The IAPP’s “Profiles in Privacy” series features a monthly conversation with a notable privacy professional to discuss their journey in privacy, challenges and lessons learned along the way, and more.
Dropbox helps people store, organize and share their cloud content and all its workflows, with more than 700 million registered users across 180 countries, but for Senior Director of Privacy Sarah Pipes, CIPP/US, CIPT, FIP, it “really feels like home.”
At the San Francisco, California-headquartered company, which Pipes said is “built around privacy,” she found an “amazing team” and an alignment with privacy values.
“The stance of the company is that our users need to have trust in us, so that comes first. It’s a guiding principle of the company and the privacy team’s voice is really privileged in a lot of conversations,” she said. “I personally don’t have an ethos of go out and break things and try to fix it later. There’s always a default towards precaution when you’re handling really sensitive stuff. We can always add more salt, we can’t take it out.”
Dropbox had already built the foundation for its privacy program when Pipes joined the company in 2019, and she’s since worked to “level up” that foundation. She said privacy principles, like minimum access to user data, are built into the company’s operations and products.
“I spent my first three years here looking at all the different components of the privacy program and making sure we have something that will not fall over easily and that we’re really systematic and strategic about how we apply our resources,” she said.
Pipes has a strong focus on communication in her role, collaborating and learning from other teams — including security, privacy engineering, product counseling, risk and compliance, and government affairs — to ensure they are united on Dropbox’s privacy program and every product meets the company's “high privacy requirements.”
“We’re the privacy team, but then this larger family of teams is the program as a whole and that piece takes a lot of thought and work. It’s time well spent and it’s time that needs to be spent,” she said. “So many teams at a tech company will have some relationship to personal data even if it’s not in their title, so it’s a big part of my job to spot those and cultivate those relationships so they know when to come to us, that this is the type of issue we might want to let privacy know about.”
Pipes, who loved the idea of becoming a librarian in college, said she landed in privacy by accident. At the University of Michigan School of Information, information policy captured her imagination.
Her first role in the field was at KPMG, a Big Four accounting firm where she served as an information protection advisor before becoming a senior manager. She later worked at KPMG Belgium and was in the EU while its General Data Protection Regulation was being drafted.
“I think I was truly lucky privacy was far less popular in 2010 and 2011, so I was lucky enough to work on a variety of problems,” she said. “I got to work with different clients, develop a number of privacy programs and problem solve, had a lot of great colleagues and mentors. That was the quiet years before privacy became really a center of attention, so it was a great way to develop in this field.”
Influenced by her joy of management fostered while at KPMG, Pipes said she shifted focus, looking to pursue management opportunities at tech companies that put privacy first. In 2018, she joined Workday as global data privacy manager, where she learned “what a holistic, mature privacy program should look like,” before moving to Dropbox as head of privacy.
“They are both places that have engrained privacy in the product from day one, so they’ve been really great fits for me within the industry and I get to do all the things I was practicing pieces of at KPMG all under one roof, to build from start to end,” she said. “That’s been really great to have that ownership, and the stability and partnership that goes with that.”
Pipes said she’s learned more about her management style while at Dropbox, where employees have been primarily remote since the beginning of the COVID-19 pandemic in March 2020.
“It’s been a really interesting management challenge,” she said. “I’ve learned a lot about how to be a better manager from working this way. It’s not a butts-in-seats kind of thing, it’s a productivity thing. It’s just so much more valuable in the end.”
She looks forward to continuing to “refine” the foundational privacy pieces in place at Dropbox, particularly as the world of privacy continues to shirt, and legislative and regulatory frameworks evolve.
“The challenge of continuing to demonstrate our strength in privacy is something that’s really important for me, showing our users we are doing the right thing,” she said. “It’s something that is really important for us to keep consistent about as the world keeps changing.”
If you want to comment on this post, you need to login.