IAPP CEO and President J. Trevor Hughes, CIPP, hosted The Nature Conservancy's Chief Ethics, Compliance and Privacy Officer Michelle Beistle during the IAPP’s “Profiles in Privacy” series April 21 on LinkedIn Live.

On a kayaking trip in North Carolina, Michelle Beistle, CIPP/E, CIPP/US, CIPM, and her family came across what she described as “a bridge to nowhere.” It was a pedestrian bridge surrounded on both sides by wooded land that in the early 1980s was facing development when it was purchased by The Nature Conservancy. The experience inspired Beistle to become a member of the organization.

Now, nearly 15 years later, Beistle is chief ethics, compliance and privacy officer of The Nature Conservancy, a global environmental organization with more than 1 million members and work in more than 70 countries and territories. Since its founding in 1951, “The Nature Conservancy has protected more than 117 million acres of land and 5,000 miles of rivers worldwide — and we operate more than 100 marine conservation projects globally,” the organization’s website states.

“Getting up every day and working for an organization that’s literally saving the planet, it’s nice, and I get to bring my privacy knowledge here,” said Beistle, who came to the worldwide organization in 2019 from information security provider Unisys.

Michelle Beistle, chief ethics, compliance and privacy officer at The Nature Conservancy

From learning about The Nature Conservancy’s effort to raise and study a bison herd, to its management of the destructive wild pig population in Hawaii’s native forests, to its support of sustainable fishing in Indonesia, Beistle said the organization’s work in line with its mission is fascinating and oftentimes intersects with her privacy work.

“The fishing program has privacy aspects because we gather personal information from the fishermen who are part of the program. It’s interesting those kinds of things that we wouldn’t even think personal data might be involved with,” she said. “The other interesting aspect is we do a lot of work with indigenous people and local communities. That is a whole other piece where privacy comes in, and it’s bigger than privacy; it’s ensuring we’re respecting the rights and autonomy of the indigenous people in the areas we work with.”

Beistle, whose background is in law, hadn’t envisioned a future in privacy until around 2010 when she was working as Unisys’ assistant general counsel and attended a professional seminar. During a roundtable discussion, several general counsels from a wide variety of firms were asked what keeps them up at night — each talked about privacy. Beistle’s interest was piqued. 

“I went back to my office and talked to my boss and asked, 'Who is our privacy officer, and what are we doing about this?'” she said. “Two hours later, I walked out as the privacy counsel, essentially.”

She remembers attending an IAPP Summit in those early days of her privacy career during which she “drank from a fire hose,” taking it all in. Within a year, she added the role of privacy officer to her title, then transitioned to counsel and chief compliance officer of privacy and ethics.

“It was an interesting place to start my career in privacy because at Unisys, there was not just a focus on the privacy of our employees and people with whom we did business; we were also selling information security, which through the years had a very clear connection with privacy. So, our privacy program and how we approached it was integral to how we were selling,” she said. “It was really fun to work on both sides.”

At The Nature Conservancy, Beistle has stepped away from selling solutions where privacy is integral and into an integral relationship between privacy and donor relations. The organization has a large donor base, robust marketing efforts and 4,200 employees in 79 countries.

“The commonality is that reputational risk in both of those atmospheres that I’ve worked in privacy is huge,” she said. “For an information and security and IT company that puts privacy first, having a security incident would be detrimental to the reputation. Here, for an institution that relies on donors, many of whom we know a great amount of personal information about as we cultivate this relationship, it would be a huge reputational risk to us if we had a breach and donor information was used in a way that was not appropriate.”

As chief ethics, compliance and privacy officer, Beistle said her role straddles the differing areas. Her team fields everything from technological questions — like the feasibility of geolocation tracking vehicles to evaluate fossil fuel use and explore a transition to electric vehicles — to the marketing team’s targeted advertising efforts.

“Because I have ethics and compliance and privacy, there’s such synergy between those groups, and often they are housed separately,” Beistle said. “The fun part about having it together is you can tie privacy back to integrity every time. I think wearing both hats, it’s an even stronger message, whereas the ethics, compliance and privacy officer when I talk about respecting privacy as being part of our value in integrity in all we do, we have to carry that privacy messaging across all of the organizational functions that we support. I like that part of it.”

She also closely watches privacy’s evolving regulatory environment, saying as a nonprofit, there are some laws The Nature Conservancy is not subject to, like the California Consumer Privacy Act. It is subject to the EU General Data Protection Regulation, and with operations in Brazil, the country’s General Data Protection Law.

“We are always thinking about the end-user experience and making sure our donors, the people we interact with online, that we are meeting their expectations for what they would expect in a privacy-first organization,” Beistle said. “We continue to monitor where there are emerging laws, but because we’re subject to laws already in some of the places that have more stringent provisions, it’s not a huge lift to comply with a new legal regime. It’s more adapting what we have.”

With experience working in a global information technology company and a global environmental nonprofit, Beistle said privacy is an important element, no matter the type or size of the organization.

“So, it’s important to focus there, and I think having that approach where you have a global program that you can adapt is a great model that provides the most efficient and effective way to approach it,” she said. “Ensuring you have an efficient and effective privacy program is really important.”