In this Volunteer Spotlight, The Privacy Advisor checked in with Paulina Silva, counsel for Carey’s Intellectual Property and Information Technology Group in Chile.

Silva works on cases involving data protection and technology contracting. Areas within her expertise include negotiation and legal advice on licensing, implementation and maintenance projects, software and web development agreements, electronic commerce, privacy policies and general data privacy assessment. Silva also serves as co-chair to the IAPP KnowledgeNet chapter in Chile. Here, she discusses where her privacy roots began, the nature and details of her work, and where her interests lie within the world of privacy.

The Privacy Advisor: How did you get your start in privacy?

Silva: I had worked in litigation for five years in Chile when I decided I needed to change the focus in my career and do something that appealed to me more. In 2007, I did a [masters in law] at the University of Melbourne and focused on technology. In 2008, I came back home and joined the IP-IT team at Carey, the largest law firm in Chile. I've been working in technology contracting and privacy ever since. However, the ratio of my work between tech contracting and privacy has shifted dramatically in the last five years. Today, I can confidently say that 70% to 75% of my work is just focused on privacy.

The Privacy Advisor: What is your greatest privacy-related achievement at this point in your career?

Silva: One very relevant event in my career as a privacy attorney was to be able to be a part of an experts roundtable before the ministry of economy back in 2014. Several stakeholders from the public sector, private sector, academia and civil society were summoned to discuss in detail a draft bill (“anteproyecto," before it was presented to Congress) that would repeal the current Chilean data protection law — which dates back to 1999 — and dramatically change the face of the privacy regulation. This bill ended up being introduced for discussion before the Senate in early 2017 and is currently in its later stages before the Senate.

The Privacy Advisor: How and why do you volunteer with the IAPP?

Silva: I am co-chair for the local chapter of IAPP and have been in that role for a couple of years now. Along with my co-chairs, we organize a good amount of interesting KnowledgeNets and keep lively conversations via WhatsApp on the issues and challenges we face as privacy professionals in Chile. I have met attorneys and other professionals who I wouldn't have had the chance to meet and get to admire and learn from otherwise. 

Paulina Silva

Also, I believe that we are developing a tight group of people through the local IAPP chapter that is willing to share knowledge, experiences, doubts and generate very healthy debate on a very effervescent moment for privacy in Chile and the world. 

The Privacy Advisor: What’s the most common privacy topic/issue you come across in your work?

Silva: Companies are becoming increasingly aware that Chilean data protection law is bound to drastically change in the not-so-distant future. Many of these companies, therefore, seek our assistance to make sure they will be ready when, in a year or so, this avalanche of new obligations becomes a reality. To give you an idea of the gap between our current law and what looks like the new one, you need to consider that things do not exist today and will come to life tomorrow. This includes a data protection agency, international transfer of data, obligations to implement security measures, breach notification obligations, and automatic processing and profiling. 

Since the final text of the draft legislation is not known, but the general structure is, forward-thinking companies are using the time we still have to understand — with our help — their own data flows, testing those against the current legislation, and making an effort to foresee how that "heat map" from a gap analysis might change if a new legislation is enacted. 

Other areas that we are asked about more and more often are those related to labor law — Chilean law only allows for legal authorization and consent as legal bases for processing — and cybersecurity regarding health data.

The Privacy Advisor: What interests you most about the topic of privacy?

Silva: My interests regarding privacy have changed over time. Today, I'm both fascinated and intrigued by the challenges posed by general project management. It is exciting and difficult. Sometimes it's even frustrating to realize that the role of a true privacy professional goes way beyond a legal opinion on a memo or a fine drafting of a privacy policy. For legal privacy advice to actually be useful and to last in time, one needs to be able to understand organizational issues and change management challenges.

The Privacy Advisor: How do you stay up to date on issues to best serve your clients?

Silva: On the local front, we actively monitor the discussion in Congress of the draft legislations in our area. These are crazy times for bills on privacy. Besides the bill that replaces the data protection law, a bill on cybercrime is keeping us busy along with draft legislation that has been announced by the government on critical infrastructure and a framework cybersecurity law. We like to think we are playing a pretty active role on the discussion of all these matters by appearing as panelists on several seminars, teaching some postgraduate classes, and lately participating in the creation of the Chilean Cybersecurity Alliance. 

Moreover, sharing information and insight with other local IAPP members has been a very useful experience. A growing group of great and very generous professionals has been formed around the local IAPP chapter.

I stay up to date with international discussions reading The New York Times, Wired, the IAPP Daily Dashboard and, when I have the time, some of the threads on the IAPP Privacy List.

Photo by Keagan Henman on Unsplash