The IAPP's "Profiles in Privacy" series features a monthly conversation with a notable privacy professional to discuss their journey in privacy, challenges, lessons learned along the way and more.
Harriet Pearson, CIPP/US, became a pioneer in the privacy space and earned many accolades over a storied career in privacy and cybersecurity by taking chances, making an impact and being the first to reach an accomplishment.
As the first chief privacy officer in the Fortune 500, Pearson has been named North America's "Legal Innovator of the Year" by the Financial Times and "Cybersecurity and Data Privacy Trailblazer" by the National Law Journal. She is also a recipient of the IAPP's Vanguard Award.
Pearson was at IBM in 1996, she said, when the technology company asked her to handle the "hard problem" of developing the company's "policy positions and strategy on privacy given the emergence of the world wide web as a platform for commerce and consumer engagement." Pearson jumped at the opportunity.
In 2000, IBM appointed Pearson its first CPO.
"It really spoke to what people were talking about and were interested in at the time," said Pearson. "The title, the job, the work has proven over the last 24 years that there's more than enough there for it to be a profession and to be something much bigger than a single person can do in a couple of days."
Pearson led the adoption of IBM's inclusion of genetic information in its privacy and nondiscrimination policy, and said the company was among the first to post an online privacy policy. During her time at the company, she testified before Congress and represented it at the White House and before regulators, both nationally and internationally. In 2006 she was named assistant general counsel with responsibility for cybersecurity law in addition to her CPO duties. Previously she held executive roles in other areas, including government affairs, human resources and communications.
"What I really got a lot of satisfaction from and what kind of became my stock in trade, was tackling hard problems that no one had worked on before. Figuring out, what's the issue? What's the problem? What good can we do here? What can we do that's a win, win, win, win all the way around? I became very good at that," she said.
By 2012, Pearson had developed a "significant interest and expertise" in "privacy's first cousin" — cybersecurity — and decided to apply the first-hand insights she gained working with a major technology company to other industries. She joined the law firm Hogan Lovells as a partner, launching the firm's cybersecurity practice and advising many companies in the aftermath of some of the most high-profile cybersecurity incidents.
"Every industry, every company, is a technology company in some way, shape or form," Pearson said. "They're using it to transform their businesses, they're using it to engage consumers, and technology inherently brings with it the challenge of how do you make it secure, how do you manage data and respect privacy?"
She left the firm after 11 years and spent a year serving as executive deputy superintendent and head of the cybersecurity division at the New York Department of Financial Services. She played a prominent role in updating the department's cybersecurity regulation and implemented resources to assist businesses with compliance.
Outside of work, Pearson and her husband restored a 114-year-old theater building in West Virginia's Eastern Panhandle.
"Just an hour away from Dulles Airport, the historic Shepherdstown Opera House now hosts live music, film and more," she said. "Having a focus like this, so different from my professional work, is a wonderful way to build community in a different way while experiencing the arts."
Now, returning to the private sector after government service, Pearson is reconnecting with the privacy and cybersecurity community, creating Axia Advisory to assist organizations in cybersecurity policy and compliance.
"The community of professionals in privacy, security and AI governance, what we all have in common is that we're all working on super cool, super interesting and important issues that are pretty new and cutting edge. And when you're working on new and cutting-edge things, it is even more important to have a network and a community that you can look to for support and guidance," she said. "So, I am reengaging with the community to see where I can apply my learned experiences and capabilities in a way that's helpful."
It's a community Pearson helped to establish. In her early years at IBM, she began connecting with other pioneer privacy professionals, gathering for coffee and conversation. They decided to get together regularly and organize more formally, creating what became the IAPP.
Alongside the relationships developed, playing a role in forming the IAPP and serving on its board of directors for a decade is "one of the highlights of my career," Pearson said.
"I remember in strategy discussions early on, we were thinking, what would the membership be of this association. And I remember I was always one of the ones who would say, 'huge.' There is no limit," she said of the IAPP, which has more than 80,000 members across 149 countries nearly 25 years later. "It's proven the value of what we do and the need to have a place to go to collect that body of knowledge and help individuals in these roles."
Today, privacy pros are taking on more responsibilities in areas like artificial intelligence and data governance, according to the IAPP's Organizational Digital Governance Report 2024. Pearson said the evolution of AI has led to the need for more professionals "to get involved in establishing guardrails."
"Anybody who wants to be in the privacy area now needs to figure out and get into AI, as well. You need to understand it and not just put your blinders on and say, 'I only do privacy.' Anybody who does that and doesn't look around at security and AI is going to lose opportunities," she said.
Through the introduction of the internet, evolution of cookies and online tracking, development of social media, and advancements in AI, Pearson said the privacy and cybersecurity profession has seen growth in "spurts" and "plateaus."
"It's been spurt and then adjust. Spurt and then adjust. What I see, though, is in other professional fields you can go 35 years in a career and have one or two of these. In privacy, we've had eight or nine in the span of 25 years, so it's like doing a double time dance. It's whiplash," Pearson said, noting legal and regulatory requirements, crisis management and legal issues related to data breaches and cybersecurity incidents are layered on top of these technology-driven changes. "So, it's been constant change. Constant, constant change."
Drawing from her own experience, Pearson offered a tip for success in the privacy profession and all that it encompasses: "Find the hard problems."
"Find the problems that are most vexing or most important to your employer or client and figure out if you can do something about those problems," she said. "One of the single most important success factors is having a sense that you're seeking to work on high-impact problems. And if you manage to do that, and you do it well, that's a really great way to progress in your career."
Jennifer Bryant is associate editor for the IAPP.