Just six years ago, privacy issues were not on the radar of many company leaders, but today, the subject is undoubtedly a board-level one.
It’s a progression IBM’s Chief Privacy Officer and AI Ethics Board Chair Christina Montgomery has witnessed first-hand. In 2015, when Montgomery served as secretary of the board at IBM, she said privacy issues were not as prominent a topic of discussion for investors and boards generally. Four years later, as the EU General Data Protection Regulation took effect and as she moved into the CPO role, Montgomery said leaders and investors were “routinely” asking about privacy-related topics, including privacy governance processes, AI ethics and more.
“All those kinds of issues seemed to come front and center,” Montgomery said, adding before GDPR, IBM’s privacy team was “relatively small” and “compliance-focused.”
“On the heels of GDPR, the company realized this is a critically strategic role. It’s at the heart of our strategy, the heart of our brand reputation and it could be a very important business function,” she said. “It’s important to investors, it’s important to employees, pretty much every stakeholder that you think about on a daily basis. People working in this space, you are working on a topic that is of interest at the highest levels of a company.”
Montgomery joined IBM 27 years ago as senior counsel and has progressed to roles throughout the company — first touching on privacy in the early 2000s as general counsel to what is now the foundation for IBM’s security business. The company offers operations in 170 countries, has approximately 250,000 employees, and has grown from a predominantly hardware company to primarily a software and services company.
“The breadth of work that I have seen staying with one company and the opportunities that I have had have been as diverse and developmental, I think, over the course of my career as moving would have been or more,” Montgomery said. “I think I’ve had even more opportunities and better opportunities because I’ve stayed with the same company. I’ve had some of the best jobs in the company in my opinion, including the one I’m in now.”
In 2000, IBM was among the first large corporations to establish a chief privacy officer position. As secretary to the board for almost five years, Montgomery had established positive relationships with the company’s senior leaders and effectively communicated with regulators and others.
“They were looking for somebody to put into this role who could formalize the governance around our privacy program and operations so we could scale it globally to become proactive, not just reactive — be a thought leader, operationalize an AI ethics board for the company, and have a deep, inner connection and relationship with business leaders throughout the company,” she said.
Montgomery said she considers herself “really lucky” to be the chief privacy officer of a technology company. The work is complicated and complex, and with that comes challenges and highlights.
“There were times when I just wished it was simple, that if I worked for a company that sold shoes, I could do my legal job even better because I wouldn’t also have to understand the complexities of the technology landscape and the complexities of the business,” she said. “But I am so blessed that it is not simple. I consider myself very fortunate to be at a company that is really on the cutting edge of so many technology innovations in the privacy space, and in the AI space. And I get to work with some of the best and most well thought of researchers in the world, with state-of-the-art research.”
In a typical day, Montgomery — who also sits on IBM’s cybersecurity advisory committee and corporate responsibility steering committee — could be working on projects related to IBM’s core privacy compliance or governance programs, or closely watching or making necessary updates due to unfolding regulatory changes around the world — like standard contractual clauses in the EU or China’s new Personal Information Protection Law.
“We’re the oldest tech company and we’ve been responsible stewards of data for our clients and responsible innovators of technology for more than 100 years, so our brand is important to us and at the heart of that brand is trust,” Montgomery said. “Maintaining that trust, making sure we are keeping up day to day from a compliance perspective in the face of such an emerging and dynamic regulatory environment is always hard. And when you look at the span of responsibility that we have, and just the complexity and extent of the business, it goes without saying it’s very complicated.”
There’s also her role as chair of the AI ethics board, which Montgomery said is focused on making sure the business understands and makes decisions based on where regulations are going in the area, but also ensuring the company holds itself accountable to its own AI principles for trust and transparency.
“They are that AI should augment not replace human intelligence, that data and their insights belong to our clients, and that new technologies including AI should be transparent, explainable and that we’ve got pillars that we hold to, like preserving privacy and security, as well,” Montgomery said.
The board reviews AI prospects, whether they are coming out of a research project or a client opportunity, to ensure they are something the company should pursue.
“It becomes a question of not are we able to offer this, but should we deliver this,” she said.
For someone working in the legal space or privacy practitioners, Montgomery said curiosity and continuous growth “will lead you to places of interest forever.” She said many opportunities in her career have come from a desire to be challenged, to take on something new, and being vocal about that.
“I never would have thought before coming into this role that a chief privacy officer role could be as deeply strategic as this role is. This role and the entire team in the chief privacy office, we play such a strategic role in the company, and we have the attention of senior leadership here, which is becoming more typical, I think,” she said. “The pandemic and the social justice issues out of last year and into this year have really brought privacy and AI ethics issues to the forefront and I think the role of a CPO is changing, really expanding.”
Photo by Oscar Nord on Unsplash