Privacy Officer and Associate General Counsel, AARP, Washington, DC

The Privacy Officer and Associate General Counsel is responsible for the following duties:

  • Develop and maintain consumer-facing privacy policies/notices and internal privacy policies and procedures
  • Review existing products, services, and marketing activities to ensure compliance with privacy laws and regulations, as well as organization policies and procedures
  • Perform privacy impact assessments and provide privacy-by-design guidance to ensure new products, services, and marketing activities comply with privacy laws and regulations, as well as organization policies and procedures
  • Consult with business and other members of the Office of General Counsel as a subject matter expert on privacy and data security issues
  • Negotiate privacy provisions in significant transactions
  • Work closely with the Procurement team on reviewing and negotiating contracts.  
  • Collaborate with IT Security on cyber security policies and procedures
  • Conduct ongoing privacy training and awareness activities
  • Maintain the privacy incident response plan and coordinate potential data incident response with Information Security and crisis management team
  • Advise on the procurement and maintenance of appropriate cyber liability insurance coverage 
  • Develop responses to privacy related inquiries from individuals, the news media, privacy advocacy groups, and industry and government regulators
  • Manage privacy-related enforcement actions and litigation
  • Manage consultants and other resources within AARP to advance goals of the privacy program
  • Exhibit AARP Leadership Behaviors in all interactions.

As Associate General Counsel, the employee provides legal counsel and advice on a variety of issues, including but not limited to negotiating transactions and contracts (in addition to the work on privacy provisions noted above), performing legal research, and managing outside counsel.  Portfolio will vary based on experience of the individual and the needs to the organization but may include nonprofit law, political and lobbying, and/or intellectual property.


  • J.D. degree plus a minimum of 8 years of legal experience, including directly related specialized experience in privacy and data security law and policy.  10+ years of experience preferred.  
  • Must be or be able to become a member in good standing with the District of Columbia bar.
  • CIPP and/or CIPM designation preferred.
  • Extensive experience with communication privacy laws (such as CANSPAM and TCPA) as well as best practices and industry self-regulatory codes related to online advertising and social media.
  • Experience directing data incident investigations and remediation efforts, including breach notices.
  • Excellent oral and written communication skills.  Comfortable public speaker with ability to make formal presentations to management and to provide engaging, clear, training for new managers and other staff who may have minimal legal background. 
  • A flexible problem solver and proactive self-starter who can manage a diverse portfolio of projects, rapidly assess situations, and function independently with limited guidance. 
  • A hands-on worker who can not only assess what work needs to be done, but also perform the work (or coordinate the work with personnel with no direct reporting lines to the employee.
  • Highly analytical, can quickly assimilate and synthesize complex information into a decision-making framework
  • Must function with the highest degree of integrity and ethical standards.  Passion for our nonprofit mission a definite positive.
  • Ability to handle multiple, high-level complex projects at one time and high volumes of work on an ongoing basis, with strong attention to detail
  • Must be customer-oriented, approachable, collaborative, responsive, and engaging.  Sense of humor a plus!

Application Submission Information:

Use the “APPLY NOW” button here: