DataGrail recently interviewed Tara Taubman Bassirian, Data Protection and IP Consultant at Data Rainbow to bring you insights from a leading legal professional in the field of data privacy.
DG: What is your role at Data Rainbow and what inspired you to pursue a career in legal and privacy, specifically focusing on the GDPR?
TTB: In a previous life, I was a corporate lawyer in France, and now my main focus is Data Rainbow: my consultancy. Prior to Data Rainbow, I was involved in online safety, heavily researching and advising on how to stay safe online — whether you’re an adult or a child. This lead to completing a Masters of Communication and Internet Law at Queen Mary University. In short, I’m passionate about technology and want to help others make the most out of existing technologies while mitigating any potential risks associated with the internet.
Over the last few decades, technological innovations have profoundly impacted the daily lives of nearly everyone in the developed world. Technologies on the market are constantly evolving, and even older generations are adapting to the many improvements in their everyday lives. Data has become the new oil, as it’s as valuable as any commodity.
Unprecedented quantities of personal data are mined and analyzed. Collecting, storing, and aggregating is the new business model for many technology companies in our digital world, as data storage is inexpensive, and its value is ever increasing. Data Protection regulations — such as the GDPR — aim to reestablish the balance between the rights of data subjects and the data industry.
I strongly believe that privacy matters and want to ensure that privacy is maintained alongside the surge in data capture and analysis. Privacy equals transparency plus control. Without privacy, there’s no freedom nor human dignity. In turn, legislation needs to adapt in line with technological advancements; the right to privacy is a human right that needs to be fought for. The totality of privacy risks associated with the digital age are still largely unknown by most people, and we need to be educated on the potential negative outcomes before they arise.
DG: What is your favorite part of working in the legal space, specifically covering data privacy practices?
TTB: I would recommend any newly qualified or even established lawyer who loves innovation to enter the field of data protection, as it’s intellectually stimulating. There are continuous advancements in the technology space, which can lead to breaches of privacy or personal data. Within the technology industry, data protection lawyers are truly at the forefront of regulation. The privacy issues we’re experiencing today didn’t occur 30 years ago. With information becoming more and more accessible to us, data protection lawyers can uncover what’s going on in the technology space, how to anticipate potential negative outcomes, and how to create the best solutions for it.
No day is routine, and each one brings about new regulations, new guidance, and new challenges. As a result, there’s a need to constantly update knowledge. Not only that, but potentially everyone is affected. Most of us in the developed world use smartphones and have social media profiles, so it’s in our best interest to be fully informed on the potential effects that technology can have on our lives. Technology greatly enriches our lives but giving up our privacy for its benefits is too big of a price to pay.
DG: With rising consumer privacy awareness, how can businesses best inform users that their data is secure and private?
DG: As someone voted Privacy Hero in 2018, what advice do you have for other privacy professionals in terms of gaining experience, knowledge, and being able to find and implement solutions for companies?
TTB: The downside of this professional field is its high barrier of entry. It’s difficult to get your foot in the door without no practical experience. There’s a reticence towards hiring a Data Privacy lawyer who has not had prior experience in that role. This is further impacted by that fact that GDPR legislation requires that Data Protection Officers have legal qualifications. This poses an issue as lawyers can lack technical knowledge, while IT specialists lack legal knowledge.
Working as a Data Privacy lawyer requires extensive knowledge of both the legal and the technical worlds. There’s a serious need for lawyers with IT knowledge, as Law universities often do not teach IT. In effect, there’s a disconnect between the skills and experience required and what already exists within the market. Therefore, as a lawyer, I recommend using every resource available for self-education.
DG: Based on your knowledge and experience with the GDPR, what advice can you give to companies in N. America who will have to face similar upcoming challenges with the CCPA and Nevada Privacy Law?
TTB: North America is quite different from the EU in the sense that there’s no blanket protection but a patchwork of sectorial regulations. Furthermore, many Americans confuse PII with Personal Data. Also, some US companies have preferred to ignore the GDPR by banning EU customers from accessing their websites. However, they will now have to comply with the CCPA and other regulations.
Compliance with data protection rules creates trust amongst users. Keeping data accurate and cleaning up stored data to keep only what is necessary is a component of a good business. Data mapping is also a good start to see where data is collected and stored.
Enjoy this interview? Check out our previous Interview Series with Alexandra Ross, Director, Global Privacy and Data Security Counsel at Autodesk!