Donna L. Wilson

Wilson, the chair of Manatt's privacy and data security practice, will take over as the firm's managing partner July 1.

"My election is reflective of the firm's deep interest in tech for its clients," she said. "We offer an interdisciplinary professional services model composed of lawyers and non-lawyers alike. We greatly expanded the practice last year, and this is an area where we will continue to expand."

Her clients include banks, mortgage servicers, auto finance companies, retailers and other financial services providers as well as companies in other regulated industries.

Referring to her predecessor, William T. "Bill" Quicksilver, who will become managing partner emeritus, Wilson said, "I also plan to continue the successful implementation of our integrated model, which started during Bill's tenure, and build on our uniquely supportive culture and entrepreneurial DNA."

Wilson is scaling up in part because of the challenges presented by two new laws: the California Consumer Privacy Act of 2018--it takes effect in 2020--and the European Union's General Data Protection Regulation or GDPR, which came online last May.

Lawyers and clients have largely come to terms with the GDPR, Wilson said, but the new California law is still an arena of uncertainty.

"We fortunately have an office in Sacramento, and our colleagues there were involved in the evolution of the legislation," Wilson said. "The Legislature acted very quickly, so there are ambiguities in the law. There will be challenges."

She said some clients are looking at coming to terms with both laws.

"There are those who have already done the GDPR work and now you have to tell them about the Privacy Act. Some aren't in regulated industries, but they still will need a compliance system," Wilson said. "It's a good thing there's a long lead up to when the law takes effect."

Wilson declined to name clients.

"Our biggest successes are the ones you haven't heard about," she said. "Clients today are so sensitive about staying under the radar."

For an automotive finance company, she counseled officials on their legal and regulatory risks in the privacy and data protection areas in view of the new European Union law and is currently updating those aspects of company policy to comply with what California has enacted.

"Basically we have three buckets of work," she said. "There's risk management, breach response and regulatory investigation. The first, risk, is currently one of our bigger areas. California has been the bellwether on privacy and information security, so I am well-positioned to lead in those areas."

- John Roemer