Timothy Yim, CIPM, CIPP/E, CIPP/US, CIPT, is the director of data and privacy at the Startup Policy Lab in San Francisco, California, and has been an IAPP member since 2014. A long-time contributor to the organization, and currently a member of the Publications Advisory Board, Yim has some colorful stories to share during The Privacy Advisor’s recent catch-up for this month’s Volunteer Spotlight.
The Privacy Advisor: What was your privacy/data protection “a-ha!” moment?
Yim: Way way back in the day, when I was actually applying to go to college and before I had even gone to college, I recall the UC system … had already had a data breach and lost all my data. I wouldn’t say that was an impetus for why decided to pursue privacy a s a career path, but I will note that this has affected ... the cynic’s point of view. People used to be overly optimistic for sure about the security of platform. And from a very early age, I was like, “well, it’s out there.”
The Privacy Advisor: How did you hear about the IAPP?
Yim: I think it must have been either a conference or a, oh wow, I can’t remember. Clearly, this was a while ago. I remember within year or two of hearing about the IAPP, I was directing a research tenure privacy at UC Hastings, and within about a year I was working with the IAPP folks to roll out their Privacy Pathways program.
It’s ok if you don’t know something, but HIRE SOMEONE WHO DOES. Hiring is very important.
I feel like it was probably, to be honest − if I could venture a guess− other people in the field had started using a certification that I had never heard before. From the standpoint of the legal field, I don’t see many abbreviations behind people’s names. Unless it’s PhD. It’s the four letters behind your name.
The Privacy Advisor: What other parts of the organization are you a part of, and what drew you to that particular area?
Yim: So, I am a KnowledgeNet chair for the San Francisco Bay area, which is fantastic. I wouldn’t say we’re a large [group] in terms of geography, [but] we have some great people and have some great attendance. I’m really happy to be a part of that. It’s a great way to meet other people, and to hear from the membership how the privacy profession is changing at a drastic level.
[I’m also on the] IAPP Publications Advisory Board; I provide content, advise on sources. I try to make it to the conferences.
I feel very fortunate in what I get to do. I get to move policy. And create change in a space that really affect people lives. And I get to deal with privacy policy … and that’s an incredible dream to get to do something like that.
The Privacy Advisor: Biggest pet peeve?
Yim: People not knowing when they don’t know something. I’m almost entirely ok [with the idea that] no one can be an expert in the field that they’re in. We have a lot of CEOs who learned this the hard way. … It’s ok if you don’t know something, but HIRE SOMEONE WHO DOES. Hiring is very important.
The Privacy Advisor: What element of your job makes you the most excited to get out of bed in the morning?
Yim: That’s actually pretty easy for me. For me, I feel very fortunate in what I get to do. I get to move policy. And create change in a space that really affect people lives. And I get to deal with privacy policy … and that’s an incredible dream to get to do something like that.
The Privacy Advisor: If you could fix one problem in the privacy/data protection landscape with a magical wand, what would that be and why?
Yim: This is a good one! I like this one. Ok. If I could fix one problem, it would be — and this impossible — align the global rationale for privacy. Culturally, the rationale and motivations … come from different directions. Even mixing in parts of the world like Asia where their motivations are really varied. Oh man, that would make things a lot easier. From a business standpoint, you wouldn’t have to worry about binding corporate rules because they’d all be the same.
The Privacy Advisor: Describe yourself in three words.
Yim: Opinionated policy wonk.
The Privacy Advisor: What’s a skill you wish you had?
Yim: I wish for work that I had basically x-ray vision for privacy. When I sit down and do some work with a start-up and tech company, [they’d be helpful for] really figuring out what they’re doing is befuddled … or whether or not they know where practices are going. It would save me so much time.
The Privacy Advisor: When you’re not saving the world with your privacy and data protection skills, what do you like to do for fun?
Yim: I enjoy doing slightly athletic ventures. I like to run half marathons and marathons; road cycling. I would like to say I like to do triathlons, but my swimming is so subpar I’m lucky to be alive. My dream vacation is doing some nice reading and just relaxing. I like going to really good sushi joints and live music, jazz. Hiking, climbing mountains. Imagining in a zombie apocalypse, what would I do.
The Privacy Advisor: Best advice you ever received?
Yim: Answers or solutions aren’t always rational, or don’t have to be rational. ... Rationality is overrated. This coming from someone who has been told he’s overly irrational at times.