Job Title: Data Privacy and Information Governance Officer
Job Responsibilities:
The Data Privacy and Information Governance Officer is tasked with overseeing the law firm's data privacy compliance efforts and the ongoing development and implementation of the information governance program. This role is critical in managing both digital and hard copy data in line with applicable laws, client contractual requirements, and internal guidelines across the firm's . and global offices. The officer will report to the Deputy General Counsel and the Chief Information Officer, with potential work locations in New York City or London, including travel to various office locations as necessary.
Key responsibilities include:
Data Privacy:
- Advising on national, state, and local data privacy laws and regulations, such as GDPR, UK GDPR, HIPAA, and the California Consumer Privacy Act, while staying updated on regulatory guidance and legal developments in data privacy and protection laws.
- Overseeing the firm's compliance with data privacy laws in its global operations by developing and managing necessary processes, procedures, and documentation.
- Collaborating with designated Data Privacy Officers in jurisdictions requiring such appointments.
- Conducting data privacy impact assessments and transfer impact assessments as needed.
- Reviewing and negotiating data processing agreements and Standard Contractual Clauses related to vendor engagements.
- Managing responses to data subject access, rectification, and erasure requests.
- Updating policies and notices addressing data privacy issues.
- Providing input and guidance on related business functions, including cyber insurance procurement, vendor management, and information systems design.
- Delivering training to firm personnel on data privacy laws and compliance.
- Assisting with incident response and notifications in case of a data breach.
Information Governance:
- Overseeing the development and implementation of an information governance program addressing client and administrative data across all repositories, with a focus on risk management, retention, destruction programs, and compliance.
- Collaborating with the Information Services Department to design information governance protocols as SaaS and GenAI tools are increasingly adopted.
- Working with the Records Services Manager to ensure information governance protocols are implemented and maintained.
- Reviewing and updating document retention guidelines to remain consistent with applicable laws and regulations.
- Leading initiatives to promote electronic recordkeeping practices among practice groups and administrative teams.
- Providing training on information governance protocols and compliance.
- Managing file transfers for lateral attorneys.
- Ensuring departing personnel meet filing expectations before departure.
Education and Experience Information:
- A minimum of seven years of experience in data privacy and information governance is required.
- A . from an accredited law school and admission to practice law in New York or California, or qualification as a solicitor in England if based in London, is essential.
- The candidate should possess the ability to work proactively, independently, and reliably under tight timeframes in a fast-paced environment.
- Collaboration skills to work effectively as part of a team and cross-functionally across various departments are needed.
- Strong analytical capabilities, judgment, and project management skills are required.
- Excellent oral and written communication skills are necessary, including the ability to communicate independently and confidently with senior lawyers and professional management.
- Comfort with implementing new programs and procedures and challenging current processes is expected.
- Excellent training and presentation skills are essential.
Preferred Qualifications:
- Prior experience working at a law firm is a significant advantage.
- CIPP certification is preferred.
- Strong familiarity with Microsoft M365 and commercial document management and records systems is beneficial.
- Experience in leading change and managing large-scale projects across a global organization is desirable.
Salary Information:
The text does not provide specific salary information for the Data Privacy and Information Governance Officer position.
