We had a fantastic evening of conversation and insights at our Smart Cookies event, focused on Risk and Privacy. For those who couldn’t make it, here are some of the key takeaways from our panelists, who brought their diverse professional backgrounds to the discussion.
Key Takeaways from the Panel Discussion
1. Integrating Privacy and Risk Measures
Amaka Ibeji emphasized the gap between what a policy says and what actually happens in real-life practice. A key challenge for organizations is moving beyond creating catch-all policies that no one will follow and instead influencing the actions people regularly take—a concept closely tied to Privacy by Design principles. Our panel highlighted the importance of Governance as the starting point for balancing and integrating robust privacy practices.
2. Regulatory Compliance
John Butler brought up a pressing issue: the growing complexity of employment law in the US, especially with no federal standard and each state having its own set of regulations. He cited states like California and Illinois, which have some of the most stringent privacy laws impacting employment data. His advice? Rather than getting bogged down by the ever-changing regulations, focus on engineering compliance solutions for the most stringent scenarios and work backward from there.
3. Risk Mitigation Strategies
Shane Mohr spoke about the challenge of doing all of this with limited resources. He emphasized the importance of prioritizing risks and devoting resources to the highest-priority areas first (well-aligned with ISO 31000 principles). Some industries—like financial services, where Shane works—are highly regulated, and cutting corners isn’t an option, so he emphasized that simplifying the technology stack and managing risks holistically can help.
4. Emerging Privacy and Risk Themes
Aaron Weller shared insights into emerging trends like AI*and how this has presented new scenarios with ever-evolving challenges. An example being data localization and globalization questions, where data warehouses may need to physically reside in the same country as their users due to rising data sovereignty concerns. Countries like China, Russia, and India are already looking to enforce stringent localization laws. But Aaron’s main point was that we’ve been here before: new trends have been emerging for decades—cloud technology, blockchain, AI—but the fundamental principles of privacy and risk management remain unchanged. It’s not about reinventing the wheel but about focusing on the fundamentals while adapting to new innovations.
Additional Insights
- During the discussion, the panelists emphasized the importance of making policies measurable. A key takeaway was to approach policy creation with both a “what can go wrong” and a “what can go right” mindset. This helps secure business buy-in by highlighting not only potential risks but also positive outcomes.
- Our panelists highlighted the importance of co-creating policies with business stakeholders to ensure they are practical and embraced by the organization. This collaborative approach makes policies more actionable.
- There was also discussion on working with vendors and startups that may lack established privacy practices. Rather than a defensive or adversarial approach, consider how you can help coach and inform these vendors to elevate their privacy standards, benefiting the entire ecosystem.
Top Tips from Our Panelists
- Shane Mohr: “It’s an ongoing journey. Don’t think you’ll ever ‘arrive.’ There’s no silver bullet—just a continual process of maturity.”
- Aaron Weller: “Start with the end in mind, and remember that ‘you’re going to get what you measure,’ so make sure you’re measuring the right things.”
- Amaka Ibeji: “Yes, think about what can go wrong. But also look at what can go right—this will help drive business buy-in and make your case stronger.”
- John Butler: “Be proactive even when there are unknowns. In areas where you don’t have the answers, don’t be afraid to leverage experts instead of going alone.”
- Bryon Scharenberg: “It would be foolish of us to think we won’t make mistakes. Sharing our mistakes with others can set them up for success—and likewise we can benefit from others when we engage in a collective community, like Smart Cookies.”
Conclusion
Our Smart Cookies event provided valuable insights on navigating the complex world of Risk and Privacy. The panelists highlighted key issues like privacy integration, regulatory challenges, and emerging trends. While the landscape evolves, focusing on the fundamentals and collaboration will help businesses stay resilient. We hope these takeaways give you a glimpse into the discussions and inspire further learning.
Panelist Bios
Aaron Weller
Aaron is the Leader of HP’s Global Privacy Innovation and Assurance team. He is most passionate about Privacy, specifically where it intersects with business strategy and data management. With experience as a hands-on practitioner, co-founder, and executive, Aaron specializes in tailoring technical risk and privacy solutions to solve complex problems. Throughout his career, he’s helped organizations ethically manage and use personal data to achieve their business objectives.
Amaka Ibeji
Amaka Ibeji is currently a Faculty Member with the IAPP (International Association of Privacy Professionals). With a career background in Information Security, she now has over 12 years of expert experience shaping privacy programs and data strategies with companies like Paccar, Microsoft, and most recently Cruise LLC. She is also the founder of PALS Hub, a community focused on empowering underrepresented groups to succeed in Privacy, AI, Leadership, and Security. Amaka serves as a mentor and advisor across North America and Africa.
John Butler
John Butler is a Senior Corporate Counsel with Equinox Business Law, specializing in contract negotiations, healthcare, product counseling, marketing, employment, corporate governance, and data privacy. With extensive experience in drafting and negotiating M&A, marketing, and other commercial agreements, John supports in-house teams as fractional general counsel across a broad range of legal matters.
Shane Mohr
Shane is the Chief Information Security Officer (CISO) at WaFd Bank. With over 25 years of experience in financial services technology, Shane is an expert in security and risk management. Throughout his career, Shane has led system implementations and directed corporate technology initiatives, all while balancing business objectives. He excels in developing robust security policies and procedures and leading complex risk management projects.
Bryon Scharenberg
Bryon Scharenberg, event emcee and panel facilitator, is Director of Growth at Kalles Group, specializing in Security, Risk, and Technology Evolution. With a rich background in global partnerships, business development, and disruptive strategy, Bryon leads organizations with a focus on delivering impactful outcomes. His experience spans executive education at theUniversity of Oxford, and roles in developing strategies to help organizations navigate complex change. Passionate about fostering innovation and driving growth, Bryon brings a unique blend of strategic insight and practical execution to the Risk and Security sectors.