Data Protection Officer

Profile

Data Protection Officer

The candidate will be responsible for management of the Firm’s data privacy program. Responsible for evaluation of the risk associated with potential personal data loss due to unintended disclosure. Oversee the “privacy by design” and data protection activities of the Firm related to internal operations and client engagements. Identify need for and help co-author any necessary privacy policy, process, and standards. Review privacy terms for client and third party agreements. Align operational compliance. Implement procedures to ensure that third parties engaged by the Firm are compliant with the Firm’s privacy standards. Conduct Data Privacy Impact Assessments (DPIA’s) on high risk new systems, applications, workflows and third party engagements, as appropriate. Develop recommended action plans as a result of DPIAs where necessary and appropriate. Respond to Data Subject Access Requests (DSAR’s) on behalf of the Firm and coordinate their resolution. Prepare and maintain a high-level “enterprise personal data map” which includes Firm and third party managed personal information. Define information and privacy data management framework, policy, procedures and work instructions in partnership with lawyers, IT, practice support, and administrative departments. Plan and execute periodic privacy data audits to evaluate the health of prioritized enterprise data and facilitate remediation of personal data issues and defects. Ensure continued compliance with Firm’s ISO27701 privacy certification. Educate Firm employees about the Firm’s data privacy compliance responsibilities and obligations by designing and implementing training plans, to include information on the processing and controlling of data. Track and monitor updates and developments to applicable data privacy law and regulation, and make program and training changes and recommendations accordingly. Act as primary point of contact within the Firm for members of staff and lawyers on data privacy. Must have 5-7 years’ experience managing data privacy programs. Minimum 3 years’ experience with US (e.g., HIPAA, CCPA), EU (GDPR), and UK (ICO) data privacy regulations. Experience with other regional privacy regulations such as POPIA, PIPA, PIPL, UAE Data Protection Law, etc. a plus. Experienced in matrix management across multiple functions. JD preferred and 4 year bachelor’s degree required. At least one privacy certification such as CIPP, CIPM, CDPSE required.

Company info

Covington & Burling, LLP
One Front Street
San Francisco
California
United States 94111
Website : https://www.cov.com/