Skip Repeated Content

Happy Data Privacy Day! The BCLP Global Data Privacy & Security team wanted to approach things a bit differently this year. We continue to grow as a team domestically and globally and have been excited to support numerous cross-border and cross-functional projects. We have not, however, had as many opportunities as we had hoped to meet with clients or each other over the course of the year. So this year, we wanted to reintroduce you to the global team. A number of us on the team provided a bit of background about how we landed in privacy, why we enjoy it, and offer a key piece of advice for 2022. We hope you enjoy and will look forward to seeing and working with each other in 2022 to tackle all things privacy and security.

Meet the Team!

Amy de La Lama

I stumbled into privacy as an associate nearly 18 years ago. I had an amazing mentor who was a trailblazer in privacy and really supported my career development. It was a just a natural fit for me. All these years later, I love the dynamic nature of the practice and the global reach of the work we do, as well as the amazing clients I have met along the way (many of whom I now call friends). I get to work with clients and colleagues all over the world and am constantly challenged. 2022 is the year to focus time and resources on upgrading privacy programs to absorb and adapt to new laws in a consolidated and programmatic manner. We, as external counsel, must be laser-focused on providing practical, business-friendly advice to help privacy teams combat privacy fatigue and identify risks and priorities that are most relevant to their organization.

Christian Auty

I became a data privacy lawyer after I agreed to look at something called HIPAA during an internal investigation I was working on as an associate. The rest is history. I enjoy data privacy because to understand a client’s data is to understand the client at a fundamental level. You constantly learn new things and you get to be very close to operational decision making, both of which are fun and interesting.

Data maps will be very important in 2022. They are not fun or exciting but are the backbone of every well-developed privacy program. They will also now be required in the US (in addition to Europe) when the new state privacy laws take effect in 2023.

Kate Brimsted

I became a privacy lawyer via a scenic route from music to engineering to law - starting off in IP - before I found my home in data privacy. I enjoy data privacy because this practice area is so varied and fast-paced. We can find ourselves one moment playing a key role in a major infrastructure project, and another we are coaching companies on managing a data breach or counselling clients on responding to requests and complaints from individuals and regulators.We need to be both creative and levelheaded as advisors in this space.

Organizations with EU outbound data transfers will need to keep their compliance strategy under review in anticipation of regulatory, political and commercial developments.They will also need to keep focused on identifying their most significant, business-critical risks. And finally, do not forget the hard deadline of December 27, 2022 for repapering agreements containing the old EU SCCs, as well as factoring in any UK outbound data transfers.

Geraldine Scali

As a junior IP/IT/Communication law associate in Paris in the early 2000’s, when data privacy was not as big as it is today, all the data privacy/CNIL questions were coming to my desk. I seemed to be the only one who enjoyed working on this topic. When I decided to leave France and move to London in 2011, privacy was becoming a thing (cookie consent was the hot topic back then) and firms in London were starting to have dedicated data privacy teams. I took the bet to focus my practice 100% on data privacy. It was in August 2011….3 months later, the first draft of the GDPR was leaked so my bet paid off. I enjoy that privacy is an exciting and diverse field that is constantly evolving, with regular bombshell developments and challenges.

Ethics, public trust, transparency and consent will be key concepts in 2022, whether it is in the context of the upcoming revamp of the UK data privacy regime, for example, or more generally in the privacy and technology area with data being at the heart of innovation.

Dominik Weiss

I became a privacy lawyer through counselling clients on website projects. It was impossible not to advise on data privacy! I enjoy privacy because it is challenging and rewarding to help clients navigate a rapidly evolving legal environment. You often deal with novel situations for which no case law or guidance exists. The work also demands that you keep up with the latest innovations in the technology sector.

In 2022, we will see more enforcement actions across Europe related to international data transfers. Clients should not bury their heads in the sand, but rather take appropriate steps toward compliance with the requirements of the Schrems II ruling in particular. With ransomware attacks on the rise, the implementation of adequate preventive measures and cybersecurity strategies also remain critical issues for companies.

Tom Evans

My second training “seat” fresh out of law school was in the “Information & New Technologies” department. I had not come across data protection law previously, but was drawn to the idea of advising on “Mobile apps”, which seemed very novel at the time. As I have settled into the practice, I enjoy the challenge of advising in an area that is changing constantly and that allows me to work with clients across all industry sectors.

Organizations should watch out for policy and regulatory developments outside of the purely “personal data” space, which may impact privacy teams and projects. The intersection between data protection law and other fields, such as competition or the regulation of AI, is becoming increasingly pronounced.

Goli Mahdavi

I became a privacy lawyer when a long-time litigation client needed privacy advice. After dipping my toe into the privacy pond, there was no turning back.I enjoy privacy law because it has allowed me to stay up-to-date on technology, so I have a fighting chance at keeping up with my kids when they are older.At the risk of being cliché, I enjoy collaborating with clients to help them design and implement solutions that work for their particular business.

2022 is shaping up to be a transformative year for privacy programs big and small. Companies should not delay in taking the first steps toward putting together a strategy for compliance.

Logan Parker

With a background in healthcare, I knew privacy was just one, but a very important, component of the industry. During my first legal job after law school, I was then tasked with legal and compliance initiatives revolving around not only HIPAA, but also financial and credit information under the Gramm Leach Bliley and Fair Credit Report Acts. As time went on, my practice expanded and I have been fortunate enough to work in all areas, domestic and international, of privacy and incident response, which has led me to be passionate about and love what I do for a living.

I believe that the risk of data breaches, particularly ransomware attacks and the payments associated with them, will continue to be a major risk for organizations big and small in 2022. The cyber-insurance landscape continues to change, and there is also increasing regulatory focus at the federal and state levels these issues. Therefore, it will be critical for organizations to make sure their security measures, controls, and protocols along with their incident response programs are in order to help protect business critical and personal information and prevent these types of attacks from occurring, where possible.

Andrea Rastelli

As a first year associate, I was tasked with understanding Gramm Leach Bliley and counseling banks and Fintechs on privacy compliance and security breaches. I really enjoyed working in the privacy field and gravitated to privacy work over other types of work. It was then that I expanded my practice to work with all types of companies in need of privacy compliance counseling. Practicing data privacy is much like solving an ever-changing puzzle. I enjoy the constant challenge and the innovative nature of practicing in this field.

As new technologies, such as Artificial Intelligence, continue to be developed against a backdrop of increasing regulation and enforcement, privacy will become an ever more crucial component that must be considered at every step of the product development process.

Sam Garner

In my prior career, I was a bioethicist – a sort of applied philosopher working on the ethical and regulatory issues in clinical trials – for the Division of AIDS at the National Institutes of Health. Much of my work focused on HIV and genetics research, where privacy and confidentiality issues are common, significant, and compelling. So I went off to law school with this interest in mind and here I am. I have continued practicing data privacy because both the legal and tech landscapes are constantly changing, and, believe it or not, I love reading statutes and regulations.

As the deadlines approach, it is crucial for companies to get moving to prepare for the CPRA, as well as the privacy laws in Colorado and Virginia.

Gabrielle Harwell

I became a privacy lawyer because of sheer luck and good timing. I have continued practicing data privacy law because data privacy law can change with one tweet – every day brings something new.

In 2022, companies should keep an eye on SEC enforcement actions related to data breaches and tailor their practices accordingly. Companies are being held to stricter standards than the legal requirements would suggest.

This document provides a general summary and is for information/educational purposes only. It is not intended to be comprehensive, nor does it constitute legal advice. Specific legal advice should always be sought before taking or refraining from taking any action.