As Airbnb's chief privacy officer, Brendon Lynch, CIPP/US, may be managing a privacy program at a younger and much smaller company than at his last gig, but his mission is the same: To build and implement a program that aligns privacy with the business strategy in a way that creates stakeholder trust.
After 16 years at Microsoft as its CPO, Lynch joined Airbnb in January, transitioning from Microsoft's 150,000 employees, multiple business components and a specialized privacy program, to a 5,000-employee company that's still building its privacy team.
“For me, that was quite exhilarating to be spanning everything from the product design and engineering through to the policies and procedures and controls and everything that you need for a modern privacy program, and to be able to go deep into some of that again,” he said.
Now, Lynch is leveraging his experience working with a more mature and comprehensive privacy program to identify areas of improvement and growth at Airbnb, founded in 2008.
“It’s a number of things,” he said. “It’s improving the efficiency of data subject rights processing, for example. It’s working to identify where there might be opportunities for more privacy controls in the product and then the more sort of classic program elements of defining policies where they need to be defined. It’s really trying to be on the forefront of all those shifts and making sure we do that in a way that aligns with our privacy objectives,” Lynch said.
His privacy career began at PricewaterhouseCoopers in London, at the same time Europe’s Data Protection Directive came into force. At that time, the U.S. was also seeing regulatory action in Federal Trade Commission enforcement and privacy lawsuits. Intrigued by the happenings in the privacy space, Lynch accepted an offer to join the privacy practice at PWC’s New York office where he led a joint venture with a privacy scanning technology company, Watchfire, which was subsequently acquired by IBM.
“I felt a real passion," Lynch said. "Working with the tech company, helping to find what the product should be, helping to take it to market in a joint venture scenario. It gave me the passion to get into the tech industry.”
That passion led him to Microsoft in 2004, where he spent nine years as its CPO. It was his time building a privacy solution with Watchfire and his early days of building the privacy program at Microsoft through which he learned, “I do like building things,” Lynch said.
And the opportunity to build programs from the ground up drew him to Airbnb. Lynch said the company's mission is a human-centered one, and privacy is a part of that in a variety of ways.
“What’s intriguing for me was not just privacy being a key component of trust in the Airbnb community, but also recognizing that it’s online and offline privacy. It’s strangers coming together in the real world and that has some unique privacy aspects to it,” he said.
With new laws emerging and enforcement actions rising, Lynch said companies can either be reactive “to every twist and turn,” or they can take a proactive approach that implements foundational needs.
"There’s a strong push for more accountability, for organizations to have risk management practices, mitigations, controls around privacy, and those things seem to pop up in every new law that comes along,” he said. “You can build for that. You can get the foundations in place that, hopefully, can future proof you against a lot of these twists and turns that we see in the privacy arena.”
More broadly, Lynch said data is being leveraged in new ways and used to drive innovation across every single industry. A significant portion of that data is classified as personal data, requiring greater care under global laws. Companies must be able to provide transparency, user control and security.
“I think [data innovation] is a fascinating area for privacy professionals going forward, and you layer on the new technologies that are getting used in processing live sets of data and deriving insights and proposing action – like machine learning and artificial intelligence – and I think that really is in some ways expanding the definition of privacy and of privacy professionals into the data ethics space.”
As he watches trends unfold, legislative changes and the development and implementation of new technologies, Lynch said, “My goal is really to build a program, run a program, that imbeds privacy into the DNA of a business in a way that does future proof against many of those things.”
Beyond building programs that combine new innovations and technologies, Lynch said a career highlight has been playing a role in the growth of the privacy profession.
He was the 2017 IAPP Vanguard Award winner for “exceptional leadership, knowledge and creativity in the field of data protection.” He helped develop the IAPP’s CIPP certification in 2004 and served on the organization’s board of directors, including a year as chairman, and he's proud of helping members of his teams grow as privacy and business professionals.
“I recognize I’ve benefitted a lot from this industry and I really want to help give back and bring others along,” he said. “Seeing people come up through the ranks, take on broader responsibilities — and part of that was empowering them and getting out of their way, guiding them where necessary — that’s really been a highlight for me, enabling others to grow in this arena as well.”
IAPP CEO and President J. Trevor Hughes, CIPP, will host Lynch during the IAPP’s “Profiles in Privacy” series Oct. 5 on LinkedIn.
Photo by Patrick Tomasso on Unsplash