Lauren Phizicky’s legal career began at a time when privacy law was still an afterthought in most law schools. She recalls that “law schools didn’t even have privacy classes,” and the uncertainty and novelty of the field defined her early days at BLG. She remembers thinking that privacy law was “not fully developed yet, people are still figuring it out… Everything’s pretty much a grey zone.” That ambiguity drew her in – she wanted to work where the rules were still being written.
At BLG, Phizicky gravitated toward privacy because many elements were “on the fly,” and the work constantly evolved. Even colleagues questioned whether there would be enough work in privacy, but she saw the writing on the wall and committed to the specialty.
Her first in-house experience at Bell shattered the myth that law firms get all the interesting work. “You get told in a law firm, we get the most interesting work, in-house counsel sends it to us… And then you go in-house and go, oh, no, there’s super interesting work to be done here,” she explains. The proximity to business operations and the chance to build relationships with stakeholders gave her a new appreciation for the in-house role.
The pandemic hit just as she was settling into a secondment at Bell. Within a month, she worked from home, scrambling to evaluate how force majeure clauses affected the company’s commercial and procurement agreements.
When Phizicky joined Lightspeed a few months later, she was tasked with building the company’s first privacy program. The welcome was immediate – “people were just grateful to have a person specifically for this area,” she says. But the transition from law firm to in-house meant learning to prioritize impact over perfection. “You’re going from an environment where everything has to be perfect to an environment where it’s progress, not perfection… perfect is the enemy of done,” she explains. She was trusted to make decisions but also had to know when to escalate issues – a new balancing act.
The ambiguity of privacy law didn’t disappear. Phizicky notes that her time at BLG gave her a “boot camp” in Canadian and international privacy regimes, but it was about translating those rules into practical business decisions in-house. “You have to go, OK, but how are we implementing this in practice? And what is the company’s… appetite for how risky we want to be?” she says. She found that clear communication often defused potential conflicts when she told colleagues about risks: “Sometimes you think… they’re going to be very upset… And the reaction was often, oh, OK, great. I didn’t realize that. That’s good to know.”
After building out Lightspeed’s privacy program, Phizicky was ready for a new challenge. A mentor in the privacy world pointed her toward GoTo, a cloud communications and IT company, where she could join a larger team and help build the product counsel function. The appeal was clear: “I think it would be really cool to… join a team where I’m not the most senior person… to see how someone else leads a privacy team,” she says.
Her current role is as senior counsel, which includes the “product” role alongside privacy, which Phizicky describes as the go-to legal advisor for product teams. She works closely with product teams to answer customer and internal stakeholder questions and ensures legal requirements are embedded from the start. When the commercial team is negotiating and the customer questions how the product functions, she acts as a “resource or go-between,” she explains. At GoTo, she develops and improves the company’s product privacy standard and oversees an annual audit process to keep teams accountable.
She navigates a broad range of legal issues, but she’s learned the value of issue spotting and knowing when to consult colleagues or external counsel. “Maybe you do a light Google search, maybe you reach out to that colleague and say, hey, need a gut check,” she says. She’s careful with external counsel spend and stresses the importance of setting clear expectations: “If you don’t want a 10-page memo… you need to say that… Setting expectations with counsel is important and takes time to figure out.”
Regulatory developments are always on her radar, from evolving telecom rules internationally to the ever-shifting landscape of AI. “The absence of comprehensive AI regulation in North America is creating a circumstance where we need to be adapting based on what customers want and what customers need,” she says. She’s watched customer attitudes toward the use of AI shift dramatically, forcing companies to reevaluate their approach constantly.
AI tools are part of her workflow, but she hasn’t yet relied on them for legal analysis. “We have… an internal version of ChatGPT. It’s great for helping give you a bad first draft, but in terms of legal analysis, I have not yet gone to ChatGPT for that,” she says.
Balancing legal risk and business innovation is a constant negotiation. Phizicky lays out the risks and lets business teams decide how far they want to push, presenting teams the least, middle and most risky option “based on the fact that there isn't always legislation that applies specifically to AI,” she says. Market trends and headlines can shift what’s considered risky overnight.
For Phizicky, the real reward of in-house work is being part of the team from start to finish. She relishes the chance to brainstorm and problem-solve alongside technical teams. “You’re not just… the legal advice. You’re also brainstorming. You also have a good risk assessment perspective, and you have ideas. It’s cool to be invited to that, to have a seat at that table,” she says.