In today’s edition of Voice of Your Peers, we venture to the legal side of the house, where we interview Robert Scott, the VP of Legal at Lattice. Lattice is a people management platform helping businesses grow strong teams and make work meaningful. Our interview with Robert focuses on how he successfully evangelizes and scales privacy to ensure cross-functional alignment. Robert takes us through how he frames privacy as a benefit to each of his stakeholders, and how a European expansion proved the value of a privacy-first approach.
Robert is an attorney and data privacy professional with a unique background that includes stints as a glassblower and winemaker prior to attending law school. Before joining Lattice, he founded and ran a successful law firm providing outside general counsel and data privacy compliance guidance to private equity, early, and late-stage businesses. Robert oversees Lattice’s robust privacy program spanning multiple jurisdictions. Over the years he’s helped several companies navigate complex legal issues, reduce risk, and ensure compliance with all applicable laws and regulations, including GDPR and CCPA.
Who must you get input from to build a successful privacy program?
There are two core stakeholder groups that need to buy into privacy:
- leaders across all core functions at the business (marketing, engineering, product, and finance), and
- individual contributors across all departments who can identify risk.
Let me explain.
Like any program that impacts multiple departments, executive team support is critical. Leadership helps champion the program, so the entire organization sees privacy as an organizational value, taking privacy out of the “checkbox” mindset, turning it into a value the entire organization can support.
With privacy, identifying risk early on is crucial, and we’ve found that individual contributors in product development, for example — and other parts of the organization are our eyes and ears. If they’ve been trained well on how to identify it and flag issues, they help identify risk early on. We’ve worked incredibly hard to create excitement about risk identification with training, and we’ve woven it into the fabric of our organizations. Our managers are the champions that help excite individual contributors who spot the risks.
Talk to us about the different stakeholders. How do you get security excited about privacy? The compliance, marketing, and product/engineering teams?
To get any stakeholder excited, talk to them and understand their motivation in their work. Understand how to be a good partner to them and align with their goals.
Security is the group with which we interface most, and thankfully they are pro-privacy. They are happy to have an in-house legal staff that wants to do legal work, so they can focus on security. Together with security we emphasize data hygiene, and reducing risk with things like data minimization. Security, legal, and compliance have parallel goals as it relates to privacy, and we can pull on the compliance lever if we need to.
With our friends in marketing we talk about how good data integrity and data minimization can lead to increased efficiencies and better data to build campaigns. We also actively lean into privacy being a brand differentiator.
Product puts a massive emphasis on product trust so we talk about how privacy is a trust driver with them. Privacy is a trend we want to be ahead of, and we’re facilitating our customer trust in product and brand for the long term.
Our engineering and analytics teams like hard data; it has to be black and white. Facts. Resourcing can be a constraint, but we always try to make it a partnership rather than an us vs. them issue.
We also remind our American colleagues that we’re an international company, and therefore we need to meet a higher privacy bar — our international team teaches our U.S. team about privacy. We talk about the economic implications of not doing things to the international standard, such as the potential to lose deals because a European company may not choose to do business with us if we share/access data a certain way.
How do you measure or convey the ROI of a robust privacy program?
We know the cost of fulfilling a data subject request manually — before DataGrail — and after. It went from approximately 15-20 emails down to two emails. A huge drop down.
We also talk a lot about brand value, and how privacy builds up our brand loyalty and in the end builds our business.
We’ve seen that intelligence from our privacy program can be used in other parts of our business. For example, we’re actively using the insights learned from the data mapping process to build out a more mature procurement process. We now understand our data processing universe much better, and therefore can identify inefficiencies and redundancies. Visibility into data mapping helps us in negotiations, helping limit the data processing a new vendor might attempt.
What are the biggest obstacles you face when trying to secure budget or resources, and how do you overcome them?
The work is never done when building a privacy program, which means my team and I are regularly asking for more to build. I am constantly asking the question, “what’s the right amount of resource investment that is best for our business?” As a customer-centric business, that question can be reframed as “what’s the right amount of resource investment that is best for our customers?” If I can answer that question, I can gain the support of any stakeholder anywhere in the company.
Occasionally I’ll look outwards at what our technology peers are doing, and use that as a lever to drive initiatives forward. Our expansion into Europe really helped the need for a robust data privacy program. The increased ability to sell into the EU as our security and privacy posture matured over time continues to support expanding our privacy program. We’ve built a brand around security and privacy, and we’re seeing how that ultimately pays off from a financial perspective.
In the end, trust-building across leadership pays dividends in the long run and is how you’ll eventually overcome obstacles that may come your way.