Survey: The best privacy advisers of 2010

Who are the best people and firms at providing privacy advice? It's a question I've been asking since 2006, before privacy was cool. Since then, a plethora of new privacy rules and penalties and a tsunami of new technologies and risks have placed privacy among the top handful of corporate concerns. Doing privacy wrong now takes a bigger bite off the bottom line than it did when I first started asking this question. So have the answers changed?

Not when the question is which type of outside privacy practice you prefer. Lawyers are still the top choices, with law firms grabbing six of the top 10 spots in the survey. And for the fourth consecutive time, Hunton & Williams garnered the most votes. This may be a case of success breeding more success: Hunton attracted more than twice as many votes as its nearest challenger.

Second-place Morrison & Foerster still is highly regarded, followed by Foley & Lardner and Privacy & Information Management Services. Hogan Lovells and Covington & Burling round out the law firms ranking in the top 10 of all firms.

What does this say about the corporate privacy agenda? Two things, I think: Regulatory compliance is still the first step to take for many companies, and the firms that were the best at assisting with this first step five years ago are still the go-to destinations for in-house privacy officers.

Other firms gaining ground

Even though law firms took six of the top 10 places, that was down from the last survey, in 2008, when they accounted for eight spots. Indeed, consulting firms now account for half of the top 12.

Which were the top consultancies? As in past years, it was a mix of large audit and accounting firms, such as PriceWaterhouseCoopers and Ernst & Young, and boutique shops.

The stronger showing of consultancies may reflect the emerging consensus in the privacy profession that doing privacy right is bigger than regulatory compliance. Particularly for industries such as healthcare and technology, which involve an intensive use of personal information, creating privacy-friendly products and services involves meeting customer and social expectations. "Organizations need to 'do' privacy better, faster and cheaper," noted Brian Tretick, managing director for Athena Privacy, a new boutique firm. "That means more formal, repeatable processes, automation and active monitoring."

The survey also showed that firms may be looking for services beyond traditional advice from experts. New entrants to the list of top vote-getters include service providers, a certification firm and a professional association. Among them:

• San Francisco-based Truste is the provider of the popular Web-privacy seal and a number of other privacy-verification products and services.

• Portland, Ore.-based ID Experts and Austin-based Debix provide data-breach response services.

• Toronto-based Nymity provides an information portal for privacy content.

•Seattle-based MediaPro offers computer-based training for privacy and security.

The International Association of Privacy Professionals organizes the best-attended privacy conferences and offers the CIPP certification for the privacy profession.

Table 1: Top firms for privacy advice

In the table below, law firms are marked with a dagger symbol (†), and consulting firms with a double dagger (‡).The firms are ranked in order of the number of votes received, but banded into three tiers to compensate for statistical margin of error. Tier 1 firms garnered more than 10% of total votes, Tier 2 firms received 3% to 10%, and Tier 3 firms achieved 1 to 2% of votes.In the interest of full disclosure, Minnesota Privacy Consultants, the author's firm, finished behind Foley & Lardner.

Firm

Voting Tier

† Hunton & Williams

1

† Morrison & Foerster

2

† Foley & Lardner

2

† Privacy & Information Management Services

2

‡ Samet Privacy

2

† Hogan Lovells

2

‡ PricewaterhouseCoopers

2

‡ Ernst & Young

2

† Covington & Burling

2

‡ Corporate Privacy Group

3

‡ Deloitte & Touche

3

‡ Rebecca Herold & Associates

3

† Wiley Rein

3

IAPP

3

† Infolaw Group

3

Ponemon Institute

3

† Baker & Mckenzie

3

Truste

3

† Drinker Biddle & Reath

3

† Field Fisher Waterhouse

3

† Bird & Bird

3

Nymity

3

‡ Mitre

3

† Oldaker Belair & Wittie

3

Debix

3

† DLA Piper

3

ID Experts

3

MediaPro

3

† Venable

3

Source: Minnesota Privacy Consultants

I asked Overbrook Research to carry out the survey again this year. Overbrook performs professional research for national political candidates, and The Wall Street Journal and other national media outlets have featured its work. The privacy professionals participating in the survey (there were 146 respondents this time - people in large corporations and government agencies who have data privacy responsibilities, based primarily in North America but also Europe) could choose up to three firms as their top picks, muting the effect of a bias that could result if a respondent was in the midst of communicating with one of the firms during the polling period. I weighted more heavily the responses of those survey participants who chose three firms compared to those who chose two or one.

Table 2: Best privacy adviser -- individual

Respondents gave top billing to Lisa Sotto of Hunton & Williams when asked, Which person would you consider to be the top global expert on privacy? Respondents could choose only one person.

Note: The author ranked behind Andrew Serwin, but this result has to be discounted in light of likely influence, since he was known to be conducting the survey.

Individual

Firm

Role

Lisa Sotto

Hunton & Williams

Attorney

Andrew Serwin

Foley & Lardner

Attorney

Rebecca Herold

Rebecca Herold & Associates

Consultant

Shai Samet

Samet Privacy

Consultant

Miriam Wugmeister

Morrison & Foerster

Attorney

Peggy Eisenhauer

Privacy & Information Management Services

Attorney

Daniel Solove

George Washington University

Professor

Martin Abrams

Hunton & Williams

Consultant

Christopher Kuner

Hunton & Williams

Attorney

Stuart Ingis

Venable

Attorney

Eduardo Ustaran

Field Fisher Waterhouse

Attorney

Ann Cavoukian

Government of Ontario

Regulator

Christopher Wolf

Hogan Lovells

Attorney

Richard Purcell

Corporate Privacy Group

Consultant

Jules Polotensky

Privacy Futures

Attorney

Kirk Nahra

Wiley Rein

Attorney

Jennifer Stoddart

Government of Canada

Regulator

Christopher Zoladz

Navigate

Consultant

KC Turan

Dun & Bradstreet

CPO

Richard Thomas

Hunton & Williams

Attorney

Robert Rothman

Privacy Associates International

Consultant

Stanley Crosley

Privacy & Information Management Services

Attorney

Alan Westin

Columbia University

Professor

Ariane Mole

Bird & Bird

Attorney

Christopher Millard

University of London

Professor

Francois Gilbert

IT Law Group

Attorney

Nuala O'Connor Kelly

GE

CPO

Robert Bond

Speechlys

Attorney

Source: Minnesota Privacy Consultants

Outlook

What do these experts foresee in the privacy arena in 2011?

"Online behavioral advertising, cloud computing and smart grid were front-burner issues in 2010," said Lisa Sotto, head of the privacy practice at Hunton & Williams. "Those issues will continue to hold the spotlight in 2011."

Sotto added that new privacy laws around the world and innovative uses of data will "guarantee the need for experts who think about privacy issues 24/7."

Eduardo Ustaran, a partner at Field Fisher Waterhouse in London, points out that in Europe, for example, 2011 brings a new e-privacy regime across member states and firm proposals for a new EU data protection directive. Jonathan Armstrong of Duane Morris LLP sees a "repeat of the issues around whistleblowing, but magnified. The bounty provisions of Dodd-Frank legislation and the U.K.'s Bribery Act 2010 mean significant changes for any global business."

Kirk Nahra, a partner with Wiley Rein in Washington, D.C., said that where businesses need most help "is in managing the wide range of overlapping and often inconsistent laws, as well as understanding best practices across a variety of industries." He added, "It is the growing complexity and volume of these laws and regulations that's creating the compliance problems, rather than the substance of the privacy standards themselves."

Much of this in the U.S. will play out in state laws. Kevin Lyles, privacy practice leader at Jones Day, anticipates that many states will follow the lead of Massachusetts in requiring companies to document their data security programs. John Corelli, president of JMC Privacy Consulting Group, sees state attorneys general stepping up random auditing for all areas of privacy compliance, along with the FTC.

Table 3: What separates the leaders from the pack

Respondents were asked to choose one reason from the following menu to explain why they voted for their best policy advisers.

Differentiator

Rank

2008 Rank

Broad and deep expertise

1

1

Practical advice

2

2

Global staff and affiliates

3

4

Timely and thorough work

4

5

They understand my business

5

3

Interdisciplinary perspective

6

7

Government connections

7

6

Accessible staff

8

8

Good value for the rates charged

9

9

Source: Minnesota Privacy Consultants

Why the best are the best

Some things never go out of style. Since I began the survey in 2006, respondents have cited "broad and deep expertise" and "practical advice" as the top two reasons they chose the firms they did. Those concerned with protecting data want the right answer, and they want it delivered in practical terms that make sense for their organization and industry.

Also, as globalization continues apace, respondents in the most recent survey gave higher priority than they have in the past to advisory firms having "global staff and affiliates." As the previous surveys showed, good advice does not usually come cheap. Of the nine possible choices offered, "good value for the rates charged" once again ranked dead last.

Jay Cline is president of Minnesota Privacy Consultants. You can reach him at cwprivacy@computerworld.com.

This story, "Survey: The best privacy advisers of 2010" was originally published by Computerworld.

Top 10 Hot Internet of Things Startups
Join the discussion
Be the first to comment on this article. Our Commenting Policies