Cybersecurity And Privacy Specialists In Short Supply
A cover story in the Los Angeles Daily Journal (subscription required) reported that the need for privacy and cybersecurity legal specialists has exploded in California, yet general counsel say there is a shortage of qualified practitioners who can do the job. LinkedIn Corp.’s General Counsel Erika Rottenberg was featured in the story, she speculated that technology companies in Silicon Valley were hiring most of the qualified attorneys, leaving less talent for law firms. Amidst a legal job market in which law graduates are clamoring to find jobs, the demand for privacy and cybersecurity specialists may present an opportunity for the law schools that are nimble enough to respond to the demand.
The demand for lawyers who understand technology isn’t limited to general counsel positions, even sophisticated technology companies say they need outside counsel. For example the Daily Journal story notes:
Cisco Systems Inc. General Counsel Mark Chandler said that even though he has a strong in-house team to handle day-to-day operations in these areas, he still looks to outside counsel for strategic advice on regional and international regulations.
Even start-ups with their own general counsel will need to rely on outside counsel, especially when dealing with personally identifiable information. When deals involve customer data, the story notes that litigators may be important partners because they can provide insight into what can go wrong when contract language isn’t crafted correctly.
One way professionals can become certified in privacy law and policy is through a group like The International Association of Privacy Professionals which offers certification programs in U.S., European, Canadian, U.S. Government, and IT related privacy standards. Understanding the laws of different jurisdictions is becoming an increasingly important skill for lawyers practicing cybersecurity. As The Daily Journal story noted:
One of the largest causes of consternation for companies that do business internationally is the wide variance in privacy laws and regulations between the U.S. and European Union. The problem is compounded by additional differences between the U.S. and the individual EU countries. David Lisi, a partner with DLA Piper, said some European countries have laws that require whistle-blowers to reveal themselves to the people they accuse of wrongdoing, while U.S. laws require their identities to be protected. He said some companies didn’t recognize the conflict until an issue arose, putting them in the awkward position of deciding which country’s rules to violate.
Cybersecurity related jobs aren’t just in demand, they also pay better than similar positions, with managers who hold certifications earning on average $10,000 more in salary than their non-certified counterparts.
Gregory S. McNeal is a professor specializing in law and public policy.