Click for Full Transcript

Intro 0:01

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels 0:21

Hi, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and Certified Information Privacy professional, providing practical privacy advice to overwhelmed companies.

Justin Daniels 0:35

Hi, I’m Justin Daniels. Here I am a partner at the law firm Baker Donelson, I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback helping clients design and implement cyber plans as well as help them manage and recover from data breaches.

Jodi Daniels 0:54

And this episode is brought to you by Red Clover Advisors, we help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, e-commerce, professional services, and digital media. In short, we use data privacy to transform the way companies do business. Together, we’re creating a future where there’s greater trust between companies and consumers. To learn more, and to check out our new best selling book, Data Reimagined: Building Trust One Byte at a Time. Visit Ready to get started today?

Justin Daniels 1:33

I am Do you know what I did last night? Now? I asked ChatGPT if it was familiar with our podcast?

Jodi Daniels 1:41

Oh, I didn’t say

Justin Daniels 1:41

It said that. It wasn’t who we were. So maybe on their next show. I’ll actually read it to answer. Hmm,

Jodi Daniels 1:49

okay. So that’s scary. I don’t know. Only read it if i Sounds good. Okay, well, maybe I’ll just hallucinate and read it. Anyway.

Justin Daniels 1:59

So let’s introduce our guests today. So I’m excited to have someone that I knew very well. So today, we’re going to the Office of the General Counsel. So we have Amy Chipperson here with us today. She is the general counsel of Axtria, a data analytics software company that is exclusive to the healthcare and life sciences industry. And she is based in New Jersey. Amy, welcome to the show

Amy Chipperson 2:23

today. They Thank you. Thank you for having me. Well, we’re

Jodi Daniels 2:28

excited that you’re here. And we always like to start with how did people get to where they are. So if you could take us a little bit on your career journey to how you found your way to General Counsel today?

Amy Chipperson 2:41

Sure. I first started out after law school, working for my father. My father was an attorney and a very small practice here in New Jersey. And I worked there for a number of years, he passed away. And I was primarily handling litigation matters. And litigation in New Jersey had hit a period of time where there were a lot of new rules put in place that if you had any kind of family emergency or issue and you were supposed to be in court that morning, you could face some significant penalties. And I had a small child at the time and it just got to be very unwieldy. So a friend of mine had approached me a few years back about coming in-house at Hewlett-Packard, and I at that time, didn’t think it was for me. But that was prior to my first son being born. And then after my son was born, it actually sounded like a better idea. So I took her up on that offer a couple years later and joined HP to support them in their litigation department. And then as with all things in house, you eventually get a taste of everything that they’re involved in and I dealt with a lot of different matters at HP, and got heavily involved in transactional work and then transactional work in the managed services side of Hewlett-Packard and then began working exclusively in their Mattis services side and then I went from there I went to TCS for a brief period, but then ultimately went to a French firm called Atos. And Atos was a very big man services provider. And I started out there as Senior Counsel and negotiating many different types of agreements, Atos had many, many different service towers, from data center management to apps development and maintenance, to software as a service to edge computing, cloud transformation. That’s just a few of the things that they did. And I began work there and was promoted a couple of years later to the General Counsel for North America. And remained there until I was asked to join Axtria as their general counsel. And so here I am, I’ve been at Axtria. Now for almost two years as their general counsel.

Jodi Daniels 5:55

Well, thanks. And congratulations, people always find their way in a variety of different paths, we really appreciate you sharing.

Justin Daniels 6:04

So speaking of all the things that you’ve had to learn in your career, from litigation to transactional, you know, talk to us a little bit about Axtria’s, day to day business and how you’re starting to see privacy and security impact, the kinds of things that you’re brought in to do and decisions that you’re asked to advise the executive on making.

Unknown Speaker 6:27

So Axtria, and one of the things that continues to amaze me about Axtria is the just level of ingenuity and honestly brilliant that our service, our people bring their ability to perform data analytics and novel types of data analytics questions, is just amazing to me. They perform at such a high level, the products that we have brought to market to help healthcare and life science companies, we perform your data warehousing solutions, field, intelligence type of solutions, and analytics, for the healthcare and life science field. And it’s just really inspiring to see what we do on a day to day basis that really makes a big difference in people’s lives, in healthcare and in bettering health care for everybody. With that in mind,

Jodi Daniels 7:52

are you seeing customers bring up privacy and security? And if so, have you seen a trend where, you know, I certainly see in my business, it seems like more and more companies are asking service providers, what are your privacy practices? What are your security practices? So I’m curious what you’re seeing from customers from a privacy and security lens.

Amy Chipperson 8:17

Absolutely. And, you know, we’re, we specialize and work exclusively in the healthcare and life sciences field. And so there’s a number of concerns in data privacy, from the type of data that we use, I mean, obviously, we are a data analytics company, and we work with data from many different third party data providers or from our own customers data. And that data can range from patient data to data about certain products that our customers might be working on, or researching or developing. And so there’s, there’s, I think in our field, there’s probably or in our industry, there’s probably more concerns about data than in a lot of the other types of industries out there, if you will, like then maybe manufacturing or transportation or retail, etc. So, yeah, so that’s something that I think is in the forefront of our minds on a constant basis. And something that our customers are to answer your question is something that is on the forefront of our customers minds as well.

Jodi Daniels 9:44

Are there any examples that you might be able to offer? Maybe it’s additional questions or maybe in team meetings, people are talking about the privacy and security piece a little bit differently because there is such a customer focus on privacy and security, I guess where I’m going as you know, some companies think privacy and security is just as legal obligation, they have to do it, other companies like yours are really seeing the impetus come from customers. And so it’s becoming more of a driving force, it’s becoming more of a focus inside the organization.

Amy Chipperson 10:19

I think it’s always been a huge priority for us, you know, customer trust, I think, is one of the the foundational building blocks of our company and of our strategy. And so, you know, they’re in the pharma, or life sciences field, there’s, you know, we work with a lot of data, a lot of big data. And, you know, one of the things that I think people don’t realize is that most of the data we work with is tokenized or anonymized data. And so I think one of the things people have to realize is that, you know, nobody is getting your or we’re not looking at personally identifiable information about anybody. Everything is tokenized. And the responsibility or, you know, the obligations is that you will not see identify or detail organize any data that you are receiving, especially from any third party data provider. And you know, and that’s something that is, I think, a cardinal rule, and shouldn’t be a cardinal rule in our industry. And that’s one of the one of the big aspects that are one of the big requirements that we have.

Jodi Daniels 11:47

My little ears perked up customer trust?

Justin Daniels 11:49

Yes, there’s a book that talks about that. I’m familiar.

Amy Chipperson 11:54

Yeah, it’s a huge, huge priority for us.

Justin Daniels 12:00

So Amy, is someone who works closely with the CEO and the board? You know, how have you seen, you know, in general, you’ve had different jobs, executive leadership evolve in their thinking, as it relates to how privacy and security might impact strategic decisions they make about new products, maybe new analytics that they do, and how privacy and security play a role and how they might design it, or deploy it with customers?

Amy Chipperson 12:27

Um, you know, there’s so many, there’s, there’s, I think, multiple concerns, when you’re building your strategy, or you’re implementing your strategy. You know, first is, you know, and, and what’s your priorities. So, you know, obviously, there’s legal requirements that we have to abide by, there’s customer priorities, that are a significant priority, there’s cost elements to what you’re going to implement and how you’re going to implement it. There’s, you know, your people, priorities, you know, in, in the workforce, in, within your organization, and how it’s implemented, and how they’re trained to deal with certain things and how to make things a priority. So, you know, there’s I think so many multiple levels, that data security and data privacy has to be the focus has to really be thought out. And, you know, it’s not something that you can just take the dart board approach and just try to hit certain things and hope you hit them correctly. And, and if you don’t, you don’t, you know, it has to be really requires a holistic approach. And you really have to look really intently at at what your strategy is and develop it. You know, there’s, there’s some firms out there that may not have the hugest budget, or as big a budget as other places. But you know what the right decision in the right mentality, you can be just as safe, if not safer than then someone else that has a huge budget but doesn’t know how to spend it.

Jodi Daniels 14:31

In the privacy space, it’s changing all the time. And in your purview, you have privacy plus a number of other laws that you have to keep up with. What do you find to be that works for you and educating yourself in the privacy space, the security space and just all the different laws that are in your universe as you’re advising executive?

Amy Chipperson 14:58

The legal requirements To be honest, are maddening. You know, we have no federal data privacy rule like the EU has. And, and maybe you know, something that I don’t I, but I don’t see really anything on the horizon either coming down. And so what we’re left with is the potential for 50 different sets of privacy rules from 50 different states that somehow have to be complied with, if you’re a national or global company, that you have to constantly be aware of any amendments. Any other implementation changes, any court rulings that further interpret or decide language within the statutes as they’re put into place? And, and so it’s something that can really keep somebody up at night? And, you know, you don’t know what you don’t know, either. And, you know, you, you think that are you that everything is is proceeding according to the the instructions that you’ve laid out based on your reviews of the law, etc. And I think that it’s, it’s just something that’s so constantly in flux, that you, too, can never really feel settled, that you will have every every every consideration handled? I mean, I don’t know. I kind of think that anybody who thinks that they have it all handled and all in place and all locked down. I don’t know, maybe, that I think there might be kidding themselves.

Jodi Daniels 17:01

Oh, it’s definitely changing quickly. And to share my thoughts on your question about the federal law, I always answer it, I feel like it’s a crystal dart, right. It’s this some combination of a crystal ball and then just throw dart and who knows exactly where it’s going to land? Because there’s so much political play at hand. And I agree, I think we’re on our path to FFT state framework, unless something unique and interesting changes and throws a curveball, which is always possible.

Amy Chipperson 17:31

What was my crystal then? And, and then, you know, you have to take into consideration. Sure, maybe there is a federal law that that comes down, but will state still have the right to further tweak it? Right. And, you know, and then you’re still in the same position that you’re in, right now without the federal law. So you know, you, you will have, ultimately have states and, and I’m not knocking California, in particular, but you know, they take the very word I’m looking for, but it’s a high priority with them and their citizens privacy. And so they, they will most likely have probably additional rules, if a federal rule was ever established. And I think other states will also follow suit. That is the big question,

Jodi Daniels 18:27

well, the states be able to override or not, well, you will have to wait and see.

Justin Daniels 18:33

So kind of Amy to further add another level of complexity. You know, your company has international operations. So now you have to worry about not only you’re managing privacy in the US, but also GDPR. And there’s many other countries that are passing laws. So can you give us a little window into how you have to think about that, because the regimes in those other countries are very different than the US?

Amy Chipperson 18:59

Mm hmm. Exactly. And I think one of the things about data privacy that you have to empty the privacy laws, is that you just have to accept the fact that it’s always going to be fluid. Even even in the EU with GDPR you know, when it from when it was first established to where we are now, even even backing up even before GDPR when when you had Safe Harbor, and then Privacy Shield, and then you know, and then GDPR and then Trump’s one and Trump’s two and I mean, I don’t think it’s it’s far fetched to believe that there will be a Trump’s threat. And so we all know that these data privacy laws are very fluid and you just have to accept the fact that change is inevitable, and you have to be able to pivot quickly and effectively in order to maintain your compliance. And to make sure that you’re, you know, it’s something you always have to be aware of, and kind of have that ear to the ground of knowing what’s what’s coming up, you know, you really have to be very proactive about it, and keep on top of it, and, you know, subscribe to the publications that specialize in this and, and, and take your CLE classes and, or any other programs that are out there that keep on top of it, so that you’re on top of it. And I there’s, there’s really no other way to do it, other than to almost make it your hobby.

Jodi Daniels 20:58

Like how we talk about privacy and security all day over here.

Amy Chipperson 21:03


Justin Daniels 21:04

right. But I think, Amy, what, what’s maybe sometimes difficult for an audience to appreciate who aren’t in your seat is, this is something you’re now having to pick up. It could be 50 US states, it’s GDPR. And that’s on top of, you could have an antitrust issue come up, you have to manage litigation. And what I’m saying is that you see how it stretches, what you’re doing, and how people may start to say, oh, I can start to use artificial intelligence to help me start to do and automate tasks, because you don’t have an infinite budget to have a 50 person legal department. And so I just think when you talk about this, I want to illustrate for the audience, how people can go down the route of looking at how some of this technology can automate this because for you to try to keep up on all of this with the various areas you have to advise on as the chief legal officer.

Amy Chipperson 21:56

It’s really a challenge. It is and obviously, you know, obviously, the chatGPT is in its infancy. And as we all know, you know, that can take you down some pretty dark corner, dark avenues, when you start to have discussions with your own Chatbot. And so I wouldn’t recommend anybody relying on that as your soul or even primary source of truth, but you know, it, it probably, and I would hope that it will be a fantastic tool in the future. You know, we have this discussion 25 years from now. And we look at how it’s evolved. You know, we’ll think oh, my gosh, how did we ever live without this?

Jodi Daniels 22:58

So that will be an interesting day, when we figure it out. It’s certainly a fun time to be here. Amy, with all the knowledge that you have on privacy and security. What is your best privacy tip, we always like to say imagine you’re, you’re hanging out with a group of people, you have all of this information? They are not as well informed? What What might you suggest that they do?

Amy Chipperson 23:26

That is a great question. I mean, I think it depends on the group of people that I’m with, and their level of background in in the subject. But you know, I think I think one of the things that people should have is a very common sense approach to it. And, you know, kind of leaned towards being very conservative on the topic, I think that would serve you well. But to think, you know, is this information if this were my information, would I want somebody else to see it? And I think that if the answer is no, then you kind of have your answer and your strategy kind of built into your to your being, if you will, and that if you look at things with a common sense approach and not be flippant about it and not be kind of overly confident, then you will make the right choices and you will make the right decisions. When it comes to data and and, and privacy and you’ll have an if there is eventually a problem that you run into you’ll have a defensible argument maybe maybe your actions weren’t perfect. but they were coming from a place of care, and that you were aware of what the issues are. And, you know, I think that that would help people out in the long run. I like the idea of

Jodi Daniels 25:15

making sure that people are thinking about the data as if it was their own. Great, great tip for people to think about. So right,

Justin Daniels 25:23

when you’re not being the GC and, and thinking about privacy, security and the litany of other challenges that a data analytics company is navigating, what do you like to do for fun?

Amy Chipperson 25:35

Well, data security, obviously, and data. Laws are by hobby. Just kidding. No, I spend a lot of time I live in New Jersey, I’m a big fan of the Jersey Shore. We spend a lot of time down at the Jersey Shore with my family. And that’s primarily where you’ll find me every summer. And then when it’s not summer, I, my my younger son plays football in high school. And so every weekend, I’m at a football game. And we’d like to try and ski although I’m not very good at it anymore. But we like to ski with friends and do a lot of things with with just family and friends. Pretty low key. No pretty quiet. Oh boy has been right. My husband and son is are at the Yankee opening day today. But that’s fine. It’s only like 30 something degrees here. I think I think I’ll stay inside. But yeah, I like to say I’m an outdoors person. If the if the outdoors that I’m in is is on the beach.

Jodi Daniels 26:59

Well, we can have you can qualified however it works for you.

Amy Chipperson 27:03

Right, I’m not much of a camper.

Jodi Daniels 27:06

I wouldn’t be camping either. That’s okay. Amy, we really appreciate all that you shared with us today. If people wanted to connect and learn a little bit more, where

Amy Chipperson 27:15

should they go? You can always message me on LinkedIn. There’s only one Amy Chipperson that I’m aware of on LinkedIn. So you can find me very easily there and feel free to message me. And if you have any questions, I’ll do my best to answer.

Jodi Daniels 27:34

Well, wonderful, thank you. We’ll be sure to share that in our notes.

Justin Daniels 27:38

Yep, it was great to have you on the show.

Amy Chipperson 27:40

Thanks. I hope I gave out some useful information.

Jodi Daniels 27:46

Indeed you did.

Outro 27:52

thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.

Privacy doesn’t have to be complicated.