A little more than a year ago, Tom Matzen formed Matzen Consulting Group, where he now serves as founder and president. After spending years in the e-discovery space, spanning a career that landed him in 38 countries, Matzen recognized privacy was driving his interests and no longer wanted to sit on the sidelines. He was lucky to know who he was, recognize he wanted to be his own boss and was able to take the risk, he said. The Privacy Advisor recently caught up with Matzen to hear about his decision to strike out on his own in privacy, and advice he might have for people contemplating a similar move.
The Privacy Advisor: How did you get your start in the privacy field?
Matzen: I am a lawyer by trade, but I got my start in e-discovery. I was a member of the Sedona Conference, which is e-discovery centric, and it was only when I began researching privacy organizations due to my increasing involvement with international litigation that I found the IAPP. I found the IAPP by chance, was genuinely impressed and the content held me. It caught fire at the right time. Now I'm a privacy advocate. I've pushed it for years to every e-discovery lawyer, every litigator, every person I can think of.
Matzen: I always knew I wanted to do my own thing, and over the past few years, I began carving out my own privacy practice in my previous job. There were no hurt feelings, my employer wanted to stay in the nuts and bolts of e-discovery, and I wanted to be more proactive in the privacy space. It’s always a risk, and it’s still a risk, I often wonder if I should hire more employees, should I partner? That game never ends.
The Privacy Advisor: What is the most frequently requested service you see from clients?
Matzen: The number one service that I am seeing now is impact-assessment work. They either aren't sure they need it, or they are looking to find out where to start. Impact assessments allow clients to see on paper what the risks are and where they need to go. Post May 25, I've received more questions that are “where do I start?” in nature. This is a little worrisome but consistent with what other people are seeing. Not a day goes by that I don’t get questions asking “do I need to be worried?” or “what do I need to do?"
The biggest question I get now is about the California Consumer Privacy Act 2018. For people who thought that the EU General Data Protection would not apply to them, they are now faced with CaCPA and generally have a lot of questions, particularly regarding if it will apply to them or not and what the regulation entails. While there are obviously some differences between the two, root questions applicable to the GDPR will likely apply to CaCPA.
The Privacy Advisor: Any advice for fellow privacy pros looking to break off and start their own group?
Matzen: I’m not sure doing something for a year qualifies me to give advice. It comes down to your risk tolerance. I’m learning this as I go, and it’s certainly an experience. It’s the little things that end up taking up a lot of my time. Some advice I can share is to not embrace technology too much. It’s probably a “me” problem, but I spend far too much time vetting apps and tools that I probably don’t need.
The Privacy Advisor: Looking back, would you change anything?
Matzen: I probably should have done this sooner. I was ready to do this two to three years ago, and while it’s not a regret, I should have acted sooner. I don’t know what motivated me all of a sudden, but I got to a point where I had been talking about GDPR for years and I didn’t want to miss out on implementing aspects related to it. I wanted to be at the front of the wave.
The Privacy Advisor: What have you found most surprising throughout your career?
Matzen: For me, it has been genuinely surprising to find out that people are very supportive and want to see you succeed. You never know how people are going to react, if they are going to trust you or support you. I’ve been overwhelmed by people willing to give me a chance. In my opinion, people do come through. I have developed great relationships over my 18 year career and appreciate them all.
One practical surprise is how little people communicate between the litigation and privacy worlds. I would find myself introducing e-discovery lawyers to privacy lawyers who work at the same firm, in the same building. There is so much knowledge that overlaps between the two areas, but they rarely interact and [so] miss an opportunity to build off each other’s shared knowledge. The silo approach is simply not efficient to the client.
If you want to comment on this post, you need to login.