This year's survey finds law firms still tops
Jay Cline Computerworld February 3, 2011
Who are the best people and firms at providing privacy advice? It's a question I've been asking since 2006, before privacy was cool. Since then, a plethora of new privacy rules and penalties and a tsunami of new technologies and risks have placed privacy among the top handful of corporate concerns. Doing privacy wrong now takes a bigger bite off the bottom line than it did when I first started asking this question. So have the answers changed?
Not when the question is which type of outside privacy practice you prefer. Lawyers are still the top choices, with law firms grabbing six of the top 10 spots in the survey. And for the fourth consecutive time, Hunton & Williams garnered the most votes. This may be a case of success breeding more success: Hunton attracted more than twice as many votes as its nearest challenger.
Second-place Morrison & Foerster still is highly regarded, followed by Foley & Lardner and Privacy & Information Management Services. Hogan Lovells and Covington & Burling round out the law firms ranking in the top 10 of all firms.
What does this say about the corporate privacy agenda? Two things, I think: Regulatory compliance is still the first step to take for many companies, and the firms that were the best at assisting with this first step five years ago are still the go-to destinations for in-house privacy officers.
Other firms gaining ground
Even though law firms took six of the top 10 places, that was down from the last survey, in 2008, when they accounted for eight spots. Indeed, consulting firms now account for half of the top 12.
Which were the top consultancies? As in past years, it was a mix of large audit and accounting firms, such as PriceWaterhouseCoopers and Ernst & Young, and boutique shops.
The stronger showing of consultancies may reflect the emerging consensus in the privacy profession that doing privacy right is bigger than regulatory compliance. Particularly for industries such as healthcare and technology, which involve an intensive use of personal information, creating privacy-friendly products and services involves meeting customer and social expectations. "Organizations need to 'do' privacy better, faster and cheaper," noted Brian Tretick, managing director for Athena Privacy, a new boutique firm. "That means more formal, repeatable processes, automation and active monitoring."
The survey also showed that firms may be looking for services beyond traditional advice from experts. New entrants to the list of top vote-getters include service providers, a certification firm and a professional association. Among them:
• San Francisco-based Truste is the provider of the popular Web-privacy seal and a number of other privacy-verification products and services.
• Portland, Ore.-based ID Experts and Austin-based Debix provide data-breach response services.
• Toronto-based Nymity provides an information portal for privacy content.
•Seattle-based MediaPro offers computer-based training for privacy and security.
The International Association of Privacy Professionals organizes the best-attended privacy conferences and offers the CIPP certification for the privacy profession.