I came to the data field because I have always been passionate about technology. As a child, I asked for a computer in grade school, and practiced coding on a Commodore 64. When I was deciding on colleges, my initial plan had been to go to Georgia Tech and focus on engineering. But when IBM made a significant investment in the management information systems programme at the University of Georgia’s Terry College of Business, I changed my mind, and became one of the first female students in this programme. Needless to say, it proved to be an excellent foundation for me. At UGA, I became interested in law school when a speaker at the SMIS program from Delta Airlines sparked my interest in the challenges airlines faced with international electrical and communications standards at the time. After completing my bachelor’s degree, I attended Vanderbilt Law School with a desire to have a career developing global technology standards. My focus in law school was also on technology and intellectual property. Professionally, I have always been focused on technology including my first internships and the IBM cooperative work/study programme.
After law school, I began working in technology and outsourcing law. Over the course of my career, I have focused in many different business areas that touch on data and technology including outsourcing and contracts, intellectual property, security and incident management, new product and service development, mergers and acquisitions, and now privacy. My MIS degree was an excellent foundation that created several opportunities for me, as it enabled me as a first-year lawyer to join senior partners at the table with technology experts and chief executives since I was the only lawyer at my law firm at that time with a technology background. My MIS background enabled me to translate legal requirements for technologists to enable Fortune 100 companies to design, implement and roll-out transformational e-commerce platforms globally.
Over the last five years, I have advanced through a series of roles that has elevated me to the position of chief privacy officer at a Fortune 100 company. My expertise in privacy and data enabled me to successfully move from one industry to another – from the financial services data space to the consumer product manufacturing area. Prior to the effective date of the GDPR in 2018, as chief privacy officer, cyber legal counsel, and global data protection officer at S&P Global, I worked with privacy laws in more than 160 countries and developed expertise in data protection throughout the Americas, Europe, and Asia. During my three years as CPO at S&P Global, I transformed the privacy office from a one-person legal touchpoint to a global network of subject matter experts embedded throughout the business, technology and legal functions.
After pausing my career to care for young children and my parents, I re-entered the workforce at a time when consumer and regulatory focus on privacy began to increase exponentially. As governing requirements for privacy continued to multiply and grow globally, the technology and business skills that jump-started my early legal career were also critical in growing my expertise in the privacy and data protection sector. With complex laws with differing criteria, the CPO position is not just a compliance and regulatory position. I find that its necessary to translate these rules for technology, business, and technology leaders to develop an accurate and well thought out plan that builds a relationship of trust with customers and business partners while mitigating risk for the company.
Just as many women choose to stay home, I, too, was able to take six years off to raise young children while caring for my parents. I stepped back from my career as I juggled a physical health challenge, raising young children and caring for my ailing parents. I found the strength and stamina to provide elder care while my stepfather struggled with early on-set dementia, including the coordination of multiple moves for increased levels of care, as well as the management of financial, medical, insurance and, finally, probate issues after his death.
When I re-entered the workforce, my technology outsourcing and contracting skills coupled with my ability to apply complex security controls gave me unique opportunities. With the dramatic increase in cybercrime and rise in cyber incidents, I continued to excel in helping my clients and companies with data management, active responses and mitigating risks.
While networking with technology and privacy leaders was key to my growth, my technology background, long hours and hard work, as well as my willingness to continue to advance my education in privacy is what helped move my career forward. By developing an expertise in the intersection between data, privacy, data security, technology, and emerging prolific regulatory requirements, my focus on personal data positioned me in an area with a strong demand and potential.
In my view, one of my biggest career wins is being known for a positive leadership style that selflessly cares for my colleagues and team members. Mentoring and creating professional development opportunities for others is a passion of mine, and I frequently volunteer my time to help mentor others as they re-enter the workforce or move into the privacy or data protection area late in their career.
The biggest challenge in the global privacy and data protection regulation landscape is the rapid growth in complexity and scope of data governance, cybersecurity, and vendor risk management obligations. Currently, at least 128 jurisdictions require private sector businesses to implement and maintain certain privacy and information security standards, including (among others) notice, privacy rights requests, cross-border transfer restrictions, and vendor monitoring specific to personal information. The volume and prolific pace of new and updated regulations create challenges in regulatory service delivery.
I am closely following the recent trend in regulations bringing non-personal data in scope and creating additional regulatory requirements for applying AI/machine learning. I carefully follow the rapid pace of new data protection requirements in multiple jurisdictions – and analyse laws with a lens to identify the new data and technology requirements. Another example is the pivot in regulatory and industry changes in martech and adtech, which change both the legal requirements and risk balancing factors underlying business and technology risk decisions in numerous jurisdictions.
I am passionate about my work, and enjoy studying the geopolitical, historical and societal elements that influence privacy legislation and the individuals drafting key privacy and data protection regulation.
To successfully implement data and privacy programmes, I have found that raising awareness of privacy and its importance to our clients and customers is critical to creating a culture that embraces privacy as a cornerstone of business operations. Business leaders want to understand how the global privacy landscape impacts their operations, but it’s important to show the global impact as well. No matter how many other data and technology leaders I am working with on a project, male or female, it is important that I convey the privacy implications whether to upper management or company-wide.
The data field has changed for women professionals in so many ways. In my lifetime my grandmother had to hide her married status because married women were not allowed to have a job where she lived in Oklahoma in the 1920s. In the 1960s, my mother was not allowed to wear pants to the library in college. In the 1980s, I wore a red business dress to my technology cooperative job at a Fortune 100 company, and my top line manager implied that red was not the best colour for the office. In the 1990s, I was one of the first women to wear pants to my office. Today, it is hard to imagine someone implying that you cannot wear red or pants to work, and yet, this is the environment I and many other women have faced. In most of my work experiences, I have always been one of the only women in the room, and often led negotiations with teams of more than 10 men on complex, multi-national outsourcing deals. I have also led tabletop, cyber security tabletop exercises globally with only a few women present in the key roles from the company. Frequently, everyone in the room has been between 10 and 20 years older than me. While I have seen a significant rise in women in data and technology, and an even larger rise in women in privacy, I still frequently find myself as the only woman on an executive call in the data space. I am fortunate that the companies and firms I have worked with all have programmes dedicated to increasing gender parity and supporting women in data.
Advice I would give aspiring data lawyers and professionals: The job that I have today did not exist when I was in college or law school. Many of the projects that I have worked on involve technologies and companies that were not established until this century. Many women today will be innovators in the data arena. In the data space, as you trailblaze a new area of business growth that intersects closely with global regulations, data security, and technology innovation, I encourage you to never let yourself question whether you should try something simply because it was something no one else has done before. A mentor shared with me that he felt my success in the gender-imbalanced sectors of law, technology and financial services came through applying high emotional intelligence and strength of character while combining this with what he labelled intellectual fearlessness (for lack of a better term). When facing challenges in cyber, data or technology that are not easy and where there is no clear answer, I never back down from a challenge because it seems hard, uncertain, or high-risk when other lawyers may have been daunted or might avoid the challenge altogether. I encourage you to enter into the difficult discussions, and let doing the right thing be your guide.