Caroline Louveaux is the Chief Privacy Officer at Mastercard. She leads the company’s work at the forefront of the policy, regulatory and legal compliance on privacy and data protection globally. She is a committed privacy advocate and is passionate about the legal and societal implications of new technologies.
Q: It was great to meet you at the IAPP’s Global Summit 2022 and congrats on being featured in the Global Data Review’s Women in Data 2022! Tell us about your background. How did you get to be the Chief Privacy Officer at Mastercard?
Just after finishing law school, I spent a year working as a researcher at the Research Centre in Information, Law and Society (Centre de Recherche Information, Droit et Société – CRIDS) based in Belgium, my home country. Looking back, I think this was a pivotal moment where I realized I was fascinated by the impact that technology has on society and the role that the law plays in ensuring that technology is used responsibly. I then became an antitrust and competition attorney in a big international law firm, advising clients across various sectors. Fifteen years ago, when the opportunity came to dedicate myself to privacy and data protection, I didn’t hesitate. Today, I lead a team of data and privacy specialists across the globe. We of course handle privacy and data protection issues, but we also advise the business on cybersecurity, data portability and open banking, data localization, digital identity, blockchain, machine learning and artificial intelligence. Some of these topics may have sounded like science fiction a decade ago – think about movies like Minority Report or Her – but today it is our reality.
Q: Many people think of Mastercard as a credit card company. What is Mastercard? What does MC do?
Mastercard is definitely more than just a credit card company, it’s a global technology company. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Every year, consumers count on the Mastercard network to transmit 65 billion transactions seamlessly in the blink of an eye. Just as our cardholders trust that the transaction will go through whenever they tap or dip their card, they trust that their information is safe with us.
Privacy Management Best Practices
Q: As the pace of change accelerates and countries and US states enact new laws, what is your strategy for keeping up? How do you avoid having to constantly reinvent the wheel?
While rapid digitization, new regulations and constant innovation keeps us on our toes, our core belief has always been that personal information is just that – personal. And we take great care to ensure it stays that way.
To do so, we have instilled a Privacy by Design culture across the company. Privacy by Design is cutting-edge product innovation centered on the individual. We embed multiple layers of privacy and security safeguards into the design of our innovations to protect people’s data – including through tokenization, encryption and anonymization. Put simply we only collect the minimum information we need to get the job done and we do everything we can to protect it end-to-end. In addition, we employ rigorous standards to ensure the safety and security of data with all of our partners and vendors.
By putting the individual at the center of all we do, and applying the strictest privacy and security standards, we can innovate responsibly in compliance with evolving laws and regulations.
Q: Another type of change is technological - new type of payments or payment systems, currencies, real time payments, the metaverse. What can you tell us about your approach to managing a privacy department/function as new technologies emerge. what core management concepts/strategies will you keep?
New innovations and technologies raise a number of novel — and familiar — questions. Who controls the data in a decentralized world – whether related to crypto, the metaverse or both? How do we protect people against excessive data collection and abuse of their data and privacy? Who is liable when things go wrong?
There are several approaches we take to navigate potential pitfalls. These include adopting a Privacy by Design and Security by Design approach, being guided by a strong sense of data responsibility and providing individuals with transparency and granular controls over the use of their data.
In addition, we participate in discussions that involve a diversity of views and disciplines — from law, security, technology, psychology, ethicists, economists, regulators and the wider community – to make sure we’re addressing the various ethical, privacy and security issues that could arise with the emergence of new technologies.
Q: Mastercard is investing heavily in privacy at a time when some of your peers are struggling for resources. What is the “value add” for a company to invest in and have a strong privacy organization?
For Mastercard, privacy and data responsibility are not a “value add”, these are intrinsic to the value we provide to our customers, partners and consumers around the globe.
If you think about it, data is core to Mastercard’s Corporate Strategy, and our ability to leverage data responsibly is critical to everything we do. We must protect that data not only because we have a legal obligation to do so, but because of the trust it represents. This data is not just Mastercard data; it is the data of our customers, our employees, and the millions of individuals who participate in our network and have entrusted us with their information—whether they’re buying a new book, redeeming a personalized loyalty offer at their favorite restaurant, or tapping their smart phone to pay for their bus fare. At Mastercard, we are clear that protecting people’s privacy and data is foundational to that trust.
This is why we also see our business partners investing in privacy resources and capabilities. They realize how privacy-centric solutions become a key competitive differentiator and a trust driver for our products and services.
Q: The privacy work load has exploded over the last 2 years with no sign slowing. What is your secret for “managing up” that you are able to marshal resources such as headcount and budget?
The world we’re living in today looks very different than it did at the start of the decade, or even 3 years ago. Just look around: hyper-accelerated innovation has led to big changes in our digital ecosystem. Single organizations have millions of digital touch points. On an individual level more data is being collected and shared about us and our families. Think about all the data collected during your online shopping or social media interactions.
As the digital ecosystem has grown more sophisticated, so too have cybercriminals. Supercharged attacked are becoming more and more common. The global cost of cybercrime is projected to reach $10.5 trillion annually by 2025 and the average cost of a single data breach has skyrocketed to $3.86 million, from which organizations struggle to recover.
In the face of such threats, no organization is free from risk. When things go wrong, everyone – individuals, businesses and governments – stands to lose. This is why we take our commitment to privacy, cybersecurity and data responsibly so seriously. It’s not just the right thing to do, it also makes good business sense. My role is to help our business manage these evolving threats, including translating increasingly complex privacy and data regulations into business risks and opportunities that enable our Management Committee and Board of Directors to take informed decisions
We are dealing with some big issues, but the good news is that we are not alone. In fact, we are working together and as individual organizations, to safeguard trust in technology, which is essential to our global digital economy.
Q: No one can accomplish all the tasks of “doing privacy” by themselves. You are based in Brussels, Mastercard is headquartered in New York. The company has offices/operations globally. No one can be everywhere or work 24/7/365. How do you manage across time zones and languages? How has your strategy changes from pre-pandemic days? How has remote/hybrid work impacted your strategy?
Mastercard is a global company, so working across borders, time zones and languages is not new. In particular for me as I am based in Brussels with colleagues all around the globe. The pandemic has therefore not required a 360 change to our strategy but have brought with it some useful adjustments. Let’s say it has been more of an evolution than a revolution.
As part of Mastercard’s commitment to Decency, our people have access to a generous benefit program and flexible work schedules to support work-life balance. As the mother of 11-year old twin boys, I know first-hand the struggle of achieving a work-life balance, particularly when the pandemic forced us to blend some of our home and office roles. There were interesting moments when I was advising our CEO while helping my kids with remote learning throughout lockdown. As of the head of a large global team, I try to lead by example and encourage my team to be open about what wellness means for them and how we can work together as a team to make it happen, in all its different forms. For instance I took a parental leave during the summer 2021 to take care of my family, which was exactly what I needed at the time.
I think making individual well-being a priority has become even more critical since the pandemic, as the lines between work and personal life have become increasingly blurred. Finding what works best means different things to different people, but my goal is to make sure that each person on my team finds the right balance, depending on their personal needs and circumstances. This requires reaching out often and keeping an open mind.
Q: Specifically, you are very successful in driving cross functional cooperation and coordination – both with peers but also down the ranks. What key strategies you focus on for engaging with colleagues (both on your team and on other teams) around the world that has enabled your success?
With a global team, I believe trust is key. It goes both ways: trust people you work with, and make sure you can be trusted. When engaging with colleagues around the world, I also believe in promoting a culture of decency. This means treating others with respect, the way we would like to be treated. A recent Employee Survey at Mastercard returned an impressive result: 95% of our workforce is proud to work at the company and we know that one of the reasons for this is that we are driving a culture with decency at its core. Additionally, one of my strategies is to aim for win-win collaborations. Listening to a variety of perspectives, trying to reconcile different objectives (which may at first appear contradictory) and co-designing out of the box solutions together, this helps ensure “win-win collaborations”. Sharing successes and celebrating together is also key.
Q: Across the industry, there is an incredible wave of new hiring. What are the top 1 or 2 must-haves when you look at a candidate?
We're hiring across the globe. And while there are universal qualities that I look for in candidates, at Mastercard we value diversity. Embracing colleagues who look, act and, importantly, think differently—makes us stronger as teams, as a company and it’s how we guard against our blind spots. So I always look for candidates who bring a diverse perspective and help me understand how their unique life experiences bring value to the broader company. I also value a growth mindset. Having that willingness to learn, to get out of your comfort zone and to adapt to new situations is critical to our individual and collective success.
Q: To your credit, I’ve heard the team at MC flatteringly referred to as ‘privacy university’. With a sizable and growing global team, how have you been able to keep engagement through the covid pandemic period? What is your strategy for fostering personal, professional and career growth?
If we’re known as privacy university, it only makes sense that I encourage my team to never stop learning. I only wish we had the university summer breaks!
As a company, Mastercard provides endless opportunities for employees to continue to grow and refine their skills. From various online courses to mentoring opportunities it’s important that we learn from one another, our experiences, and our failures. This is the only way to continue to better ourselves as individuals and as a team.
When it comes to our team, let me share two initiatives we are taking to foster personal, professional and career growth:
Q: In our experience recruiting for Mastercard, candidates are aware MC has a strong positive culture. What is the Mastercard ‘decency quotient”? How did this manifest during the covid period?
Our decency quotient, or DQ, drives our culture and everything we do inside and outside of our company. Mastercard's Executive Chair, Ajay Banga coined the term “Decency Quotient,” at an employee event as a shorthand for treating others how they would wish to be treated. Decency is a key component of the Mastercard culture and is the foundation of every interaction at Mastercard as well as every initiative, from building an inclusive economy to fostering social equality to ensuring a sustainable future. At Mastercard, we are delivering on the decency quotient inside and outside our walls, becoming a force for good in our communities and the world at large.
And our commitment to Decency extends to how we handle data. This is why we launched our Data Responsibility Imperative, according to which “when it comes to your data, you own it, you control it, you should benefit from its use, and we protect it”. These consumer-centric principles guide all our data practices and may serve as a guide for like-minded organizations as well.
Q: Anything else you’d like to share?
It has never been a more exciting time to be a privacy and data professional. Our work is truly meaningful as we help shape our future by maximizing the benefits of our digital society while minimizing risks for people and society. And I may be a little bias in my response, but there’s no better team and company to work for in this space! Be sure to join our Talent Community to stay up to date on the latest job postings: Mastercard Global Career Opportunities | Technology Jobs
Elise Houlik is Chief Privacy Officer at Intuit. In this role, she drives Intuit’s data...Read More
Meredith K. Grauer is Deputy General Counsel and Head of Privacy at Marqeta, leading a te...Read More
Lorenzo Robleto is an Adjunct Professor at the University of San Francisco, School of Law...Read More