How women are leading a human-centered approach to digital governance

Women across government, industry and academia are playing an increasingly central role in shaping digital governance frameworks and strategies.

During a recent panel hosted by the IAPP Connecticut KnowledgeNet chapter, leading female voices in the areas of artificial intelligence and privacy highlighted how the rapid growth of emerging AI-powered technologies are expanding the scope of privacy work while creating new opportunities for women in the field.

Connecticut Deputy Associate Attorney General, Chief of Privacy and Data Security Section Michele Lucan, CIPP/US, CIPM, FIP, said she has noticed the enforcement landscape reflects how women are taking the lead.

"Across attorney general's offices around the country, there are many women leaders in this space, which is something that I had not really experienced earlier in my career," Lucan said. "When I get on meetings with my counterparts from across the country, there are a lot of female leaders, and that is something that is so cool to see, and I really think that is because this is a type of area that provides an equal playing field."

Alongside the important role women are playing within the enforcement space, there has also been a shift within the technical and legal sectors, challenging traditional ideas of what it means to be a successful leader.

Tufts University Privacy Officer and Director of IT Security Compliance Vera Racine, CIPP/US, said when she began her law career, the path to success was to "basically be as close to a man as possible."

"The qualities and skills that women bring were sort of seen as something that needed to be suppressed," she added. "The more like a man you could be, the more likely you were to succeed in that field. And I think the exact opposite should be the message now."

Panelists covered how successful leadership in privacy and AI governance depends on interpersonal and communication skills alongside technical expertise. Professional qualities such as emotional intelligence and cultural competence are becoming essential as governance frameworks become more human-centered.

"At the end of the day, humans are a critical part of mitigating technological risk and the ability to read context and spot issues early and also guide teams' various stakeholders towards a thoughtful path forward," said Afiniti Head of Privacy and AI Governance, Associate General Counsel Kristin Johnston, CIPP/E, CIPP/US, CIPM, CIPT, FIP.

As organizations navigate global compliance obligations and emerging technologies, Box Legal Vice President and Chief Privacy Officer and Global Head of Public Policy Leah Perry noted leadership is measured by the ability to balance innovation with responsibility and to guide organizations through uncertainty with a strong yet compassionate lens.

"I think the world and all industries and areas need more of all the things that women uniquely bring to leadership such as sensitivity, the capacity for collaboration and the ability to help people recognize shared goals and work towards those collaborative opportunities," Perry said. "I think those are really important skills that women uniquely have. And I think: bring your emotion, bring your empathy, bring your sensitivity to your work and to the world, because we need it."

The work in front of them

Privacy and AI governance have become increasingly connected, requiring a blend of regulatory knowledge, technical awareness and ethical decision-making as organizations navigate a patchwork of regulations and the fast-moving landscape.

For enforcers, Lucan said an eyes-wide-open approach is especially important with consumer risks evolving. Particularly with the rise of AI, she said attention to automated decision-making technology is "very important," particularly with "a right to opt out of profiling … in contexts like hiring or education."

"Over the past five years, our work has expanded so significantly, and we really need to be nimble so that we can review all of the issues that we are taking in," Lucan added.

The Connecticut Data Privacy Act, which took effect in 2023, provides consumers with the ability to access, delete, and opt-out of the sale of their data. The law also requires companies to obtain consent before collecting sensitive data and introduces obligations for businesses surrounding transparency, risk assessments, and data deletion and retention.

Lucan said the expansion of privacy laws has required regulators to continuously adapt to new technologies and use cases.

"We are the enforcers of these laws, but we also recognize we still have a lot to learn, and it is very rare that we have a matter coming in that is very similar to what we've already worked on," Lucan said. "We're always reviewing new issues, and we take that very seriously. We do our homework for every single case so that we make sure we understand the technologies that we're looking at."

To combat concerns associated with AI, Connecticut Attorney General William Tong, alongside a coalition of 42 U.S. attorneys general, wrote a letter to AI companies urging them to reevaluate their AI chatbot safeguards.

As the U.S. works to rapidly deploy AI, Lucan noted the "race to be first, especially in the context of chatbots, is really putting kids, health, safety and privacy at risk."

State attorneys general are using the legal tools at their disposal to tackle and mitigate consumer harms, especially in the absence of federal frameworks for AI and privacy.

Box's Perry said states have a role to play, but global initiatives continue to shape expectations.

"I think that the EU AI Act is a forcing function in order to drive a common thread of compliance." Perry said, noting the same scenario played out with privacy when the EU General Data Protection Regulation took force. "You start to see … common threads around transparency, notice, use … and risk assessments."

While AI advancement comes with its own set of challenges, Perry highlighted how AI governance will require ethical analysis as well as technical roles. She said companies must go "steps beyond" legal requirements and recognize "the value system attached to that."

Perry added women in AI governance leadership roles are well positioned to carry the ethics discussion. She pointed to UNESCO's Women4Ethical AI initiative, a project working to bring AI experts together to ensure women are "represented equally in the design, use and deployment of AI, and to promote trustworthy, gender-friendly and inclusive AI systems."

Afiniti's Johnston indicated women trying to increase their professional profiles and standing should focus on AI assurance and auditing expectations as compliance becomes more complex. She said cross-border strategies will be particularly crucial for governance professionals to address complexity, noting "women who can navigate both the technical and global regulatory dimensions will continue to be in demand right now and in the future."