Privacy AI: The Future of Building Smart Privacy Programs

Join hosts Jodi and Justin Daniels in this episode of She Said Privacy/He Said Security Podcast, where they again interview Michelle Finneran Dennedy, CEO of PrivacyCode.ai about the surge in privacy tech stack.

Additionally, Michelle addresses the privacy and security risks companies face in regard to AI, the current state of tech regulations, and how PrivacyCode.ai enables customers to build and prove the business value of global privacy programs.

Listen to the full episode.

Privacy and Tech: Is it time to freak out yet?

PrivacyCode.ai is the privacy engineering platform for business-focused teams, even startup business teams.

Podcast host and Tech Evangelist Dave Anderson recently spoke with PrivacyCode.ai CEO Michelle Finneran Dennedy about data strategies for entrepreneurs, including how to properly collect it, process it, and piece it all together.

In his own words, Dave says this episode is for:

…people that are interested in the in’s and outs of privacy from an expert that not only wrote the book on the topic, started the Chief privacy functions of some of the largest companies, but has gone out on a limb, to start her own company hell bent on educating people about privacy and ensuring the next generation of leaders get their privacy strategies, documented, ethically tested, and are sustainably sound. 

She makes Privacy sound cool. I really didn’t think that was possible.

Catch to the full discussion with Michelle and Dave above.

In this video interview with Information Security Media Group at the RSA Conference 2023, PrivacyCode CEO Michelle Dennedy discusses:

• Post-pandemic privacy challenges

• The privacy law landscape globally

• Evolving privacy issues involving TikTok, social media and younger users

Watch her full interview here!

A SaaS Platform for Privacy Management is Finally Here

The way we work, move around the globe, entertain, educate and affect social change is fueled by a ubiquitous flow of data and data-driven products. 

At the same time, we see fault lines forming between safety and individual autonomy; convenience and choice; ethics and urgency. The systems of law and international sovereignty can scarcely keep pace with technological change and the demands of new generations of digital natives who are hungry to have their digital cake and eat it, too.   

This complex, ever changing, multi-stakeholder and high-risk world is the realm of the Chief Privacy Officer. She is tasked with understanding individual employee and consumer rights, international legal regimes, technical capabilities and the financial realities required to drive the entire soft system that is data protection and privacy. It’s a lot.

Reimagining Privacy for the Modern Enterprise

When we talk to people who work in privacy – from CPOs to privacy engineers - we hear stories of communication failures, confusing product requirements, and ever-increasing pressure from regulators and board members to reduce the risk of collecting, managing and securing personal data. Often, we find ourselves vigorously nodding in agreement. That’s because we’ve both “sat in the chair,” leading privacy programs from the legal and technical sides. The pain points we hear are deeply familiar to us.  

We’ve stared into the void – and it is a void – searching for an enterprise solution to connect policy words, technology, law, reporting and governance. We searched for a platform that legal, technical and business teams understand and could actually use to build privacy into products and governance programs. For too long, the void stared back at us.

So we decided to fill the void (and then some) – by building a proactive, metrics creating platform that meets developers and privacy leaders where they are. Specifically, a solution that enables privacy teams to leverage the best ML/AI solutions to test assumptions and make standards-based recommendations.  And, to equip them to scale their work by having the most current regulatory standards at their fingertips. We wanted them to be able to break down complex requirements into intelligible chunks so that the right person can execute on them quickly and effectively. We believe privacy leaders and teams should be able to do all of this, and more. So that’s what we built: a platform to empower privacy experts to become more efficient, and for privacy novices to perform like experts. 

Why PrivacyCode?

PrivacyCode is the only SaaS platform that brings scale, efficiency, and accountability to privacy programs. Today, there is a chasm between the privacy teams who use words to create privacy policies and developers who use code to transform these policies into products. Simply put, they speak different languages.  

For decades these two essential stakeholders (and others across the enterprise who “own” aspects of privacy) have found themselves in endless meetings, struggling to create system requirements from legal documents, only to end up frustrated.  Correcting these requirements after systems are deployed or updated can be costly, time consuming, and failure prone. The cost of this inefficiency and miscommunication is real. Last year, Didi Global was hit with a breathtaking $1.2 billion fine, Sephora was fined $1.2m for breaking California’s privacy law, Weight Watchers suffered bloated liabilities from poor acquisition practices because the startup failed to build privacy in to protect children’s data. The list goes on.  

To address these growing risks and build a solution that would scale and iterate as the privacy landscape continues to change, we focused on building the PrivacyCode platform that is:

• Cloud-based and collaborative

• One-source of truth and proof

• Developer and privacy team friendly

• Engineered for the ethics of the modern enterprise 

In essence, these principles are the “code” that we use to guide us. In the process, we’ve created new ways to advance how people work with privacy, day to day. For instance:

• The Privacy Object TM Library provides out of the box instructions and translates privacy policies into consumable tasks for developers and project managers

• Machine Learning (ML) engine enables speed, automation and scale

• Embedded tools capture data, drive analytics, and generate reporting

There’s a lot more to know about what PrivacyCode can do – contact us for a demo.

We also think it’s important to say what PrivacyCode is not. Our solution is not a checklist. It’s not an assessment framework or data mapping tool. These are point solutions that only look at a piece of the privacy puzzle without connecting it to the larger privacy program, technical requirements, or reporting imperatives.  

Why a Platform?

Privacy programs today must scale. One-off, siloed projects in legal departments or technology teams, or in separate business functions fail to leverage previous knowledge and development work, and almost always result in costly gaps and lost productivity. And without an integrated workflow and view, it’s almost impossible for privacy leaders to provide metrics and demonstrate the progress of their program. This “proof gap” is something that plagues many privacy professionals.

What’s more, privacy is no longer the purview of a single person, be it a lawyer, privacy manager or a cybersecurity expert with “privacy” as a side job. Now, privacy touches all parts of an enterprise, from sales to marketing to supply chain to HR to IT. A comprehensive solution that enables each of these stakeholders to contribute to, and track a privacy program from their POV , is essential. PrivacyCode as a platform is the “spine” that connects the unique elements and various user personas of enterprise privacy into a single, simple to use system.   

Why Now?

Businesses are responsible for managing an avalanche of proprietary data. Yet the privacy protection “industry” is still in its infancy. As the ownership of privacy within large enterprises continues to shift from legal teams to a shared responsibility across teams and work streams – many who are new in the field - keeping track of the work and the evidence is critical. Toss in the explosion of remote work, complex governance, growing cyber threats, and enterprise customers who want to know if a company can prove it protects customer data, and it becomes clear that continuing to manage privacy like it’s 2010 is a massive risk.

In concert with a shifting privacy management landscape, C-suites and Boards of Directors are paying closer attention to what they spend on their privacy program and want evidence that risks are being managed efficiently. Successful and sustainable businesses know that it’s critical  to protect data, and act as its guardian and manage it as an asset.  

Where Are We Headed?

We’re pretty excited about what we’ve built with PrivacyCode. We uniquely understand the challenges facing privacy leaders and privacy engineers today and making their work easier – and protecting the private data of all people – is a mission we truly believe in. We also love the fact that our platform is a business enabler for our customers and creates real value for the enterprises that use our platform.

As the data privacy solutions market is poised for hypergrowth, we’re confident that PrivacyCode will be at the forefront of privacy innovation for a long time to come.  If you’d like to join us on our journey by becoming a PrivacyCode Design Partner to see firsthand how you can reduce privacy risk and accelerate teams across your enterprise, please contact us.

-----------------------------------

We agree, Adam!

PrivacyCode CEO Michelle Finneran Dennedy sat down with renowned consumer affairs advocate and serial entrepreneur, Adam Levin on his popular podcast “What the Hack with Adam Levin.”

As Adam writes in his blog, “Michelle Dennedy is to privacy what Einstein is to relativity but with the addition of rules that involve proper panty protocols. If there’s a new trend in identity-related criminal enterprise, she knows about it, has an opinion and can help guide you to a better place without getting got by it.”

Adam interviews Michelle about news from the Washington Post about data brokers selling highly sensitive mental health data of thousands of people with their personally identifiable information still attached (yikes!), and why privacy laws in the U.S. continue to suck.

Listen to the full episode below and check out Adam’s blog at https://adamlevin.com/.

by Michelle Dennedy

From Decipher:

The idea that you can’t protect what you don't know you have is axiomatic in security and it applies not just to devices, but to the information an organization collects and stores. Knowing where user and customer data is, what it's used for and who can get to it and why are all difficult things to address.

"It’s not a tech problem, it’s a hard thing to overcome years of neglect. We’ve underestimated and underinvested in privacy for decades because privacy is just air and no one wants to invest in air," said Michelle Finneran Dennedy, co-founder of Privacy Code and co-author of The Privacy Engineer's Manifesto.

"Privacy is contextual and time based, it’s storytelling. If you haven’t built data intentionality and data flows, you get that answer that we don't know where things are."

PrivacyCode Co-founder & CEO, Michelle Dennedy is a guest on the Shifting Privacy Left podcast with host, Debra Farber. They discuss what a Software Bill of Materials is and why it is needed in privacy and Michelle’s advice for privacy engineers on how to use an SBOM.

“VCs are more of a mood than an algorithm” Michelle Dennedy, CEO & Co-founder

PrivacyCode CEO, Michelle Dennedy, keynotes at the 2022 ISACA IT Security and Risk Symposium conference. She highlights Wicked Privacy and the power of multi stakeholder requirements driving privacy engineering, building projects and systems to create value in the 21st century.

“Privacy is a strategic business enabler” - Michelle Dennedy, CEO & Co-founder of PrivacyCode

Building value in these turbulent economic times is more important than ever before. Data is central to driving decisions that matter to build trust, execute operations, and fulfill promises. Privacy and data protection is therefore central to those tasks.

“One of the best Keynotes ever...” -Sunny Jamwal, Director of CyberSecurity at Dash Hudson

The latest podcast episode by Silo Busting features a conversation between Michelle Dennedy, CEO of PrivacyCode and co-author of The Privacy Engineer's Manifesto and Sam Rehman, Chief Information Security Officer and SVP.  They discuss the importance of considering privacy and security in the context of Environmental, Social, and Governance (ESG) and bringing the human factor into ESG conversations. Michelle Dennedy defines privacy as “the authorized processing of personal or personally identifiable information according to moral, ethical, legal, and sustainable principles.” They also dove into the topic of the emotion of security, governance in the era of non-stop work from home video conferencing, and the new questions business leaders are asking. Listen to the podcast to discover more insights on the topic.

By Michelle Dennedy, Co-Founder and CEO

Software is eating the world.  Every hardware provider since the 80’s has announced this truism. The venture community embraced the investment thesis that software is eating the world with Marc Andreesen leading the charge.

Computing is cheap; code is easy and repeatable; automation, inevitable for efficiency and profit. Software is eating the world.

But here’s the thing. Where there’s a what, there’s a why and where there’s a why and a what, there is, inevitably, a who.  Humans are building systems, writing and re-writing code, creating the perfect storm where data can be collected, processed, combined and aimed…at humans, about humans and for humans.

So, while software is eating the world; human data bites back. It has been my experience that data bites back viciously where privacy is not built in.

We’re human and we know what we want – and we know what we don’t want. We’re tired of being told we can have any color car we want, so long as that color is black. We do not want stalkers following us around in person or in our online personas.  We want organizations to prioritize and invest in privacy because we want our data to provide us with valuable, safe opportunities and experiences.

Just as food safety practices allow us to enjoy the experience of eating and trust that the food won’t make us sick, effective privacy protections can help us more fully enjoy the promise of our own data while not creating risk and fear or harm. Even in B2B environments, customers and employees expect to see the value of what we do with their data, and they also want to be able to prove what we are not doing with it.

Organizations and their leadership have fiduciary responsibilities for the human stories that we tell and that others tell based on our digital footpaths. Before they collect, observe or buy data, these organizations must be fit for the purpose, built to respect their fiduciary obligations, and demonstrate trustworthiness. These capabilities create value far beyond avoiding compliance costs.  Building in capabilities that intake data that suits a purpose, that shares the communicated observation or insights to serve a shared goal create the possibility for human collaboration and trust.  These capabilities can join to create systems that are built to relate to a vast array of services, commercial and cultural interests; in other words, systems that respect human data are far more valuable than hungry software without them.

Understanding and building to respect the humanity behind data is what makes this such an exciting time for both privacy and data professionals. It also introduces a lot of challenges because humans are complex and often non-binary in our preferences. We change and grow over time and so do our preferences and desire to engage with the systems that are built for quality and value. The opportunities for those who create context and nimble systems are endless.

Guiding an organization through effective data and privacy governance is as much about people as it is about systems and code – all parts of these systems must work together and mutually reinforce the fiduciary obligations to share where desired, protect where vulnerable and even to become anonymous where the crowd view matters. We call leveraging these critical skill sets and tools to solve or manage privacy and data protection challenges, privacy engineering – and it’s starting to attract attention from the business.

As a result, privacy and data professionals advancing in their careers will have the opportunity to earn influence over business, but they’ll need to secure predictable resources with metrics and the ability to answer:

• How can we prove whether a privacy engineered system is successfully building privacy into its environment?

• Are business objectives met with the right type, scale, and amount of data?

• Can that business live up to its fiduciary responsibilities?

That’s why I’m building PrivacyCode with my co-founder Kristy Edwards. We know what metrics privacy and data professionals need in order to earn the trust of business leaders and expand their credibility across the organization. We know, because we have been there ourselves, building these systems by hand for companies one at a time.  We want to toss the torch forward, so we are building the builders’ tool to design and measure and integrate privacy into every system.