A Data Privacy Pioneer Who Reached a Career Milestone at Axiom
By Axiom Law
Get to know Lisa at a glance:
- 7+ years of experience
- Focuses on data privacy and cyber liability, with certifications from IAPP including CIPM, CIPP, and PLS
- Completed an engagement with an in-house privacy team at one of the world’s largest retailers to prepare for and maintain compliance for CCPA
Data privacy has been the primary career focus of Axiom lawyer Lisa. Over the past year, she was engaged with a prominent, big-box retailer to help them navigate compliance with California Consumer Protection Act (CCPA) and the challenges of protecting data in the e-commerce industry. With certifications from the International Association of Privacy Professionals (IAPP) and recognition from other leading privacy and cybersecurity organizations, Lisa brings integrity and dedication to every project she takes on with Axiom.
Developing an interest and specialty in data privacy and cybersecurity
Lisa studied at the South Texas College of Law and focused on transactional courses. "I took all the transactional contract drafting courses I could get my hands on. And I also focused on alternative dispute resolution because I had hoped to work with international law in the future," she explains. Lisa was especially interested in solving problems with methods beyond litigation, such as arbitration and mediation, all of which help significantly in international business transactions, including data privacy matters.
Lisa began her legal career at an insurance defense firm on property damage cases. She was soon able to use her experience to pivot her career to focus on the growing field of cyber liability. "I learned a lot about insurance, and I was able to leverage my experience in a position to break into cyber liability through cyber insurance."
Through an independent study project during the early days of cloud computing, Lisa got an early start in considering the legal issues that could arise with technology shifting to cloud-based. Her interested in the legal issues associated with cloud computing grew and drove her desire to specialize in that field.
Lisa continued her growth by starting her own firm, which has a focus on cyber law. "I was full-time doing my own practice, working with small and medium-sized companies on everything from drafting technology agreements like software licensing agreements, to registering trademarks, to building privacy programs."
Lisa has received multiple privacy certifications through the International Association of Privacy Professionals (IAPP) and is recognized by the IAPP as a Privacy Law Specialist. She has also earned her Certified Information Privacy Manager and Certified Information Privacy Professional/US certificates from them.
Reaching professional milestones with Axiom
"Axiom is the law company of the future,” states Lisa about why she joined Axiom’s bench.
She went on to explain, "Axiom is forward-thinking when it comes to how lawyers practice. And not only does the flexible format make sense for lawyers, it also really makes sense for the companies that engage Axiom lawyers."
Since joining Axiom, Lisa has reached a significant career milestone, working with a top big-box retailer on their privacy law team, a project she describes as "a career highlight I don't know if I can beat."
Axiom has given Lisa the ability to reach new career goals, including speaking at a large security conference in California in 2020, pre-pandemic.
Her extensive experience working remotely before quarantine has also contributed to her ability to continue to add value to her clients during the chaos of the pandemic. Lisa has maintained a strong connection to her clients and gets compliments on her ability to "explain complex concepts in easy-to-understand terms," making her an asset to any data privacy team.
One of the biggest challenges with any lawyer is finding a balance between life and practicing law, but Lisa has found she’s been able to begin to explore that balance a bit more since working with Axiom. Lisa explains, "The fact that I'm able to work remotely with such a robust project in such a big organization has been really great. Balance is something that I am constantly striving for, and Axiom has given me the opportunity to think about that." In addition to her law practice, Lisa is learning how to play the piano and striving to reach her goal of speaking fluent Italian.
"I'm still trying to figure out how to find balance exactly because I'm a creature of habit. But I did put a piano behind me to remind me to practice," she says.
The pandemic’s impact on data privacy
"An entirely new branch of privacy law is the issues exposed by the coronavirus," says Lisa. It has exposed many companies’ weaknesses, especially around cybersecurity, and Lisa feels that data privacy lawyers such as herself can help rectify those errors and help ensure future protection.
Lisa explains that strategies to control the pandemic have raised many concerns about privacy and data protection. In effort to keep people safe, more health information is being collected and shared outside of medical care. For example, employers are asking if they can measure employees’ temperatures or are entitled to know a medical diagnosis– specifically, whether an employee is positive for COVID-19. There have been questions about whether thermal cameras can be installed in public buildings to measure body temperature of those passing by. Contact tracing has become commonly used to track the virus and, depending on the method, can also be very telling about a person’s habits, such as where they eat, when they exercise, and who they interact with.
“Where does this information end up? How will it be used in the future?” asks Lisa. “Privacy laws regulate some of these matters, but the pandemic has challenged privacy professionals to identify methods that allow personal information to be useful in the fight against the pandemic, while also protecting the data.”
In addition, as companies were forced to quickly adopt a virtual or contactless business – whether setting up employees to work from home or utilizing mobile apps for contactless service – they also face a host of privacy concerns. According to Lisa, many companies who adopted technology quickly to survive the pandemic may not have fully considered cybersecurity and data protection obligations. It can take only a few minutes to download and start using new software, but it takes much longer to see the big picture and understand what that software does with data and how it may or may not align with the companies’ legal obligations to protect data.
“In all the haste resulting from the pandemic, personal information like health and location data became extremely important. In the name of public safety, the world became laxer with this type of information,” comments Lisa. “Now it’s a matter of finding the balance so that the information is useful while being protected. How do we put the genie back in the bottle?”
As the world continues to change, privacy law will continue to change as well. "Privacy law is becoming more and more important, and it's a global conversation,” says Lisa. “Meaning that each country has its own privacy requirements, but because we're a global economy, everybody has to figure out how to work together, including how they're going to handle data."
As companies respond to the ever-changing business and economic climate, the future of privacy law will continue to be altered. To help your company take a proactive approach to data privacy, and work with expert lawyers like Lisa, or to join Lisa as a colleague, get in touch with us at Axiom.
What Works: Benchmarking and Strengthening Your Privacy Program
Privacy professionals share actionable advice about steps legal teams can take now to ensure an effective data privacy program.
Why Companies Must Make Privacy Central to Their Business Operations
Lawyer Angelo Basu examines the business impact of privacy regulations like GDPR and CCPA.
How Axiom Attorney Dina Helps Companies Navigate the Changing Privacy Landscape
Axiom lawyer Dina Maxwell has built a career around an interest in privacy legislation, data governance, and data access.