Privacy Counsel

Privacy Counsel

Requirements

• Specific expertise required in statutes, regulations and guidance concerning data protection throughout the US and Europe, which could include GDPR and the ePrivacy Directive, CCPA, CPRA, as well as other US privacy requirements (Section 5 of the FTC Act, CAN SPAM, state breach notification laws).
• Familiarity with data protection statutes and regulations in other areas of the world a bonus.
• Consummate team player with excellent judgment and interpersonal skills.
• Demonstrable program management skills, including strong organizational and multi-tasking abilities.
• Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and multi-functional teams.
• Highly motivated to contribute and grow within a complex area of emerging importance.
• Demonstrable experience taking ownership of issues and providing timely, actionable advice.
• Exceptional written, oral and presentation skills.
• JD from an ABA accredited law school and member of a state bar
• Minimum of 5 years’ experience providing privacy advice, preferably to pharmaceutical, biotechnology, or medical device companies, whether in-house or at a law firm
• Experience in management of a corporate privacy program.

Responsibilities

• Performing regular privacy assessments of new and existing business processes (including through data inventories and data protection impact assessments), providing practical and timely advice to internal clients to design business processes in compliance with applicable data protection requirements, including those relating to data transfers, while addressing risks and protecting the company’s integrity and reputation.
• Acting as subject matter expert and internal escalation point for data protection issues in contracting, including data processing agreements, research collaborations, and transactional agreements; continue to develop template materials for contracting and advise/train members of the legal department on handling privacy-related language in contracts.
• Working closely with our contracting teams to improve and streamline contracting processes and procedures related to data protection and security.
• Drafting privacy notices and consents for business processes across the organization, and maintaining the organization’s privacy and cookie notices on company websites.
• Developing and reviewing content for privacy training materials and other communications to increase employee understanding of company privacy policies, data handling practices and procedures and legal obligations, as well as to ensure awareness of ‘best practices’ on privacy and data security issues.
• Evaluating and responding to data subject requests (e.g., request for information, clarifications, rectification, or deletion of personal data) and reports of potential data incidents.
• Supporting the monitoring/auditing plan for compliance with internal data protection policies and processes and working with Internal Audit function, Office of Business Integrity and Ethics or external auditors in carrying out audit plans.
• Keeping abreast of privacy developments affecting the company (e.g., evolving guidance out of the European Union, California Privacy Act, discussions of US privacy laws, CAN-SPAM, e-privacy and developments in Artificial Intelligence) and anticipating potential changes needed to global privacy program to meet new regulatory requirements.
• Participating in various Legal & Compliance Department projects and initiatives (e.g., Culture, Diversity, & Inclusion Committee, Pro Bono & Community Engagement Committee, Talent & Development Committee, offsite planning, strategic planning).

Preferred Qualifications

• CIPM, CIPP/US or CIPP/EU certification(s) preferred but not required.