Serious Privacy

Starting with Step 1 with Val Ilchenko

April 04, 2024 Paul Breitbarth and Dr. K Royal, Val Ilchenko Season 5 Episode 10
Starting with Step 1 with Val Ilchenko
Serious Privacy
More Info
Serious Privacy
Starting with Step 1 with Val Ilchenko
Apr 04, 2024 Season 5 Episode 10
Paul Breitbarth and Dr. K Royal, Val Ilchenko

On this week of Serious Privacy, Dr. K Royal catches up with Val Ilchenko, General Counsel and Chief Privacy Officer of TrustArc. K and Val are both at the IAPP Global Privacy Summit in Dc and were able to catch up for a great conversation on how to design privacy software for both experienced privacy professionals and those who just need to take the first step.
We also discussed his career trajectory, where AI should live, and myriad other topics so common to all of us.
In addition, Val recommended two resources: You should look at the Sora video demos. It's OpenAI's video technology, S O R A. And then separately, there's a YouTube video where OpenAce technology is used with Figure, which is a robotics company. 

If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email Rate and Review us!

Proudly sponsored by TrustArc. Learn more about NymityAI at

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Show Notes Transcript

On this week of Serious Privacy, Dr. K Royal catches up with Val Ilchenko, General Counsel and Chief Privacy Officer of TrustArc. K and Val are both at the IAPP Global Privacy Summit in Dc and were able to catch up for a great conversation on how to design privacy software for both experienced privacy professionals and those who just need to take the first step.
We also discussed his career trajectory, where AI should live, and myriad other topics so common to all of us.
In addition, Val recommended two resources: You should look at the Sora video demos. It's OpenAI's video technology, S O R A. And then separately, there's a YouTube video where OpenAce technology is used with Figure, which is a robotics company. 

If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email Rate and Review us!

Proudly sponsored by TrustArc. Learn more about NymityAI at

#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Please note this is largely an automated transcript. For accuracy, listen to the audio.

[00:00:54] Paul: So, this episode should be released just in time for your trip back home from the IAPP Global Privacy Summit 2024, if you attended. And as you know right now, unfortunately I did not. There is some serious FOMO going on in the Netherlands this week, seeing all of my friends from around the world gather in DC for deep dives into AI and long discussions on cross border transfers, think tank sessions, and of course, the many socials that are organized across South.

But that said, K is on site this week, and we'll give you all the juice in our next episode. For this week, she spoke with Val Ilchenko, TrustArc's General Counsel and Chief Privacy Officer. Her interview with him is what you will hear this week. As always, my name is Paul Breitbart. And welcome to Serious Privacy.

[00:01:40] K: All right, sitting here. So I'm here with Val Ilchenko, who is now the General Counsel and Chief Privacy Officer of TrustArc. Thank you so much for joining. Those of all who know me and Paul know how lovely it is to introduce you to Val as the General Counsel and Chief Privacy Officer of TrustArc. And Val, we're going to start with the unexpected question and that, and I'm not even holding this up to my mouth.

We're going to start with the unexpected question of, what is the What was the one item you brought with you traveling that you would never leave home without? 

[00:02:11] Val: Thanks, K. I'm super happy to be here. The one item I always bring is my six year old daughter likes to make bracelets. So I, I typically either am wearing one or have one in my bag, but it's, it's kind of funny cause I'll be in, you know, a shirt, you know, a dress shirt.

With a pink bracelet with a heart on it or something like that. But I always have one of my daughter's bracelets somewhere with me when I'm traveling. 

[00:02:33] K: Oh, that is amazing. And just so y'all know, these really are unexpected questions. I have no idea what I travel with. That would be the one item I wouldn't leave home without.

It used to be when I traveled all the time. One of our other good friends from TrustArc, Edward, showed me this way, this tool you can get that locks the hotel door. Okay. That you put it in on the inside and it has a little slide lock on it and nobody can open the door. And he used it when he was living with young kids so he could keep them out of his office while he was working.

Yeah. Which I thought was brilliant. So that used to be my one tool, but I'm not on the road anymore. So I bought a new suitcase this time. So that was definitely the, and then right as I was leaving the house, I suitcase packed. The brand new boots I ordered to wear tomorrow for my session came in. They're pink sparkly cowboy boots.

Love it. So I had to have those, but the one item I wouldn't leave home without, I'd just have to say medicine. 

[00:03:27] Val: Headphones, right? What about headphones? I don't 

[00:03:29] K: do headphones. Okay. But I did buy the Bose noise canceling earplugs. 

[00:03:34] Val: Okay. And then I never 

[00:03:35] K: tried them, but I bought them. Yeah. 

[00:03:37] Val:

[00:03:37] K: have them with me, so I'll see if those work, so, but I love it.

But we're here at IAPP. We just finished day one. What have your thoughts been so far? 

[00:03:45] Val: Wow. It's been, it's been tremendous. Honestly, the amount of people that I've met, trust our clients and really anybody else. I've met such tremendous folks here. Keep 

[00:03:53] K: going. Keep going. Someone's calling, but I don't think it's messing up the recording.

It looks like the recording is still going. Okay. 

[00:04:00] Val: I've just met some wonderful people here. Some really bright minds. I went to this wonderful round table, counsels and partners of law firms and various others. And that was amazing. Just being in that. Being in that think tank with some of those, you know, leaders, thought leaders was incredible.

On Tuesday, Future of Privacy Forum had its 15th anniversary. Nice. Which was wonderful. There were folks like regulators from the CNIL, which is the French State of Protection Authority, as well as, you know, folks from local, state, federal government, and some of the foremost companies. You saw folks from Netflix, Amazon, just amazing folks there.

[00:04:37] K: FPF is amazing. 

[00:04:39] Val: FBF is amazing. I think, you know, we're not being paid for this plug, but I think we both love FBF and Jules is amazing. But but yeah, so that was really wonderful. And then today's just been great. Just hearing from different folks about where this space is going, what privacy tech needs to look like.

Where privacy is going, hearing about all the folks that are passionate about AI. Have you 

[00:04:58] K: gone to the AI sessions? 

[00:04:59] Val: I went to the keynote yesterday that talked about AI. Okay. And it was just so cool to hear about some of these things that folks are working on, particularly from MIT Media Labs. Yeah. So that was really cool.

Just super grateful to be here. It is my first IAPP. 

[00:05:11] K: I was gonna ask, what's your, what's your experience with IAPP? 

[00:05:15] Val: Yes. Yes, obviously a little bit of a spectacle, but so great. Trevor puts on such a great show. He does. And it's, it's cool to see all these different familiar faces and it's, it's kind of funny being in DC during it.

It's really easy to geek out on these sort of privacy celebrities. You see privacy celebrities in your, in your, you know, hotel lobby. And when you're walking to, you know, walking to a venue and it's just so funny to see people like Omertine or Andy Dale or Justin Antonopoli, you're just walking by and you just see them casually on your walk.

And it's such a big deal because I think for a lot of people, it's like, Oh, I've seen this And just now it's sort of like you're meeting these, you know, these meeting these 

[00:05:55] K: celebrities. Now I'm humbled because clearly I'm not one of those celebrities. I forced him to say that. Let's be clear there. I forced him to say that, but no, I agree with you.

I started coming here. I think my first IAPP was back in 2008. Maybe 2007. God, I'd have to go back and count up all the years. There weren't that many people here. 

[00:06:18] Val: So many people now. 

[00:06:19] K: There just, there, there weren't. They used to count how many people up in the keynote and everything like that. I mean, I think we're, we're way past that now.

Yeah. But it is good and you're right. It is really cool. I, I used to hate to come to the DC one. I prefer the PSR in the fall. Used to hate DC because it was so crowded, but they've redone it. I think after COVID still, I mean, they're recovering, but they've redone it to where it's more spaced out and it doesn't feel as crowded.

Used to be you couldn't get into sessions, you couldn't get into rooms, the doors would be shut. And even now the ones that we thought we'd be locked out of, they've moved to huge salons where, you know, they're not going to fill up. So it's been really nice, but we'll say it used to be that. You didn't even hardly get to go to any of the sessions.

You would see people in the hallway and just sit and chat. And, you know, next thing you know, an hour's gone. It was the best way to catch up. But my favorite sessions so far have been the ones with the regulators. So the two that come to mind is the one that Julie Brill ran this morning, where she had in Ulrich, who is with Germany, had in a new Talas, who's the chair of the EDPB, had in two regulators, one from France, one from Italy, I believe.

I have their names. I posted them. I'll make sure I provide that. That one was really good. And then the one Travis LeBlanc did with Ashkin, the head of the CPPA. So really cool to hear that because I know everyone's going to the AI ones. People, I'm not going to the AI ones. I, I gotta learn AI. I plan to take the AI test.

It went on sale yesterday. I'm not going to take it in person here. I plan, I plan to buy it and take it remote, but I haven't looked at any of the study materials yet. But I know that's something I want to get on them. So have you been to any of the sessions? 

[00:07:56] Val: I've been to a few sessions, but honestly, some of my favorite events have been some of the hallway conversations.


[00:08:02] K: They are. They're the best. If I'm 

[00:08:03] Val: being honest, not the sessions haven't been wonderful, but running into people like Phil Lee from DigiFile or Sebastian Kroska. Yeah. Yeah. So I spoke to Phil Lee today. I spoke to Sebastian Kroska, who was GoTo's former external DPO, and he's wonderful. Just talking to folks like that, hearing from them about their thoughts about kind of the future of this space and some of the trends and focuses has been super valuable because ultimately some of those hallway conversations, as much as the sessions are sort of where you learn and where some of that magic happens, where you make those connections.


[00:08:34] K: relationship. Exactly. Exactly. 

[00:08:36] Val: Last year 

[00:08:37] K: for lunch, getting my little snippets for the podcast. My gluten free was like behind a curtain way back in the back. And so, me and my friends grabbed my food. We went and sat down. There was this gentleman at the table and I said, Sir, I'm, I'm recording little snippets from people at IAPP for my podcast.

He just kind of quirked an eyebrow at me. I'm like, seriously, it's a legitimate podcast. It's considered one of the best in the world. Thanks to my listeners, our listeners. It's one of the best in the world. It's legitimate. I mean, seriously, just a couple of minutes. I said, but there's no pressure. You don't have to.

We'll go back to our lunch. I said, you did however, get inspired to go get one of my gluten free lunches because you saw what I was eating. So it's like, I'll give you a few minutes. I asked him to introduce himself and he was Google's DPO for Europe. Okay. 

[00:09:21] Val: That's the way to make connections. He's 

[00:09:23] K: probably accustomed to being badgered.

[00:09:25] Val: Yeah, you know for 

[00:09:26] K: everything and anything, but it was clear I had no idea. I jumped over there and I'm like, okay So first thing I'll do is I'll ask you introduce yourself and he did and my two friends across the day were like, oh It was kind of cool And then I found out that my phone which is an Android When it goes into sleep mode and the screen blinks out after three minutes it quit recording too.

Oh, no iPhone doesn't do that. So iPhone, you got another mark in the plus column here, but no, it has been good. And I know waiting to talk to you today, you've been in back to back meetings with customers, potential customers. I think that is a fantastic thing that TrustArc is doing. I'll go ahead and say this, given that the legal team is essentially The business owner of the product because it is a legal compliance software.

So y'all have heard us talk about that before. Paul and I both were the ones that helped develop the product. Cause we feed into the laws. We make sure and Joanne first. God, the world worships at her feet, but she was in the legal team before they moved to product. So, but it was a case of, it's a compliance software.

We're the ones that would look at it and say, Oh, this is right, or this is wrong. You have to have someone with that privacy expertise. How has that been for you as a move to trust dark? That's kind of a new role. 

[00:10:38] Val: Absolutely. It really has been a new role. I think that Being an operator at GoTo, which was my former employer, was very different, right?

I think being an operator means being subject to the laws, kind of looking for the right technology and tools, etc. Versus a TrustArc, it's been really cool because I can actually look at what the market needs. Yeah, 

[00:10:55] K: product development. 

[00:10:56] Val: Advocate for it. Yeah, it's, which is really exciting. So I can think about, you know, I can think with Eric Sendelbach, who's our chief product officer.

We think about, hey, what does the market need? Let's build things that people are clamoring for. Let's not build stuff And go find an audience. Let's build things that people have been complaining about because, you know, one of the topics that has come up over and over in these conversations here is a lot of the problems we all face as privacy pros are actually universal truths, right?

Everybody wants to know where their data is, how their data is mapped. Everybody's having Conversations about AI management and governance. Everybody's 

[00:11:30] K: having conversations about the business going wild and not getting us in on time, not bringing us in. Of course, of course. 

[00:11:36] Val: So, so I, I think it's, it's been really cool to be thinking about what our, not just our clients, but the community needs.

Yeah. And building for it, right? I think a really great example is, you know, I've, I've had great conversations with folks like Jules Polonetsky from Future Privacy Forum. about, you know, about A. I. And he was telling me, you know, earlier on in my, you know, joining trust arc. Hey, you know, we're hearing from a lot of our members what they need, and they're looking for A.

I. Governance. 

[00:12:02] K: Yes, 

[00:12:03] Val: right. And so that was one of the early, early things that Noel Luke, who's our chief assurance officer. Yeah, came up with it was that he said, Hey, look, people need guidance. Let's use our world class knowledge team. Let's build something that helps people figure out how to do this and manage it and govern it and get that fancy seal.

Right. And again, it wasn't just, you know, it is good for TrustArc obviously, but more importantly, There is a legitimate need for guidance, you know, AI is a new topic and a lot of people are still trying to wrap their heads around it. 

[00:12:30] K: Well, it's a solution in search of a problem. Exactly. 

[00:12:33] Val: And it can 

[00:12:34] K: solve a lot of problems, but you need to identify the problem and then identify the solution that goes with it, so I get it.

My company Crawford just signed up to the UK AI in, AI in healthcare. God, I'll have to get that one right. I'll come back and record that one note to self, but it's signing up to a core set of principles that we're going to meet. And I made sure those principles are in our AI policy that we have that as well.

Am I going to get a title change for that? No. Do I need a title change for every new emerging technology that comes out? I don't know. That's not knocking those of you that have it in your title. That's really cool. But yeah. I might cut that out. This is where you see the mud working. But, but it really is fascinating to see that.

And I agree because where I am, where I took over, we had a competitor. Now we had TrustArc. We had not given up TrustArc. We had slashed what we did with it. And then move some of it to a competitor because the consulting company we use used that company. I gave them six months I had tutorials on it. I went in looking for it.

I couldn't find what I needed I couldn't print it out in a usable way I couldn't connect things together and I had multiple multiple training sessions on it With the consulting company with other friends I have that use that product and love it I I still couldn't use it and I said, you know what screw it I'm, I'm going right back to TrustArt, had to beat Marco up on the, on the price a little bit.

So if y'all are out there, feel free to give Marco a holler and tell him you want the price K got. Ha ha ha. But I mean, I had to, because I mean, I still had the budget. It was overlapping, everything like that. But it was important to me, not necessarily because I believe TrustArt beat the competitor.

That's not what I'm talking about. Although y'all know I do. The point was, the reason why software fails is because people don't know how to use it. They want a magic button they can press and there is no magic button for this. And then a year later, two years later, when they're reporting up to the board or they're reporting on their budget and this software hasn't done what they thought it's because they didn't take the time to get to know it and how to use it and get that, that, that full use out of it.

I know I'll get my money's worth out of TrustArc. 

[00:14:44] Val: And, you know, I, I have sort of a comment there and then I have a question for you, K. I know, I'm not sure that's allowed. I know, I know. And, you know, my, my view there is, I think that's right, TrustArc does have great support. But sort of as a broader statement, my philosophy is that I think that in general in the privacy tech space, we need to be working towards making it easier for people, particularly earlier in their journey.

[00:15:05] K: Yes. 

[00:15:05] Val: Because one thing that I, I've seen across, you know, many, many companies, many competitors, Everybody is that it's often tailored towards folks who are kind of seasoned. And one of the things that I've been working hard on is us working on releasing products that new 

[00:15:18] K: ones that go 

[00:15:19] Val: They're the newbies because because one of the questions that I want to make sure that we answer every time and we now do Is what do I do when i'm just getting started?

 When somebody's just getting started they have very different questions very different needs And a product needs to work very differently than when you're an expert and you know that you want to toggle here or there You And so I want to push not just TrustArc, but the entire industry to really be thinking about the fact that to accommodate this new generation of privacy pros who are just getting started, it's really hard to wrap your hands around this idea of a data inventory for a huge, you know, hundred, multi hundred million dollar organization.

[00:15:55] Val: So we need to 

[00:15:56] K: first step. 

[00:15:57] Val: Exactly. Let's, let's help people take the first step and let's do better. Let's make it easier for people to get started. 

[00:16:02] K: Yeah. 

[00:16:02] Val: But I have a question for you, Kim. 

[00:16:03] K: Okay. 

[00:16:03] Val: So we were talking about AI a little bit, and I think it's been a really interesting topic, and maybe it's been covered in another podcast of yours, but where should AI risk management sit?

[00:16:13] K: Oh, right. Because this has 

[00:16:15] Val: been this hotly debated topic. We haven't 

[00:16:16] K: talked about that. Okay. We actually hadn't, and I don't have Paul here. Paul is, as y'all know, he's moving into his new home. He's getting floors put down. I actually have drywall and, and trim up on my house. So we're getting closer. Y'all following the, by the way, I was going to go stickers for the serious privacy cookbook.

I probably should have done the house building plans, but there we go. But he may have a totally different view, but the way that we're designing it is kind of like privacy and information governance. It needs to reside. with the people who understand what the laws are around it. The ethics, the laws what the repercussions mean.

That doesn't mean that that department needs to be the one to operationalize it. I own privacy, but I'm not the one putting privacy in all the systems. I'm telling them what they need to do to the systems. I think it needs to be the same way. So, yes, I want to own. The AI policy. I'm not going to say whether I do or not.

I try not to bring my company into this too much, but as a privacy professional, I would want to own the AI policy, but the AI operationalization has to go with the business. So I'm liking this hybrid model. The same as with information governance that you have a functional owner. Who's the one that implements it.

And you have an oversight owner. Who's the one that tells you what the guardrails are. And I think they need to work together. So for me, AI would work along that way as well. But I will tell you, they make AI so easy for people to implement that it's out there and going bonkers. I mean, we hear stories of CEOs using it to write their emails.

And I think Paul and I spoke about this on a recent, on a recent podcast. Does that mean that if your CEO is putting his email in an open AI chat GPT, whatever, that's not locked down to your company? Is there, is there a business secret in that email? Is there something he's talking about that maybe you don't want to go into some, some open software?

But you're hearing stories about these things happening and people just not thinking, Oh, it's just giving me a better way of putting this. But yeah, but it's taking that data and doing something with it. And yes, y'all pay us. We're both attorneys. Y'all pay us to be paranoid. It comes with the territory.

But what do you think? Where do you think it should be owned? 

[00:18:31] Val: I, I think it's, it's been a really interesting dynamic. I think oftentimes it is falling on your privacy attorneys. 

[00:18:38] K: And I think falling is a good word because again, we can't implement or operationalize it. 

[00:18:44] Val: Yeah, I think that's part of it. I think also is that practically speaking, I have very rarely run into people that are like data council or data SMEs, right?

You're, you know, you have your privacy attorneys or SMEs or security, et cetera. So, so AI is sort of this new territory. And it is falling often on privacy attorneys, but there's a lot of other concerns. Yes. And so for example, previously what I've seen is sometimes you sort of do a, you have a small, you know, kind of over oversight board or committee, you know, for example.


[00:19:15] K: by the way, I think you have to. 

[00:19:17] Val: Yes. 

[00:19:17] K: And it has to be a Consulting working counsel. It can't just be like the the board that you come and you give a report. Oh, I don't yeah And I mean even at a 

[00:19:26] Val: microcosm level. I mean even even for sort of the more micro level decisions I think more often than not having somebody like an intellectual property attorney involved or somebody with that expertise I 

[00:19:36] K: used to mention that in privacy back when I worked at a med device company a global med device company that I I needed to be involved and I needed the ip attorney us to be involved in here.

They're like why? You And it's like if you can't see where you have personal data or implications or let's even say protecting your plans Yeah, yeah, because I mean at some point the privacy Privacy officers privacy council, whatever you want to put it We also know about protecting data whether that data is personal data or not.

We know how to protect data 

[00:20:04] Val: Yeah, but I think I think absolutely but I think the ip council are also very helpful because they're 

[00:20:09] K: they should be very helpful Well, there are these of 

[00:20:11] Val: course, but there are these amazing code generation technologies by some of the biggest technology companies in the world Yeah And there are serious IP concerns about ownership and things like that.

Well, and even about 

[00:20:21] K: doing proof of concept with different types of vendors. Are you going to go with internal, external? I mean, I've had people say, yeah, but it's not a third party. It's Microsoft. It's not a third party. It's Azure. It's not a third party. It's Amazon. Kindra? 

[00:20:35] Val: Code Whisperer is one of the, yeah.

[00:20:37] K: It's, it's, it's not a third. Those are third parties. Unless you're Microsoft or Amazon. Right. Those are third parties. Yeah, 

[00:20:42] Val: exactly. And, and, you know, I've, I've even had conversations with like M& A attorneys about. How does this come up, right? How does, how does, how do these things come up? So I think that AI, while often has become a privacy topic for good reason.

There are big 

[00:20:54] K: IP issues with it. There 

[00:20:55] Val: are big IP issues, there are ownership issues, and these might populate in other ways. So really, at least like when you're developing your governance and your programs, you should be thinking about the fact that there are proprietary intellectual property ownership.

If you're a software company and you're using this for co generation, there are amazing, Possibilities for output, but there's also real risks that people need to consider 

[00:21:15] K: and look at it this way It's almost the same thing as used to be with open source software. 

[00:21:19] Val: Yeah 

[00:21:20] K: used to be companies No, no, no open source software, but you like open source software because it's publicly available people can test it There's rules around it There's always rules and so like I said even for just a proof of concept to see if this is a vendor You think you might sort of kind of run away with if they can do what you want them to do They're taking your data They're, they're learning your process.

Is there anything that you're getting from that vendor that if you did not go with them and you came back later and wanted to, is there an IP claim there? 

[00:21:49] Val: Right, right. Exactly. It's 

[00:21:51] K: huge. It's huge. And I think, 

[00:21:52] Val: I think in general, AI is fantastic. And by the way, if folks haven't seen it, I want to recommend two demos to everybody.

Oh, please do. You should look at the Sora video demos. It's OpenAI's video technology, S O R A. And then separately, there's a YouTube video where OpenAce technology is used with Figure, which is a robotics company. Oh, 

[00:22:08] K: cool. 

[00:22:09] Val: And it's incredible, the things that we're seeing. We'll make sure 

[00:22:11] K: to link those in the show notes where we have that.

That'd be cool. They're, 

[00:22:14] Val: they're mind blowing to watch, and I think that the technology is there. I do think there are legitimate, you know, things that we need to think about as privacy pros, as data folks, etc. But I think it's really about managing the risk, you know, with the CEO email. Right. You know, maybe if you're using a version of these tools where the model isn't being trained, e.

g. a chat GPT for business, you know, there's more flexibility. Maybe if all the information has been redacted, 

[00:22:38] K: CEO's email, but those are the ones that are hitting the news that you're hearing about that, that someone did something. But it's also the case of with any vendor or supplier that you use, whether it's free, whether it's low cost, you're the product.

It is designed to go around your corporate third party risk management program or designed to go around your procurement program to have people either use something free and that way they're getting your data, they're training their models, whatever, or it's so low cost you can just expense it. There's a reason it's low cost or free because the product's not the product.

You're the product. 

[00:23:15] Val: And just like any free service, you know, think about the rules that we've learned about from CCPA You know, where's this data going? Why is it going there? What's the basis, you know, all those things. And if you think about it that way, yes, it's new. Yes. It's novel. Yes. It's emerging, but some of these are sort of.

Common commonalities with other technologies. Exactly. 

[00:23:34] K: Well, and Paul and I have talked about that before. Yes, AI is different. But AI is the exact same as any other emerging technology that people want to use. Although, it's actually been emerged for quite a while now. 

[00:23:47] Val: That's right. 

[00:23:47] K: We need to know. We do know that the mass production availability of the chat GPT is what's taken the world by storm, but it's an emerging technology.

Just it's a new technology. It's a new thing to your company, just like any other powerful technology. Look at it that way take the same risk that you would and yes I know your business is screaming at you that you've got to do it. You've got to do it They're losing money. Your competitors are doing it.

We know we know we we know so, okay So this is your first IAPP as we close out. Why don't you tell me how you got into privacy? 

[00:24:20] Val: That is a great question. So I do I 

[00:24:22] K: have an answer? 

[00:24:23] Val: No, I do have an answer I I always so I realized early on in my legal career that That I, you know, that I wanted to be in house.

[00:24:31] K: Okay. 

[00:24:32] Val: And so I kind of focused my, did 

[00:24:34] K: you ever go to a law firm? 

[00:24:35] Val: I worked as a law firm at a law firm as like a paralegal before law school. Okay. And I think it was great and I learned some wonderful things, but I think I realized, I knew 

[00:24:41] K: I didn't wanna be at a law firm, , I never even went there. 

[00:24:44] Val: Well, I, I, I think I wanted to be sort of in a more business technology setting.

I'm a technologist. You know growing up I would build computers and make websites and I was very into the technology aspect of this stuff And so I I kind of focused my my entire law school business school Internship experience on being in technology companies. I interned at Boston Scientific and Iron Mountain and this company called Neolane that got acquired by Adobe.

So I was really focused on being in a tech setting. I like that. I was very 

[00:25:14] K: much in tech settings myself. I can commiserate with that. 

[00:25:18] Val: So super focused on it. I just love tech. I just love learning about it. And I love 

[00:25:22] K: small startup companies. 

[00:25:23] Val: Yeah. I liked both. I liked, you know, I liked working at 40 billion market cap companies as much as small startup companies.

And so I sort of focused my work on that. Life takes funny turns. So after, after I graduated law school, I spent about a year And Air Force Material Command. 

[00:25:37] K: Okay. So 

[00:25:38] Val: that was different in the procurement contracting, you know, unit. So that was different, but I learned a lot of invaluable lessons on things like the federal acquisition regulation.

But I went in house after that. I was at a company called Progress Software and they knew I had sort of a technology background and this was 2015. So they were like, Hey, we need, you know, we need to start thinking more about GDPR. It's, it's coming. 

[00:25:59] K: Right. 

[00:25:59] Val: And I was there, I was a technologist and I was helping, you know, I was helping the attorneys there.

And I went to go to, and that sort of logged me in at the time and that journey sort of expanded. And at the time it was a small subset of my work. It logged me in where I spent about eight years. It was a small subset of my work, but it kind of continued to grow. And it went from, you know, part of my role as a commercial and product attorney to more of my role to my entire role.

[00:26:25] K: Nice. And 

[00:26:26] Val: so from basically, you know, end of 2017, Through the remaining tenure through 2020, I was focused on building our privacy program, supporting our security programs, nice telecommunications program. Exactly, exactly. And for a portfolio company with, you know, three different business units and, you know, over a dozen different products serving different clients B2B, B2C.

Professionals, et cetera. So I was really, I was sort of, I was drinking with a fire hose and I was building, I was building, you know, what ended up being 12 to 15 different privacy programs from scratch. 

[00:26:58] K: Because we were 

[00:26:59] Val: entering new markets. We were acquiring companies. We were divesting companies, all these different things were happening.

And I was learning about privacy from so many different angles. So in other words, 

[00:27:07] K: you're saying you've really slowed down now. 

[00:27:09] Val: Yes, I've slowed down quite a bit. 

[00:27:11] K: With a six year old daughter, you need to. 

[00:27:12] Val: Six year old and a three year old. That's right. 

[00:27:14] K: My grandchildren are three, four, and five. Oh, yeah. I'm with you.

[00:27:18] Val: But throughout that time, I really, I really, you know, loved the privacy aspect. I love technology first, so privacy, security, etc. Right. It goes hand in hand, but I think with privacy, there's just such an important, you know, like greater good aspect. The things that you're doing, 

[00:27:33] K: well, the 

[00:27:33] Val: things that we're doing aren't just, aren't just for our business.

They're for kind of society. It's a 

[00:27:38] K: helping profession. 

[00:27:39] Val: Yeah. And I think, I think that's been a big part of my motivator is the hearts and minds elements of working in the space of making sure that we are, you know, I, I like to use this silly sort of parallel. I go to when I was talking to engineers, which was, Hey, if you have a dog and you drop the dog off at doggie daycare, you expect that when you pick up the dog, it hasn't been cloned.

You haven't shaved, the dog hasn't been shaved. They haven't been sending illegal recordings somewhere else. Yeah. They haven't, you know, taken, taken the tail, you know, shortcut the tail by a little bit, right. You kind of expect your dog to be in one piece. And that was the example I kept giving was 

[00:28:14] K: a great example.

[00:28:15] Val: When you're a data processor service provider, you expect your data to be relatively in one piece, the same way it was when you gave it to the company. 

[00:28:21] K: Yeah. 

[00:28:21] Val: And I think thinking about things in that manner and how important that was for so many people just keeps me coming back for more. Kind of the helping and importance of what we're doing.

[00:28:30] K: Nice. I really can't think of a better note to end on. I mean, he sings my song better than I sing it. Y'all heard me sing, so y'all know it's true. I'll leave it to Paul to close us out then. 

[00:28:41] Paul: Thanks, K. That was great. Indeed, this wraps up another episode of Serious Privacy. If you liked the conversation, join us on LinkedIn, you'll find us under #SeriousPrivacy.

You will find K on social media as @HeartofPrivacy and myself as @EuropaulB. Next week, more from the #IAPP #GlobalPrivacySummit. Until then, goodbye. 

[00:29:02] K: All right. Oh, I guess I should say bye y'all. Bye y'all. With serious privacy.

[00:29:22] Paul: Hey listeners, looking to navigate the realm of responsible AI data privacy governance? Well, look no further. 

[00:29:29] K: Absolutely. TrustArc is paving the way, offering a complete approach to managing privacy risks in the world of AI. 

[00:29:36] Paul: TrustArc allows organizations to confidently use AI with personal or sensitive data, moving forward efficiently and cost effectively.

[00:29:44] K: And here's the kicker, protect your company and data with TrustArc's privacy driven compliance software. 

[00:29:51] Paul: Because they're Deep automation streamlines data privacy governance, cutting your time to compliance with automated data mapping, risk assessments, and regulatory reporting. TrustArc's 

[00:30:01] K: enhancements go way beyond that.

Helping organizations understand AI better and align cross functionally on data governance, privacy, and compliance. And security. 

[00:30:12] Paul: Plus, they provide guidance on privacy governance for AI and how to mitigate risks using frameworks like nist ai, OECD, ai, and an ACY Privacy Management Accountability framework.

[00:30:24] K: If you're aiming for compliance excellence, check out Privacy Central. Seriously, one of my best parts. It uses automation and privacy expertise to understand your requirements, build and manage your privacy program.

[00:30:40] Paul: Oh, I agree. Privacy Central is your go to to measure your progress toward responsible AI data compliance.

[00:30:46] K: Stay ahead with TrustArc's Privacy Central. Visit TrustArc. com now. Ask me or Paul if you have any questions.