These laws may apply to the government and/or private companies, and may cover general privacy issues, or may regulate specific types of information, including, for example: health privacy, telecommunications privacy, education privacy, and financial privacy. Having a technical science or technology background can be helpful, but it isn’t required in order to become a privacy lawyer.

What do Privacy Lawyers do?

Privacy lawyers are employed in a variety of settings. In the private sector, privacy lawyers are found at law firms, as well as in companies – both in the in-house and government affairs offices. Several government agencies are involved in creating and enforcing privacy laws. Additionally, there are many active public interest organizations that focus on privacy issues. Some lawyers focus on a particular type of area; health privacy is the largest, followed by education, telecommunications, and cable privacy.

Privacy lawyers can be involved in transactions, litigation, policy, or all of the above. A lot of proactive work goes into privacy practice, including setting company policies and drafting contracts related to confidentiality and security issues. There is also a reactive component to the job; for example, when a company is dealing with a data breach, or when a lawsuit has been brought because of an alleged violation of privacy. The job may entail a lot of advising related to creating privacy policies and procedures.

In many areas of privacy, lawyers are also working on compliance issues; for example, healthcare attorneys may deal with HIPAA Privacy Rule compliance issues for their health provider clients. If you work in policy, you may be conducting research, writing amicus briefs, and lobbying in support of your client’s position on privacy policies. Privacy lawyers in government agencies are often involved in enforcing the privacy regulations set forth by their agencies.

What to Do if You’re Interested in Pursuing a Career in Privacy Law

It is important to take technology courses during law school, and have relevant summer internships. This is a field in which it is important to specialize early! The best way to then break into the field after law school is typically through a post-graduate fellowship opportunity (a sample of fellowship opportunities is found below). Fellows often go on to permanent positions in-house, with law firms, at a government agency, or with an NGO!

Georgetown Law Courses/Clinics

• Federal Legislation and Administrative Clinic
• DC Advantage: Law and Technology or DC Advantage: Public Policy
• Communications/Technology courses (e.g., The Technology of Privacy Seminar; Information Privacy Law; Communications and Technology Policy: Advocacy in the Public Interest practicum; Emerging Law Governing Digital Information; Law of Cyberspace)
• Health Law courses (e.g., Health Law and Policy; Public Health Law and Ethics; Health Information Technology and the Law)
• Take or audit computer science courses through Georgetown main campus

Georgetown Law Student Groups

• Cyberlaw Association
• Center on Privacy & Technology

Relevant Bar Associations

• ABA sections and committees:
  • ABA Section of Science and Technology Law
  • ABA Antitrust Division, Privacy & Information Security Committee
• International Association of Privacy Professionals (Student Memberships Available!)
• The Society of Corporate Compliance and Ethics

Where it’s Hot

A lot of the privacy policy work is done in Washington, DC because of the federal regulations surrounding the area. There are also some in-house privacy opportunities and privacy-related NGOs on the West Coast. However, many commercial privacy laws come from the state Attorney General level, not the federal level, so there is also policy work to be done in state AG offices. The most active states for commercial privacy laws are California, Minnesota, Illinois, New York, and Massachusetts. Healthcare privacy and education privacy are a big focus for attorneys.

Helpful Privacy Law Resources

• Internet Law & Policy Foundry (resources and job board)
• Center on Privacy & Technology (join their mailing list and attend regular on-campus events)
• HG.org’s Privacy Law page
• NALP’s Career Checklist: Cybersecurity, Privacy, and Data Collection
• International Association of Privacy Professionals

Representative Employers, Internships, and Post-Graduate Fellowship Opportunities

Sample Internship Opportunities

• NGOs: e.g., Electronic Privacy Information Center (EPIC), Center for Democracy & Technology, Electronic Frontier Foundation, Cato Institute, ACLU, Open Technology Institute (OTI))
• Government Agencies: e.g., Cybersecurity and Infrastructure Security Agency (CISA), Federal Communication Commission (FCC), Enforcement Bureau; Federal Trade Commission (FTC), Consumer Protection Division; Department of Commerce – National Telecommunications & Information Administration (NTIA); Department of Justice, Office of Information Policy; Computer Crime and Intellectual Property Section; Health and Human Services (HHS), Office of National Coordinator for Health Information Technology; Office of Civil Rights
• In-House: e.g., Google, Apple, Facebook, Wikimedia
• Capitol Hill: e.g., Senate Judiciary Committee – Subcommittee on Privacy, Technology and the Law; Senate Committee on Commerce, Science, and Transportation; Senate Select Committee on Intelligence
• Law Firms: e.g. Wilson Sonsini, Hogan Lovells, Venable, Hunton & Williams, Sidley Austin, WilmerHale; Chambers & Partners List of Top Firms for Privacy & Data Security: Healthcare; Chambers & Partners List of Top Firms for Privacy & Data Security
• Trade associations: e.g. Computer and Communications Industry Association (“CCIA”); NetChoice
• State Attorney General offices
• White House Office of Science &Technology Policy (summer internships)
• Google Policy Fellowship (for summer placement with an NGO)

Post-Graduate Fellowship Opportunities

• IAPP Westin post-graduate fellowship
• Georgetown Law Privacy & Technology Fellowships
• EPIC post-graduate fellowship