Privacy Attorney at Root
What you'll be doing.
- Monitor and understand existing and new privacy laws, regulations and other mandates related to the protection, use, collection, sharing and storage of data (including personal), including the impact of such laws, regulations and mandates on the Company’s businesses. Relevant jurisdictions include the U.S., the UK, Canada, Mexico, South America and Asia.
- Deliver high-quality and timely data privacy and information security-related advice to internal stakeholders and offer pragmatic actionable guidance and solutions on the application, impact and implementation of applicable privacy and data protection laws and tech company policies, working collaboratively across multiple teams.
- Draft privacy notices and other consents.
- Advise whether security incidents need to be reported to regulators and/or data subjects.
- Partner with product managers and engineers to support app development, e-commerce, digital marketing and partnership relationships by advising on security and privacy matters.
- Advise other commercial attorneys on privacy considerations in negotiating various contracts, including, software, SaaS and other technology agreements (as licensor and licensee), digital and channel marketing agreements, distribution and referral marketing agreements, test agreements, platform policies and terms, and engagement letters.
- Review and make recommendations for negotiating Master Services Agreements, new SOWs, renewals, and amendments with current vendors and assist with onboarding of new vendors.
- Support department projects including the implementation and utilization of the contract lifecycle management solution, compliance and data-privacy related initiatives.
- Assist commercial attorneys with the privacy-specific elements of standard contract templates, training materials and legal negotiation playbooks.
- Review and advise with respect to the applicability and sufficiency of existing practices and, where appropriate, help redesign programs, resources and processes in line with applicable data privacy laws, data security regulations and best practices.
What we're looking for.
- Undergraduate and law degrees; licensed attorney in at least one U.S. state
- Relevant technical certifications such as a Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified Information Privacy Professional (CIPP) or other relevant certifications offered by the International Association of Privacy Professionals a plus
- 4+ years of privacy and/or product counsel legal experience with an emphasis on privacy-related matters
- Able to demonstrate relevant knowledge of data protection laws in the U.S., UK and EU, in particular, the General Data Protection Regulation and California Consumer Protection Act
- Familiarity with information technology developments, including app and SaaS product development; interested in developing expertise at the intersection of privacy and AI (machine learning)
- Institutionally savvy, articulates all facets of an issue with clarity, digests complex information quickly and accurately, ability to communicate issues and risks effectively
- Excellent organizational skills and ability to multi-task by prioritizing and tracking multiple projects and deadlines. Extremely detail-oriented with strong editing skills
- Demonstrated ability to collaborate as an effective team member and with minimal supervision to maximize team results