Privacy and Data Protection Counsel

The Position:

The Privacy and Data Protection Counsel will be an incredible asset to Veracyte's Privacy and Data Protection team and will advise our global business teams on a wide range of global privacy and data protection legal matters, and assist in scaling our global program. Reporting directly to the Chief Privacy and Data Officer, this position will lead the Privacy team's review of a variety of agreements, advise on a wide range of cutting edge, complex privacy and data protection matters in the diagnostics industry, including processing genomic data through advanced technologies to support our research, products, and partnerships. This role will also be responsible for directly managing a variety of global privacy operations, projects, and privacy program management needs. 

Responsibilities.

• Advise global teams on a wide variety of privacy and data protection issues relating to our global diagnostics business' processing of personal health data (PHI) under US and EU laws, including HIPAA, GDPR, CCPA, and other state laws, and other data processing activities amongst Veracyte global teams.
• Distill complex legal requirements to provide practical, risk-based advice appropriate for Veracyte's business models, operations and risk profile; create out of the box solutions to scale our ability to provide legal guidance to the global teams through guidelines, tools, training and processes;
• Evaluate personal health data in a variety of forms and understand how data origin, patient consents, data use rights, international transfers, and deidentification/pseudonymization, third-party sharing, data flows, and other attributes determine what laws apply, what contract terms are appropriate, and what compliance requirements arise;
• Manage global large-scale projects, including Privacy team's own projects, and support projects of global cross-functional teams. Execute privacy team projects through project management, including designing the project plan, execution of tasks and deliverables, and managing inputs required from other teams.
• Conduct a variety of privacy reviews, including privacy use-case reviews to determine if new tools, projects, products and data analytics are aligned with privacy and data protection laws, our contractual commitments, and policies; conduct privacy impact assessments and similar reviews.
• Monitor U.S. and global privacy, data, and AI laws for updates, determine applicability to our business, and collaborate on implementing new requirements.
• Negotiate privacy and data protection terms in a wide array of global agreements, including vendor agreements, research collaborations, clinical trial agreements, business associate agreements and data protection agreements, including standard contractual clauses and solid understanding of controller and processor roles.
• Design and implement global privacy operations including GDPR and U.S. privacy impact assessments, records of processing activities, framework mapping to controls and tracking of program evidence and documentation, conducting transfer impact assessments, creating standard operating procedures on a wide range of privacy requirements, and managing privacy operational tools.
• Establish and manage a variety of privacy program requirements and assist with privacy program management, including drafting privacy guidelines and procedures, creating and facilitating global privacy and data protection training, facilitate privacy audits, manage policy review cycles, outside counsel and vendor management, and other program needs.
• Establish cross-functional collaborations with teams to align on data goals and needs of our business, and partner on privacy and data governance solutions to support our global data strategy.

Who You Are:

Basic Qualifications

• In-depth knowledge of GDPR, HIPAA, U.S. state privacy laws and health information privacy and the global privacy legal regime.
• Minimum of four (4) years of full-time experience as a privacy attorney, including two (2) years in-house experience or experience in biotech or life sciences industry. Experience with a broad range of privacy work supporting a fast-paced company. Direct experience advising on privacy legal matters in new business initiatives, strong experience with contract reviews and negotiations, including templates and playbooks, and reviewing and negotiating a variety of privacy and data protection agreements, including GDPR data processing agreements, business associate agreements, data use and transfer agreements, for both customers and vendors.
• Direct experience in establishing, implementing and managing U.S. and GDPR privacy operational requirements, including data inventories, DPIAs/PIAs for sensitive health data, ROPAs, intake review processes, notice and consent requirements, and assisting the business teams in managing their data requirements.
• Proven success advising internal clients on legal privacy and data protection laws in the healthcare industry, including performing data privacy reviews of new products, services, tools and advising on requirements in a practical, risk-based approach; keen understanding of practical risks and ability to offer creative solutions.
• Direct experience advising on and operationalizing requirements for processing of sensitive health data and personal health information; keen understanding of deidentification, pseudonymization and anonymization under GDPR and HIPAA, and in-depth experience advising on data usage rights and restrictions under applicable healthcare privacy laws, HIPAA, CCPA, GDPR and others.
• Project management experience and ability to manage large-scale, multi-stakeholder projects for the privacy team.
• Proven skills and experience collaborating across a wide range of global teams and with a diverse employee population
• Best in class communication and interpersonal skills.
• Advanced legal degree and member in good standing with a U.S. state bar (or international equivalent).
• Best in class communications and interpersonal skills.

Preferred Qualifications

• Experience working as in-house privacy counsel at a life-sciences or healthcare company.

• Strong preference in candidates with understanding of how advanced technologies, AI and analytics impacts legal requirements for personal data.

Your approach to work:

• Ability to take a business and client-focused approach to difficult decisions – including thinking "outside the box" on practical solutions
• Able to engage team members in order to achieve objectives
• Strong prioritization skills, ability to effectively manage multiple tasks and priorities in a fast-paced environment
• Has initiative, enthusiasm, and resourcefulness
• Team player with a passion for collaboration and patient care
• You work hard and want to have fun while you do so. You celebrate wins and remember to enjoy the journey as we grow together and as a company
• You are fundamentally a good partner and a good human

#LI-Hybrid, or #LI-Remote