Q: You’ve built a remarkable career that spans private practice, major technology companies, and global life sciences leaders. Can you walk us through that path?
A: Key takeaway: I’ve followed opportunity, learning, and impact, while being honest with myself about when it was time to evolve.
My career has been less about a rigid plan and more about staying open to opportunities that stretched me. Early on, I benefited enormously from exceptional mentors and leaders who trusted me with responsibility before I felt fully “ready.” I leaned into those moments and learned quickly.
I’ve also been intentional about recognizing when my growth trajectory was flattening. When I wasn’t learning as much or when future opportunities weren’t aligned with where I wanted to go, I recognized those inflection points and it prompted my moves across sectors and roles.
Real life mattered too, however. When my children were born and my wife was leaning in toward partnership at her firm, I made conscious choices to off-ramp from private practice to create more balance while still doing meaningful, challenging work.
Finally, I’ve gravitated toward industries where the work feels purposeful, and where I can be proud of the impact on people’s lives. That sense of contribution matters to me, and it’s something that genuinely helps me sleep at night.
Q: What drew you into privacy law?
A: What I love about privacy is that no two paths into it look the same. For me, the spark came when GDPR was emerging and I was working at a global technology company with significant European operations. At the time, there was one privacy lawyer, the company’s CPO, supporting the entire organization. I saw both the strain on that role and the opportunity to step in and help my business partners navigate a completely new regulatory landscape. I leveraged my background in corporate and M&A work to expand into privacy from a commercial and operational lens, supporting issues ranging from cross-border data transfers and DSARs to contract structures that enabled compliant processing under GDPR. The questions were complex, multidisciplinary, and constantly evolving. That combination drew me in, and eventually led me to focus on privacy and data security full-time.
Q: Moving from a law firm into an in-house role can be a major shift. What did you expect that move would be like – and what was the reality?
A: In private practice, you work across many clients and industries, often without the ability to fully immerse yourself in how a business actually operates day-to-day. What attracted me in-house was the chance to go deep and understand a single business, wear both a legal and business hat, and partner closely with internal teams on issues that directly affected outcomes.
That expectation proved accurate, but the reality also came with surprises. In-house, not every question is a legal one. Often, it’s about operating in gray areas and understanding risk tolerance, tradeoffs, and mitigations. One early challenge was shifting mindsets and helping business partners see legal not as a last-minute checkpoint, but as a value-add partner that can help get to yes. That trust takes time, especially if prior experiences with lawyers felt purely restrictive.
Q: Looking back, what do you wish you had known or done to better prepare for that first transition in-house?
A: I wish I had given myself explicit permission to spend my first year learning about the company and business deeply and intentionally. Understanding the business model, the key stakeholders, how decisions actually get made, and where the real pain points live is foundational. That context makes legal advice far more practical and trusted. In hindsight, investing early in relationships and listening would have paid dividends even faster.
Q: How would you contrast the role of law firm counsel versus in-house counsel? Are they really different functions? How so?
A: They are complementary, but distinct. Law firm counsel bring an invaluable outside-in perspective – benchmarking, pattern recognition, and insight into how others are approaching similar challenges. In-house counsel, by contrast, have a constant pulse on business priorities, risk appetite, and strategic goals. That context allows them to translate legal analysis into actionable business guidance. The best outcomes happen when those two perspectives work together seamlessly.
Q: How has your leadership style evolved across very different corporate cultures?
A: My leadership style has become more adaptive and situational over time. What works in a biotech research environment isn’t identical to what works in a diversified manufacturing or newly public company.
Across all settings, though, a few constants remain:
I’ve learned to meet teams where they are, while still setting a consistent bar for rigor, integrity, and partnership with the business.
Q: What have you learned about balancing strategic leadership and hands-on legal execution as your remit has expanded?
A: As your remit expands, you can’t do everything yourself, but you also can’t lose touch with the work. I’ve found the balance lies in staying close enough to execution to understand risks and realities, while empowering strong team members to own outcomes. Strategy without grounding doesn’t work; execution without vision doesn’t scale.
Q: What do you see as the most critical skills to develop in rising privacy leaders who want to move into executive-level roles?
A: If you want to move into an executive-level role, you need to wear not only your legal hat, but also your business hat. This requires excellence in the following critical skills:
Privacy leaders who succeed at the executive level understand why the business operates the way it does and tailor solutions accordingly.
Q: Privacy often requires influencing without formal authority. There are a lot of people in departments not reporting to privacy that must collaborate to achieve objectives. How have you built alignment with product, R&D, and compliance leaders across different sectors?
A: Alignment starts with understanding incentives. Product, R&D, HR, IT, Cybersecurity and compliance teams each have different pressures and success metrics. I focus on learning their goals first, framing privacy as an enabler rather than a blocker, and offering practical paths forward. When people feel heard and supported, collaboration follows. Your role is not to say yes or no, and act as a gate keeper; rather, your goal needs to be a trusted partner and advisor that helps get to YES in a manner that manages and mitigates risk.
Q: How did you go about earning trust from technical and business teams early on, especially during organizational transitions?
A: By being curious, responsive, and consistent. Early wins matter, but so does saying “I don’t know yet” when that’s the honest answer. A mentor once told me that you can waive the “new hire” flag for 1 year. Do it often as you learn the business and risk profile of your clients. Remember, trust is built through follow-through and transparency over time.
Q: How did you overcome the “not from this industry” barrier?
A: I never pretended to know what I didn’t. Instead, I leaned into rapid learning, asked good questions, and partnered closely with technical and business experts. I also focused on my ability to jump into new challenges, get up to speed in an efficient manner, and leverage my analytical and reasoning skills to overcome any gaps with industry experience.
At the end of the day, experience across industries translates surprisingly well when you focus on fundamentals: risk, governance, incentives, and execution.
Q: How did you prepare yourself to quickly understand the business and regulatory nuances of each new sector?
A: I start with:
From there, I build context through stakeholders and established processes within the business. That gives me an idea on where we have strengths, and where we have opportunities, and how I need to deploy my resources to address material risks.
Q: What advice would you give to privacy professionals who want to make a similar industry jump?
A: Don’t oversell familiarity. Oversell adaptability, judgment, and learning velocity.
Q: How do you see privacy’s role evolving as more healthcare and life sciences organizations deepen their use of AI, data analytics, and connected devices?
A: Privacy is becoming inseparable from product design, AI governance, and data strategy, especially in healthcare and life sciences. The focus is shifting from compliance alone to accountability, transparency, and risk-based decision-making. Privacy will need to partner closely across functions and businesses to ensure data is processed in compliance with applicable laws and data subjects’ expectations, but also ensure it doesn’t become a blocker for the business. Setting the appropriate processes and risk thresholds in place will ensure that privacy’s role is an enabler and at the table early, rather than a blocker that is ignored.
Q: For attorneys considering a shift from a law firm to an in-house role, what should they realistically expect?
A: More ambiguity, deeper impact, fewer clear lines, and far more influence if you earn trust.
Q: What strategies helped you build credibility quickly when joining a new company or industry?
A: Listen first. Deliver consistently. Be practical.
Q: What are the hallmarks of a privacy leader who thrives across both regulated and innovation-driven industries?
A: Judgment, humility, adaptability, and strong communication.
Q: Looking back, which professional risk or career decision taught you the most?
A: Leaning into stretch opportunities and surrounding myself with strong mentors and champions. Growth rarely comes from playing it safe.
Q: What has surprised you most about the evolution of the privacy profession over the past decade?
A: Privacy today sits at the intersection of trust, technology, and business strategy. Privacy professionals who embrace that reality, and who stay curious, will shape the future of the profession.
Introduction & Background Q: You’ve had an extraordinary career spanning the privat...
Read More
David Sclar is a seasoned in-house counsel and Harvard Law School graduate who has spent ...
Read More
We’re pleased to share our 2025 Privacy (Legal) Market Compensation Guide, offering a c...
Read More