Our CEO, Daniel Barber enjoyed sitting down with Ruby Zefo for an episode of the Grailcast to hear about her take on the overlap of design and privacy. Our blog post shares the highlights of that conversation.
Ruby Zefo, Chief Privacy Officer at Uber, thinks about digital privacy the same way you might think about safety while driving. Consider a race car driver. As the wind whizzes past, the driver can enjoy the speed, thanks to a harness, helmet, roll cage, and other equipment that is keeping him safe.
“He’s able to enjoy the experience because he has these safety features built-in,” Zefo says on a recent episode of our podcast, the Grailcast.
The driver trusts the car because he knows the manufacturer has designed it with safety in mind. Tech innovators need to take a similar approach, focusing on privacy at the same time as they build out the user experience.
“If you design your products and services with privacy in mind, then people will know that… they can just enjoy the experience you set up for them without worrying about it,” Zefo says.
These days, most people think of safety as an entitlement. They wouldn’t even consider driving in a car without seatbelts or airbags, no matter how well-designed the vehicle is. Zefo believes that privacy is going to become non-negotiable for tech consumers in the same way. Because of that, designers need to place privacy at the forefront.
“That’s the way we should be thinking about data privacy and security when we’re building things,” she says.
An Unexpected Career Focus
Zefo never imagined that she would be a leader in tech privacy when she graduated from Stanford University Law School. After working for a legal firm post-graduation, she was a counsel at Sun Microsystems in 1999 when CEO Scott McNealy bluntly told reporters, “You have zero privacy anyway. Get over it.”
Despite that, Zefo hired someone soon afterward who took a genuine interest in digital privacy, she says. Later, Zefo was working at Intel when discussions about privacy came to the forefront again after the company acquired security software specialist McAfee Inc.
“I was basically drop-kicked into it just very abruptly and also told to pick up cyber security at the same time,” she says. “Having both the cyber security and the privacy legal role was extremely helpful to get the bigger picture.”
That was the foundation for the rest of Zefo’s career.
“Practically overnight, I was told to build a global legal team to be able to handle this new set of challenges immediately on the horizon,” she says.
Soon, she found herself at the forefront of digital privacy.
“The more you do, the more you learn, and the more you get to shape what happens next and be helpful,” she says. “That’s what I wanted to do.”
An Obligation for Stewardship
Today, Zefo believes that brands have an obligation to be good stewards of their users’ privacy. In part, that’s because the innovators have an understanding of the technology that most people lack.
“The data processing part of it is still a mystery to the average consumer,” she says. “It’s impossible for consumers to do this for themselves.”
That starts with embracing privacy protections as an essential part of the innovation process, she says. There’s no need for privacy concerns to hamper innovation.
Zefo is watching the legal and regulatory status of privacy requirements closely. Laws like the California Privacy Rights Act of 2020 (CPRA) will advance consumer rights and increase the need for accountability. Companies must be ready for that since governments around the globe will pass more legislation.
“That’s only going to keep happening,” Zefo says.
People who want to keep ahead of the regulatory framework can utilize resources from The International Association of Privacy Professionals (IAPP), where Zefo sits on the board. Information from law firms and guidance from data protection authorities can also help people see what might be on the horizon for consumer privacy.
“That’s very important, to see where [regulators’] minds are going,” she says.
Getting Started in Privacy protection
To people who are just starting their careers in tech, Zefo has a simple message: calm down.
“This is just the beginning of a very long journey,” she told her daughter’s graduating class.
Your first internship might not lead to a job; your first job might not be career-defining. There’s no prescriptive career path for getting into this field.
“It may be a very crooked path,” Zefo says. “But you can find your way into a very good role, no matter where you start out, because all of us have really diverse backgrounds.”
The most valuable thing you can have is the willingness and desire to keep learning. In a field that moves as quickly as data protection does, that’s essential. In fact, Zefo credits that attitude for her own success.
“If you asked me what will keep a person valuable through a lengthy career, it’s your desire and ability to learn new things quickly,” she says.
If you have that quality, dive in. “We really need more people in the field,” Zefo says.
To get the newest Grailcast episodes and blog summaries in your inbox, subscribe to our newsletter.