing information governance protocols in connection with increasing adoption of SaaS and GenAI tools.
• Working closely with the Records Services Manager in ensuring information governance protocols are implemented and maintained.
• Reviewing and updating firm document retention guidelines to ensure consistency with applicable laws and regulations.
• Leading initiatives to drive change in practice groups and administrative teams to encourage the adoption of electronic recordkeeping practices.
• Providing training to firm personnel on information governance protocols and compliance.
• Overseeing file transfers for lateral attorneys.
• Ensuring departing personnel comply with filing expectations prior to departure.

Job Requirements:

• Requirements:
• Seven years of data privacy and information governance experience.
• J.D. from an accredited law school and admission to practice in New York or California, or qualification as a solicitor in England if the position will sit in London, is required.
• Ability to work proactively, independently and reliably under tight timeframes in a fast-paced environment.
• Ability to work effectively and collaboratively as part of a team as well as cross-functionally across the Office of the General Counsel, Information Services, Legal Support Services, Records Services and Technology Risk & Compliance.
• Excellent judgment and ability to weigh risks, develop reasoned recommendations, including risk mitigation strategies, and to provide sound advice.
• Excellent oral and written communication skills, including the ability to communicate independently and confidently with senior lawyers and other professional management.
• Comfort implementing new programs and procedures and challenging current processes.
• Strong analytical capabilities and judgment.
• Strong project management skills.
• Excellent training and presentation skills.

• Preferred Qualifications:Prior experience working at a law firm is a significant plus.
• CIPP certification.
• Strong familiarity with Microsoft M365 and commercial document management and records systems.
• Experience leading change and managing large scale projects across a global organization.