Position Scope and Key Responsibilities:
Genentech, a member of the Roche Group, is looking for an experienced, collaborative attorney to join our Legal Department as Senior Counsel, Privacy Law. In this role, you will report to the company's Chief Privacy Officer in the Privacy Law Group, and will be responsible for advising on and promoting compliance with data protection and privacy laws and regulations affecting business activities primarily in the United States. You will develop and implement related policies, practices, and training programs, and help business stakeholders to understand and address data protection and privacy issues as they emerge in the development of new products and technologies. You will be expected to stay abreast of developments and trends in data protection and privacy laws and regulations and enforcement.
● Act as a key internal point-of-contact and subject matter expert on all matters relating to privacy law, including providing practical, timely, strategic, and high-quality legal advice on data privacy and security matters.
● Advise members of the legal and business teams on best practices and compliance with U.S. and global data protection laws, including legal and regulatory aspects of data collection and use, privacy disclosures and transparency, consent forms, and related issues.
● Support and develop the company’s privacy program to enable consistent, effective data privacy practices and minimize privacy risk.
● Provide legal support for the strategic reviewing, drafting, and negotiating of privacy and data security terms in contracts with business partners and vendors, including data processing agreements and data protection terms in clinical research agreements.
● Provide advice, education, training, and legal direction on data protection laws impacting business operations and contractual relationships.
● Strategically advise on emerging products and technologies while anticipating and successfully navigating privacy considerations.
● Provide legal counsel on investigations involving reports of inappropriate or unauthorized access, loss or disclosure of personal data, including advising on potential liability, identifying legal obligations, and supporting incident response efforts.
● Identify and advise on key legal issues requiring attention from the privacy team, and anticipate potential privacy legal issues within the organization.
● Provide legal counsel to IT Security, Compliance, and other individuals with privacy and data handling responsibilities in the organization to help set strategy and manage complex privacy matters involving systems and data processing activities.
● A JD degree and U.S. state bar membership in good standing are required.
● At least 8-12 years of experience as a practicing attorney, in-house and/or at a law firm, including at least 7-10 years of direct, hands-on experience providing legal counseling on data privacy and security matters to biotechnology and/or pharmaceutical companies.
● CIPP/US certification preferred.
● The successful candidate will be a subject matter expert on requirements of data protection and privacy legal issues that affect the business activities of a research-based biotechnology company, including scientific research involving patient-derived data, clinical trials, patient support services, digital health information, intra- and inter-company business transactions, sales and marketing, and consumer protection; will also serve as a subject matter expert on privacy issues associated with employment and e-discovery.
● Comprehensive understanding of relevant statutes, regulations and guidance is required, such as comprehensive state privacy laws (e.g., CPRA, VDCPA), California Confidentiality of Medical Information Act (CMIA), state breach notification laws, HIPAA, EU General Data Protection Regulation (GDPR), TCPA, and CAN-SPAM.
● Substantial experience assessing legal risks relating to data protection and privacy, and identifying and advising on practical, compliant ways to mitigate those risks.
● Experience with data loss prevention and cybersecurity events, including forensic investigations, breach notifications, and cybersecurity preparedness.
● Experience with privacy litigation and enforcement is a plus.
● Excellent negotiation and communication skills (both oral and written) are a must.
● Experience and interest in new and emerging technologies, including in the areas of digital health and personalized healthcare.
● Strong organization and teamwork skills, a strong work ethic, and the ability to multitask and prioritize well, take initiative, lead projects, and work effectively both independently and in collaboration with others.
● Detail-oriented, self-motivated, and able to motivate others.
● A strong commitment to integrity and professionalism and demonstrated passion for excellence.