Ed is an accomplished leader in the privacy, policy, and technology fields, with a wealth of experience and knowledge from various leadership roles. He leads Salesforce’s Global Privacy and Marketing Legal Team. Ed and his team are responsible for building and overseeing the Salesforce privacy program to keep pace with the latest global developments in privacy and data protection regulation and legislation for Salesforce and its customers.
Previously, Ed held leadership positions at Microsoft, where he worked on both the privacy and government affairs teams. He has been recognized for providing expert guidance on the EU General Data Protection Regulation (GDPR), California’s privacy laws, and comprehensive data protection and data sovereignty measures that have recently passed in many other U.S. states and foreign countries, including China, India, Japan, Brazil, Argentina, Russia, Canada, Kenya.
Prior to joining Microsoft in 2014, Ed honed his skills as an attorney at Alston & Bird’s Washington D.C. office, where he specialized in privacy law and covered a diverse range of other legislative and public policy issues. He was part of a team led by former Senate Majority Leaders Bob Dole and Tom Daschle.
Q: What does Salesforce do?
Salesforce builds business applications that empower our customers to confidently harness the power of data, AI, and trust to connect with their customers in new ways.
Q: And tell us about your background path to your current role.
It was natural for me to gravitate towards protecting privacy. I’ve long been interested in protecting people’s rights. Privacy is a fundamental human right that is necessary to preserve other important rights, including life, speech, and freedom from discrimination.
This is why I have sought out privacy roles at service provider companies. At Salesforce, trust is our #1 value, and our business model is centered around protecting data, which allows me to lean into protecting and advocating for privacy.
My career has always straddled law and policy. This is where privacy sits. Privacy is an established legal field with clear global standards that must constantly evolve to address technological and societal developments. I love that privacy is fluid in this way. It means that privacy will always be relevant.
Q: I’ve seen the Salesforce commercials about AI and trust. When can we expect to see you featured in a CRM commercial?
I love those commercials, but am very happy not to be in them. Matthew McConaughey has been a personal hero of mine since his Dazed and Confused days. He is as good as it gets.
It’s so great that those commercials are played during big events that my family watches together. My kids get excited every time they come on. It’s nice to see my kids proud of where I work and what I do.
What’s best about those commercials is they demonstrate that privacy is a competitive differentiator. We in the privacy community have long argued that privacy drives value for business, but it can be challenging to convince C-Suites of this. Salesforce has long been an advocate - and now I believe that other companies are, too - and that means a lot.
Q: Tell us about your transition from BigLaw to in-house. How would you explain the different functions to someone? What skills are prioritized in-house that aren’t trained for in BigLaw? What surprised you as you made the transition?
It is not an easy transition, particularly from BigLaw to tech.
The hardest thing to learn is that you don’t get credit for doing everything that comes across your desk. In fact, it’s often the things that you strategically choose not to do that get you the most credit.
When you’re in-house, you have to focus on driving impact and value. If what you’re doing could easily be done by ChatGPT or other lawyers, then you need to change what you’re doing.
Q: What is the most challenging project you’ve worked on? How did you successfully manage it?
Regulatory engagement is challenging, but it can also be a huge opportunity.
At Salesforce, we selected the French CNIL as our lead EU regulatory authority. The CNIL is known as one of the strictest global privacy regulators. As such, we have had to work harder than other companies to meet their high standards. On the flip side, this work and our learnings from the CNIL have helped us to positively differentiate ourselves based on our privacy-centric approach to innovation and AI.
These days all organizations must use the latest tech products to stay relevant. As such, I would encourage every organization to similarly lean into regulatory engagement. Technology and data laws are becoming stricter. Staying proactive and anticipating developments is a huge business advantage.
My team constantly engages with our customers to share our learnings so they can leverage our expertise to confidently use our products and services in-line with regulatory trends.
Q: “Privacy” is sometimes used in the specific sense but sometimes as an umbrella term for several concepts that might include privacy, cyber, data governance, trust, and safety, etc. What is the difference between these areas?
I view privacy and data protection as being the most important concepts for cloud service providers like Salesforce to succeed.
I recall a time when customers were hesitant to put their data in the cloud. Their primary concern was whether their data would be protected. Fear of the cloud seems quaint today. By prioritizing privacy and data protection, I believe that fear of enterprise AI services will also seem quaint in a couple of years.
That isn’t to say that the other concepts you mentioned aren’t also important. Certainly, cybersecurity and safety have to be balanced against privacy interests, but we must do so with a customer-centric view that keeps customers in control of their data.
And strong data governance is critical for properly addressing all of these concepts. Companies need to know their data and have strong processes in place so they properly balance the concepts and make sound decisions around data handling. Salesforce’s products, particularly Data Cloud, can help with this.
Q: How do you approach navigating the diverse landscape of privacy regulations and ensuring compliance across different regions?
I rely on my global team. While GDPR has set a global standard for privacy and data protection, even identically worded laws can vary significantly based on local culture, custom and jurisprudence.
As such, there is nothing more important for ensuring global compliance than having privacy professionals who come from and are based in our key global markets.
For example, even within the EU, I’ve learned from my team that Ireland, Germany, the Netherlands, and France all view privacy and compliance very differently. We take these differences into account when building our global privacy program and global products with enough flexibility to account for different conceptions of privacy.
Q: Everyone is talking about AI. AI is “just” more software code, right? Why is this time different? Why should privacy pros care about AI? What questions should privacy pros be asking?
AI is the most important advancement I’ve seen during my career in tech. Life has forever changed because of AI. Whether this change will be for the better depends on protecting privacy.
If we don’t preserve privacy and build trust in AI, then people and organizations will be afraid to share their data with AI services. Without this data, AI won’t be as safe or effective as it could be. Conversely, with privacy and trust, and the data sharing that comes with that, I believe that AI can be used to solve some of our greatest societal problems.
As privacy pros, we must recognize that preserving privacy is more important now than ever, but concepts of privacy must evolve. AI is necessarily data intensive. Privacy pros must figure out how to apply global privacy laws and standards to protect data and build trust in AI, while also enabling data to be utilized so that AI can be safe and effective.
Q: How is privacy a value add to a corporation? How do you prioritize privacy protection while also supporting the innovation and growth objectives?
The tech sector is betting big on AI, but AI will not succeed unless we protect privacy. Salesforce is all-in on protecting privacy — not just in our commercials, but in the contractual, organizational, and technical protections that we build into our products.
The best way for me to support Salesforce’s innovation and growth objectives is to ensure that the sorts of industry-leading privacy protections that our customers expect and value are applied to our AI services.
Q: Salesforce is known to be generally busy in the M&A space. By the time the public is aware of an acquisition, your team has already made significant contributions to the process. Putting aside any particular acquisition, can you give us an idea of what your team does in the M&A process? What does your team do to get ready for a deal? For integration post-deal?
M&A is a strategic priority for Salesforce, but Salesforce will not sacrifice trust for growth. As such, Privacy has a prominent role in our M&A process.
In particular, my team evaluates potential deals and makes recommendations as to whether deals should proceed and/or if changes need to be made to ensure that our high standards for privacy are met.
This requires my team to have access to all relevant information pre-acquisition, communicate directly and openly with our execs and the execs of the company being acquired, and be involved with integration post-deal to ensure that our recommendations are actioned in a timely manner.
Q: How do you define success for you/your team? How do you work lead/manage your team to achieve those goals?
Success means having an impact both internally and externally.
I aim to put my team in the best position to have an impact. This means focusing our time on work that demonstrates value for the company and/or improves the world.
We still must address day-to-day compliance matters, but we aim to do so through repeatable processes that enable more of our time to be spent on high impact and particularly valuable and complex work. This also tends to be the most fulfilling work that keeps team morale and engagement high.
Q: Collaboration is essential in addressing privacy concerns. How do you collaborate with various teams and departments within Salesforce to embed privacy into product development, marketing strategies, and other areas?
Ensuring Trust is a team sport, and protecting privacy is paramount. Having Trust as our north star means that there will be tradeoffs — just because you can do something, doesn’t mean that you should. The best results can only be achieved through collaboration.
Fortunately, our C-Suite understands the value of privacy and the importance of ensuring that we both talk the talk in our marketing materials and walk the walk in how we build our products. This is evidenced by the fact that our Marketing Legal team reports to me and that the Privacy, Marketing, and Product Legal teams all report to the same executive. Our legal teams are also involved from the inception of our products, so they are designed with trust at the forefront. We are committed to building according to the law and our values and to marketing based on our product truth.
Q: Your team exists across several offices. How do you approach communication, training, mentorship, career development, etc, for folks on your team?
There is no substitute for being together in person and building relationships through shared experiences. Fortunately, Salesforce understands this and makes a point of bringing us together several times a year.
With this solid foundation in place, the rest of the time we utilize Slack to stay in constant communication with one another. I have to say, it is an incredible and powerful tool.
I credit my team for creating one of the most exhaustive onboarding and training programs I have seen in my career. When I have a question about team operations I can almost always find the answer in our materials. I know these materials are also helping our new employees.
We also have a robust mentorship program in which we all participate. I have found tremendous value in this program. It has helped me to gauge where I should be dedicating my time for the greatest benefit to the team. I know the broader team values this program as well.
Q: Looking ahead, what do you see as the biggest challenges and opportunities in the field of privacy? How do you plan to address them?
The biggest challenge I see is fostering trust in AI.
As noted above, privacy is essential for this. Privacy practices must evolve, but privacy protections cannot be compromised.
I will be working with my team to ensure that Salesforce is at the fore in building solutions. Further, as the tech sector is often incorrectly viewed as a monolith, I will be working externally to ensure that privacy is preserved across the tech sector through sound laws, policies, and standards.
Q: How do you plan for those future needs (especially staffing levels)? For staffing, what are your key factors for determining staffing levels? Department budget?
I will be focused on staffing to support the company’s highest priority - delivering trusted AI. This may mean shifting the focus of some current team members. It may also mean bringing in new talent to help us navigate the evolving tech landscape.
Q: What are the key factors you look at in determining your outside counsel?
Here are three key factors that distinguish law firms for me:
Q: Lots of new hiring these days. What is the top 1 or 2 must-haves when you look at a candidate? How much does exactly on-point legal experience matter compared to say project management or ability to craft a simple business solution?
Here are two must-haves:
Legal experience matters and is essential for certain roles. However, non-legal experience is equally important and essential to building a strong privacy team.
Non-lawyers often embody strengths, such as the ability to get to a practical answer more quickly and effectively communicate that answer to engineers, as well as the ability to program manage and build repeatable processes. A good privacy team must have both pros that view privacy through a legal lens and pros that focus on programmatization.
Q: What advice would you give an up-and-coming privacy lawyer/professional?
Privacy is a varied field. Make sure that you pursue work that you find interesting and fulfilling.
This will likely be the work that you’re best at, and that is most impactful for your employer.
It will also be the work that motivates you to keep going. We spend a lot of time at work away from friends and family, so it is important to feel that what you’re doing matters.
Q: What is the top privacy or data security issue that kept you awake at night as a CPO?
Honestly, work doesn’t keep me awake at night. I feel good about where we are as a company and about the work my team is driving. I try to get as much sleep as I can because my work days are fun and action-packed. I love our work and the issues we get to think about and address.
What does keep me awake at night are my kids, but I’m happy to get out of bed to help them, as I know they will only need me for so long.
Q: Anything else you’d like to share?
We’ve covered a lot of substance. It’s all important, but more important is what we’ve just touched on - family.
I love my family. They inspire me to have as much impact as possible through my work. As I’ve noted, it’s important that we feel that what we do during our time away from our families is meaningful and fulfilling. For me, working on cutting-edge privacy issues at Salesforce definitely is.
Ericka Watson is an accomplished leader, ethicist, technologist, data and legal strategis...
Read More
Mark Jaffe leads the Rivian ethics, compliance, and privacy program, which includes ethic...
Read More
Elise Houlik is Chief Privacy Officer at Intuit. In this role, she drives Intuit’s data...
Read More