- Winston & Strawn and Blank Rome, two Am Law 100 firms, have both recently launched cross-department teams dedicated to data privacy and security.
- This comes at a time when privacy concerns have only heightened in recent years, leading to stricter regulations like the California Consumer Privacy Act, which went into effect this year.
- Business Insider spoke with the attorneys heading the new teams about their vision behind their work and how the pandemic has exacerbated privacy issues.
- Visit Business Insider’s homepage for more stories.
Data privacy seems to be top of mind for all companies these days.
As more parts of consumers’ lives are being digitized — from banking and transportation to retail and social interaction — there’s been an accompanying surge in privacy regulations, which are designed to protect the personal information that’s collected in the process.
Legal experts cite data protection and cybersecurity as one of the most promising practices to specialize in, as previously reported in Business Insider. Almost every second or third job opening that Alisa Levin, a prominent recruiter who’s worked with firms like Cravath and Kirkland & Ellis, has recently seen were related to this area, which she says is “huge.”
In response to these growing concerns over protecting data, two Am Law 100 firms have both recently launched cross-practice teams dedicated to privacy: Winston & Strawn expanded a five-person task force into a full-blown privacy and data security practice group in August, while Blank Rome has a new team dedicated to biometrics privacy it introduced in September.
Business Insider spoke with the attorneys spearheading these teams about the regulatory climate that catalyzed their formation, and how law firms can help their clients navigate an increasingly tricky privacy landscape.
Remote work during the pandemic and heightening regulations make it the “perfect time to double down”
The lead attorneys for both firms’ privacy groups say that the pandemic has only heightened the need for lawyers to step in and help their clients.
“The pandemic has caused a huge shift in how clients operate,” said Alessandra Swanson, partner at Winston & Strawn’s transactions department who co-leads its new data privacy team. “A large remote workforce brings with it a number of privacy and data security issues. Like with company-issued computers — hackers are having a field day.”
She also added that, as people are starting to return to offices, employers are required by law to collect a host of health information from their employees, which also stirs up privacy issues.
Sheryl Falk, a privacy litigator who also heads Winston’s data security team with Swanson and one other attorney, explained that the type of work has changed, too. The team originally dealt with larger-scale compliance projects, but now, “it’s shifted to smaller, more frantic work like data breaches and ransomware attacks,” she said.
Even prior to the pandemic, there’d been a steady escalation in privacy regulation across various jurisdictions in recent years, heightening the need for legal counsel in the sphere.
A prime example is the California Consumer Protection Act (CCPA), which went into effect this year. Similar to the European Union’s stringent General Data Protection Regulation (GDPR), the law ensures that consumers know what information is being collected about them, and gives them the right to opt out from the data collection or request that the data be deleted.
“And then you have all these other state laws that are coming along with increased federal and state enforcement,” said Falk. “Our clients are really recognizing privacy as a top level risk.”
To address its clients’ concerns, Winston decided to expand its small privacy task force, which had a core group of just five lawyers, into a large, cross-department practice group comprised of around 70 attorneys whose work — whether in litigation, corporate, or intellectual property — substantially dealt with privacy issues.
“It’s the perfect time to double down,” said Falk.
Because privacy encompasses so many industries, it made sense to pull in lawyers from different practices, said Swanson. These lawyers continue to work within their original practice groups, but will be pulled onto data protection cases as needed.
“We work seamlessly, and are able to leverage expertise across various practice groups to quickly and cohesively counsel clients,” she explained. “We’ve been able to cross-train everyone.”
Advising clients on how to avoid “landmines” in the “uncharted territory” of biometrics
Blank Rome launched its biometrics privacy team for similar reasons, said Jeffrey Rosenthal, partner at the firm’s business litigation team and chair of the new team. He explained that the stakes are even higher, though, simply because of the way biometrics works.
“The stakes are so high because when it comes to things like identity theft or your social security number being stolen or used, there are steps that can be taken to remedy that,” he said. “But when it comes to your fingerprint or your facial geometry or the sound of your voice, those are mostly immutable characteristics.”
Biometrics is being adopted across more and more industries, from social media, like Facebook’s facial recognition technology to automatically tag photos, to business employers, some of whom use fingerprint scanners instead of an old-school punch clock.
Reports show that the global biometrics market accounted for just $17 billion in 2018, but is expected to reach nearly $77 billion by 2027.
Blank Rome’s new privacy team, which consists of seven attorneys from compliance, data privacy, and labor employment practices, aims to take a “holistic” approach to help clients “avoid all the landmines in this uncharted territory,” said Rosenthal.
With the pandemic, Rosenthal thinks that things like biometrics are only going to be more sought after by companies, especially as people’s aversion to touching things has heightened with the highly contagious coronavirus.
“More companies are going to get behind facial recognition, or some other technology that doesn’t require physical touch,” he said.
Even though Rosenthal and the firm had been thinking about a team dedicated to biometrics for a long time, the pandemic made it all the more necessary to formalize the practice. And work for the new team, Rosenthal projects, will only get busier.
“I think this has only just begun,” he said.