Within the past few years, privacy consulting has grown into a US$400 million market in the U.S., and at least a dozen American law firms and each of the Big Four auditors have come to boast of a robust privacy practice. But to corporate executives, these consultancies can all sound like they're selling the same thing: the master plan for keeping the company's name out of Computerworld's privacy breach roundup. So which ones can you turn to for the best advice?

That's the question I posed to more than 100 of my fellow corporate privacy leaders last month. It wasn't a scientific survey by any stretch, but some clear themes emerged through all of the responses. What did these chief privacy officers (CPO) say?

Survey Results

First, law firms garnered the lion's share of the votes. This tells me American corporations are still primarily concerned with minimizing legal liability when it comes to privacy and aren't yet focused on meeting the often-higher standard of customer expectations. Among this group, Hunton & Williams stood head and shoulders above the rest. A cadre of firms--Morrison & Foerster, Baker & McKenzie, DLA Piper Rudnick, and Faegre & Benson--tied for second, with a large number of sometimes-passionate references.

What about the audit and consulting firms? Ernst & Young, Deloitte & Touche and PricewaterhouseCoopers captured about the same number of votes, but given the small sample size, they weren't significantly higher than for KPMG. For a list of all of the top vote-getting firms, see the accompanying charts.