Since its launch in 2013, the Westin Fellowship program has sent eight privacy professionals out into the world after spending some considerable time dedicated to the research center here at the IAPP. The Privacy Advisor recently caught up with seven of them to talk about life on the other side; the challenges they’ve faced so far and what advice they might share with someone looking to break into the privacy space.
The general takeaway? Get involved, read a lot and reach out to fellow privacy pros. It's hard to be a privacy law expert but the general consensus seems to be that in order to find your part in the privacy landscape, you have to follow what makes you curious.
Kelsey Finch, CIPP/US
Westin Fellow 2013- 14
Kelsey Finch covers smart cities and communities, de-identification standards, wellness and wearable devices, and data research ethics at the Future of Privacy Forum. As someone working in the policy space, Finch said, “A lot of my energy is spent finding smart people with different points of view, getting them in a room together, and working to find consensus on issues where there isn't necessarily one right answer.” She said one of the biggest challenges is "keeping up with the rapidly evolving privacy landscape, so that I can make sure we're including the right voices and doing impactful and timely work.”
When asked what future privacy pros can do to advance their careers, Finch said, "I always recommend folks look into fellowship programs where they have an opportunity to really dig into a particular privacy issue, produce good work, and meet others in the privacy world," adding “It can be a great ‘gap year’ to learn more about both yourself and the privacy profession, as well as a stepping stone to a more permanent position.”
Patricia Bailin, CIPP/US, CIPM, CIPT
Westin Fellow 2014-15
Patricia Bailin is head of privacy for startup company TapFwd. When asked if she found anything unexpected about the privacy field, Bailin said, “Data privacy is more amorphous than I anticipated going into the field,” adding, “There are few fields that offer so much variety, and I've loved it, in no small part because there's been room for me to define my areas of expertise according to my interests.”
Bailin said in her experience, the complex, contextual and cross-disciplinary of data privacy presents a challenge when it comes to defining metrics for success. “Not only is it exceedingly difficult to quantify the risk of a data privacy misstep or vulnerability, it's also challenging to quantify the value to the business of a privacy project done well or even, in some cases, to demonstrate that the project is complete or has been successful,” a sentiment, she said, she hears echoed by fellow privacy professionals.
Offering advice for privacy newbies, Bailin said this: “Data privacy teams need allies across the company, so reaching out to the privacy or legal team expressing interest and offering support for their efforts goes a long way to getting a foot in the door. Most of my current team is composed of people who started at the company in very different roles and found a place for themselves on our team by helping us first as a privacy 'ally' in their original responsibilities.”
Arielle Brown, CIPP/US
Westin Fellow 2014-15
Arielle Brown is with Baker Hostetler, where she is a member of the privacy and cyber security group. Brown said what surprised her was how many issues fall under the privacy umbrella — and how having a day full of varied tasks requires an "ability to transition your brain into all the variations of what falls under privacy law," something she says is definitely fun, but can be challenging.
While it's hard to be a privacy expert, she said what's proven helpful for her is being comfortable with "being able to be a jack of all trades" when it comes to privacy and being able to handle the various questions that come in. Leaving the academic utopia of privacy law, Brown said that the real world practices privacy law with more considerations than how to comply with a law. She said, "You have to take business concerns into consideration. .. it's not black and white, there are a lot of gray areas where you have to work with the client to figure out where they're complying but they're also happy." Brown also noted that working with businesses and understanding their needs is one of the great parts of the job.
Brown's advice for people looking to get into the field? "Do anything you can with the IAPP." Whether it be conferences, Knowledgenets or other events, Brown said, "That's where everyone in the privacy field is going to be." Brown encourages newbies to reach out to privacy professionals and establish relationships with people to let them know your goals. "In general, people really want to help and are really excited about helping new people who want to join this field — you just have to ask."
Anna Myers, CIPP/US, CIPM
Westin Fellow 2015-16
For Anna Myers, policy analyst/counsel at Amazon, she said what struck her most about joining the privacy professional community was, “How helpful and welcoming the community is, especially with newcomers.” Myers said, “The legal field in general can be cutthroat at times, and you get used to hearing no or nothing at all. When I was first starting out I didn’t expect so many folks in the privacy world to take me up on my offer to grab a coffee and pick their brain.”
When asked what she found most challenging, Myers said, “I was attracted to the field because it moves fast, but it’s impossible to master it all. To be successful, sometimes you have to suppress your academic side that just wants to keep learning, learning, learning and focus on the issues that interest you the most.”
For privacy pros looking to get their foot in the door, Myers turns newbies to the IAPP, telling them to subscribe to the Daily Dashboard. She also added, “Network, network, network. Go to IAPP KnowledgeNet and Privacy after Hours events.”
Gabe Maldoff, CIPP/US
Westin Fellow 2015-16
Gabe Maldoff, senior associate with Bird & Bird, said what struck him most since joining the field is "the extent to which the privacy conversation is happening outside that narrow slice of society. Not only are there important privacy issues in almost every sector of the economy, in governments and nonprofits, but, in my experience, organizations understand the issues and are taking it seriously. The organizations I’ve worked with get it and really care. "
He continued,"Privacy regulation is principles-based. There are of course strict rules, but at root, all privacy regulation derives from a handful of principles, like providing fair notice and offering meaningful choice, which are deeply entwined with the expectations of individuals.. One of the most difficult parts of my work, but by far the most important, is turning these principles into clear actions and recommendations."
For those looking to get in, Maldoff's advice is to read, write and talk to people. "The privacy community is still small enough that, maybe within a couple degrees of separation, everyone knows one another. While it may seem difficult to break in, the IAPP makes it much more approachable. Attend events; reach out to people who have done work you find interesting. In my experience, privacy professionals come from a range of trajectories and are always happy to share their stories and help you find your path into the profession. That’s where reading and writing come in: if you can show you have the interest and knowledge, it makes it easier for others to help."
Cobun Keegan, CIPP/US, CIPM
Westin Fellow 2016-17
Cobun Keegan is with the Council of Better Business Bureaus. Keegan said he entered the privacy field by following his interests and, as a result, had no specific expectations. “I've always wanted to do something that helps people and it seemed like helping them control their data in a time where data is tied more and more to people's identities was an appropriately obscure niche for a nerd like me to help,” adding, “One thing that has definitely surprised me about the privacy profession is just how diverse of a "niche" it really is. Once you are involved in the field you quickly realize that there are a vast array of different ways to 'do' privacy and many different flavors of privacy that people can be experts in.”
As a compliance analyst for a self-regulatory program, Keegan said the most challenging part of his work has been “learning the intricacies of the online advertising ecosystem. There are so many companies interacting on the backend to serve even just a single ad on a website. Getting a full grasp on that landscape has been a big challenge for me over the past few months.”
For those entering the field, Keegan’s advice: read and write a lot. “Read, because it is impossible to grasp what data privacy is all about without reading some of the many smart folks who have grappled with privacy issues in the past. But also read a variety of subjects ... It is impossible to know everything about privacy, so becoming an expert in a sub-topic that really interests you is the best way to feel more confident and show the world that you care about the field.” He added, “I say write because once you are an expert in an obscure sub-domain of data privacy, the least you can do is share that knowledge with the world. To that end, even if you aren't a Westin Fellow, the IAPP is an excellent resource. The Daily Dashboard and The Privacy Advisor accept outside writing submissions. I think any new privacy pro can probably come up with an accessible, short, and interesting take on something they care about in the field. I don't think there is a better way to get your foot in the door than having a published example of your passion for privacy.”
Calli Schroeder, CIPP/C, CIPP/E, CIPP/US, CIPM
Westin Fellow 2016-17
Calli Schroeder is an associate with Lewis, Bess, Williams & Weese where she covers data privacy and security. When asked what was the most unexpected part of joining the field, Schroeder said, "It's important to have a healthy amount of general knowledge about the practice, but do a deep dive and become an expert on a few aspects of privacy rather than trying to be the expert on every part of it. It will overwhelm you and it's not possible. Be intelligent, be curious, be aware, but becoming and staying an 'expert' in a few areas will prove hugely beneficial."
The biggest challenge, she said, is striking the balance between business needs and customer privacy, adding, "It's also complex to figure out what data security/privacy needs are absolutely necessary and which are more flexible for clients with limited funding for these programs."
Her advice for new privacy pros is to figure out what part of privacy they find exciting and what makes them curious, and then to explore everything about it. "Learn more about privacy through where that exploration takes you. Always ask questions and don't be afraid to look foolish; privacy is a huge area and none of us know everything about it."