Thirteen Years Later
This weekend, it will be thirteen years since I nearly lost my life after a pregnancy complication and needed a life-saving transfusion. I don’t write about that day often. It’s not an easy one to revisit. But every year around this time, I find myself thinking about what it changed in me, and maybe because I now officially have two teenagers, I keep thinking about time this year.
Before that day, I thought about my career the way I think a lot of people do. Starting out is all about working hard to get the promotion, then working hard for the next one, and the next rung on the ladder after that.
But after it, time stopped feeling like something I had an endless supply of. I wasn’t looking for a new philosophy. I was just living life, married, second kid, good corporate job, and that experience made me realize what mattered most to me. It was time.
Last week, I wrote about July 4th and the connection between freedom and privacy, the idea that control over your own information is its own kind of independence. Time freedom is the version of that idea I live with every day. It’s what I struggled with most working in the big corporate world. I never felt like I had real control over my time.
I feel so strongly about this, and it’s why I built Red Clover Advisors the way I did. We’ve been remote first before it was common and Zooming before it was a verb, and our team is focused on delivering excellent client results, wherever and however that needs to happen.
That meant unlearning a lot of what I thought running a company was supposed to look like. There are no mandatory office hours to prove people are working (still scarred from the manager who required me to stay because she wasn’t done working, and I had nothing to do). We also have no arbitrary rules about when someone can pick up their kid from school or when there’s an appointment. If the work gets done well and the client is taken care of, the rest works itself out.
Redefining Success
My girls and I have also been working through old movies Justin and I grew up loving. One of my absolute favorites growing up was Working Girl (this discussion then had me playing on Spotify and singing the iconic song Let The River Run by Carly Simon!) Back to the movie … I always dreamed of the corporate corner office, and that’s what I thought I always wanted.
Ultimately, we decided this isn’t quite the right movie for them yet, but I sat with what I thought was my definition of success as a kid for a bit and realized that’s not at all how I define success anymore.
In fact, I don’t even like saying I own my own company. I often introduce myself as a privacy consultant, because that’s what I am. I want to help companies, and I care more about that than my title.
This might have been the closest I get to a corner office … an interview at OneTrust’s new headquarters for a partner profile they were doing on partners (and we’re so lucky to be an original partner!)

Side note: I remember interviewing someone for our Senior Privacy Consultant role who was coming from a larger consulting firm. He said if he were to move, he’d want a higher title. He was focused on the title, not on delivering the work. I’m glad he told me, because I knew immediately we weren’t a great fit.
Career Paths Aren’t One-Size-Fits-All
That shift in what matters to me is also why I’ve come to see career paths differently than I used to. In-house, solo consulting, building a firm, staying at a law firm, these all get talked about like one of them is the smart choice and the others are settling. I don’t think that’s true anymore. I think they’re just different trades, and which trade makes sense depends entirely on what a person values at that point in their life.
I hear this constantly from other privacy professionals. Someone asks whether they should go independent, or take the in-house offer, or stay where they are a little longer. I ask them a lot of questions to help decide:

Whatever the answer is, it’s allowed to change later. What mattered five years ago doesn’t have to matter as much today.
Finding Your Own Answer
If you’re not sure how to answer those questions yet, that’s normal too. A lot of people don’t figure out what they actually want until they’ve tried a path that turned out to be wrong for them.
I spent years in corporate searching for what would make me happy before I understood what I was missing. That wasn’t wasted time. It’s how I learned what mattered to me.
If you’re early in your privacy career, talk to people in different paths, in-house, law firm, solo, agency, and ask them what a normal Tuesday actually looks like for them, not just what their title is. Seriously – ask a LOT of questions! The day-to-day is where you’ll find your answer, not the job description.
If you want a good place to start those conversations, my good friend and also a privacy consultant, Teresa Falk, writes and speaks a lot on privacy career paths and has mapped out how different roles in this field actually break down. Worth a follow if you’re thinking through your own next move.

In-house work gives you deep knowledge of one business, but less control over your schedule. Solo consulting gives you autonomy, but you’re also the entire sales, marketing, finance, legal, and delivery team rolled into one. Building a firm gives you leverage and the chance to help more people, but it comes with managing a team and everything that goes along with that.
None of these paths is the right one. They’re just different answers for different people.
It’s also worth saying that these paths aren’t always permanent choices. I know people who went in-house, missed the variety of consulting, and went back. I know solo consultants who got tired of running the whole show themselves and joined a firm. Changing your mind isn’t a failure of planning. It usually just means you learned something about yourself that you couldn’t have known until you tried it.
That same idea, that what works for one situation doesn’t automatically work for another, shows up constantly in the work we’re doing on building and managing privacy programs.
Comparing Programs Is a Lot Like Comparing Careers
I’ve sat in rooms with mid-size companies, a few hundred employees, who collect some marketing data and basic sales contact information. They look at a massive global consumer brand and think they must have this privacy thing figured out. They have the budget, the headcount, the tools.
I’ve also sat in rooms at one of those massive consumer brands, the one with consumer data, including sensitive data, marketing data, and employee data across a dozen countries, and heard the identical sentiment in reverse. They look at the smaller company and think it must be so much simpler over there. Fewer systems, fewer laws to track.
Different Rooms, Same Instinct
Both of them are looking at each other with a little jealousy. Both are a little bit right, and both are missing the point. The mid-size company with limited personal data doesn’t need the same infrastructure as the global brand managing sensitive data across multiple countries and business lines. But simpler doesn’t mean solved. The mid-size company still has real obligations tied to the data it collects, and the global brand’s scale doesn’t mean its program translates cleanly to a company a fraction its size, even if its tools look impressive from the outside.
Rightsizing Your Program
The same lesson applies to both of these companies (and maybe yours too). Stop measuring your program against someone else’s program.
A small company with more sensitive data might actually carry greater privacy risk than a larger company handling mostly basic consumer data. Both need programs that comply with applicable laws. What the program looks like should be rightsized to the risk of the company, which is based on the type of personal data processed and not the size of the logo.
A mature privacy program isn’t defined by how much it has. It’s defined by how well it fits the risk, the data, and the resources of the business it belongs to.

I’ve worked with clients who felt like they were falling short because they didn’t have automated privacy rights tooling or a dedicated privacy engineering function. They weren’t falling short. They were running a program sized correctly for a business with a narrow data footprint.
I’ve also worked with the opposite, companies convinced they were overbuilt because a peer their size seemed to be running lean and getting by fine. They weren’t overbuilt either. Handling sensitive data across a dozen countries and a dozen business units is a different job than handling names and email addresses for a regional customer base, even if the headcount looks similar on paper.
Some companies need fancy automation. Some don’t. Some need privacy engineers. Others aren’t a software-driven business and get by fine on basic business applications. It’s a matter of knowing what’s actually right for your organization, not what looks right from the outside.
I do recommend finding privacy friends to compare notes with, because privacy is hard and this work can feel isolating without people who understand it. Just don’t compare and wish you had a fairy wand for their program. It might not even be relevant to yours.
Learn From Others, Don’t Copy Them
It’s the same thing I see in careers. In-house, solo, agency, staying put a little longer, there isn’t a version of that decision that’s right for everyone. The right one is the one that fits what a person actually needs and values right now, not the one that looks most impressive from the outside.
For me, that’s time. It took a hospital room thirteen years ago to make that clear, and how I looked at my career changed after it. For someone else, it might be depth of expertise, or financial security, or building something with their name on it, or simply staying somewhere steady while other parts of life take priority. None of those are lesser answers. They’re just different answers to the same question: what actually matters to you right now?
Whether it’s a career change or building a program, learn from others to inform your thinking and focus on what’s best for you, or for the company.
Jodi
💡 When you’re ready, here’s how we can help:
⚙ Privacy Advisory & Implementation: We help companies navigate privacy requirements with confidence. Our advisory support covers strategy, operations, and real-world implementation.
⚙ Fractional Privacy Services: We provide fractional privacy leadership tailored to your needs and pace. From program development to day-to-day support, we help you build and sustain a strong privacy program.