Practitioner's Spotlight: Interview With Andrew Serwin

• Publication year: 2016

PRACTITIONER'S SPOTLIGHT: INTERVIEW WITH ANDREW SERWIN

In this edition of the Practitioner's Spotlight, we are proud to feature an interview with Andrew Serwin. Andy is an internationally recognized thought leader in the fields of privacy, cybersecurity, information governance, and information sharing. He has handled some of the highest-profile data security incidents and privacy enforcement matters of the last decade.

Andy is the author of Information Security and Privacy: A Guide to International Law and Compliance, and a companion federal and state law treatise. A native of San Diego, he practices with Morrison & Foerster and is the Chairman of the Board of the National Cyber-Forensics and Training Alliance.

Q: Why did you decide to become a lawyer?

A: Most of my family was in the healthcare space, and I knew that wasn't my calling. I had met some lawyers here in San Diego, and just thought that was a better skillset fit for me. And with a political science undergraduate degree, I just really felt that law was my path, although I had no idea what, as a lawyer, I'd be doing. I thought I was going to be a litigator my entire career and just go try cases for a living, and it didn't quite turn out that way.

Q: How did you get into the practice area of privacy and cybersecurity?

A: At the time of the first dot com wave, I was doing some internet content licensing work. And I ran a small political startup during one of the presidential campaigns and really enjoyed the space. And I just I looked at it and thought the internet space is interesting. A lot of the legal fights really centered around intellectual property, particularly on the soft IP side. I looked at it and went sooner or later the old rules will be applied to this new ecosystem in probably a very similar way to the way they apply in the brick and mortar world, with some tweaks perhaps, and I thought those issues would more or less get solved with the application of existing law. But what really didn't have a lot of guardrails around it, or contour to it, was what we were doing with information and what those rules would be. And it seemed like that was a really interesting set of legal issues, and really where the money - through internet commerce -would be because the value of the information. So no one thought that we had business models that solely depend on gathering information as we do now. But I just looked at it and went that's probably where there'll be a lot of really interesting legal issues and that's what I want to do.

Q: You do a lot of work in the area of cybersecurity. What was one of the first matters on which you worked that involved cybersecurity?

A: When the California legislature passed the data breach bill in 2003, we really didn't call it cyber then, but I was working on some of the first data breaches matters at that...