Ep. 02

Anthony Stark,

General Counsel at ZoomInfo

Oct 06, 2020

Find out why it is doubly important for data products like ZoomInfo to be privacy leaders and how companies can treat privacy as an opportunity rather than a burden.

Text Transcription

Daniel Barber  0:16  

Right off the back of a super successful IPO, we’re thrilled to welcome Anthony Stark, General Counsel at Zoominfo, the leading sales intelligence platform. Welcome, Anthony.


Anthony Stark  0:26  

Thank you. It’s good to be here.


Daniel Barber  0:28  

Yeah, I thought we’d get started if you wouldn’t mind giving us a little bit of a summary of how you got to Zoominfo and path into legal and we’re excited to hear.


Anthony Stark  0:39  

So I used to work at law firms coming out of law school, I worked at a number of law firms, I ended up actually meeting the CEO for a company called discover org, back in about 2013. And he sort of got me interested in his business, and I was acting as outside counsel for a while. At that point, they were still essentially a sort of late stage startup. And he recruited me to come on as their first in House Counsel and that was back in 2014. I grew with the business really over the next few years, we were growing pretty fast. We made a couple of big acquisitions. 


The biggest was in 2019, beginning of 2019 we acquired zoom info and the merged and took on the name of zoom info. So that’s where we are now. I think we went from about 100 people when I started to well over 1300 employees now with the combined company, as you mentioned, we we just went public in June of this year. So it’s been a really exciting ride and more to come.


Daniel Barber  1:49  

I actually just finished Henry’s podcast with Jason Lemkin. And so it was kind of funny, him talking about the name change, and the internal struggle around the name change between discover org and zoom info. So I thought, yeah, it’s kind of kind of a funny one. But yeah, you you’ve been there since since the beginning, which is impressive.


Anthony Stark  2:08  

I mean, there are people who were there. Long before I was I think that company was originally founded in Henry’s house when he was in law school, in Columbus, Ohio. So I don’t go I don’t go quite that far back. But But yeah, back to the early days. I’m one of the old timers now.


Daniel Barber  2:27  

Yeah, yeah. Well, look, you know, obviously, when we’re thinking about folks to join the the GrailCast, you were sort of top of the list, especially given your zoominfo’s business, and you’ve been with the company a long time, I’d love to just kind of hear a little bit of your background as you looked into the GDPR 2016 2017. And now, of course, we have CCPA, in effect, so at least folks in California have some sort of privacy protections there. Yeah, I’m just curious, your perspective on what led us into the GDPR? And how you see things shaping up with the CCPA?


Anthony Stark  3:00  

Sure. So basically, what zoominfo does is, as I know, you know, is we’re a provider of information for business to business sales and marketing. You know, we profile companies large and small. And the business professionals that work there, we help our clients identify the right sales targets, and to make you know, contact with them more easily at the right time, providing the the data and insights to do that.


So privacy has become really important to our business, because, you know, the core of our product is this database of information. Now, if you if you think back to before 2018, privacy didn’t really impact our business, because the kind of data that we provide is not traditionally considered the subject of privacy regulation. You know, you you had HIPAA and FINRA and various statutes that dealt with certain kinds of information, usually something more sensitive credit worthiness or health information. You had your privacy statute in California, that the shine the light law, but even that was was limited to certain kinds of sensitive information, whether that be account numbers, or social security numbers and that sort of thing. 


You never really had a privacy law that dealt sort of with personal data as broadly defined, as you’re seeing now. You know, the big change that came in 2017, when or I forget when the GDPR was actually passed, but obviously went into effect in May of 2018. You know, seeing this coming in 2017, we really started to ramp up our compliance, knowing that this was going to actually for the first time apply to what we were doing. So it was an interesting experience. We spent a lot of time just scrutinizing the regulation and applying it to what we were doing and we spent a lot of time building out these compliance mechanisms. 


One of the one of the main things that We had to do is set up a system for providing notifications to all of the the people who stated that we that we have. So unlike a lot of businesses where a lot of businesses are collecting data primarily from their customers, so there’s an interaction there. We’re a database of third party data. So we’re aggregating data from a number of sources not not interacting specifically with those people. So so the notification requirement was the was the big hurdle for us. And providing notification across millions of records is actually a quite a logistical challenge that that we were able to pull off. 


Another thing that we that we implement had to implement was the ability for people to opt out in an efficient way. And again, when you’re dealing with databases of millions of people, that’s quite a challenge. In today, we have a hybrid of an automated solution, we built out a privacy Center, where anyone can come in, access their information, or opt out of the database. And then we have a privacy team, a fulfillment team that’s able to handle sort of edge cases where maybe something doesn’t quite fit into the automated flow. 


So we devoted a lot of resources to building out those compliance mechanisms in advance of GDPR. In that position, as well, really, when the ccpa came down, because at least from the perspective of our business, and the kind of data that we process, the the regimes are quite similar GDPR and CCPA. They both require notice of some form, as well as honoring, you know, data subject rights to access and deletion. 


So we were well positioned, because we were kind of ahead of the curve on GDPR. There wasn’t a lot of guidance on what GDPR was going to mean for people. And so yeah, we felt like, you know, we were trying to be conservative, but we didn’t really have any feedback to know whether we were doing the right thing. And, but but we feel like we got ahead of it. And we’ve sort of, you know, over the years, we’ve had 1000s of conversations with our customers, from small SMEs up to multinational corporations, and we feel like we’ve done a good job of being able to establish a position on our privacy, compliance protocols, and become sort of a leader in the in the business to business information space on those issues.


Daniel Barber  7:26  

Yeah, that was why I was definitely excited to have you on the show, you know, in terms of that investment, where did you go in the early stages to sort of like as resources, what would what would sort of be your top three resources that you go to today, or you went through as you’re, you’re looking to implement the program that you’ve just described.


Anthony Stark  7:44  

Well early on, it was just really a lot of us trying to find find our way manually, you know, just research, reading the statutes and, and trying to follow the guidance that was coming out, as nascent as it was, you know, nowadays, there are a lot of really good resources on privacy, that IAPP is, of course, a great resource. So we follow their news feeds and their updates. 


And we’re a member of the US Chamber of Commerce privacy Working Group, which is a really great group they meet every week, they provide ongoing updates, both on the status of you know, various privacy issues, as well, as you know, the status of various proposed legislation. They take positions on things, and it’s really a valuable resource.


Daniel Barber  8:31  

That’s a good one. That’s actually the first time that one’s been mentioned. So for listeners could be a good resource for the group. Anything else that you you look at on a regular occurrence?


Anthony Stark  8:41  

You know, for general legal information, we’ve got a Westlaw subscription. But yeah, beyond that, it’s just kind of monitoring, monitoring the news and just keeping track of what’s coming down.


Daniel Barber  8:52  

Yeah. Well, you and I were talking about these next topic, before we jumped on just kind of the risks across the landscape. There’s obviously been changes with Privacy Shield and other regulations moving forward. What risks do you see in the landscape today?


Anthony Stark  9:07  

Yeah, I mean, obviously, the cross border data transfers is the most obvious one. I think there’s just a lot of uncertainty right now. I think it’s only a matter of time before the standard contractual clauses start to come into question. I mean, I think there are already are. Now it’s hard to imagine that we won’t work something out. But nobody knows when that’s going to be and what exactly it will look like. So, you know, there’s just so much uncertainty right now.


Daniel Barber  9:39  

That goes into our next topic, which is sort of like around opportunities. I mean, it sounds like you’ve identified one there. Where else do you see sort of opportunities in the business in terms of privacy?


Anthony Stark  9:50  

It’s hard to say specifically, but I think you know, it just in general, it’s an attitude of being privacy for I think a lot of people try to hide from privacy, like A lot of compliance areas and think of it as a burden. But at zoominfo, we’ve always seen it as a differentiator, you know, the more that we can do to promote privacy to promote transparency, the better that is for our business, because that’s what our customers demand. 


And, and so in, we obviously want to be able to provide the best product that we can, but also, you know, to separate ourselves. And this is one way that we can do that. So, you know, I talked about the resources that we’ve put into privacy, and we feel like that’s paid, you know, paid returns to us in terms of how we can handle those conversations with our customers that are really concerned about, about compliance and privacy.


Daniel Barber  10:46  

I mean, you’ve kind of touched on a little bit, but, you know, just the the advantage that zoominfo can have here, I feel like, you know, especially post IPO, how do you think about that advantage in the market?


Anthony Stark  10:57  

Yeah. And again, this is kind of it’s, we’re in a unique position, because we’re a data business, right? Not every business is going to have privacy is probably not going to be a differentiator for every business out there. Right? Yeah. 


But for us where the nature of our data is in the personal information, space, privacy is something that people are really, really want to know about. And so we’re constantly thinking of what else can we do? What How can we be more proactive in the privacy space? How can we improve transparency while still providing the best possible product? And so I think having that attitude of compliance and having that attitude of like, constantly thinking about what else you can do, it’s beneficial. 


And again, I think, you know, thinking of privacy as just something that you just have to deal with, it makes it more unpleasant. But if you can think of it as an opportunity rather than a just a burden, I think it’s it’s, it’s sort of more fun. It’s a it’s an interesting challenge. And it sort of makes you feel good to feel like you’re trying to do the right thing.


Daniel Barber  11:59  

That’s awesome. Yeah. Well, thank you for spending the time with us. As mentioned. You can find more information on our subscriptions on Spotify, on SoundCloud, and on all the major outlets but again, thank you, Anthony for the time and look forward to chatting again soon.


Anthony Stark  12:16  

Absolutely. great to talk to you.