We had a fantastic evening of conversation and insights at our Smart Cookies event, focused on Risk and Privacy. For those who couldn’t make it, here are some of the key takeaways from our panelists, who brought their diverse professional backgrounds to the discussion.
Key Takeaways from the Panel Discussion
1. Integrating Privacy and Risk Measures
Amaka Ibeji emphasized the gap between what a policy says and what actually happens in real-life practice. A key challenge for organizations is moving beyond creating catch-all policies that no one will follow and instead influencing the actions people regularly take—a concept closely tied to Privacy by Design principles. Our panel highlighted the importance of Governance as the starting point for balancing and integrating robust privacy practices.
2. Regulatory Compliance
John Butler brought up a pressing issue: the growing complexity of employment law in the US, especially with no federal standard and each state having its own set of regulations. He cited states like California and Illinois, which have some of the most stringent privacy laws impacting employment data. His advice? Rather than getting bogged down by the ever-changing regulations, focus on engineering compliance solutions for the most stringent scenarios and work backward from there.
3. Risk Mitigation Strategies
Shane Mohr spoke about the challenge of doing all of this with limited resources. He emphasized the importance of prioritizing risks and devoting resources to the highest-priority areas first (well-aligned with ISO 31000 principles). Some industries—like financial services, where Shane works—are highly regulated, and cutting corners isn’t an option, so he emphasized that simplifying the technology stack and managing risks holistically can help.
4. Emerging Privacy and Risk Themes
Aaron Weller shared insights into emerging trends like AI*and how this has presented new scenarios with ever-evolving challenges. An example being data localization and globalization questions, where data warehouses may need to physically reside in the same country as their users due to rising data sovereignty concerns. Countries like China, Russia, and India are already looking to enforce stringent localization laws. But Aaron’s main point was that we’ve been here before: new trends have been emerging for decades—cloud technology, blockchain, AI—but the fundamental principles of privacy and risk management remain unchanged. It’s not about reinventing the wheel but about focusing on the fundamentals while adapting to new innovations.
Additional Insights
During the discussion, the panelists emphasized the importance of making policies measurable. A key takeaway was to approach policy creation with both a “what can go wrong” and a “what can go right” mindset. This helps secure business buy-in by highlighting not only potential risks but also positive outcomes.
Our panelists highlighted the importance of co-creating policies with business stakeholders to ensure they are practical and embraced by the organization. This collaborative approach makes policies more actionable.
There was also discussion on working with vendors and startups that may lack established privacy practices. Rather than a defensive or adversarial approach, consider how you can help coach and inform these vendors to elevate their privacy standards, benefiting the entire ecosystem.
Top Tips from Our Panelists
Shane Mohr: “It’s an ongoing journey. Don’t think you’ll ever ‘arrive.’ There’s no silver bullet—just a continual process of maturity.”
Aaron Weller: “Start with the end in mind, and remember that ‘you’re going to get what you measure,’ so make sure you’re measuring the right things.”
Amaka Ibeji: “Yes, think about what can go wrong. But also look at what can go right—this will help drive business buy-in and make your case stronger.”
John Butler: “Be proactive even when there are unknowns. In areas where you don’t have the answers, don’t be afraid to leverage experts instead of going alone.”
Bryon Scharenberg: “It would be foolish of us to think we won’t make mistakes. Sharing our mistakes with others can set them up for success—and likewise we can benefit from others when we engage in a collective community, like Smart Cookies.”
Conclusion
Our Smart Cookies event provided valuable insights on navigating the complex world of Risk and Privacy. The panelists highlighted key issues like privacy integration, regulatory challenges, and emerging trends. While the landscape evolves, focusing on the fundamentals and collaboration will help businesses stay resilient. We hope these takeaways give you a glimpse into the discussions and inspire further learning.