Privacy Management Program: Legal Services
In this series, we are walking you through different startup privacy challenges. By the end of this article, you should understand what type of legal professional may be best suited to assist you with your privacy matters.
In recent years the privacy landscape has had an interesting evolution. Plainly put, privacy legislation is all over the place. The European privacy model brought new challenges to companies worldwide. While some of those challenges may be hard to overcome, startups need to ensure that they are compliant because, more than often, compliance is a key reason to select a competitor that is a larger organization.
Selecting the Right Legal Support
Keys to selecting the right legal professional for your needs are:
- Understanding if you need purely legal advice or whether you also require business advice or operational work. For example, developing a privacy program is an area where you will require business and operational advice alongside legal advice.
- Determining if you prefer to be told what to do with minimum time commitment on your end or whether you would like to actively participate to understand why you are receiving that particular advice.
- Identifying whether there is a concern related to litigation. Litigation privilege is often considered a good reason to engage external counsel.
Below are some situations that you may find yourself in when trying to figure out how to handle privacy matters:
- You have external counsel.
- Your company hired a legal consultant to help you determine what to do.
- Your company has an in-house legal professional (lawyer or licensed paralegal).
- You have no budget for a legal professional and, for the time being, will rely on your team (no legal training) to solve the problem.
Pros and Cons of Different Models
By engaging external counsel, you will get specialized and sound but potentially generic legal advice. While the main advantages of having external counsel are their focused expertise, ability to maintain litigation privilege, and the suite of services that a large firm can provide, it is also true that all of that often comes at a high price point, and that, usually, external lawyers don’t have a good understanding of in-house dynamics, which may impact the value of the advice you are getting.
A good reason to use an in-house counsel to advise on the implementation of your privacy program is their knowledge of your team, internal processes, and communication preferences. An argument against it is the time commitment required to analyze every aspect involved in the design and implementation of the program and the technical expertise needed.
A legal consultant works similarly to an in-house counsel. One of the main differences is that a consultant may offer an operational perspective alongside the legal one. This is what we do at Privada. A legal consultant focusing on privacy and technology is likely to have analyzed implementations at other companies and to understand what works, what doesn’t work, and what are common operational pitfalls. Confidentiality protections must be in place to protect your business.
There is an asterisk on the graphic above pertaining to this option. We added that because when working with startups, it is common to find team members well-versed in the law without being professionally trained.
While it is always advisable to hire a professional, consider training your team to do the work if you can't afford one. For instance, you may have them take a privacy course through the International Association of Privacy Professionals (IAPP). Training your personnel may be to your advantage because there is a shortage of talent in the privacy field and compliance requirements are becoming more stringent over time.
With that in mind, there are several pitfalls to this approach, including the fact that you take the risk of being non-compliant if the team fails to cover all applicable legislation or interpret requirements contrary to the law. Bear in mind that some mistakes could have serious financial consequences for your business. In addition, you could be wasting time and resources when the project could be approached more efficiently.