If you are a company that handles and/or collects your client’s personal data, you might be in trouble. Prior to May 25, 2018, the only real data privacy protections we saw were the Children’s Online Privacy Protection Act (COPPA), enacted in 2000 to protect children from online predators. Then, the European Union enforced the General Data Protection Regulations (GDPR) as the first big regulatory shift in Data Protection since 2000, which mandated inter alia, that business enact appropriate technical and organizational measures to implement data protection, information systems must be designed with data regulations in mind, privacy settings must be revised and can be revoked, and that a Data Protection Officer (DPO) must be assigned to be responsible for managing GDPR Compliance. Essentially, GDPR gives EU citizens greater control over their personal data, privacy and consent.
Then the California Consumer Protection Act (CCPA) took effect January 1, 2020, despite some major pushback from Silicon Valley. It armed all residents of California with a comprehensive new arsenal of privacy rights, including the right to request a disclosure of any personal data shared and the right to request the permanent deletion of that data. The CCPA applies to any business, including any for-profit entity that collects consumers’ personal data, which does business in California, and satisfies at least one of the following thresholds:
- Has annual gross revenues in excess of $25 million;
- Buys or sells the personal information of 50,000 or more consumers or households; or
- Earns more than half of its annual revenue from selling consumers’ personal information
Although the statute was put into effect on January 1, 2020, the only enforcement of the statute as of that date relates to suits involving data security breaches. A company cannot be a defendant in a civil action for the privacy-oriented provisions of the CCPA until July 1, 2020 – when the Attorney General can bring enforcement actions founded on any provision of the CCPA (regardless of whether such a provision relates to privacy or security, or one of the Attorney General’s regulations).
Why Interim Talent Is the Best Way to Go
If you are an in-house attorney, these rules likely affect your company and while you still must perform your normal day-to-day responsibilities, you now have so much more on your plate to prevent lawsuits for non-compliance.
In the current climate, where we are all forced to work from home, it is nearly impossible to interview suitable candidates who can join your team full-time as Privacy Officers and help with the July 1, 2020, deadline. Instead, data privacy-related work is particularly well-suited to the interim talent model because experts can join your team immediately, without required full-time overhead and the option to convert to permanent later on still exists but is not required. Here are a few other reasons why interim legal talent is a smart move for your legal team:
- Interim talent can assist with a variety of substantive work, from providing regulatory advice to preparing and updating IT security policies. Generally, contract attorneys are professionals who require little-to-no ramp up time because they have done this job elsewhere and are just looking for their next role. They usually bring in a wealth of knowledge with transferable skills that you may not have realize you needed.
- Your legal department may not have the budget to bring on another full-time hire. Or, if you’re a startup still in the early stages of your growth, you may not want to set the expectation for long-term employment. Sometimes it is easier to show the CEO or CFO how a contract employee is a resource that could warrant conversion or added headcount, without just outright demanding more assistance. There is no commitment to bringing these people on as full-time. You can bring someone in for a few months, which can be a nice test-run to see if they would be a fit or are a necessary addition to the team.
- Interim legal counsel is more cost-effective than using an outside firm that charges much higher hourly rates. Interim lawyers work at your location and charge only for the hours worked, giving you more control over legal costs. Also, they can work part-time if that would make more sense for your budget or workload.
- With help from an experienced legal recruiter with vast industry contacts, an interim attorney can often be brought on very quickly. This is perfect if you’re in a crunch related to CCPA implementation and need help with drafting and editing policies and other tasks. Time is always of the essence. The process moves quickly; rather than requesting an attorney and interviewing for months, an experienced legal recruiter will usually provide resumes within 2–5 days of beginning a search for any role. The qualified candidates are usually ready to start ASAP without the wait of a notice period.
Data privacy is a convoluted, ever-changing area of the law. Cybercrimes are at an all-time high, costing companies billions of dollars — and irreparable customer loyalty — each year. As regulators enforce data privacy requirements with more vigor than ever before, in-house legal teams will find themselves in need of an attorney who knows the ropes.
If another permanent legal hire is not in the cards for your department, an interim lawyer can be the most economical, efficient way forward. An experienced legal recruiter can help you tap into the pool of high-tech interim legal talent and find a lawyer who can help you navigate — and stay one step ahead of — the evolving regulatory landscape.