My LinkedIn course: “Implementing a Privacy, Risk and Assurance Program”

Last week marked the release of my LinkedIn course “Implementing a Privacy, Risk and Assurance Program.” After several months of scripting, editing, rehearsing, recording and finally, waiting, it is satisfying to see my work go live.

Coming as it does at the beginning of CyberSecurity Awareness Month, with the General Data Protection Regulation (GDPR) turning 1.5 years old and just before the California Consumer Privacy Act (CCPA) takes effect, I’m hoping this is a useful offering as businesses worldwide adapt to a new privacy-conscious world.

How has the world changed?

For years, creative entrepreneurs - digital designers, product managers, engineers, marketers - built an understanding of the world using data. The engines of social media, connected mobile devices and cloud storage services powered the world of big data. 

Feeding this data into artificial intelligence models, digital businesses created products that shaped the world. These products, in turn, become sources for more data, which then enabled even more personalized products.

For a time, this was a virtuous circle. 

Consumers got products for free (or cheap); companies got free (or cheap) data they could use to build products. Other companies monetized this model by creating advertising platforms to connect these consumers and companies. This perennial entrepreneurial tree bore the fruit of jobs across the world.

But the data exchange at the heart of the digital economy involves a balancing act. Which way the balance tips depends on the answers to several questions:

• Who benefits more from this collection of data? 
• Who is held accountable if this data is not protected correctly? 
• Who is powerful enough to set and enforce the rules? 
• How does one even begin to set rules for a market that knows no physical boundaries?
• How do consumers make informed decisions about their rights and data?
• How do companies have clarity around the rules so that they do not make mistakes while acting in good faith?

Thought leaders sounded an alarm, but too many in the tech sector behaved suboptimally, and harsh scrutiny followed. Even as it produced wealth for millions, the tech sector went from being beloved to besieged. 

Unlikely allies like former Trump consigliere Steve Bannon and Sen. Elizabeth Warren both agree that big tech is too powerful. Newly empowered regulators are handing out fines for privacy issues like vendors hand out samples at Costco. 

Why are you qualified to help?

I started working on security and privacy when I led an effort to get the ISO 27001 certification for a company called Janrain (now part of Akamai). In the years since, I started the privacy engineering program at Nike, led a similar program at Netflix, and then at Google Cloud. Currently, I lead the privacy architecture org at Uber.

Through all these experiences, I have learned what it takes to build a privacy program at scale. Leading a privacy program at a time when innovation is driven by largely democratized digital disruptors is challenging. Doing so as new regulations - including several at the state level in the U.S - are emerging is especially daunting.

I have made the case to executive leadership for privacy investment, evangelized to engineers and data scientists the need to be disciplined with user data, built products and controls to protect user privacy and spoken extensively on this topic over the years. 

Having worked with the best and then some others, I am still learning and want to share my learnings. 

How will this course help?

If you are a company that derives value from data, you need a privacy program. This course will help you get started.

I have provided a brief history of privacy, and explained how big data could be both an asset and a liability on your company’s IP balance sheet. 

The course explains your company’s obligations in an age where protecting user data is vital. But rather than just a cost, a privacy program can support your board of directors, reduce business risk, improve your work culture and win customer trust.

I then dive deep into operationalizing your privacy program using a two-tiered privacy program.

The first tier of the program, comprised of cross-functional strategic leaders, will set the strategic direction for the company’s privacy posture.

The second tier of the program will implement the details by building tools, artifacts and processes to enable the business in a privacy-savvy fashion.

The course will show that privacy is not merely a discipline for lawyers, but requires equal participation from engineers, data scientists, UX and others in the company. 

You will also need leaders who connect these disciplines with a focus on prioritizing and measuring privacy outcomes. This is my sweet spot: I have typically led teams that form this connecting tissue. Think of me as a Chief Operating Officer for Privacy.

Closing thoughts

If implemented correctly, you will find that your privacy program will deliver benefits and cost savings beyond just privacy and regulatory matters. Multiples examples in the course will show you how that is so.

I am confident you will find it useful and relevant as you improve your privacy and security maturity.  

Check out my course on Linkedin and I encourage you to follow me on Twitter as well.