Sign up for more with a complimentary subscription to Today’s General Counsel magazine.
Q&A with Robert Scott, VP of Legal, Lattice
May 2, 2023
Our interview with Robert focuses on how he successfully evangelizes and scales privacy to ensure cross-functional alignment. Robert takes us through how he frames privacy as a benefit to each of his stakeholders, and how a European expansion proved the value of a privacy-first approach.
Who must you get input from to build a successful privacy program?
There are two core stakeholder groups that need to buy into privacy: Leaders across all core functions at the business (marketing, engineering, product, and finance), and individual contributors across all departments who can identify risk. Let me explain.
Like any program that impacts multiple departments, executive team support is critical. Leadership helps champion the program, so the entire organization sees privacy as an organizational value, taking privacy out of the “checkbox” mindset, turning it into a value the entire organization can support.
With privacy, identifying risk early on is crucial, and we’ve found that individual contributors in product development, for example — and other parts of the organization are our eyes and ears. If they’ve been trained well on how to identify it and flag issues, they help identify risk early on.
Talk to us about the different stakeholders. How do you get security excited about privacy? The compliance, marketing, and product/engineering teams?
To get any stakeholder excited, talk to them and understand their motivation in their work. Understand how to be a good partner to them and align with their goals. Security is the group with which we interface most, and thankfully they are pro-privacy. They are happy to have an in-house legal staff that wants to do legal work, so they can focus on security. Together with security we emphasize data hygiene, and reducing risk with things like data minimization. Security, legal, and compliance have parallel goals as it relates to privacy, and we can pull on the compliance lever if we need to.
With our friends in marketing we talk about how good data integrity and data minimization can lead to increased efficiencies and better data to build campaigns. We also actively lean into privacy being a brand differentiator.
Product puts a massive emphasis on product trust so we talk about how privacy is a trust driver with them. Privacy is a trend we want to be ahead of, and we’re facilitating our customer trust in product and brand for the long term.
Our engineering and analytics teams like hard data; it has to be black and white. Facts. Resourcing can be a constraint, but we always try to make it a partnership rather than an us vs. them issue.
How do you measure or convey the ROI of a robust privacy program?
We know the cost of fulfilling a data subject request manually — before DataGrail — and after. It went from approximately 15-20 emails down to two emails. A huge drop down. We also talk a lot about brand value, and how privacy builds up our brand loyalty and in the end builds our business.
We’ve seen that intelligence from our privacy program can be used in other parts of our business. For example, we’re actively using the insights learned from the data mapping process to build out a more mature procurement process. We now understand our data processing universe much better, and therefore can identify inefficiencies and redundancies. Visibility into data mapping helps us in negotiations, helping limit the data processing a new vendor might attempt.
What are the biggest obstacles you face when trying to secure budget or resources, and how do you overcome them?
The work is never done when building a privacy program, which means my team and I are regularly asking for more to build. I am constantly asking the question, “what’s the right amount of resource investment that is best for our business?” As a customer-centric business, that question can be reframed as “what’s the right amount of resource investment that is best for our customers?” If I can answer that question, I can gain the support of any stakeholder anywhere in the company.
Occasionally I’ll look outwards at what our technology peers are doing, and use that as a lever to drive initiatives forward. Our expansion into Europe really helped the need for a robust data privacy program. The increased ability to sell into the EU as our security and privacy posture matured over time continues to support expanding our privacy program. We’ve built a brand around security and privacy, and we’re seeing how that ultimately pays off from a financial perspective.
In the end, trust-building across leadership pays dividends in the long run and is how you’ll eventually overcome obstacles that may come your way.
Interviewed by Alicia diVittorio, DataGrail
Article originally appeared in Today's General Counsel's digital magazine:
Share this post: