Chief Privacy Officer Jason Sarfati Explains Everything You Need To Know About Location Data Privacy

Jason SarfatiJason Sarfati is the Chief Privacy Officer and VP of Legal at Gravy Analytics, a location intelligence company providing real-world consumer intelligence to help organizations overcome today’s biggest challenges. Before joining Gravy Analytics, he was a Privacy Associate at Arent Fox and the Director of Privacy & Data Ethics at Treliant, a consulting firm serving financial institutions.

Jason earned his JD from George Mason University and holds a Certified Information Privacy Professional certification with a US concentration, making him an expert in the data privacy laws that govern US private sectors. He’s a member of the International Association of Privacy Professionals, a thought leader on trending privacy issues, and a frequent contributor to legal publications.

Available_Black copy
Tunein
Available_Black copy
partner-share-lg
partner-share-lg
partner-share-lg
partner-share-lg
partner-share-lg

Here’s a glimpse of what you’ll learn:

  • What is Gravy Analytics and what products and services do they offer?
  • Jason Sarfati explains why privacy considerations are included in product development
  • How does privacy by design infuse data minimization practices into its products?
  • Can location data be used to identify individuals?
  • How Gravy Analytics is preparing for the six recently-passed privacy laws
  • Tips for building and maintaining a privacy program
  • Jason shares privacy and security best practices for parents of teenagers

In this episode…

Geographic information, or location data, is intelligence about the geographical whereabouts of a device, such as a smartphone. Companies like Gravy Analytics use mobile location data to gain insight into individuals’ movement patterns to understand market trends and consumer behaviors. The issue with this type of tracking is that sensitive materials like health data become vulnerable. There’s also the risk of unsolicited advertising, physical assaults, and other various attacks. So, how do companies like Gravy Analytics use data for the betterment of society without further harming society?

Jason Sarfati, head of privacy at Gravy Analytics, explains how they integrate privacy controls into their products. While the company strives to provide accurate sources of usable and trusted data, privacy is at the forefront during development. With its privacy-enhancing technology, the privacy team can identify the collection of location data at sensitive places. Once detected, it’s deleted from all systems.

In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Jason Sarfati, Chief Privacy Officer and VP of Legal at Gravy Analytics, to discuss location data privacy. Jason talks about Gravy Analytics and the services the company offers, how privacy considerations are included during product development, using location data to identify individuals, and privacy and security best practices for parents of teenagers.

Resources Mentioned in this episode

Sponsor for this episode…

This episode is brought to you by Red Clover Advisors.

Red Clover Advisors uses data privacy to transform the way that companies do business together and create a future where there is greater trust between companies and consumers.

Founded by Jodi Daniels, Red Clover Advisors helps companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. They work with companies in a variety of fields, including technology, ecommerce, professional services, and digital media.

To learn more, and to check out their Wall Street Journal best selling book, Data Reimagined: Building Trust One Byte At a Time, visit www.redcloveradvisors.com.

Episode Transcript

Jodi Daniels 0:02

Hi, Jodi Daniels here. I’m the Founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional providing practical privacy advice to overwhelmed companies.

You can practice your tongue twister later. Now you just introduce who you are.

Justin Daniels 0:26

Hello, I’m Justin Daniels. I am a shareholder at the law firm Baker Donelson, I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback helping clients design and implement cyber plans as well as him help them manage and recover from data breaches. And this episode is brought to you by

Jodi Daniels 0:52

really jump off. Yeah, you gotta go to music school Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, e-commerce, professional services, and digital media. In short, we use data privacy to transform the way companies do business. Together, we’re creating a future where there’s greater trust between companies and consumers. To learn more, and to check out our new best selling book, data reimagined building trust one bite at a time, visit red clover advisors.com. So this is gonna be a fun episode, we appear to be very busy today.

Do the rules for all people involved is to try and keep the laughter to a minimum. So we can actually get through the wonderful topic we have for today.

Justin Daniels 1:42

I understand. So let’s introduce our our guest today who’s entered into the fun chamber. So today we have Jason Sarfati, who is the Chief Privacy Officer and VP of Legal at Gravy Analytics, a leading location intelligence company that delivers real world consumer intelligence to help organizations overcome today’s biggest challenges. Jason? Hello, how are you today?

Jason Sarfati 2:12

Good morning. It’s a pleasure to be here. Thank you for having me.

Jodi Daniels 2:15

We are excited that you are here. And in our pre-show, we were talking a little bit about how many people are either just stepping into some type of Chief Privacy role director privacy role, and figuring out what to be doing. Some others have been anointed that tie that title also trying to figure out what they’re doing. Some have been fortunate, and their companies recognize the value of having a privacy officer in that role for some time. So we’re really excited to dive into what it’s like to try and build a privacy program. To get us started, we always want to understand how did people find their way to their current role?

Jason Sarfati 2:53

So I actually found my job the old-fashioned way. I was shopping with my wife and Costco and bored out of my mind wandering through the aisles and it was pre-Thanksgiving. Costco shopping, if you’ve ever experienced that, hell. I was beyond unamused with the moment and I went on Indeed.com because the week prior to the CPR, CPRA had been born into life. So this would have been November 2020. And I noticed there was a Chief Privacy Officer listing for Gravy Analytics. And I said to myself, Wow, a location data company that’s about to get hot. So I was and he already was a big field to begin with. They had a lot of attention. So I every day I think to myself, you know, had my wife not drag me to Costco, I wouldn’t have this job. But I’m really happy that she did. And really happy that I applied and it’s been going very well since.

Jodi Daniels 3:54

It’s funny you say that I won’t give all the details. But actually I remember being in a Costco and talking to people taking phone calls about jobs many many years ago and it was in a Costco I can’t remember the I lives and everything. Costco and jobs are apparently a thing to do.

Justin Daniels 4:09

But did you hear about the sheer boredom leading to opportunity? If I went on and said that I had sheer boredom and shopping with my wife, I would get an elbow in the ribs immediately.

Jodi Daniels 4:18

That’s why Jason is the guest and you were the host.

Justin Daniels 4:25

If I may, I may yet get elbowed in the ribs before this episode is over. But before that happens, Jason wanted to get kind of, you know, a baseline understanding of what does Gravy Analytics do and what is data as a service.

Jason Sarfati 4:43

So we are a mobility analytics company. We ingest commercially available location data and of course, it’s going to trigger a lot of privacy issues that I’m sure we’re about to explore. We filter them and turn them into products that can be consumed by our downstream customers, there’s two core business lines. The first is we make location based audiences available. So we have geofence certain parts of our world. And individuals who visit those places tend to have the same consumer profile. So Best Buy purchasers or NFL fans, things of that nature, again, devices that appear inside stadiums, for example. And then the second core products that we have is our data will be uploaded into an s3 bucket and platforms can use that data to power their own software solutions, what have you. So we enable companies to power their own solutions where much like the fuel, but the downstream customers are the engine, and there’s a variety of engines that we power.

Justin Daniels 5:54

So Jason, just as a follow up to that, like, for example, longest time client of mine owns car washes. And so what’s important to him is having information about potential customers who frequently traveled, let’s say, within a three mile radius of his carwash. So that might be the kind of geofence data that might be a customer say, Hey, I’d like to learn more about those people, because those are in close proximity and might want to be marketed to for a free carwash, or what have you. Is that a kind of fair understanding of a use case?

Jason Sarfati 6:27

It’s a basic understanding of it, yes, we don’t have a UI that allows for three mile radiuses. And we can talk more about the specifics. But we do, for example, have an audience, new car buyers, and you can actually split it up by OEMs, based upon where the device was, was buying because car lots are fairly large. And if a device is going back to that car a lot, they maybe just bought a Hyundai recently, what have you. So it’s sort of the idea of

Jodi Daniels 6:57

Appreciating that data location is a hot topic. It’s a sensitive topic, knowing where I am. How precise Do you know where I am compared to, you know, a range and an area as you’re developing those products? Where does privacy fit into that? How does the privacy considerations get, you know, as a part of the overall business goals,

Jason Sarfati 7:21

so I was thinking of rebranding our privacy program much after that movie that just won the Oscar Everything Everywhere All At Once. It’s similar to that mantra though, because beginning to end, we have a series of privacy ambassadors, you might call it that and or other individuals within each vertical in my company that understands whenever a privacy issue comes up, I should probably call Jason, and we have rolling meetings. But privacy interests are always included in the development of our products. So from the very beginning, when we first looked at the whiteboard, we have to think through “alright, what privacy controls are we going to put into our products?” And it’s not just to keep ourselves out of trouble. Truth of the matter is, our customers are not going to buy products where privacy has not been integrated, or at least thought through before the product is sold to them. So they and the our sales team, our engineering team understand that if they want to sell a product, it needs to have privacy branded inside of it, otherwise, it just won’t sell. And that, truthfully, is one of the greatest strengths. I think that a company like mine has, because although yes, location data is under, I would say unprecedented scrutiny. The same thing is also true. On the other side of the coin, privacy concerns have now unprecedented reach within my company, everyone gets it. So I don’t have to sell it at all. In fact, folks are coming to me first most of the time. So I actually will say that I enjoy the fact that privacy concerns around the location data industry have really been elevated as a way because in a weird way, it actually does make my job easier.

Jodi Daniels 9:10

Can we talk a little bit in more detail on what that looks like? Because a lot of people are trying to figure out that design element. When there’s a new product or a new feature, an update? How do those engineering teams interact with you? Is it just you know, a call and a conversation? Do you have specific assessments that someone has to fill out first, just trying to help our audience who again, everyone’s trying to kind of figure out what this by design aspect looks like and how you’re doing it would be helpful for others to hear and learn from?

Jason Sarfati 9:46

Sure. So and again, it’s probably going to vary from company to company. Many of our products actually begin with our customers. They get a we get a phone call from a customer says, hey, we’d like a product that does x can you make such a thing? And the first thing that the engineer or sales or account manager will do is say, Maybe I need to call privacy first. And the fact that that happens from the beginning is, again, a is a fantastic benefit that I think the location data industry has compared to other industries where privacy might not be always front of mind, and therefore, the conversation happens way too late. So is it a formal assessment? No, we do have pas, of course, that we do, after the fact once the product is complete, to make sure we did our homework correctly. But no, we are invited. From the very beginning, it’ll be a zoom call, or what have you. We don’t do in person meetings as often as we did pre COVID. But the fact of the matter is, we are able to integrate privacy controls from the beginning. So whether it’s removing mobile advertiser IDs to make a privacy product, excuse me a product more privacy compliant, or removing sensitive locations, which I’m sure we’ll talk about here in a second. Those are all levers that we can pull on to make sure that the product accomplishes the goal of the customer, while also making sure that our company stays compliant and truthfully doesn’t doesn’t operate in a weird way. Because we don’t just do privacy compliance. We also do PR and branding stuff, too. And it’s hard to measure those things because you can be privacy compliant, yes or no, but pay pissing people off or weirding folks out. And the media is a different thing to measure. So we also keep an eye on on both of those things.

Jodi Daniels 11:42

Fair point, and important to do so.

Justin Daniels 11:45

So from my perspective, with the data location, where I’ve found it is, I represent a smart city. So we have all kinds of cameras that help identify traffic patterns and whatnot, I’ve learned all about lidar, which is another way to do traffic patterns with a laser beam that hits the car, but you don’t know that Jodi is sitting in it. Whereas a camera, you might be able to figure that out. And so you know what that context in mind, can you talk a little bit about how your organization with privacy by design kind of thinks about data minimization practices, such as using lidar for foot traffic to count it versus a camera that might identify a person, and how that might infuse itself into how you go to market with products or think about the data that you may be collecting in order to create your products?

Jason Sarfati 12:34

For sure. So the first thing to note is I know a lot of folks, particularly in the media are concerned about the ability of location data to re identify individuals, right. So that’s, that’s what the dogs decision and the blowback from it has all been wrapped around. And, and I know a lot of advocates are saying, Well, shouldn’t data minimization cure that the concept that a product should only reveal certain characteristics of a device that are necessary for the product to actually complete its goal, and any extra data sets are unnecessary and therefore should be removed, similar to the data minimization mantra that we see in the GDPR. And the truth of the matter is, when we calibrated our privacy program to the GDPR, back in 2018, we thought through, okay, how can we remove as many identifiers from a dataset similar to the lidar example you’re giving, while also making sure that the dataset still has value to our downstream customers, so we don’t have any personally identifiable location data. But that’s difficult in terms of convincing regulators, journalists, and even sometimes skeptical customers to believe. So when I say well, all our location data has the mobile advertiser ID removed or if the mobile advertiser ID is still present, there aren’t enough data points to determine whether or not of phone belongs to Jason’s or body or Jodi Daniels or whomever. Nonetheless, there is still a concern that if you have enough volume, then yes, you can identify a device. So we have been getting around some of those concerns by building API’s that only do certain queries. And, by extension, remove the larger data set, because it’s not even necessary, that actually helps a loss for processing costs truthfully, and getting around those concerns. So I actually don’t have to sell anyone here on data minimization, because the processing costs are so great. So that actually is good. And then I can kind of just tack on privacy as an added benefit for removing identity buyers and removing volume.

Justin Daniels 15:01

So Jason, when you talked about removing identifiers with like a mobile application, could you like walk me through an example of how that would work, like if my data were, I guess, my mobile phone, but you can’t track it back to Justin can you get maybe a little bit more detailed on how that works on trying to understand that a little bit better.

Jason Sarfati 15:21

The only pure identifier that a company like gravy has is the mobile advertiser ID. Now there’s some schools of thought that say, the made on its own is personal data. And it’s in its identifiable Of course, we know that that’s not true, because it’s just as a series of letters and numbers. And of course, there’s also a bunch of companies out there who this entire business model is to do reverse matches to get the made and get back to Justin. So we, whenever possible, remove the mobile advertiser ID from a data set and swap it out with a pseudonymous, we just call it the gravy registration ID, which is a new number letter alpha numeric identifier, that still allows an end customer to discriminate between one phone and another, right? This is one device, that’s a separate one, because the numbers are slightly different. But now because it’s no longer a made, I have no way of going to another company and trying to reidentify Justin. So the data is really useful for commuter patterns, and supply chain analytics, and all those other great things that my company does without running the risk of knowing that Justin is going from his house to to his office and everywhere else back and forth. Thank you.

Jodi Daniels 16:40

You mentioned getting ready for GDPR, back in 2018, which when you said that it was wow, that was a Fast Five years. And now we have a plethora of US privacy laws, we have five that will be effective at the end of 2023. And we have seven that got passed just this year, excluding any of the other very specific health and kids privacy laws. With all that being said, can you share? How is your organization going about these new privacy laws? How will you add these into the mix? And whether that be from your own kind of internal company data, marketing data, and then obviously the product set?

Jason Sarfati 17:24

So the products that, truthfully, is what we are almost exclusively focused on Yes, there are other verticals, within my company where you could say there is a privacy risk, that’s at least somewhat measurable. But for those companies that are in least my industry, all the regulatory risk, all the enforcement risk is it’s okay, let’s go with 99% is going to be coming from the product set. And if I actually made a stink of the other 1% I think some folks in my company might scratch their heads Why Why are you worried about that other thing? We have all products that over here that likely requires more privacy compliance efforts. So we are a Virginia based company, we were closely following the Virginia privacy law that came out last year. And you know, it’s funny, because after CCPA came out, you know, talk about a time traveling, that was June 2018, if memory serves something around there, okay. Yeah. So I thought to myself, Okay, well, there’s gonna be 10 to 20 different state privacy laws in the next year or two. And they’re actually was sort of this All Quiet on the Western Front, kind of detente, where no, there were no states that did any new privacy efforts. And we actually when we saw the CPRA, moving through the legislative channels, made sure that our privacy program tacked itself to that. So we haven’t made any specific state level adjustments in the last year because we felt that Well, we already are doing the explicit opt ins, we’ve already had the privacy impact assessments, we already have the the notice and disclosures done correctly, we were doing all these other privacy conscious efforts that should be able to be enough for all the new state level privacy efforts, considering especially that CPRA in Virginia were sort of our north and south stars that we were looking at. And I’ll just use the metaphor we had GDPR and of course, our customer concerns layered in. But the big thing that came across our world in February, March, April this year was the Washington My Health My Data Act, that was a fundamental change for the location industry to adjust to so it’s difficult to keep track of all the state level privacy laws, but now we also have to keep track of some of these. I’ll call them sector specific, maybe is the word privacy laws because now it’s first I thought, okay, one day, how bad could it be 50 privacy laws I have to focus on I’m realizing oh, no, it could be literally hundreds of 1000s If every state just passes 12 at a time So,

Jodi Daniels 20:01

Jason, can you share what you think maybe two tips to someone who’s trying to build and maintain a privacy program that you think has made yours successful, you’ve shared, you know, you, the company understands that that might be because of the industry that you’re in. But there’s also some tactics that you’re doing. There’s obviously education that’s happening. And if you can offer up maybe two tips, I think people would find that really helpful.

Jason Sarfati 20:30

So I think number one would be available. Because, folks, so I’ve worked at larger companies, and folks sometimes don’t even know where privacy sits or who they are. And in a previous COVID context, I was literally wandering the halls shaking hands. And in particular, going to different floors, because we sat on actually remember, it was the fifth floor, and I knew the engineering folks were upstairs. And I would make a point of going up there and introducing myself, the big benefit of that is, whenever there’s a problem, they’re going to know who to email and they might be more inclined to email because oh, they met you in the hallway a couple of months ago, okay, I’m not worried about emailing Jason to get him involved in this conversation early in a post COVID remote work context, I say folks need to be much more involved in making themselves available and known. It’s almost like internal marketing in a way. So on a twice yearly basis, the privacy team does a presentation to the whole company over lunch, we call them lunch and learns, we just had one about a month and a half ago, where we explain all the efforts that we’re doing so people can kind of connect the dots. And then we also have rolling privacy meetings, in particular with my sales team, because they need to know how to sell a product. And there’s always adjustments that are being made in light of the privacy concerns to whatever product we’re selling. And, truthfully, they can’t really sell much without privacy being involved. So that’s a road that goes in both directions. My second piece of advice is, and since we’re all being honest with each other, it is impossible to be a successful privacy professional without offending people’s feelings and engaging sometimes in some difficult conversations. And so if you are an aspiring privacy professional, or your current privacy professional, and you’re unwilling to challenge assumptions, you’re unwilling to I’m not gonna say make enemies but perhaps unwilling to change people’s work and force them to say, hey, we need to go back to the drawing board and fix things, then respectfully, one might be in the wrong profession, because this is this is a job where sometimes the answer has to be no. And it’s difficult. I think, you know, everyone’s inclined to always be the nice guy or girl and you can’t be a successful privacy professional. If you’re always saying yes, so that’s like my, my kind of my, my core advice, make yourself known. Which allows you to be kind of, you know, the mean person from time to time, because that’s what’s required of the job to keep the company out of trouble.

Jodi Daniels 23:21

Excellent tips, we appreciate your sharing, and just say, No, I think sometimes

Justin Daniels 23:29

Jason would be, just tell them, you have to be an iconoclast someone who attacks cherished institutions or ideas. So that’s what came to mind. We’re on

Jason Sarfati 23:45

the same page, right? It’s funny, because I know that in many times, when I’m making a phone call, like, they’re not going to be happy. But they will be happy inevitably, because we can come to a better place that will inevitably make the company more money that will keep us out of trouble. And they’ll see through to the other side. So it’s a lot of I never thought that being a privacy professional would rely so heavily on human emotions and some of these other things I actually explored and, and you know, it took some some psych classes in college, what have you just wow, like, I’m going back to just being a human 101 here, but that’s the thing. It’s a large organization. And frequently, the privacy function is being filtered as a way of making corporate enterprise level decision. So you are in many ways, the traffic cop and also directing the company, in terms of its branding, and what kind of company wants to be, so you’re going to have to figure out conflicts, and I wish everyone the best of luck.

Justin Daniels 24:48

Makes sense? I guess one other thing, it sounds like your role, as the legal part of your role is really involved because a lot of Some attorneys I talked to in house, they’re fighting that battle just to get on the radar of people. But you’ve transformed from a role where that was a bit more of the case to one where they freely realize that you’re literally part of the design team for the product, because your company literally has to bake in privacy by design, it is an actual critical feature to sell that to sell the product.

Jason Sarfati 25:25

Yes, that’s correct. So and again, sometimes I worry that privacy might be occasionally overly involved, right? I got it, I got to be conscious of that, too, or am I spreading myself too thin. And the fact of the matter is, with location, data privacy, quite literally being a daily news cycle, you can just type in location data right now into Google and hit news. And you’re going to see a bunch of what I’ll call a systemic threat level, storylines that are impacting my industry. So the fact of the matter is, no, we need to be involved. From beginning to end, I have a great relationship with our external marketing and communications team, because they at this point, have figured out how to successfully communicate our privacy efforts. And sometimes journalists will come calling and ask questions. And it’s incredibly helpful to have the privacy person part of those conversations as well as with the sales team and, and the engineering team. Even the Human Resources team, I can’t think of a vertical within my company where I haven’t been involved with them at least once in the last 30 days. And sometimes it’s dealing

Jodi Daniels 26:38

with all that you know about privacy, we always like to ask what is your best privacy or security tip that you would share at a party at a party and a party.

Jason Sarfati 26:53

So I actually, so my wife has a younger sister, who’s 16 years old. And it’s interesting, because I frequently, especially a month and a half ago, found myself at somebody’s high school graduation parties. I’m 34. So this was a thing that I had been going to previously and then kind of a bad chapter of my life had closed, and suddenly, boom, it’s been reopened. And I’ve been fascinated by how teenagers interact with social media and are extremely willing to share everything. In fact, that’s part of the high school experience now. And what’s even more interesting is because I’m sort of this millennial, they say things and share things with me that I know they’re disinclined to share with their parents. So it’s really an eye opening experience. I’ll give you an example. So on Snapchat, I’m sure you’re aware, you can share your location. And I find this again, very interesting. Because when I speak with regulators, or even journalists, they say, “no one’s interested in sharing their location data,” which does not jive at all with the experience that I see when I go to a high school graduation party. And I see these kids quite literally showing on their screens, this is where the party is because I can see where everybody is like that, oh, Emma’s there, blah, blah, blah. And I try to be, you know, the cool kid, as well, because I’ve been invited to this party. So I give this tip. Hey, just so you know, anyone can see your location as well, because you’re sharing it with this larger group of folks. And anything you post is probably going to be out there for eternity. 10-15 years from now, you might be applying for a job or, you know, doing something where you want a little more professional, you know, foot forward? Do you really want to be putting that online? Most of the time, truthfully, it falls on deaf ears, but every now and then I do get a kind of a quiet nod Yeah, you I should probably not do that. So I would say to every privacy professional that has access to a teenager or a it’s a middle schooler should see what they know, not necessarily convince them that they’re doing anything wrong, but see what where their head is at. And I have this theory that let’s check in with each other 10-15 years from now that the privacy landscape is going to fundamentally change. When Gen Z enters the boardroom. They’re going to view all these things a little differently, because they grew up with devices in their hands. So their privacy tips that they’re gonna be giving us are gonna be really different than the ones that we get to them. And I can’t wait to see how that plays out.

Jodi Daniels 29:36

It’ll be interesting to see how that works. Because now if the interest is and I’ve seen that I’ve seen teens show, here’s Snapchat, and here’s all the cars and it’s so social right now. And that is their entire universe. Where 10, 15 years later their universe will be different. They will have kids, they will have jobs, they will have other things that they want I choose to decide, actually, no, that’s, I kind of get what those annoying older people were trying to tell me now. So I think that will be interesting to evaluate.

Jason Sarfati 29:36

But let’s check in with each other, we

Jodi Daniels 29:56

will make an app, we’ll make a calendar invite.

Justin Daniels 30:17

So Jason, when you’re not leading the privacy efforts at your company, and making interesting observations about society, what do you like to do for fun?

Jason Sarfati 30:30

So I love to travel. And I have to say, during the pandemic, that obviously kind of hit hard that I was stuck in an apartment in downtown DC. And I sorted myself all those places that I’d wanted to travel and visit I’m going to do once the pandemic is over and grateful enough, I’ve been doing that not to make this to work related, but they’re in the privacy world, I got to point out, there’s really cool conferences. So you know, in October, the IPP is having something in San Diego, I’m actually speaking there, and I’m making a point, even if I don’t speak, I’m going to those conferences, I’m meeting people and I’m getting on airplanes and doing all the traveling that I wish I could do because it the pandemic and particularly really showed me that you don’t need to buy materialistic things usually, what real satisfaction do you get from that instead? No, go travel. So for those folks who are listening to the podcast now that are, you know, maybe running on a treadmill thinking themselves, you know, I should really book a ticket tonight. Yes, do it. Because I think you’ll get a lot of pleasure out of it. It’s always interesting to to experience new cultures, whenever I go to Europe, I always get a kick out of the GDPR. Notice that consent prompts, I’m like, Ah, this is funny, and half the time truthfully, they don’t even I know comply with the GDPR provisions. But nonetheless, that that’s sort of a sidebar. The point being I really recommend everyone focus on experiences and trying trying new things. I that was my goal this year. So far. I’ve really enjoyed it.

Justin Daniels 32:05

And you know, Jason, I’m so glad to hear you talk about the travel and how you evaluate privacy. Because when we went through border control in Canada versus the US, one of us was snapping pictures, showing the difference between whether or not they have to have the picture of my kids and whatnot, making interesting LinkedIn posts.

Jodi Daniels 32:24

So I’m not the only one looking at cookie banners. I still do that. Oh, that’s a good cookie banner. should really are that’s a terrible cookie better. I’m glad I’m not the only one who is always thinking about privacy, because it is it is everywhere. And Jason, I look forward to seeing and meeting you. Hopefully in person in San Diego. I’ll be there as well. I got to go to San Diego. No, someone has to stay home and watch the kids at the dog. That’s your been assigned to that role. And Jason, where can people learn more and connect with you?

Jason Sarfati 32:56

Sure. So I’m always around on LinkedIn, just type in my name. And you’ll find me there. I’m on Twitter. But honestly, if you see me walking down the hall at I go to every Summit. So every April, I’ll be wandering the halls at the IAPP conference in DC and I try to go to PSR. So if folks are going there, please, you know, tapped me on the shoulder and confined me not to make myself sound like too much of a degenerate. But if you go to the hotel lobby near the bar, you’re likely to find me there just kind of catching up with friends. So if you if you wander to the Marriott or actually, yes, it’s a Marriott in both places, right? So the DC, the Marriott in San Diego, just go there, you’ll find me. So just, you know, pass out business cards and make friendships I gotta say it on my wedding actually, I had quite a few privacy professionals in attendance. So that I think speaks highly I love our industry. I love the community that we have, you know, folks will frequently change jobs and lateral but the friendships that we’ve built along the way tend to stay, yes, it’s a growing community. But nonetheless, I think the fact that we all see each other on a rolling basis several times a year does kind of create this sort of privacy family. I’d like to give a compliment to the efforts of the LGBT community in particular, they always have those parties after parties afterward. LGBT tech and the others at the IAPP conferences and folks, you know, enjoy themselves afterward. Like, I don’t believe most other industries do that. So like, like the medical industry or the accounting industry, the legal court industry, they don’t really have those types of events. So you can find me at those places online. And I just love the fact that we all connect in that positive way, I think. I hope that’s one thing that stays there. I think it will,

Jodi Daniels 34:57

I agree been in this industry for a while and I was at dinner last night hadn’t seen people definitely pre pandemic and might maybe even longer than that. And it was really, really fun to reconnect with some old friends and your observation about some it’s kind of interesting people have have decided to call it it’s like the high school reunion. And as the industry keeps getting bigger and you make more friends than it is, there’s a lot more people that you have to keep seeing at the reunion. We’re gonna need to figure out how we how we solve that, but it is a very friendly place and I also hope it stays that way. Well, Jason, thank you so much for stopping by and sharing all the great wisdom that you did today. We really appreciate it.

Jason Sarfati 35:38

It was a pleasure. Let’s keep in touch. I’ll see you in San Diego. Not before then.

Jodi Daniels 35:42

Absolutely.