Overview

Genentech, a member of the Roche Group, is looking for an experienced, collaborative attorney to join our Legal Department as Associate General Counsel, Privacy Law and Chief Privacy Officer.  You will lead a team responsible for advising on data protection and privacy laws and regulations affecting business activities primarily in the United States.  You will develop and implement related policies, practices, and training programs in coordination with global legal colleagues, and help business stakeholders to understand and address data protection and privacy issues as they emerge in the development of new products and technologies.  You will be expected to stay abreast of developments and trends in data protection and privacy laws and regulations, and to help lead company engagement with government and industry groups on data protection and privacy issues.

Responsibilities:

  • Provide strategic direction to the Genentech organization regarding existing and emerging local and global privacy and data protection laws. Counsel on proposed business arrangements and develop innovative approaches and creative solutions to compliantly enable the business.
  • Lead the development, implementation, and maintenance of a comprehensive privacy program in accordance with applicable laws to enable consistent, effective data privacy practices, to minimize privacy risk and to ensure the confidentiality of personal data. Develop and implement training to foster awareness of data privacy requirements.  Counsel on privacy risk assessments/analysis, mitigation, and remediation. Counsel on investigations involving reports of inappropriate or unauthorized access, loss or disclosure of personal data. 
  • Monitor privacy trends in data protection and privacy laws and regulations (e.g., evolving guidance out of the European Union, California Privacy Act, CAN-SPAM and e-privacy developments), and anticipate, develop and implement strategies to shape the external privacy landscape to enable the company to advance its mission in support of the research and development of innovative medicines and personalized health care.
  • Work collaboratively with Roche’s Chief Privacy Officer and other leaders across the Roche Group to assure coordination of efforts, to share knowledge, and to share best practices relating to data protection and privacy.
  • Partner with Compliance Office to regularly assess the effectiveness of our privacy program, perform periodic privacy risk assessments, and assist with the implementation of corrective action plans.
  • Counsel Security, Information Technology (IT), the Chief Compliance Officer and other individuals with privacy and data handling responsibilities in the organization to help set strategy and manage complex privacy matters involving systems, and data handling and processing activities.
  • Collaborate with Business Development, transactions and contracting teams to counsel on and address data privacy issues with third parties

Requirements:

  • The successful candidate will be a subject matter expert on requirements of data protection and privacy that affect the business activities of research-based biotechnology and pharmaceutical companies, including scientific research involving patient-derived data, clinical trials, patient support services, digital health information, intra- and inter-company business transactions,  sales and marketing; will also serve as a subject matter expert on privacy issues associated with employee benefits and e-discovery.    
  • You must have substantial experience assessing legal risks relating to data protection and privacy, and identifying and advising on practical, compliant ways to mitigate such risks.  Demonstrated excellent leadership ability and experience as a people manager, business acumen, and communication skills also are required for this role.  You must have experience working with senior-level stakeholders and cross-functional teams, and achieving results through influence and collaboration.
  • A JD degree and U.S. state bar membership in good standing are required.  You must have at least 12 years of experience as a practicing attorney, in-house and/or at a law firm, including at least five years of direct, hands-on experience providing legal counseling on data protection and privacy issues to biotechnology and/or pharmaceutical companies.  CIPP certification preferred.
  • Comprehensive understanding of relevant statutes, regulations and guidance is required, such as the California Consumer Privacy Act, California Confidentiality of Medical Information Act, other state privacy laws and breach notification requirements, HIPAA, GDPR, and preferably consumer protection laws like TCPA, COPPA, and CAN-SPAM.  Relationships with other privacy experts in the biotechnology and pharmaceutical industry is a plus, as well as experience working with government data protection authorities.

More Jobs: