Data Privacy Day is an international effort held annually on January 28 to create awareness about the importance of privacy and protecting personal information. We recently sat down with Noga Rosenthal, Chief Privacy Officer, Epsilon/Conversant to get her take on the organization's commitment to data privacy, the evolving data privacy landscape, consumer education and more.
1.What do you find most interesting about your privacy role?
The most interesting, and challenging, aspect of my overseeing the privacy program for both Epsilon and Conversant is that I’m seeing data being collected and used in new ways. We are facing privacy issues that haven’t been dealt with in the industry before and we are in the forefront of setting guidelines and rules around such data collection and use. As the data landscape at Epsilon/Conversant is cutting-edge and always evolving, so is our privacy program. We work hard to keep on top of the changing privacy landscape to help ensure our company’s compliance with various rules, regulations and internal policies.
2. How has data privacy evolved during the past two years?
As the various data collection and use points have evolved, so have the questions around privacy compliance. Fundamentally, we turn to the Fair Information Practice Principles as a guiding point of how we should be providing consumers appropriate notice and choice. It’s about taking those principles and applying them to the use of new technologies. For example, before we might have dealt with data collection on one browser on one desktop whereas now we might have data collection across various, related browsers and devices. There are a lot more contact points with the consumer than before. It’s our job to continue to evolve our educational messaging around privacy so consumers understand how their data is being used, what choices they have and ultimately providing greater transparency around data use practices.
3. What can consumers do to better educate themselves about data privacy?
I always recommend that consumers start with centralized industry self-regulatory organizations sites that explain how companies use their data in simple, unified, clear and concise descriptions. These sites give consumers the information they need to ultimately determine for themselves what data use practices they’re comfortable with. For example, the Data and Marketing Association, Network Advertising Initiative, Digital Advertising Alliance and the Future of Privacy Forum (FPF) are great resources. And in fact, the FPF just recently launched a guide to consumer privacy in the connected car to help consumers understand the information collected by this new generation of vehicles.
It’s also imperative for us to clearly explain to consumers how we use their data and their appropriate choice mechanisms. Epsilon also has its own consumer information center where consumers can better understand how data about them is obtained and used by Epsilon for marketing purposes.
4. Big Data continues to garner big headlines. Thinking about privacy regulations domestically and abroad, what do you see as the most significant trends? Is self-regulation still valid for the way we choose to protect consumer privacy?
Globally, there are a lot of existing privacy laws that regulators are trying to apply to more modern technologies like mobile phones and addressable tv. The challenge is that these laws often do not reflect the current state of the technologies being used or how data is collected. As such, laws need to be updated quickly and repeatedly to keep up with the technologies- which has proven difficult.
Because of this, we strongly push for self-regulation organizations. These organizations understand the various technologies and are able to adapt quickly to industry changes.
5. What are your thoughts on the rise of the chief privacy officer position, and how does that role fit into corporate leadership?
With Epsilon/Conversant’s core offerings being the collection and use of data for marketing services, it’s essential to have a privacy officer sitting down and working through privacy challenges at the leadership level. We have a Privacy by Design program, which allows me and my team to sit in as products are created and designed to ensure that they take privacy into consideration. We also work across the organization – and with clients – to ensure privacy is taken into consideration and data is used in a privacy friendly manner across sales and product and services development.
But for organizations to be successful around data privacy the Chief Privacy Officer role must extend well beyond the leadership level. After only eight months at Epsilon/Conversant, one of the most rewarding parts of my job is to see the depth of institutional knowledge about privacy that we have in the organization. Folks across the organization not only have privacy expertise but they take privacy seriously and help ensure privacy standards are met. The entire company is really working together towards this goal. I am thrilled by the level of inquisitiveness around privacy issues and changing privacy regulations and the thirst to learn more.
For additional perspective from Conversant's Counsel and Manager of Privacy Compliance, Daniel Shore click here.