Editor's note: The IAPP's "Profiles in Privacy" series features a monthly conversation with a notable privacy professional to discuss their journey in privacy, challenges and lessons learned along the way, and more.
As Ron De Jesus, CIPP/A, CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP, AIGP, connects with chief privacy officers in companies and industries spanning the field as Transcend's field chief privacy officer, sussing out "what keeps them up at night," he can really get in the weeds. Because he's been there.
De Jesus, Grindr's former CPO and first data protection officer, joined data privacy and governance platform Transcend in early March as the industry's first FCPO, a role he feels he's been working his entire career to get to. In addition to running his own privacy consulting firm, De Jesus Consulting, De Jesus was Tinder's first head of privacy and previously led privacy and strategy operations for Match Group's North American brands, which includes Match.com.
While his role supports Transcend and its platform, De Jesus said a large part is engaging the broad community of privacy leaders, identifying the challenges they face and promoting governance strategies reflecting the demands of the privacy space. De Jesus also co-leads the IAPP Diversity in Privacy Board, which he called one of his "proudest achievements," and is one of the lead organizers of the LGBTQ + Allies After Party, an event held during, but separate from, IAPP conferences that has generated nearly 550,000 for queer and trans youth causes over the past three years.
"I've walked the walk and I've talked the talk," De Jesus said. "I've walked the walk when it comes to implementing tooling and operationalizing programs, so I'm able to get on that level."
The FCPO role comes at a time when the work of privacy professionals is growing tremendously, with emerging regulations around the world — including the closest the U.S. has come thus far to federal data privacy legislation — and advancing technologies, namely artificial intelligence and growing, targeted regulation surrounding it.
"It's kind of incredible that Transcend had the foresight to hire an FCPO role at this time. It's such a watershed moment for us," De Jesus said.
As part of a series called Field Trips, De Jesus will meet with CPOs out in the field, whether it's their place of employment or a conference, for instance, and have one-on-one, wide-ranging discussions. He hopes the filmed series will help to share the knowledge learned from CPOs, who will span varying industries, footprints, risk appetites and more.
A companion series, On Trend with Transcend, features a light-hearted, 90-second interview with leaders in the privacy space. The first featured IAPP President and CEO J. Trevor Hughes, CIPP, and others at the IAPP Global Privacy Summit 2024, who De Jesus said all reacted with a "no way" when asked whether a national privacy law is coming in the U.S. this year. Just two days later, news hit of the proposed American Privacy Rights Act.
"So, it's just fun," said De Jesus, who also plans to hold round table discussions and fireside chats with CPOs.
As he's talked with leading professionals in the space so far, De Jesus said AI and U.S. federal privacy legislation are top of mind.
"Everyone is trying to tackle this AI monster. How do we actually develop governance programs around handling personal information that might be consumed by AI systems. How do I operationalize these core concepts of deletion, access, portability, etc., when it comes to the personal data that might be processed by my AI systems? How do I make sure that my product teams and my key stakeholders are still doing data protection impact assessments, while at the same time asking, are they ready to do things like conformity assessments for the (EU) AI Act? Are they ready to contemplate things like algorithmic impact assessments for APRA?" De Jesus said.
While news of the APRA came with much excitement in the privacy field, and there's a lot of hope around the proposal, De Jesus said many CPOs are watching "with some bated breath."
"We've seen this show before, so we're very hopeful. Given it's an election year, I think people are just grateful that a federal law is back on the table," he said. "I definitely don't think something is going to happen this year, but as most of my peers are, I'm quite excited. I think this really reinvigorated the community and it's always great to see that in our industry because it's not everyday that everyone gets super excited."
Though he's no longer in an "operational role," De Jesus said he worries about the same pertinent issues colleagues are facing related to emerging technologies and legislation coming down the pike, as well as compliance with laws already in existence, like Washington state's My Health My Data Act.
"If I were to go back in house, how would I handle that? That helps, because as I engage CPOs out in the field, I'm still able to have that dialogue," De Jesus said. "I'm still able to work through the challenges they have as operational professionals. The same challenges that keep operational in-house CPOs up, keep me up at night as well."
It's his operational experience that De Jesus believes has helped him advance throughout his career. While privacy roles were traditionally rooted in legal functions, De Jesus, who does not have a law degree, said that has changed in recent years.
De Jesus, who has a double major in English and biology, was introduced to privacy while working for a health care consulting firm and has since served in privacy roles for Deloitte, American Express and the handbag company Coach. Employers have consistently embraced the operational experience he's brought to the table, he said.
"There are a lot more roles that play to various skill sets, for example privacy engineering roles or privacy manager roles that focus on operationalizing requirements," he said. "No matter the background you have, there is a way into privacy. Whether it's Big Four experience consulting from an auditing perspective or previous product or engineering work, there's always going to be pertinent privacy issues that folks from different fields can use to compliment existing privacy functions. … You don't have to be a lawyer to be in this industry because there are so many skills you have already that are applicable in this industry."