As part of our Captains of Industry Interview series, Lawrence Brown, Sr. VP Legal, Houston had the good fortune to sit down with CPO and GRO Leader for Macy’s, Michael ‘Mac’ McCullough. Mac is a long-time privacy practitioner, thought leader, and speaker on data privacy management, data risk/compliance, and building trust environments.

As part of our Captains of Industry Interview series, Lawrence Brown, Sr. VP Legal, Houston had the good fortune to sit down with the first CPO of Zeta Global, Benjamin Hayes. In his role as CPO, he is overseeing Zeta’s privacy compliance program, managing privacy integration of its acquisitions, engaging in hands-on privacy by design, and helping navigate the GDPR, CCPA and beyond. It is our immense pleasure to share Benjamin Hayes’ invaluable insights with you. Enjoy!

(more…)

As part of our Captains of Industry Interview series, Lawrence Brown, Sr. VP Legal, Houston had the good fortune to sit down with the incomparable Kristie Chon, Chief Privacy Officer at PayPal. Kristie is a highly recognized data ethics expert and proven privacy thought-leader. It is our immense pleasure to share Kristie’s invaluable insights with you. Enjoy!

(more…)

As part of our Captains of Privacy Industry Interview series, Lawrence Brown, Sr. VP Legal, Houston had the fortunate opportunity to connect with data privacy pioneer JoAnn C. Stonier, Chief Data Officer for Mastercard. JoAnn’s extensive experience in finance, law and technology, coupled with her proven success as Chief Privacy Officer, earned her appointment as Mastercard’s first Chief Data Officer. JoAnn is a highly recognized data and privacy thought-leader, and we’re thrilled to share her invaluable insights with you. Enjoy!

(more…)

As part of our Captains of Privacy Industry Interview series, Lawrence Brown, Sr. VP Legal, Houston had the fortunate opportunity to connect with privacy evangelist Anne Fealey, Global Head of Privacy for Citi. As a proven leader of privacy and information management, Anne is passionate about privacy, the appropriate uses of personal data and the exciting power of data to do great things. Rather than opposites, Anne views these as aligned principles. And her impressive career path with American Express, Prudential and Citi reflect that. We’re thrilled to share Anne’s invaluable insights with you. Enjoy!

(more…)

One of the many high points of JW Michaels is partnering with the most sought after and talented leaders across a range of industries. Recently, Lawrence Brown, Sr. VP Legal, Houston had the fortunate opportunity to connect with privacy icon Orrie Dinstein, Global Chief Privacy Officer at Marsh & McLennan Companies (MMC) and former Chief Privacy Officer at GE Capital. As a proven expert in Privacy and Data Protection Law, Cybersecurity law, Information Governance, Data Analytics, and AI, Orrie shared invaluable insights from his impressive history working with complex organizations in the financial services industry.

(more…)

Guest authors Rita Heimes and J. Trevor  Hughes share their expertise about the rise of privacy and personal data as a job skill. Information privacy practices can promote trust, and in turn enterprises collecting and using data have a fiduciary duty to their customers to use their data ethically and to the customers’ benefit. Heimes and Hughes of IAPP, an International Association of Privacy Professionals, bring invaluable insight on just how valuable information privacy can be to consumers and enterprises.

With the California Consumer Privacy Act deadline fast approaching, we’re thrilled to welcome a relentless advisor of consumer privacy, data security and identity protection, Tracy Shapiro, Partner DLA Piper, as our guest author. Tracy’s insight into privacy protection is invaluable and her article is a must-read for companies and consumers alike.

As the FTC kicks off its hearings on Competition and Consumer Protection in the 21st Century in Washington DC, it is the perfect time to welcome Tim Sparapani, Founder & Principal of SPQR Strategies, PLLC, as our guest author. Prior to launching SPQR Strategies, Tim served as the first Director of Public Policy at Facebook and in recent years has served as the VP of Policy, Law and Government Affairs for the Application Developers Alliance and continues to advise start-up tech companies on a wide range of policy matters. Tim’s insight into privacy and policy are invaluable and his article is a must-read for companies and consumers alike.

The FTC’s Opportunity

Newly-minted Federal Trade Commission Chairman Joseph Simons and the FTC have given the Commission a rare chance; which is the chance to break truly new ground to help consumers with the most pressing privacy problems. The Commission is seeking to replicate the influential hearings from two decades before held by then-FTC Commissioner Bob Pitofsky. Those hearings built a record that guided prudent policymaking and enforcement actions by the Commission in the time since. By holding a series of hearings this fall concerning Competition and Consumer Protection in the 21st Century, the Commission has a chance to step back and rethink its goals with respect to what’s working and what’s not in our economy with respect to technology policy generally and privacy specifically.

My unsolicited advice to the Commission: Go Big and Go Broad!

While the Commission has worked hard to pick meaningful cases for enforcement actions, it’s no secret that the Commission is resource constrained. Given those constraints, the Commission has unfortunately ignored important violations of the law or abuses of consumers’ privacy. It has quite logically chosen to build its privacy and security jurisdiction consent decree-by-consent decree, typically choosing to bring actions against either fraudsters committing egregious violations of the law or the highest profile companies. The former cases are slam dunks, usually quickly resolved for the public’s benefit, and the latter cases — typically targeting the world’s best-known tech companies — are premised on the heretofore correct assumption that the press would broadcast those investigations and consent decrees around the globe so that all other companies would be put on notice about what constitutes a privacy or data security violation.

Those choices were reasonable but they have left too many privacy and security abuses unchecked, keeping consumers too often exposed. A change in direction could and should be inaugurated by these hearings. There’s a ton for the Commission to do as it builds a record for broadening and redirecting its enforcement actions.

Here are some recommendations for the Commission with how to use these hearings.

Broaden the Lens and Broaden the Consumer Benefits

Every company has data so broaden your focus from Uber, Google, Facebook, Amazon, Apple and Microsoft. It’s been true for two decades now; in addition to producing whatever goods and services a business is offering for sale, that business also has consumer data that it collects and that deserves protection. Anyone who doubts this ought to look at the size of the membership — tens of thousands now — of registered members of the International Association of Privacy Professionals. It’s an important signal. Every company has a Privacy Officer now but the problems stemming from data misuse aren’t limited to just traditional tech companies. Since every company has data responsibilities, the FTC cannot always limit its efforts to protect consumers to the same handful of companies that are internationally known tech companies.

If consumers are giving their data to dozens, if not hundreds of companies in any given year, does it make sense to solely, repeatedly focus all efforts of the Commission on just a handful of companies? Don’t consumers deserve protections from misuses of data from all the companies who might obtain their data? If the Commission broadens its focus surely the benefits to consumers will grow commensurately from a broader policing of companies.

Broaden the Review of Harms

Just as every company is now a consumer data engine that needs to be policed, the list of harms to consumers from all those companies is growing and those new harms deserve scrutiny. Everyone truly fears a broader set of harms than the Commission is addressing. A too-careful focus on data security and data breach or ad tech privacy issues misses all the real, emerging threats to consumer data from misuse of consumer data.

New harms are emerging in the digital age. Three examples of these emerging harms prove this point. The Commission ought to take testimony about those harms and take actions to prevent them from harming consumers before those harms from misuse of consumers’ data become commonplace. Data brokers are buying and reselling consumers’ data without providing any recourse to consumers who will have no idea their data has been sold, to which companies it has been sold, or what the potential consequences to them are from those sales. The Commission needs to take action to prevent the misuse of genetic information to prevent people from being insured or employed. Similarly, price discrimination that forces some consumers to pay more than others for the same goods or services deserves scrutiny and action by the Commission.

In short, the FTC has an important opportunity to rethink and reframe the Commission’s efforts in the digital age. If the Commission embraces the opportunity and thinks more broadly, these hearings will have even more consequence for consumers than did those that these hearings were modeled after.

About Tim Sparapani and SPQR Strategies

Founded by Tim Sparapani in 2011, SPQR Strategies is a full-service strategic consulting firm that offers customized, high-quality solutions to a growing list of prominent Fortune 500 companies, including GE, Google, Intuit, Kayak and Syniverse, as well as many startup companies, such as Bytes Media, Caremob, Hero, Koozoo, Quizlet, Spend Consciously, Womply and Xcinex. In addition to many of these multinationals and startups, SPQR advises a leading technology trade association, CALinnovates, as well as two privacy advocacy organizations, the Family Online Safety Institute and World Privacy Forum. Additionally, SPQR previously provided support to the Application Developers Alliance. To learn more visit: http://www.spqrstrategies.com.

With the rapidly moving privacy world and new spotlight on legal, regulatory and ethical considerations, we’re thrilled to welcome privacy veteran Leigh Feldman, Managing Director & Head of US Privacy at Promontory Financial Group, an IBM Company, to weigh in as our guest author. JW Michaels VP of Legal, Lawrence Brown will be joining Leigh live at IAPP KnowledgeNet to continue the conversation on what to expect from organizations moving forward and discuss the skills/experiences candidates need to be ready to move into newly created privacy opportunities.

Privacy in 2019, Moving Beyond Compliance and into Digital Ethics

Privacy and the ethical use of personal information entered the forefront of public consciousness in 2018. With developments like the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act, as well as the emergence of new threats arising from the collection, use, and sharing of information, the challenges of data processing in today’s information age have never been more apparent.

As organizations continue their digital transformations and expand product and service offerings, those that have robust privacy programs and emphasize ethical data use will achieve greater returns on investments in new technologies, products, and services. The vastly increased penalties under GDPR and greater risk of reputational damage alter the privacy risk analysis, making privacy much more central to good business operations – beyond risk mitigation and regulatory compliance.

We expect organizations will face increasing market and compliance pressures to demonstrate ethical treatment of data as the public and regulators grow more sophisticated in their approach to data privacy issues. Ethical considerations move beyond what is legally or technically possible into questions of morality, bias, discrimination, human rights, and societal harms. The wider and deeper collection of data and deployment of more advanced technologies such as artificial intelligence will continue to be competitive advantages. However, the ability to optimize the collection, use, and sharing of personal information in an expected, appropriate, and ethical manner will emerge as a competitive advantage as well.

Organizations that can be effective and efficient on issues such as transparency, choice, risk assessments, cross-border data movement, and personal data management, including retention and deletion, will be able to more quickly launch new and modified products and processes. Organizations that have more mature privacy programs will be better positioned as trusted information stewards and to reap the economic rewards of the data age.

In response to these rapid changes in the privacy landscape, we believe organizations across multiple industries will need to establish new mechanisms to address emerging digital ethics issues brought about by new methods of collecting, using, and sharing personal information, broader public awareness, and increasing regulatory scrutiny. The result will be a shift in how organizations approach privacy. Beyond just legal compliance, organizations will begin to see their privacy programs as business competencies that must be matured to support customer expectations, innovation, and growth.

ABOUT LEIGH FELDMAN
Leigh Feldman is a managing director at Promontory Financial Group, an IBM Company, where he leads the U.S. privacy practice within the firm’s global privacy and data protection practice group. Leigh has been in the privacy space for over 15 years, advising on all aspects of information collection, use, and sharing. He was previously the chief privacy officer at Citigroup, American Express and Bank of America, and chief privacy counsel at Merrill Lynch.