The IAPP’s “Profiles in Privacy” series features a monthly conversation with a notable privacy professional to discuss their journey in privacy, challenges and lessons learned along the way, and more.
Before she could imagine privacy as a career, field or legal practice, Lynn Parker Dupree, CIPP/G, CIPP/US, said she was a teenager who "intrinsically" knew her personal information was important. So, when she started in the field as special assistant to the chief privacy officer at the U.S. Department of Homeland Security in 2009, it was an "immediate fit."
Twelve years later, Parker Dupree returned to the DHS, this time leading in the chief privacy officer role — a step in a career spanning high-level positions in the U.S. government and private sector — and incoming as partner for the new privacy practice at leading intellectual property law firm Finnegan, Henderson, Farabow, Garrett, & Dunner.
"I truly love privacy. I am not one of those people who is trying to figure out what I'm supposed to be doing with my life,” Parker Dupree said. "It's the way I live my life. I care; I think it's important. You are talking to someone who doesn't do a lot of things that most people do because I’m not willing to trade my data."
Parker Dupree served as the DHS CPO for two years, and before that as director of governance and controls at Capital One. At Capital One she focused on implementing the California Consumer Privacy Act, as well as enterprise-wide efforts to provide strategic governance and direction for data retention and data sharing with third parties.
She also served as executive director at the Privacy and Civil Liberties Oversight Board, and in the White House as deputy associate counsel for presidential personnel in former President Barack Obama's administration.
"I really do enjoy public service. I think there's something fulfilling about being a voice for people who aren't in the room, for ensuring that while we are doing important work in keeping the country safe, we don't lose track of what we are supposed to be fighting for, which is our rights, our liberties, our constitutional values — and privacy is really integral to all of it," Parker Dupree said.
Her early days at the DHS, which Parker Dupree said included privacy training and privacy policy work with state and local governments, gave her a "broader exposure to how privacy happens in application."
"It's one thing to talk about privacy in policies, it's different to talk to people about implementing it and see what it is like for them," she said.
Then, in the role of CPO, Parker Dupree advised the secretary of homeland security on matters involving privacy for the department, ensuring it complied with privacy laws, regulations and federal guidance.
"One of the things about the DHS is privacy is not theoretical there. You really have to think practically about operationalizing privacy. How do you make privacy flow into business processes, how can you make it work in practice. Because you can have a nice policy but then you have to be able to implement it," Parker Dupree said. "Across government, we have a lot of experience doing this — making sure that privacy lives as opposed to exists."
Returning to the federal office after time in the private sector, Parker Dupree said she was struck by changes in technology and the impact on how personal information is collected, utilized and shared.
"I saw pretty quickly that our compliance regimes are great, they are important, you need privacy impact assessments, you need audits. But you also need mechanisms in place to take away the reliance on needing someone to have a good day every day, someone to make the right decision every day," she said. "So I tried to spend my time focused on the development and integration of privacy enhancing technologies."
Parker Dupree said she worked with the DHS Science and Technology Directorate Silicon Valley Innovation Program on the use of decentralized identifiers as an alternative to collecting and sharing sensitive identifiers, including Social Security numbers in particular.
"It was a great experience for me to go back and be able to shape policy that I hope allows for privacy protections of the American people," she said.
Now she plans to bring that experience to Finnegan's newly launched privacy practice, which leverages the spectrum of intellectual property practices in prosecution, licensing, advertising and litigation to deliver practical legal advice on specific and distinct privacy issues. The practice will counsel clients in regulatory investigations, litigate advertising matters and represent clients' interests in class action matters. It will also provide strategic counseling and transactional diligence in navigating the privacy landscape.
"I have years of counseling and governance oversight, incident response experience, and we are in a very dynamic privacy landscape. I know many clients are trying their best to figure out how to navigate all the new laws that are popping up in the states and all the new laws that are popping up internationally and making sure they have a comprehensive framework that can allow you to comply," Parker Dupree said. "Understanding foundationally how privacy works as a theory and in practice is really important, and to have an extra added value of understanding and turning that theory into something that happens within business systems is a great fit for me."
One of the biggest challenges in the privacy landscape today is the rate of change in technology and the lack of change in regulation, Parker Dupree said. That challenge is also what she loves most.
"Every day there's something new; there's something new to learn. I really feel like privacy is a reflection of societal values. Right now, when you look at the state of laws around the world, we as a society are wrestling with how we feel about how our information should be used. And I don’t think that’s settled yet," she said. "That's exciting to me. We can shape that for good. We can shape that for not so good."