A case of identity verification

In an early episode of U.S. television sitcom "The Office," Dwight is charged with finding cheap health care coverage for staff, but they revolt against the rock-bottom plan. Instead, Dwight decides employees must opt in to coverage and disclose their specific medical conditions, and, of course for those familiar with the show, Jim and Pam write in fake conditions to prank Dwight. 

The "Health Care" episode is Jim Halpert's favorite. Halpert — the real Jim Halpert — has been a privacy lawyer since the mid-1990s. It just so happens a close childhood friend, Greg Daniels, was the head writer for "The Office" and named the character after him. 

"My favorite episode remains the third episode," Halpert said in a 2015 interview. "Part of it is because I'm a privacy lawyer, so I think it's really funny." 

Though a majority of people may know "Jim Halpert" as a fictional character, countless individuals in the privacy space know the real Jim Halpert as a long-time privacy and cybersecurity lawyer. 

The International Association of Privacy Professionals presented Halpert, a pioneer in the field, with a Commendation for Exemplary Service to the Field of Privacy. 

The lifetime recognition, only the second ever issued by the IAPP, was approved in a unanimous resolution by the IAPP Board of Directors and recognizes Halpert's "excellence in the field of privacy," the "countless hours to the development of state and federal programs, standards, and agreements, including groundbreaking work to fashion state-level privacy law," and his mentorship of "countless privacy professionals" for which he modeled "the true spirit of joyful work and collegiality."

In a video interview with the IAPP, Halpert said he "so appreciates the recognition."

Halpert was also recently presented with a Career Achievement Award by the Future of Privacy Forum.

Decades crafting state and federal privacy laws 

In many ways, Halpert's career parallels the rise and evolution of the internet, beginning in the mid-1990s when he started working for the law offices of Piper Marbury, now known as DLA Piper. He spent more than 27 years with the firm, until taking a position at the White House in 2022.

As the internet grew in significance and ubiquity in the marketplace, U.S. Congress responded with a number of early sectoral laws that now form some of the foundations of data protection law in the U.S.

Halpert was part of an early group of forward-thinking lawyers who, under the tutelage of another pioneer in the privacy law space, Ron Plesser, helped draft part of the Children's Online Privacy Protection Act of 1998. He also had a hand in the Digital Millennium Copyright Act and the Communications Decency Act, as well as the USA PATRIOT Act of 2001 and the Controlling the Assault of Non-Solicited Pornography and Marketing of 2003.

"Jim has been a friend and colleague for more than 25 years," said Venable Partner Stuart Ingis, who was part of Plesser's early group of internet privacy law acolytes, which also included Venable Partner Emilio Cividanes and General Motors Chief Privacy Officer Alisa Bergman.

"He was one of the very first internet lawyers, and you can find his input on almost every state and federal internet and privacy law enacted during his career. He was central to the earliest laws passed impacting the internet dating back to the Telecommunications Act of 1996," Ingis said. 

"Back in our Piper days," Cividanes said, Halpert was "there for the advent of the internet and the intersectionality of the First Amendment, copyright and privacy, as reflected in the Communications Decency Act, the Digital Millennium Copyright Act and the USA PATRIOT Act." 

Among the early projects Bergman worked on with Halpert was the Geocities case, which became the Federal Trade Commission's first internet privacy case and acted as a "precursor" to COPPA. "One of the things I got to do when working with Jim was all this research on Geocities and children's privacy," she explained, where "we had the chance to work with the FTC closely on setting the course for strong protections for children online while enabling the internet to grow and thrive."

“In 1996, the great Ron Plesser and I learned from Netscape what a cookie was," Halpert recently explained. “Ron and Bob Belair were among the first privacy lawyers, and their practices were largely focused on marketing, credit reporting and database companies.”

He also pointed out that relatively "few federal privacy laws have been enacted" since the early days of the internet. "I think the internet has introduced way more problems than were anticipated in early laws," Halpert said. The Electronic Communications Privacy Act "updated surveillance law in 1986. COPPA, enacted in 1998, predated social media. CAN-SPAM addressed an urgent problem in the early commercial internet," he said, adding that the “problems laws like CAN-SPAM were trying to solve at the time are much less important now.”

Halpert has also been influential at the state level. A past biographical reference on DLA Piper's website credits Halpert with drafting more than 200 U.S. state privacy, data security breach notification and consumer protection laws.

According to Cividanes, Halpert is "known by many for having led the coalition that helped shape state data breach notification laws." 

Bergman said the coalition was commonly referred to as the "Halpert Coalition" and working on it with him was "the privacy opportunity of a lifetime." 

"His fingerprints are all over legislation" in the U.S., said ArentFox Schiff Partner and Privacy and Data Security Group Co-chair Reed Freeman, CIPP/US. "Each of us has a thing, a narrow line that becomes our focus," he explained. "For Jim, when in private practice, it was state legislation. Jim is a legislative wizard, one of the best I've ever seen. He knows the absolute minutiae of legislative proposals, how they'll likely work in practice and how to manage the legislative process so that what comes out is good law."

The rise of comprehensive state privacy laws

Fast forward to the last decade. In the wake of Europe's passage of the General Data Protection Regulation, the landscape in the U.S. took a dramatic turn when California passed the nation's first comprehensive state privacy law, the California Privacy Protection Act, in 2018. As the dust began to settle, Halpert, while also serving as general counsel to the State Privacy & Security Coalition, stepped into the fray. 

Some of his work manifested in IAPP publications, including an article tracking the attempts by California legislators on "clarifying important ambiguities" in the CCPA. "Ultimately, the Senate leadership will likely need to engage actively for passage of assembly CCPA amendment bills in order for them to succeed in the Senate," he wrote. "However, these initial steps suggest that some legislative clarifications of CCPA requirements may pass this year." 

Mariner StrategiesPresident Andrew Kingman, who worked with Halpert and eventually took the reigns as SPSC general counsel from 2018 to 2021, said, "I remember after the CCPA passed, there were very few folks who had the credibility to put themselves at the front of negotiating some of those clean up bills and really working through some of the more technical issues." Kingman recalls "being on some of those calls with consumer advocates and other groups. He was the one who had the ability to reach across the aisle." 

"Even though some of those calls were sometimes difficult," Kingman said, Halpert has a vast network of personal relationships and "was the one to represent the business community and his clients" to try to make the bill better. 

Another vanguard privacy bill at the close of the previous decade was the Washington Privacy Act. Though it failed to become law after three attempts, Kingman pointed out that Halpert "was instrumental in working through" the act "as one of the main stakeholders." According to Kingman, the WPA's framework "sort of germinated across the country and is now kind of the dominant model." 

In writing about the WPA after its third misfire, Hapert stated, "The failure illustrates the difficulty of passing broad privacy legislation in an environment where both business and privacy and trial lawyer groups are well organized and influential and disagree about key issues."  

Between 2019 and 2021, Halpert wrote or co-wrote 11 articles for the IAPP on various state privacy issues, primarily involving California, but also including the fate of the failed Illinois omnibus privacy bill in 2019 and what passage of the Virginia Consumer Data Protection Act meant for your privacy programs in 2021. 

Telecommunications, the CLOUD Act and international issues

Beyond early internet federal law and state data breach and privacy legislation, Halpert has also been involved in telecommunications and cybersecurity law, advising clients on their cybersecurity programs and counseling on more than 700 security incidents over the years. 

He also weighed in on several international issues. In 2001, Halpert served as the legal advisor for a report of Italy's communications regulator, the Autorita per la Garanzie nelle Communicatione, to the Italian Parliament that involved revisions to the nation's privacy laws. 

In 2018, the U.S. Supreme Court was considering Microsoft Corp. v. United States, a case that involved the extraterritoriality of law enforcement-requested information stored on a server in Ireland. At the time, DLA Piper filed an amicus brief on behalf of DigitalEurope, Bitkom, Tech In France and Syntec Numérique, among others. The case eventually became moot after U.S. Congress passed the Clarifying Lawful Overseas Use of Data Act, which amended the Stored Communications Act and compels U.S. companies to provide requested data to law enforcement when a warrant or subpoena is issued. 

The new law sent ripples across the EU, which had recently implemented the GDPR, and raised alarms for the European Data Protection Supervisor, among others. 

Around this time, Halpert was in Paris working with Denise Lebeau-Marianna, CIPP/E, now head of intellectual property and technology at DLA Piper France. She said there were concerns in Europe about data sovereignty and that the new U.S. law "was really frightening European companies." 

"This is where Jim's presentation to one of our French clients was very helpful because he was speaking in French and providing a detailed clarification of the CLOUD Act in French," she said. In addition to calming some of the clients' concerns about the CLOUD Act, Lebeau-Marianna said Halpert also made several presentations, again, in French, on how to set up a cybersecurity program. 

"It was very interesting to have his input and also for him to make these kinds of comparative analyses on how our cybersecurity laws are implemented within an organization," she said, noting Halpert helped demonstrate how to implement a cybersecurity program and instill a consistent approach for internal policies for clients. 

General counsel for cybersecurity at the White House

Halpert's expertise in cybersecurity law eventually landed him in the White House. In 2022, he was appointed general counsel to the Office of the National Cyber Director. The recently created ONCD was established by the National Defense Authorization Act for Fiscal Year 2021 and headed by National Cyber Director Chris Inglis, who said, "These appointees have brought deep expertise, valuable skills, and crucial diversity to the White House as ONCD works alongside the National Security Council and other partners across the government to advance the Biden-Harris administration's priorities for securing the nation's cyberspace."

In a 2023 interview with the International Trademark Association, Halpert said, "We are a startup—a pretty well-developed startup in the Executive Office of the President, coordinating with many different parts of the government. We've been charged with developing the National Cyber Strategy, and also, other things like coordinating implementation of improved defenses of U.S. government systems, doing extensive outreach to the private sector about cybersecurity, and developing a strategy to expand and improve the U.S. cybersecurity workforce, which is a key employment need. That gives you some idea of what we’re doing." 

In his recent interview with the IAPP, Halpert said, "Yes, I am the first general counsel of the Office of the National Cyber Director, an 85-person office charged with coordinating national cybersecurity defense."

Halpert said he is primarily involved on two policy initiatives, which he finds very compelling: "The first is developing software liability incentives for software developers so that they reduce the number of vulnerabilities in their releases and thereby to make defenders' jobs easier. The second is harmonizing cybersecurity, from basic regulation to free resources, from technical compliance to risk management."

The office is faced with figuring out how to be prepared for future technological and security challenges. "A good example," he said, "is quantum computing, which can easily crack most of the current encryption methods. We need to prepare for that great increase in computing power if we want encryption to be a good defensive measure in cybersecurity." 

In looking ahead, Halpert said, "We're wiser now and may be more careful but there will be more challenges. … I think the privacy and cybersecurity field is more important than ever and that ethical data use has a huge role to play."

'A great friend to the entire bar'

Halpert's influence is not only felt in policy and law, but in his professional mentorship as well. Several friends and former colleagues consistently bring up his kindness and generosity. 

Bergman said, as she was beginning her career, she landed a summer associate position at Piper Marbury, one of the few firms working in privacy at the time. It was then and there that she began working with Halpert, along with Plesser, Ingis and Cividanes. "Jim was always looking for opportunities for me," she said, adding that our team felt more like an extended family. "I helped plan the shower for his first baby," she said, "and Karen and the boys were very special to us." 

"Jim Halpert is one of those rare figures in privacy and cyber law that is equal parts kind and visionary," said Baker McKenzie Partner Justine Phillips. "Jim has a gift that brings altruism together to ignite change — whether it be his colleagues, clients or country. His role as the first General Counsel of Office of National Cyber Director is a testament to Jim pioneering legal issues to protect critical infrastructure and homeland security from cyberattacks." 

Chubb Executive Vice President and Global CPO Maura Caliendo, CIPP/E, CIPP/US, agreed, saying he is a "true pioneer and star in the privacy field." 

"I was fortunate enough to meet him early on in my privacy career when he was leading the DLA Piper Global Privacy Practice," Caliendo said. "He was a guiding light and mentor to me and assisted me with numerous privacy matters spanning legal issues in 54 countries. Jim brings thoughtfulness and great insight to every conversation. He also bridges thought leaders and colleagues which is so critically important in the privacy area." 

Caliendo emphasized Halpert's ability to connect and network among trustworthy people. "I want to call him a bridge. So much of what we do in the profession is fast moving and collaborative. Things are happening around the globe, and you need people you can trust." 

"Jim could be incredibly busy, but you wouldn't know it," Freeman said. "He sets the example, and we all followed it. He's a great friend to the entire bar." 

Mariner Strategies' Kingman is grateful for Halpert's temperament and influence. "I think the thing that sticks out the most to me about Jim and has had the most impact on my professional career is the way he goes about being a lawyer and his natural inclination," Kingman said. "What really comes out is his basic quality of human kindness and a desire to see the good in people, even those with whom he disagrees." 

The other impact Halpert has had on Kingman's professional career "is the degree of trust he is willing to put in people who work for him." Kingman said there "was no sense of ego or feeling protective about turf. He really makes sure people share the credit." 

"The biggest honor of my professional career is when Jim asked me to come back and take over the (state privacy) coalition," Kingman said. "Every day is a 'what would Jim do' day. He will always hold a very special place for me professionally and as a friend." 

Legacies fictional and real

When Greg Daniels, writer for "The Office," first told the real Jim Halpert that he named a character after him, Halpert was concerned. He said none of the characters in the original U.K. version of "The Office" had very redeeming qualities.

But Daniels assured Halpert that he would be pleasantly surprised. Like the real Jim Halpert's career in privacy and cybersecurity law, the fictional Jim Halpert and show became a huge success.

Jedidiah Bracy is the editorial director for the International Association of Privacy Professionals.