Editor's Note: The IAPP’s “Profiles in Privacy” series features a monthly conversation with a notable privacy professional to discuss their journey in privacy, challenges and lessons learned along the way, and more.
As privacy professionals around the world explore their role in artificial intelligence governance, Workday Vice President and Chief Privacy Officer Barbara Cosgrove, CIPP/E, said conversations around the rapidly growing technology and responsible innovation are "of paramount importance."
But at the same time, she noted for privacy professionals, "none of the other fundamental privacy issues have gone away."
"We still have to focus on the free flow of data, trusted cross-border data transfers, evolving our privacy by design programs, and that we are watching regulations that are changing around the world," said Cosgrove, who is currently serving as treasurer of the IAPP board of directors. "And so, while AI is incredibly exciting, we also have to keep the lights on with our overall privacy programs."
While rapid advances in AI technology, and regulation around it, are attracting widespan attention, Cosgrove said the technology itself is nothing new for cloud-based application provider Workday, which has been building AI and machine learning capabilities for years. Just earlier this month, the company announced its acquisition of HiredScore to provide an AI-powered talent acquisition and mobility solution.
As it has worked to build responsible AI solutions, Cosgrove said Workday has built on the fundamentals long established through its privacy and security programs — to put privacy first, safeguard fairness and trust, and innovate responsibly. Data fuels AI, she said, so from a privacy perspective, it's imperative that continuing to meet security and privacy protections remains a core principle.
"Trust and integrity are at the core of everything we do," she said. "As a company that leans into its core values, that really helped us from the start of our AI journey. Our core values were foundational when looking at how we build things responsibly, how we pull in the right cross functional teams, and how we make sure that we're building functionality in a way that will meet our customers' needs and maintain their trust."
Cosgrove — who joined Workday in 2007 as privacy and security program manager and previously served as chief security officer — played a key role in building the company's privacy fundamentals. She was brought on board to help build out the company's security program, which included privacy, and said privacy is "embedded in all the services we build, any uses of data and any products that we build or deliver."
"We were built in the cloud, and our journey started when the cloud was still new," she said. "It was important to us that our customers trusted how we process their data. I was fortunate enough to be able to help build the privacy and security program when we were still a small company and so it was ingrained in what we did, as opposed to joining a company where you have to significantly change practices. It's just been a part of our culture from the start."
As Workday has grown and privacy regulations have emerged — starting with the EU General Data Protection Regulation — Cosgrove said privacy "has taken more and more of a spotlight." That has also meant a shift in how she operates within the role of chief privacy officer.
"During my tenure when we were a smaller company, my role was very hands on. I was in the trenches building everything," she said. "As we've grown, we now have a fabulous global privacy team. We've also trained people across the company to understand the privacy fundamentals, and act as privacy champions. It has allowed me to be more strategic and forward-thinking. Where do we think privacy is going in three to five years?"
For Cosgrove, privacy brings together all aspects of work she's interested in. Cosgrove began her career in human resources compliance and with a legal degree and college studies in advertising and communications, pursued an opportunity to combine those passions and skills. Working in human resources, she was tuned into employee privacy early on, she said, and when she joined a startup building human resources technology for small businesses, she learned more about security, privacy and technology. Her love of the topics "grew and grew."
"I love the crossover between privacy laws and regulations and technology. How we can take privacy requirements and turn them into easily understood principles that add value," she said. "It's truly something I believe in. It's critically important to be able to respect the privacy of individuals, I consider privacy to be a fundamental human right. But my passion is also looking at how we can still deliver on privacy and enable trusted innovation."
Alongside the regulatory and technological advancements, Cosgrove said it's been exciting to watch privacy grow into a field.
"Originally, privacy was often found as a component in other roles like HR or security. Now people are studying privacy and can choose privacy as a profession, which is such a shift and is super exciting to me," she said.
Working in privacy, Cosgrove said professionals can gain a global perspective across a wide variety of industries, giving them the ability to build upon and transfer a plethora of skills. As they grow as individuals and in the field, she said it's "important to just be willing to reach out."
"Know that many of us who are in these roles now learn from each other, share knowledge and are willing to help mentor and share knowledge with others," she said. "So reach out to people, connect on LinkedIn, go to the IAPP conferences, and have those hallway conversations. Raise your hand at your company to be an AI champion. Those interactions are where you can gain some of the best learnings and form those relationships."