Is Privacy Dead or Are We Redefining It?

Intro 0:01

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels 0:22

Hi, Jodi Daniels, here, I’m the Founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional providing practical privacy advice to overwhelmed companies.

Justin Daniels 0:36

Hi, I am Justin Daniels, I am a shareholder and corporate M&A and tech transaction lawyer at the law firm Baker Donelson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cybersecurity risk. And when needed, I lead the legal cyber data breach response brigade.

Jodi Daniels 1:00

And this episode is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology e commerce, professional services and digital media. In short, we use data privacy to transform the way companies do business together, we’re creating a future where there’s greater trust between companies and consumers to learn more and to check out our best-selling book Data Reimagined: Building Trust One Byte at a Time, visit redcloveradvisors.com.

Justin Daniels 1:34

Well, hello, hello. As usual, I noticed that your shirt and your earrings match exquisitely.

Jodi Daniels 1:41

Yes. Well, you know, we all have our thing. As a kid, when I was in high school, I used to have a bow, and my bow would always match whatever outfit I had. So now I’ve just swapped bows for earrings. Maybe someone listening has a similar experience that they can write in and share about.

Justin Daniels 2:01

Just Jodi is very intentional about that.

Jodi Daniels 2:03

Well, you know, I’ve moved from bows to earrings. I see I liked my bows, and bows are coming back. So maybe anyone listening has a daughter who likes bows in her hair, because I hear bows are cool, but you know, we should probably move on from bows and talk about praise. Okay, all right. So today we have Stephen Bolinger, who is Chief Privacy Officer at Informa, who has a career that spans three continents and more than two decades, with the last 17 years devoted to privacy and data protection matters across a range of industries, including tech, medical devices and financial services. And Stephen has produced a really fascinating film that we’re going to talk about called Privacy People. So Stephen, welcome to the show.

Stephen Bolinger 2:44

Thanks very much. Thanks for having me. Jodi and Justin. Really appreciate the opportunity.

Justin Daniels 2:51

That’s your turn. I know. Why are you looking at me? I’m thinking about the possibilities when we talk about films to put into film, but we’ll get to film making in a moment. But first, Stephen, why don’t you tell us a little bit about your career journey to date?

Stephen Bolinger 3:04

Sure, sure. Happy, happy to you know, as most good privacy professionals, I started as a theater major. You know, we come from a lot of diverse backgrounds in the privacy field. So, yeah, I was a theater major, which is only really relevant once we get to the film part. So in my early 20s, I was a struggling actor in LA and that also gave me the opportunity to meet some people and learn a bit about filmmaking and get a bit of a passion for those creative outlets. Now, eventually, sadly, I didn’t strike it rich as an actor, and so I eventually had to pay the bills. And I’d always been in technology. I’ve been interested in technology as a hobby, and so that’s the path that I started down, doing system administration and network engineering and data center management. And so this was kind of during the .com boom in the late 90s. And after a number of years doing that, I kind of decided I was done spending long hours in cold data centers. And so I started going to law school at night. My dad was a lawyer, and so I was, you know, kind of, I was familiar with the world of law and so I started going to law school, and Microsoft came along and bought the startup that I was at. And so as I was kind of finishing law school, Microsoft moved my wife and I up to Seattle from Los Angeles, and I spent a couple more years in technical roles while I finished law school, took the bar, and then, you know, it was kind of 2006 and and early 2007 and I had to figure out how it make this transition to to be a lawyer. And it was a terrible time. Then. And to be looking for a job, because it was kind of a global financial crisis, and everyone was kind of cutting back. And so I started meeting people throughout Microsoft’s very, very large legal team. And I was lucky enough to meet someone named Sue Gluck, who was in the regulatory affairs department and ran a team looking after privacy. And for whatever reason she took, she took a chance on someone with no experience, which was really kind of not the entry entry path for most lawyers at Microsoft, because generally, they’re looking for people with, you know, five years of experience in big law somewhere, and so she took a chance on me and and that was actually now, about 18 years ago, and I’ve been doing privacy for the most part ever since. And so I spent another seven years at Microsoft, with Microsoft, also moved over to the UK and did an LLM degree at Queen Mary University of London and and then eventually moved on from Microsoft, decided I wanted to go back to do a startup. I reconnected with some of the same people I did the first startup with and joined a company called telesign. And telesign did two factor authentication. So they still do a lot of the back end two factor authentication for a lot of internet services. So when you get that text message on your phone with the code to put in a lot of times, that’s telesign on the back end, that’s providing that. So I joined them. Had a small team, got them to a point where they were getting bought by a big telco, and it was time for me to do something else. And that’s when I took a real departure and went into medical devices. I got recruited by a company called cochlear which is the biggest hearing implant company in the world, and they’re based out of Australia. And so my family and I moved to Australia and to Sydney, Australia, and I had to learn a lot about health privacy and medical devices and clinical trials and things that I just never had to had to encounter so far in my privacy career, and it was a fascinating company to be with, especially given the impact that they have on people’s lives in restoring their hearing. And then I shifted gears again. Thought, Well, I tried one highly regulated area, and so my next role was with National Australia Bank, which is a pretty large bank in Australia, about 45,000 employees, running their privacy program. And did that for that, moved us down to Melbourne, did that for a few years. And my family and I kind of decided we were ready to come back to Europe, back to London, and that’s when an opportunity with Informa came along, and we moved out, moved back to London two and a half years ago. And I’m loving my time at Informa.

Jodi Daniels 8:17

Well, I love how you connected that theater, major piece and all the different hops, because privacy. People really do come from so many different backgrounds and industries, and that’s many of us who’ve been here for a while, or who are trying to transition. It is someone has to give you that chance and hope that you can, you can do it. So let’s connect that theater major background to the film that you created called Privacy People. So tell us a little bit about what prompted that and more about the goal of the film.

Stephen Bolinger 8:51

Sure, sure. So yeah, as I mentioned, I had this kind of early interest in acting and filmmaking, and about maybe a year and a half ago, I did kind of a small film project, just kind of getting reconnected to that, and really had a great time doing it. And thought I want to do something a little bigger, a bit more ambitious. And, you know, the more, the more I thought about privacy and the privacy profession, I thought there was really a story there to be told. I mean, I feel like, I’m sure so many other privacy professionals have had this experience where you tell someone that you do privacy, and they kind of look at you in a bit of a puzzled way, and then, you know, say something to the effect of, oh, so does that mean, like you do intellectual property stuff or, or some other kind of, maybe, you know, legally adjacent, but, but not what we do and, and I think, I think it’s changing, but I think. People largely don’t know what we do and kind of the role we play for our organizations and in many respects, you know, within our societies. And I think privacy is an important thing for people to know about and know kind of who’s out there trying to, trying to look after it. And so, you know, there’s also been this massive expansion of our field that has really been born out of, you know, kind of the growth of the internet and the, you know, prevalence of smartphones around the world. Because, you know, each one of these technologies has just exponentially ramped up the amount of data that’s collected about us by organizations and governments and their uses of that information. And so, you know, really, the aim was to tell the story of what privacy is, why it matters. And you know, and really about this growing profession that is kind of tasked with looking after privacy for for everyone’s benefit, and and really the goal of the film, you know, from from a commercial perspective, you know, this is, this is a film that I produced on on my own, and so I don’t have kind of wild ambitions. From a commercial perspective. I’d love to see it on a streaming service, but I’m also realistic about the prospect that there’s probably not a high demand for a documentary about privacy. So I have submitted it to a number of film festivals, and so, you know, I’m hoping that it can find an audience later this year at one of those.

Jodi Daniels 11:38

Well, I hope so. It’s a great film and everyone, we’ll talk about how you can, how everyone’s going to be streaming it just, you know, maybe on, not like a Netflix, but we’ll talk about how, how they can do that, and we’ll make sure that we provide a link in the show notes as well.

Justin Daniels 11:52

You know, Stephen, this reminds me of how sometimes Jodi explains what she does when she says, I first started out in privacy, stalking you on the internet to buy certain things true when I did right the stalking part, I think that could be interesting.

Jodi Daniels 12:09

Wow. That’s what everyone did before there were rules and regulations and reasons to do so, and people still stalk you today.

Justin Daniels 12:19

Yes, I get all kinds of ads for all kinds of women’s things that I know nothing about.

Jodi Daniels 12:24

I know. Listen, for anyone curious, you have to go check out any of the ad tech episodes to understand why that happened.

Justin Daniels 12:31

But anyway, you know, Stephen so privacy, you know, it kind of means different things to different people and different societies. You know, the United States versus the EU with GDPR and then even Australia, yep. So how do you think cultural differences, given all the different places that you’ve lived, influence our collective understanding of this privacy term?

Stephen Bolinger 12:57

Yeah, I think, I think that there is a baseline of understanding and appreciation of privacy that is, that is somewhat universal, and you know, and that’s rooted in our needs to be able to find moments and places of seclusion. And you know, that can be as basic as using the toilet, being intimate with someone. It can be a place to let your guard down and cry or and so I think, I think there are some aspects of privacy like that that are quite universal. But then I think as you move you know, kind of into more nuanced areas of privacy, into data protection, then I think you start to see a lot more influence by particular cultures, and that’s where I think you can see some real stark differences. So, you know, in the US, if we think about financial privacy. My experience is generally, even among friends, like that’s pretty closely protected. People don’t talk openly, really about how much they make, and usually in the US, if somebody is talking openly about that, it’s often perceived pretty negatively, like, you know, someone’s kind of boasting about what they have, but there’s a, there’s a, I think it’s Sweden. I know there’s one. There’s one Nordic country where people’s income is part of the public tax record. And anyone go look that up. And similarly, kind of in India, one of the stories that one of my interviewees talked about in the film or during the filming. It’s actually not in the film, but one of the things mentioned was that in India, when you have a child who gets their first job after university, it’s very common that other adults will ask the parents, oh, so how much are they making in their first job? And again, it’s not something that, as Americans, we would feel comfortable asking generally, you know, unless it’s like a really close connection, but that it’s quite common there, you know, I think there’s other aspects where we see variation, you know, people’s comfort being open about their sexuality, we see that quite differently in different parts of the world. You know, Grindr disabled location services and deployed some additional privacy protecting features in their app around the last couple Olympics because of the danger that was posed to athletes who are from countries where homosexuality is outlawed. But of course, there’s other parts of the world where people feel much more free and safe to be open about their sexuality, I think there’s also pretty strong differences around surveillance, depending on culture and, you know, and kind of governmental structure. So in western democracies, we have a pretty confident feeling. And you know, strong view that that government should be largely out of our public out of our private spaces. And you know, strong protection against government intrusion. But cultures that have developed with that strong government control are perhaps more inclined to accept the government should be more involved in the interest of security and stability for society more generally. And then, I guess finally, you pointed to the US, EU difference, and talking about kind of GDPR, where and it’s quite common in the US to think of privacy as kind of a consumer right where, you know, is, is the company I’m interact with, you know, treating me fairly. And have I suffered some measurable harm from, you know, the thing that they’ve done, whereas in Europe, you know, both privacy and data protection are separate rights, and they’re both human treated as human rights. And so the violation of those is a harm in and of itself, kind of irrespective of kind of financial harm. So yeah, I think there’s a pretty broad range of views once you get beyond some kind of foundational aspects of privacy.

Jodi Daniels 17:39

So given all those differences. At the same time, we have some people who will say, but, but privacy is dead. What’s the point of data protection? It’s already out there. Anyways, everyone has all my information. Do you see this as a reality and or is this just kind of a misconception and an education challenge?

Stephen Bolinger 18:01

This is, this is one of the topics that that I address in the film and and I agree with the interviewees who’s to generalize, what they talk about is that it’s, it’s an evolving our view of privacy is continually evolving. And you know, Trevor Hughes, the CEO of IPP, he talks about this by pointing to how we’ve had these moments over the last 100, 120 years where technology advances and and the way in which that happens then causes this immediate reaction from society that leads to this claim that that privacy is dead. So, you know, first it’s the portable camera, and then it’s the telephone, and then mainframe computers and the internet and mobile phones and so and now it’s probably AI. And so with each of these innovations media has, kind of has framed this in many respects, as it being the death of privacy. But then we continue to see people who fight for privacy, who push back and to try to reign some of these innovations in and put some guardrails around it. And so, you know, Trevor proposes that privacy is being renegotiated with each of these innovations and and so I would agree with that, but I guess I would also suggest that these renegotiations are kind of continually moving the goal posts in one direction, and that is more away from and it’s setting the expectations that there will be greater collection of personal information by organizations, by governments, and broader uses of that data. So you. I think it is a renegotiation, but I think longitudinally, it is moving in one direction, rather than being, you know, kind of at a stasis. And I think it’s, I think it’s totally fair for people to feel overwhelmed when they start thinking, when they actually start to understand how much data is collected about them, how broadly it’s shared and and how it’s more and more commonly used in ways that might not advance their interests.

Jodi Daniels 20:28

It is complex, and the societal and different jurisdictional laws also compound the issue, because you might have some regions that collect more and and than others, and how you’re able to use it. So as an individual, it is tricky, and even as a company, obviously trying to comply is, of course, tricky.

Stephen Bolinger 20:48

But all the more reason that we need privacy professionals, right? I mean, that’s so even if society may be trending in one direction, I think it’s it’s all the more important that we have people who are looking after that, and being those, those protectors who are asking the hard questions and who are pushing back on, on some of those, on some of the momentum.

Justin Daniels 21:10

Does Australia have an overarching privacy like the GDPR? Is it more like the US?

Stephen Bolinger 21:16

No, it does, and has had for a long time, pretty comprehensive privacy law. It’s, kind of well behind the times from in contrast with GDPR, even on things as basic as kind of the definition of what’s in scope of personal information, they just recently had a change that adopted a hand a handful of what I would suggest are modest changes to the regime, with some more comprehensive ones that are planned in the future, but they’ve had kind of a four, four plus year review ongoing to consider overhauling their privacy regime.

Justin Daniels 22:00

I just bring that up because one of the things that you and Jodi talk about here are, you know, we talked about the cultural differences, but here in the US, we can’t get our act together to have the comprehensive law. So we have all these we have, what, 19 states now that have different privacy laws. But in the places that you’ve lived, the UK, Australia, they’ve taken more of a comprehensive approach. Do you think that has anything to do with culture? Because part of this complexity is driven by this proliferation of all these laws, because a lot of countries, while the US or other places, they don’t have a, you know, a uniform standard.

Stephen Bolinger 22:42

Yeah, I think, I think that is probably driven somewhat by culture in that you don’t have. I mean, frankly, in contrasting kind of those three areas, you don’t have as much of what, I guess, what in the US we would call one of the states’ rights issues. I I think in one sense, it’s probably harder in the US one because, because the US is the one that’s is, is the is the country of those three that’s probably benefiting, has the organizations who are benefiting most from the kind of free reign, laissez faire approach to privacy regulation. And so, you know, if you, if you’re at a great big tech organization, you can sustain, you can sustain the complexity of many states. I think it’s harder on small, small businesses. So I don’t know, I’m not sure how much of it is cultural, in the sense of a different value for privacy. But among those, those places, I think some of it’s just, you know, kind of the bureaucratic challenges of getting a law passed in the US and that it’s, it’s a divided, it’s usually divided government. So in the UK and in Australia, you have a parliamentary system where one party rules, or you have a coalition government. But in the US, that’s often not the case, so it’s much harder to pass a federal law.

Jodi Daniels 24:35

So the film talks about how the privacy profession emerged, and we’ve also talked about this evolution of privacy, and it kind of feels like at the moment, we’re at a bit of this really interesting, pivotal place, and how we need privacy pros. So where do you think we are with this pivotal moment? And so for people who want to stay relevant and. Privacy, or maybe they’re, they’re listening, and they’re interested in joining the field. What? What would you offer? What would you recommend?

Stephen Bolinger 25:10

Well, we’ve certainly hit this, this point of to a certain degree, homogenization. I mean, you know, 15-20 years ago, I think this field was, it was a lot of networking, finding someone to help mentor you, take that chance on you. And we had people coming in from all different other other professions. I think we’re now getting to this point where privacy has reached this level where there are people going, you know, coming out of university, who want to do privacy. And I think, you know, 1015, years ago, you didn’t have that. So, you know, I think, I think the the cultural changes and this kind of mass collection of data that we see is what’s kind of driving up some of that demand for privacy people. But I think we’re also seeing a broadening out of the privacy field itself, in that there are all these kind of privacy adjacent or ancillary topics that privacy teams are starting to build up and needing to kind of broaden out their view to more of kind of data governance, responsible use of data, which of course, includes AI governance and so. So I think the role of privacy teams and privacy officers is changing. And I think, you know, I think holding on to saying, like, all I’m dealing with is stuff that affects personal information. I think those days are quickly, are quickly going and so I think privacy professionals, who are who are established and who’ve been around and who have yet to make, start making that transition to a broader scope of data governance and responsible data collection and use. I think they need to get started on that, because I think the roles were just privacy are going to be shrinking over time, and if you’re coming in, I think there’s still a real strong need for kind of diversity of backgrounds and subject matters as we get people into the field, having more and more people who really understand technology is super important. I mean, you talked about, you know, your past episodes on ad tech. Ad tech is so incredibly complex that you really need people who have some technical chops, who can understand the, you know, the underlying technology piece to be able to competently advise their business from privacy compliance perspective, if, if they don’t understand, like, where the data is going and who all these parties are who have some piece of that process, it’s really impossible. So I think getting more and more people with those technical skills is super important. But also the socio tech. Socio technical, you know, people who understand kind of the impact of systems and use of data on society, on groups within society. I think it’s going to be even more important, as we see. You know, the expanded use of AI for organizations to start thinking in those terms as well.

Jodi Daniels 28:51

That makes sense constantly learning that is the theme.

Justin Daniels 28:56

So Stephen, with your film and all of your years in privacy, maybe you’re hanging out at the pub. Can you share a best privacy or security tip with our audience? If someone asked you at the pub.

Stephen Bolinger 29:13

Yeah, it would be, it would be turn on two-factor authentication for every account you can and use a password manager.

Justin Daniels 29:23

That is a good oldie, but goodie. Those are two of the most popular ones.

Stephen Bolinger 29:28

I mean, they’re easy things to do. They’re easy things to do that people don’t do.

Jodi Daniels 29:32

Yep. And when you are not working and reading and filming in all things privacy, what do you like to do for fun?

Stephen Bolinger 29:42

Uh, I like to travel, and I like to take pictures, which I guess crosses into that, that filming. But yeah, both, both of those things.

Jodi Daniels 29:51

Wonderful. Now, where can people go to watch the film?

Stephen Bolinger 29:55

So people actually can’t go anywhere to watch the film yet. So part of trying to get into. A film festival is they usually want it to be a premiere. So you can see the if you search for Privacy People on YouTube, you can find the trailer, and that’s what you’re going to have to live with for now. And I probably have, probably have another trailer coming out soon as well. So stay tuned, and hopefully we can get it into a festival or two and then have a broader release later in the year.

Jodi Daniels 30:29

And so to stay tuned is the best way for people to do that, maybe to connect or follow you on LinkedIn or another social platform.

Stephen Bolinger 30:37

Absolutely. Yeah, LinkedIn is the place to find me.

Jodi Daniels 30:39

All right. Well, everyone, make sure you follow so you can stay tuned and as a privacy profession, we can all rally and support Stephen’s great work. So Stephen, thank you so very much. We really appreciate you stopping by.

Stephen Bolinger 30:53

Thank you very much. Take care.

Outro 30:59

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.