Building Trust With Privacy Compliance

Blake Brannon is the Chief Strategy Officer at OneTrust, the #1 platform to operationalize privacy, security, and data governance. In this role, Blake is responsible for strategy, partnerships, sales engineering teams, and defining the privacy, security, and governance market. He was the first Chief Technology Officer at OneTrust, building the technology platform of trust that has been awarded more than 150 patents.

Before OneTrust, Blake was one of the first employees at AirWatch, where he served as the Global Director of Sales Engineering and the Vice President of Product Marketing. He was also a research assistant at Georgia Tech, his alma mater.

Here’s a glimpse of what you’ll learn:

• Blake Brannon shares the major privacy concerns that sparked the creation of OneTrust
• What privacy challenges do companies face today?
• Why tools alone won’t solve your privacy issues
• Blake’s advice for start-ups: Don’t make privacy an afterthought — hop on current privacy trends now
• How privacy programs can build client trust
• Where is the privacy field headed in the next 10 years?
• Blake’s top privacy tip: You can request a copy of your data from companies

In this episode…

Privacy used to be pretty straightforward for companies. All they had to do was write the terms of service policy or privacy statement at the end of a contract or on the bottom of a website. Now, there are many more aspects to consider if you don’t want to get sued. But besides avoiding a lawsuit, how can privacy benefit your company?

Privacy isn’t just about dodging the courtroom — it’s about building trust. For example, Apple released a new ad that says “Privacy. That’s iPhone.” Those three words speak volumes about the lengths Apple is willing to go to preserve data privacy — and consumers are eating it up. Users want to know how companies will handle their sensitive information and data. If you can prove that your employees, processes, and tools are dedicated to protecting consumer privacy, your customers will keep coming back for more.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels sit down with Blake Brannon, the Chief Strategy Officer at OneTrust, to discuss how your company’s privacy policies can build client trust. Blake talks about the privacy challenges that companies face today, how to build programs that work in harmony with your privacy software, and the importance of hopping on current privacy trends.

Resources mentioned in this episode:

• Blake Brannon on LinkedIn
• OneTrust
• Jodi Daniels on LinkedIn
• Justin Daniels on LinkedIn
• Red Clover Advisors
• Red Clover Advisors on LinkedIn
• Red Clover Advisors on Facebook
• Red Clover Advisors’ email: info@redcloveradvisors.com

Sponsor for this episode…

This episode is brought to you by Red Clover Advisors.

Red Clover Advisors uses data privacy to transform the way that companies do business together and create a future where there is greater trust between companies and consumers.

Founded by Jodi Daniels, Red Clover Advisors helps their clients comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. They work with companies in a variety of fields, including technology, SaaS, ecommerce, media agencies, professional services, and financial services.

You can get a copy of their free guide, “Privacy Resource Pack,” through this link.

You can also learn more about Red Clover Advisors by visiting their website or sending an email to info@redcloveradvisors.com.

Episode Transcript

Prologue  0:01  

Welcome to the Said Privacy/He Said Security Podcast. Like any good marriage we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels  0:21  

Hi, Jodi Daniels here. I’m the Founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant, and certified informational privacy professional, providing practical privacy advice to overwhelmed companies.

Justin Daniels  0:37  

Hello, Justin Daniels here I am a technology attorney who is passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback helping clients design and implement cyber plans as well as help them manage and recover from data breaches.

Jodi Daniels  0:59  

And this episode is brought to us by that was a really weak call, we’re gonna send you to travel class, Red Clover Advisors, we help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, SaaS, ecommerce, media, and professional and financial services. In short, we use data privacy to transform the way companies do business together. We’re creating a future where there’s greater trust between companies and consumers. To learn more, visit redcloveradvisors.com I’m gonna change our fancy zoom angle here. I realized I’m totally asleep on this Monday morning recording.

Justin Daniels  1:46  

Backwards. That sounds like just a regular.

Jodi Daniels  1:50  

Oh, are you a barrel of fun this morning? Where’s your brace that go great.

Justin Daniels  1:57  

You know that I can’t root for Atlanta sports teams and you know,

Jodi Daniels  2:01  

oh, well, we’re gonna bring blades Go Red Sox hot. It

Blake Brannon  2:07

sounds like the perfect duo.

Jodi Daniels  2:09

Ah, exactly. Well, we’re so excited today to bring the Chief Strategy Officer Blake Brannon at OneTrust. He is responsible for strategy, product Technology Partnerships, sales engineering teams, and ultimately for defining the privacy security and governance market and OneTrust capabilities. He was the OneTrust first Chief Technology Officer building the technology platform of trust that has been awarded more than 150 patents. And before OneTrust Brandon was one of the first employees at AirWatch, where he served as global director of sales engineering and Vice President of Product Marketing. So Blake, so excited to have you here today.

Blake Brannon  2:57

Yes, and Jodi, great to be here. Thanks for having me.

Jodi Daniels  3:00

You are a barrel giggles what is going on with you? Just laughing at you. That’s why are you laughing at me?

Justin Daniels  3:05

Because I know how excited you were we walk the dog yesterday about today’s episode.

Jodi Daniels  3:09  

I am super excited. We did we had a whole strategy session over today’s episode while we were walking the dog in our beautiful Atlanta fall weather. Because that’s what everyone should do on a Sunday afternoon. When they’re not watching football. Exactly. Well, blink, tat Well, we share it a little bit. You are a VMware now poof, magically, you’re at OneTrust. But give us a little bit more history as to your career journey that led you to being the Chief Strategy Officer of OneTrust.

Blake Brannon  3:38  

Yeah, great kind of context here. So I ended up in Atlanta going to Georgia Tech. And I’ve never escaped the city since then. But my background is in being in Georgia Tech, engineering and technology. I started out in mobility at AirWatch. And, you know, ran consulting and pre sales and sales engineering and all those things. And what led us to, you know, ultimately OneTrust was what we stumbled upon doing a lot of the mobile enablement that happened around the world. And if you remember back in the early 2000s, and 10s, you used to and it was very common for businesses to have a Blackberry for work that they carried around, and then their personal phone. And as that personal phone became smarter and smarter, everyone’s sort of started saying like, why am I carrying two phones around two chargers? You know, people calling different numbers. This calendar is not with this calendar. I can’t even I booked two meetings, and I forget. So what we did in AirWatch was help people do bring your own device programs, where you could take your personal phone and just put your work apps and information on it. And why that’s interesting and why it’s relevant to OneTrust is one of the things that was very common in the early days of mobility where it people that were saying if you’re going to bring device into my corporate network and get on my Wi Fi, my VPN and get access to corporate apps and data, I need to make sure there’s nothing malicious on that phone. And it needs to kind of pass some inspection. And one of the common things that it would do is kind of whitelist, or blacklist common known malicious applications that could be installed. For example, there was like this flashlight app that was really rooting your phone and you know, was malware hidden, but it looked like a cool utility that was just turned your camera into a flashlight. And it would do that now, why that became a problem is we started, as we’re rolling out these projects, we started seeing a lot of resistance to people wanting to do BYOD devices. And of course, we were technologists are like why would anybody ever say no to this, this is amazing, like, think about how efficient you could be being able to, like approve something on your phone and just get it off your to do list. It was rooted in the fact that there were all these privacy concerns. And everybody, of course, had big picture like oh my gosh, it can read all my email, listen to my phone calls, see my family photos, and things that really weren’t actually possible because of sandboxing on the device. But what they could do, going back to that blacklist example is see a list of the application bundle IDs, which basically represents the name of the application. And just by knowing that information and having a help desk, inside a company be able to see that on a personal phone, I could differ what religion you might be, I could differ if you have medical conditions, I could differ sexual orientation, or if you’re cheating, you know, and your spouse, just by having a list of the names of the apps, you can kind of infer a lot of information. So it created a lot of this privacy, you know, awareness, and it was just getting bigger. And we realized that this was not just one small little like, you know, update or software change that needed to happen in the operating system. This was a massive, sort of society level problem in the world of we’ve got all this data, we’ve got accessibility to it, we’ve got cheap, infinite storage. Privacy is a huge, huge challenge for the world. And that’s what kind of led us to ultimately seeing and our CEO and founder could be your boss today, seeing sort of that this wasn’t just a project or one time thing. This was like a whole market of software that needed to exist to help companies solve these privacy challenges at that kind of size and scale. So fast forward to get to the answer to the question I had stayed in touch with Kabir, as he sort of started the business about 2017 I came on, I’ve been running product and engineering and building out all the products that we have for the company. And then we matured up to the point earlier this year, we said you know what we need strategy as a dedicated role and have a little bit of separation between the day to day operations and the strategy function of the company to analyze new emerging markets, potential m&a, product and business strategy. And that’s that’s what I’ve been chartered to do.

Jodi Daniels  8:02  

I love hearing back stories, I find it really, really interesting, especially in the mobility and how it connects today to those privacy challenges really interesting.

Justin Daniels  8:12  

It’s interesting when I hear him talk about the privacy part, because when we go from two phones to one, my security alarm bells ringing particularly as we’ve done it from the remote workforce. But anyway, bringing ourselves front and center. Can you talk a little bit about what are the biggest privacy challenges you see companies facing today in 2021?

Blake Brannon  8:34  

There there are only so much time in this podcast, right? I can’t

Jodi Daniels  8:39 

go scramble. That’s true. We could have a whole whole workshop on just that question,

Blake Brannon  8:44 

either, right? So I would say there’s two, the two that come to mind. For me the most are one, the changing regulatory landscape. We’re in a pretty volatile time right now where, you know, conceptually, what’s okay to do and what’s not okay to do is something the world is trying to figure out. And we’re trying to figure that out through a combination of Standards and Technology and kind of working bodies. We’re trying to figure that out with regulations, and data protection laws and residency laws. So you have all these states, you have the shrimps to decision that voided, you know, Privacy Shield and all of those things with transfers, you’ve got new data protection laws in China, for companies that are multinational. So just keeping pace with what’s going on, there is a big challenge in itself. The second big thing, getting more to the operations of a company. The biggest challenge I think every company still struggles with is what did we even do today? Like what data is new that somebody inside the company is now processing or added and or what new transfers or new uses of data are happening and how do we get to a point where just like, you know, Justin like intrusion detection or You know, these types of security maturity systems that have gotten to the point where you can detect threats and detect new sort of exploits that are happening? The Privacy equivalent of that is sort of how do I detect new uses of the data? I have the same data, but I am now processing it based on a new purpose. And that new purpose might cause a privacy problem, it might crawl cause a compliance problem, how do I get to the point where I can actually detect that there’s something new in my environment, so I can proactively look at risk mitigation and or the right disclosures or transparencies around it. Got it. So the the operational issues that are coming together our organizations struggle with, how do I detect what has changed in my environment, in my data, data ecosystem, my business application, that could cause a new privacy ethics or compliance sort of risk. And the difference in that than traditional just thought of as tools is, you know, privacy hasn’t matured from a technology standpoint yet to the way security we see security today with Justin, things like intrusion detection, you know, early warning and prevention type systems where you can sort of detect that someone’s trying to DDoS your service, or you’ve detected someone is now connected this server to this server. And that’s a norm, you know, not usual, privacy is nowhere close to that same proactiveness, where you really need to understand, when has someone in the business started capturing new data, in an existing application that we didn’t previously know is there, you know, some developer adding something in adding a new vendor into or an SDK into the application, we don’t have systems that really detect that to the level we need, that the unique thing also about privacy is detection is not just, you know, on and off, it’s this notion of processing the data for a new purpose, creates the risk or the compliance issue. So I can have it existing data that I have stored, I’ve been using it but if I start using it for a new purpose, and that new purpose is materially different, that in itself is what could require me to disclose get consent from users for the new purpose, various different activities and things. So the ability to stay on top of, you know, to restate at one the laws and regulations and what’s okay to do and not okay to do is kind of one heroic feat in itself. The second is understanding what has changed in my business in terms of we’ve got a new app, a new vendor, a new use of data, new data inside an existing system, having the detection tools to proactively detect, so you can get ahead of risk remediation, disclosure, reconsent, whatever the remediation needs to be to reduce the risk of processing that new data.

Jodi Daniels  12:54 

And that lens, the idea of soft software, companies need some tools to be able to help them at the same time, it’s all about Justin, I are always saying people process and technology. What would you say is important for company to consider when purchasing and using privacy tools like OneTrust, so that it’s effectively used in the company, I think a lot of people think software equals done. And as we’re talking about here, everything you just shared, there’s a lot more behind just implementing that software, we have to really understand how the business is operating and then connecting it to the software. Yeah, 100%.

Blake Brannon  13:35  

And the first thing that everyone really needs to think about you’re spot on tools won’t solve your problem, right? It’s people process and tools. But the first thing everyone needs to really make sure they crisply understand and write down is what is the problem you were trying to solve? That answer may lie in needing software tools, it may lie in just needing training and process it may lie in meeting extended skill sets and people. So needing to crisply define that as an organization is key. And then the other key thing you want to think about, especially for larger organizations that and I don’t mean just enterprises, but like bigger than a startup where there are different stakeholders. Privacy is everywhere, right? You got to have privacy and your marketing, your sales, your customer support your data engineering, your data, governance and analytics. It is like a piece of fabric that’s woven throughout all the stuff you’re doing. And that means you have multiple stakeholders that probably need to be on board with what you’re trying to achieve and do. And you want to think about how you as a privacy champion, need to educate and evangelize for those different stakeholders to get them on board and in agreement with what you’re trying to achieve. We we internally talk to our own sales team a lot about like you as a privacy person can’t go implement marketing solutions. You got to get your chief marketing officer You’re on board with why you’re trying to do what you’re wanting to do, how you flip the the paradigm to not just be a, because we have to compliance but actually part of a broader marketing initiative, we call that an initiative, typically trust, initiative being trustworthy. But getting that stakeholder buy in inside the company is key. Otherwise, the project kind of, you know, won’t take off, won’t have life won’t have legs and things like that. So all that comes together. And as you said, it’s typically rarely just one of those three that you need, you really need all of them kind of working in conjunction or in harmony, if you will, to really achieve something.

Jodi Daniels  15:37  

I like how you mentioned how it needs to be woven, like a piece of fabric through the company, one of the questions I always get is where should privacy live? Who should own privacy? And it’s a hard answer. And it really is I find whichever company, just whoever believes privacy enough, just kind of the executive sponsor, and then they have to get everybody else wrapped around them, just like you had described.

Justin Daniels  16:10  

Well said, well, thank you. I thought it was. So, you know, Blake is, as you well know, OneTrust is I think what the fastest growing company in the entire country. And I’m sure you remember back to the days when you were starting out, and Atlanta has a thriving ecosystem. So a lot of times when I read about startups, or I have to vet them for my clients, it’s at that point, you find out that privacy and security have kind of been an afterthought. So for a company that’s just starting out, what’s the best advice you would give them, when it comes to hey, you need to be thinking about these privacy concepts.

Blake Brannon  16:47  

You know, my advice on that I think is going to be I’m a big fan of skipping steps. And I say it in this context, like if you, if you’re new to a mobile phone today, like if you happen to be like, get a mobile phone, don’t start with the beeper, and then go to the the handheld flip phone to the smartphone, you know, to the smart device, just go straight to what people have done. And I say that in the context of like, there’s been a lot of innovation that has happened in privacy and compliance in the past three years. And if you’re talking to someone, or you’re looking at a program or a model that models the way things were done in 2015 2017 2018, there’s probably some fundamental different leaps that you can just skip over steps to kind of get to the end state that you have, for example, one of the kind of big things that has you talked Justin about the startup market, when the big things that has exploded as the cost for cloud computing has just dramatically slashed. It’s enabled all these b2b startup companies to kind of exist, where 10 years ago, you could, and you’ve got all these b2b startup companies that are small, they’re building a very purpose built product for technology. But to sell that to a healthcare to sell that to a business people today need assurances of? Why should we trust you with the data we’re giving? Or why should we trust you with this? So they’re putting pressure on these 510 20 person companies to get a HIPAA certification to get an ISO certification to get a sock two type two, report. And, you know, as a CEO, or founder of a five person company, you’re just like a technology guy that saw an opportunity to solve a problem, you’re like, How in the world am I supposed to do that? Will Will that market has kind of gone from hiring an outside firm, to kind of do all this audit preparation and these things to the best analogy for the audience here is, you know, TurboTax, like, I don’t need to be a CPA to fill out my own personal taxes, I can just answer questions about bought a house, you know, how to kid, things like that. And I can get to the state of just submitting it, their software now that really walks you through those steps, step by step, what should your policy be? What are your controls need to be connects into your Cloud account, your business application sucks that config back to say you are you’re not compliant, and sort of simplifies that process. So, you know, skip the step, to go straight to that to start with, don’t go through the traditional thing. So that would be my advice to anyone getting started.

Jodi Daniels  19:23  

You mentioned before around this concept of trust and trustworthiness. I talk a lot about that with clients. And also when educating is this whole idea of people need to trust the company is not only going to deliver a great product or service, it’s going to show up on time, it’s going to be a fabulous experience. And then they can also trust you with the data. I’d love to hear from you how you believe privacy programs can help build customer trust.

Blake Brannon  19:50 

It’s a it’s a huge, interesting concept because privacy programs traditionally were pocketed and if you think about Like how who managed privacy is not new? So who was managing privacy for what was it? It was a function of the legal team that wrote the terms of service policy or the privacy statement that was like bolted into the end of a contract or on the bottom of a website. Right? That was it. That’s all you had to do. We were covered, somebody wrote some stuff down, and therefore we’re compliant. That has shifted to not be this compliance function. But to start to think about this as an enabling function. So it’s not just reducing downside risk of what if we get fined and there’s some, you know, cover our butt type of thing, too. If you, for example, look at an Apple ad. Lately, it just says privacy. That’s iPhone. Yeah, that’s, that’s all the ad says. So it becomes this like real enabler to the business in the company, where it’s about trust of the end users for why they should trust us as a company, and trust giving us their sensitive, you know, information and data, and know that we’re going to do good with it. Now, when you operationalize a program. What’s great about a privacy initiative, for anyone undertaking it for the first time, I kind of call it it’s like cleaning up the junk drawer. Like when you go across a company and you do like a data map. And you’re, you’re trying to figure out, well, what data do we have? Why do we have it like that? Those two simple things, what data do we have? Why do we have it that causes a lot of cleaning up that needs to happen, and, to your point about trust, trust is about consistency in the messaging to the customers and consistency of sort of choices that they see across different properties. And it is not uncommon today to go to an organization, and you probably experience everybody on this, this podcast probably can relate to this, you know, interacting with one group in a company and a different group. And you see, like completely different experiences, you know, your choices over here weren’t really respected. When you go into the retail store. They don’t know what the Online team did. And, and there’s just all these weirdness things and that erodes trust, right, that causes people to not be as confident about you, and the the expectations that they have. So what we’re seeing is privacy is going from this compliance thing into a, how do we enable people to really trust us as an organization, see the consistency of choices and settings, see the consistency of conveying how we’re going to be using, you’re going to be using my information and my data. And then another key I think element of trust is how recoverable you are the business resilience of an organization knowing that we’re all going to have a data breach, we’re all going to, you know, make a mistake, forget about breaches. But just make a mistake, we accidentally did something that we probably in retrospect have shut now, how do we respond to that as an organization, which I think God gets back to your point a little bit about who owns privacy? And do they have the right sort of executive reach in an organization to drive the right culture and attitude around it. Because all of that kind of conveys into your your customers want, you know, willing to trust you are able to trust you or not.

Jodi Daniels  23:05  

I love where the trust conversation is going. It’s really interesting to see more and more companies start to adopt it. And I know OneTrust has chief trust officer, I’m starting to see some other companies do the same. It’ll be really interesting, I think to see how this continues to play out.

Justin Daniels  23:19 

I would just like to add lake that my company doesn’t have to worry about data breaches, because our data is on the cloud. And why would anybody want to come after us?

Jodi Daniels  23:30 

As a very common answer is in the cloud. I don’t have to do anything. I don’t have to worry.

Blake Brannon  23:35 

But I do PR PRT said, your vendors are not a scapegoat for your liability. And that’s not even just secure. Obviously, that’s just privacy side of it. But yeah, it’s very common today that you cannot outsource your risk. And you will be held liable, regardless of who what processor sub processors sub sub processors may have been the victim here of a breach or a specific incident.

Jodi Daniels  24:04  

I’m going to interject also, I think what’s interesting that GDPR highlighted is a lot of times people will say, Oh, it’s on the cloud, I don’t have to worry about it, or I don’t collect credit card information, or health information. I don’t have to worry about it. That is a very common us approach, thinking this privacy thing only matters if I collect certain kinds of information. And where the privacy landscapes going now is Nope, just name and email was good enough. Just one of those is fine. You’re doing any kind of fun things online. That counts too. So it’s really shifting the conversation.

Justin Daniels  24:38  

So another thing that we’re talking about when it comes to trust, which has been a theme of today’s show is in the next five to 10 years. I do a lot of work in the Smart Cities arena. Now I’m getting involved in projects where you’re gonna see drones with cameras, and they’re flying over for traffic patterns. You already have probably seen The facial recognition statutes that have come out. And then with CVS, when people come into the store, they’re trying to prevent shoplifting. And these types of technologies that are being deployed have profound ramifications for privacy. And so with some of these things in mind, where do you see privacy going in the next five to 10? years?

Blake Brannon  25:21

Yeah, great, great, great question. So several, several things that are going to drive, what’s going to happen here, one, you’re just going to see an increase in investment of technology education, and a company I talked about automation of detecting changes that you know, are gonna help you better get proactively engaged with getting ahead of a problem. So think of CI CD pipeline, like static code analysis, dynamic code analysis, to see you have a new privacy problem, just like you see, like, Oh, we’ve got a SQL injection, you know, in our code that we just created. So that kind of maturity, I think you’re gonna, you’re gonna have, you also have this emerging class of privacy enhancing technologies that are to be developed. But they’re gonna, they’re gonna enable exactly what you just said, where, you know, there are obviously uses of data, where you can have dramatic negative implications, if that is not really safeguarded in the right way. And facial recognition, AI usage and in certain algorithms, fraud detection, you know, the one Apple did a couple months ago, the child sex, photography, stuff, all those different things, like on one side of it, and I don’t want to say one’s good or not good. But on one side of it, there is a benefit to society. And on the other side of it, it could massively go south. So how do we safeguard, saying, we still want to use data, we still want to do things like, you know, detect terrorism and the bad and all these types of things. But we need technologies and enclaves and secure computes and things that enable the computation of that data to happen in a privacy centric way. So that no one company is, you know, incorrectly motivated to do something wrong, or no one company has the bulk of both sides of the equation of data. So these PTS are going to just explode. And I think they’re going to help us do some of the things that we honestly are slowing down as a civilization doing because of all these challenges and concerns about the negative implications. And these new technologies are gonna enable that. And it’s not just about privacy. You know, I think this is where it’s part of even our strategy we take about trust people think about it’s not just privacy that makes you trustworthy. It’s security, privacy, its data governance, its ethics and compliance. You’ve got the AI act, you know, coming out in Europe, but like use ethical use of AI, how do you detect biased and algorithms, those types of things, disclosures, and whistleblowing, all of that kind of attributes to a trustworthy organization and an emerging one that I think is also going to be very disruptive in the next five plus years is the ESG space where, you know, just like today, you might think about privacy and data usage as an important buying decision for like the iPhone, as I was saying, I think your you know, carbon nutrition label is going to be a real thing that one is required to disclose and to consumers or even really looking at as they make their own purchasing decisions based on, you know, your kind of broader ESG type initiatives. So all of those I think, are going to be what elevates the privacy role, and sort of trust trajectory inside a company.

Jodi Daniels  28:44  

Or young daughter might be part of leading the charge of that carbon neutral nutrition label. She is very adamant of saving the Earth. And we know she’s gonna do great things that that’s awesome. Yes. Well, in that spirit, one shows has expanded beyond Privacy software tools. Can you share a little bit more about those adjacent areas? And what’s available today and how they intersect as well with a privacy program?

Blake Brannon  29:10  

Yeah, as we thought about this, going back to my point, a lot of our early customers were like, We don’t want to just do these activities to prevent getting fined by the DPA and Europe or whatever, for GDPR. Was this broader? Like, how do we up level our overarching company governance and showcase it so that we can use it as a differentiator in the market for why people should trust us? And when you think about it at that level, it’s about not just privacy from a traditional like data mapping, privacy risk assessing type activities that you have to do you start to think about, well, what about our corporate governance? And you start to expand into thinking about GRC and the traditional compliance type activities that you have to do you have third parties or vendors like you were saying providers, you have to do due diligence on those cloud providers and make sure you’re not doing transfers that are inappropriate for the type of data that you’re using. You’re not, you know, onboarding, additional risk or resilience problems, because those will become your problems. So third party due diligence, and third party governance is a key aspect of broader governance that you have to do ethics and compliance. I talked about that a little bit a moment ago, but moving from not just privacy analysis of, are we doing good or not with the data we’re using? But are there ethical concerns with the data that we’re using in the, the way we are processing certain categories of data or enabling SpeakUp programs where, you know, things could be going south? So how do you incorporate that into your program, and then ESG, as I talked about, everything, from dei to carbon accounting, you know, one of the initiatives we’re big on is helping create a carbon ledger for organizations so that they can actually consume and sort of document in an auditable way, their carbon consumption from their utility companies, their cloud providers, you know, you’re inheriting some scope to carbon from them, things like that. So that is that is broaden the spectrum of our, our platform. And we call that the trust platform, because again, all these things sort of feed into what are the externalization of what I’m doing with this. And if I do that, right, and I’m showcasing that trust, I’m showcasing the choice and the transparency, I can get more data, I can better understand my customers, I can move faster as business because I can use that data confidently. Like if I have a well oiled governance program internally, I can launch new projects, do news, you know, services, all these things at a much faster rate than my competition. So all this needs to be creates a competitive differentiator and a competitive advantage for me as a business.

Jodi Daniels  31:49

Well, if you need a young designer, we know someone who might be available for that carbon neutral design.

Justin Daniels  31:57  

Probably will relate to animals do

Jodi Daniels  31:59  

i It might but she’s she loves to, she’s been looking for she’s really like a job that she can showcase her talents. And it blends her patient

Justin Daniels  32:08  

willing to work for Pez?

Blake Brannon  32:09 

Well, we will we will send her the the job application.

Justin Daniels  32:15

How’s that? So, you know, as a privacy Pro, having seen so much not only at OneTrust, but your prior jobs? What is the best personal tip you give at a cocktail party when people ask you how do I navigate all this privacy and security stuff?

Blake Brannon  32:37 

Yeah, it that’s a fun one. There’s probably like two things. One, when I say like, oh, I work at OneTrust where Privacy software? And of course, like what is that? I have no idea. So the the most tangible thing is to talk about the little pop ups you see on websites with the cookies and saying, you know, do you want to accept cookies? And they’re like, Yes, I see those can you make them go away? We’re working on it. Yes. The the most practical or I would say interesting thing that I think most people don’t know, that is a fun exercise to go do is everybody has a right to their personal data that you give to another company. And you have a right to get a copy of that data. And even companies where there’s some state laws that require this, there’s not one in Georgia today. But most of the time big multinational companies, they’ll give it to regardless because they just say hey, globally, we’re gonna do the same thing for everyone. So an interesting exercise is to go into the privacy policy in the footer of our website, go find your your Access Request sort of section. Normally, it’s like a web form or something on someone’s site, but request a copy of your data. And it’s kind of fascinating what you get back from these different companies to see what they have. I mean, Apple, for example, will send you a copy of every device that’s ever connected to your iCloud account every app you’ve ever downloaded the IP address it downloaded from the date time stamp of all your purchases and syncs. So all of that kind of personal information that is yours. You have right to access it. So it’s fascinating to go like ping the companies that you share your information with and see what you get back.

Jodi Daniels  34:14  

That is a very fun tip. Now when

Blake Brannon  34:18 

you’re on a Saturday and you want to go like burning the flowers

Jodi Daniels  34:22 

that you put on it. That is a good story for another day to share Saturday, privacy, security fun. But when you’re not building privacy and security programs and the fastest growing company in America, I see you like to do for fun.

Blake Brannon  34:40  

Outside of slow jazz music and long walks on the

Jodi Daniels  34:42  

beach or fat counts is fun.

Blake Brannon  34:46  

I have so I have three kids at home young kids and I spend a lot of time with them as well and I love running as well. So that’s my stress relief from the the chaos of building the company is Go get a good run in.

Jodi Daniels  35:02  

Well, I we appreciate your time here today. And if people want to learn more about OneTrust or privacy or connect with you, what’s the best way to do that?

Blake Brannon  35:14  

That’s way to get to us onetrust.com. And you can learn about what we do. You can watch our product, demonstration videos and things online. And if you’d love to have access to an account, you can sign up for a free account.

Jodi Daniels  35:29  

Well, thank you again, for joining us today. This is such a hot topic and we’re delighted to be able to have you and learn more about what OneTrust is doing.

Blake Brannon  35:40  

Yeah, I really appreciate the the opportunity to come on it’s great conversation. We should we should do it again and a couple years and see how different the answers are.

Jodi Daniels  35:49  

All of that. And yeah, I wonder if it would even be a couple years.

Blake Brannon  35:54  

Six, yes, six months.

Jodi Daniels  35:57  

It is moving so quickly.

Blake Brannon 36:00  

Well, thank you.

Outro 36:04  

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.