The job ecosystem in the privacy community broadly silos into employer categories that include law firms, corporate legal or IT departments, consulting firms and vendors, government agencies, and software companies. The most coveted of positions among active job seekers today are those in-house at corporations. For many privacy pros, ambitions are acutely set on achieving CPO status as the defining pinnacle of career success. Many consultants and practicing attorneys find their way from the Big 12 or Am Law to a general counsel’s office or corporate operations group and never go back. Not Dan Pepper. After spending over half a decade between Verizon and later as Comcast’s Vice President, Deputy General Counsel, and Deputy Privacy Officer, Mr. Pepper is swimming upstream and joining the prestigious Privacy and Data Protection team at BakerHostetler as a partner in their Philadelphia office. Here’s why:
Dan Pepper’s years of experience at telecommunications companies have given him niche expertise when it comes to privacy. “We have a different set of regulations in telecom,” says Pepper, “primarily Section 631 of the Cable Act which governs how personally identifiable information (PII) can be used and shared. While it sounds straightforward, it is unique to the telecom industry. If there are misuses or unauthorized disclosures, there are significant penalties under the Cable Act.” The Cable Act regulation alone is not the only distinguishing nuance of the telecom industry. According to Pepper, “The telecom industry generally receives a more varied set of data types than many other companies do.” This data is not garden variety PII like contact information or financial information. Pepper notes that cable companies “have access to the viewing habits of the videos consumed, the location and IP addresses of their users, and tremendous amounts of data associated with [user preferences].” Pepper’s role in aiding Comcast to stay compliant also gave him the ability and the access to key stakeholders to help the business leverage data in more ways than pure privacy compliance. “There is so much consumption of entertainment content and so many ways in which it can be analyzed and used,” says Pepper.
Having knowledge that extends far beyond legal compliance may be the edge that makes Pepper so marketable and confident that he can transition to the typically intense life of Big Law. “It is very common for me to have meetings with business intelligence teams and product managers who come up with an idea—a science project—and ask me, ‘Can I do this? Can we use data in this way?’ I am a lawyer and technologist. More than half my day [was] spent talking about what specific tech controls we use,” says Pepper. Pepper, however, is more interested personally and professionally in having a meaningful impact than he is in maintaining a program.
Pepper carefully calculated his move to BakerHostetler, and the perspective that each silo of employment takes toward privacy was ultimately what led him to Big Law. “Being in private practice means having to modulate your approach based on your client,” says Pepper. Dealing in a variety of environments with varying degrees of risk tolerance toward data usage is exciting to Pepper. “Being in-house is more of a monolithic experience [with] a uniform approach across the board, and, in many ways, easier because you know what your internal client’s risk tolerance is there.” Pepper notes the contrast in being outside counsel, “When you are dealing with so many different clients, levels of risk tolerance, what one client is willing to accept by way of risk is different than the next, and that changes how you can impact the business.” Following this professional instinct and carving personal differentiation through his industry-specific experience, Pepper turned to a job search focused on practicing. “I had gotten to a point in my career where I wanted to take what I’ve learned and help a broader set of clients,” says Pepper matter-of-factly.
The traditional pressures of partner placement did not seem to phase or perhaps apply to Pepper when transitioning to BakerHostetler. “The benefit with BakerHostetler, and one reason why I went with them, is that they have such a robust practice and already do so much work in this area,” says Pepper. BakerHostetler’s Privacy and Data Protection practice is led by Theodore Kobus out of New York and boasts a number of marquee partners including James Sherer and now, Dan Pepper. “With Comcast being such a large company, it was an easy transition because so much of what Comcast experiences from a privacy and security standpoint is very similar to what other companies deal with regardless of industry,” adds Pepper.
However, having the freedom to service a broader consumer base is not exclusive to law firms. Consulting firms, service providers, and software companies in privacy all aim to expand and extend their market share the same as law firms, but each type of employer has a subtly different value proposition and capability than the other. Pepper finds that “consulting firms will come in and find gaps based on measured metrics.” Pepper also notes that consulting firms excel at offering “a set of recommended best practices on privacy and security.” But privacy is a highly regulated and currently highly fractured legal environment. “Having the legal background to marry the best practices to the legal requirements is better suited to a law firm,” says Pepper. “The law firm has both of those skill sets from a compliance and legal standpoint.” Pepper finds that currently, because of the amount different “state laws that can be conflicting or inconsistent,” retaining specialized outside counsel for privacy legal guidance is paramount to a corporation’s success.
There is no doubt that the lack of federal legislation regarding data privacy has created opportunity and jobs around the efforts to help companies stay current and compliant with fifty different state laws plus all the international ones. In many ways, the lack of federal legislation is good for business if you are in the business of providing services to companies regarding privacy compliance. Pepper sees it a little differently: “If you look at this purely from the client perspective, which we should be doing, some standard uniform federal legislation makes sense.”
Resisting the right to privacy, whether at the federal level or within corporate America, is becoming a polarizing stance. More countries are adopting privacy laws that reflect European sentiments toward the issue, and that, too, is creating jobs where jobs did not previously exist. Pepper’s move to Big Law demonstrates just how fluid the privacy job market remains and points to the ever-shifting role privacy professionals have on impacting U.S. business practice, domestic law, and ultimately, American culture and values.