Who are the best people and firms at providing privacy advice? It's a question I've been asking since 2006, before privacy was cool. Since then, a plethora of new privacy rules and penalties and a tsunami of new technologies and risks have placed privacy among the top handful of corporate concerns. Doing privacy wrong now takes a bigger bite off the bottom line than it did when I first started asking this question. So have the answers changed?
Not when the question is which type of outside privacy practice you prefer. Lawyers are still the top choices, with law firms grabbing six of the top 10 spots in the survey. And for the fourth consecutive time, Hunton & Williams garnered the most votes. This may be a case of success breeding more success: Hunton attracted more than twice as many votes as its nearest challenger.
Second-place Morrison & Foerster still is highly regarded, followed by Foley & Lardner and Privacy & Information Management Services. Hogan Lovells and Covington & Burling round out the law firms ranking in the top 10 of all firms.
What does this say about the corporate privacy agenda? Two things, I think: Regulatory compliance is still the first step to take for many companies, and the firms that were the best at assisting with this first step five years ago are still the go-to destinations for in-house privacy officers.
Other firms gaining ground
Even though law firms took six of the top 10 places, that was down from the last survey, in 2008, when they accounted for eight spots. Indeed, consulting firms now account for half of the top 12.
The stronger showing of consultancies may reflect the emerging consensus in the privacy profession that doing privacy right is bigger than regulatory compliance. Particularly for industries such as healthcare and technology, which involve an intensive use of personal information, creating privacy-friendly products and services involves meeting customer and social expectations. "Organizations need to 'do' privacy better, faster and cheaper," noted Brian Tretick, managing director for Athena Privacy, a new boutique firm. "That means more formal, repeatable processes, automation and active monitoring."