Counsel/Senior Counsel and Privacy Compliance Officer

*This role may be hired either at a Counsel level or Senior Counsel level, depending on several factors, including but not limited to skills, prior relevant experience, specific degrees and certifications, job responsibilities, market considerations and, if applicable the location of the position.

William Blair is seeking a privacy attorney to join its dynamic and fast paced Legal & Compliance team supporting data privacy across the firm. This role will develop, execute and lead the firm’s privacy strategy, including providing legal advice to the firm regarding privacy risks, standards, and strategies.

The position will oversee the development, implementation, execution, and compliance of data privacy processes and procedures, and will provide awareness and training of current and upcoming privacy laws to ensure a robust privacy program across the firm.

The attorney will play a crucial role in promoting the firm’s privacy strategy and a culture of compliance with relevant global privacy protection laws and regulations. Serving as the proactive subject matter expert, the attorney will execute on all regulatory and compliance related privacy activities across various jurisdictions, including the US, EU, UK and other jurisdictions.

They will partner with professionals across William Blair to address privacy related topics impacting all areas of the firm. This role will be a critical and valuable member of the Legal & Compliance team and will have visibility to management, regularly meeting with key business leaders and key stakeholders to understand their needs and develop and advise on practical privacy strategies to meet those needs.

Essential Responsibilities:

Advisory

• Provide global legal guidance and leadership to internal teams on privacy matters that affect the firm, with an eye towards holistic impact.
• Serve as subject matter expert and resource on issues related to privacy and data protection.
• Monitor the evolution of the privacy regulatory landscape in various jurisdictions and incorporate new laws and regulations into the privacy framework.
• Draft internal and external privacy notices and disclosures, contract templates, and related data privacy and protection documents.
• Review third-party vendor contracts for compliance with privacy and data protection requirements, including cross-border data processing and standard contractual clause requirements.
• Work effectively across business units and internal functions to resolve business and risk management issues related to privacy and data protection.
• Serving as a primary point of contact for data privacy supervisory authorities across the globe.
• Other related duties and special projects as required.

Operations

• Coordinate with internal stakeholders to create and manage data use in compliance with the firm’s privacy framework and relevant privacy laws.
• Manage the general life cycle of data recording and deletion at the firm, including documentation of processing activities, an organizational data map, cookie compliance, and a process to maintain the integrity of records.
• Create, implement, and record privacy assessments, including privacy risk and transfer impact assessments, and other required privacy procedures to ensure compliance with global privacy laws.
• Respond to and manage privacy related inquiries and investigations on a global basis, including complex privacy-related complaints, data subject requests, and support for interactions with local privacy authorities.
• Maintain processes and readiness to address personal data breaches.
• Develop and deliver privacy training to business stakeholders across the firm.
• Work closely with information security to ensure alignment between data privacy/protection and security.

Requirements:

• Juris Doctor from an accredited law school
• Active bar membership in good standing in at least one U.S. jurisdiction
• 5-8 years’ experience as a practicing attorney, and at least 3 years with emphasis on US and EU privacy laws.
• Experience drafting, negotiating and reviewing Business Associate Agreements, Data Processing Agreements, Standard Contractual Clauses and other data privacy protection policies, agreements, and documents.
• Experience with cross-border data transfers and methods of ensuring compliance with data protection laws.
• Comprehensive understanding of data privacy and protection laws (e.g., CCPA/CPRA, HIPPA, GDPR, Gramm-Leach-Bliley Act).

Qualifications:

• Outstanding verbal and written communication skills, including presentation skills.
• Familiarity with data security standards and frameworks a plus (NIST, HIPAA, etc.)
• CIPP and/or CIPM certification a plus.
• A high level of integrity and trust.
• Demonstrated analytical and operational experience, including experience assessing risk from a privacy and data protection perspective, drafting and managing GDPR compliant privacy and risk assessments, and mapping data across business units.
• Some technical experience with data mapping/classification as well as privacy software (i.e. OneTrust) is a plus.
• Demonstrated skills in collaboration and problem-solving to achieve goals and efficiencies.
• Ability to multitask and to work both independently and as part of a team in a fast-paced environment.
• Ability to formulate creative solutions to accomplish business objectives while complying with data privacy and protection laws.
• Ability to communicate effectively about privacy at all levels.
• Ability to prioritize and work through ambiguity to provide results.

#LI-CH1

#LI-HYBRID