Chief Privacy Counsel at ForgeRock
Feb 18, 2021
John shares what drew him from corporate law to privacy, his top information and learning sources for privacy pros, and how ForgeRock customers find success in leading with privacy
Daniel Barber 0:18
Today, we’re thrilled to welcome another industry leader in privacy. John Phantis. Chief Privacy Officer at ForgeRock. Welcome, John. excited to learn a little bit about your background and what what led you into privacy? Maybe do you want to just give us a brief introduction and perhaps describe, you know, what your job at ForgeRock is?
John Phantis 0:37
Yeah, of course. Thanks. And I should have said earlier, Thanks for the invite. So a brief introduction to myself. As you say John Phantis, chief British Council FordgeRock, a UK qualified lawyer, I’ve been specializing in corporate commercial and privacy law for more than 20 years now a bit more background about four draak leading identity and access management company headquartered in San Francisco, an international workforce across our key UK, eu and Asia Pacific markets, we have a global customer database. And I’m really delighted to say that we recently be recognized as industry leaders having been placed in Gartner’s Magic Quadrant for access management copies, your calls and Leadership Conference report is overall leader and KC and ciim platforms, and also Forrester wave, the ciim. a, we’re all hugely excited about that. And for me, from a personal perspective, I think it is a hugely impressive achievement for a mature startup. Agree.
Daniel Barber 1:35
I was particularly interested in your background, john, because you spent over a decade in corporate law and maybe longer, then made this transition to privacy, which I find very interesting. Obviously, privacy is growing in its luster. But what drew you into the privacy field?
John Phantis 1:51
I think it’s probably to do with my philosophy that lawyers need to refresh their skill sets to stay relevant in a fast moving complex global economy. I think that means lawyers need to reinvent themselves on a regular basis. I mean, you know, you just mentioned that, you know, the importance of data is is is growing. I think global digitalization is moving in such a mind bending speed that when you read a tech press estimate, he will see that 90% of the world’s data is being created in the last two years. Right? And how many, you know, how many 1000s of years of humanity has there been, you know, data has been produced for a long time. And in the last two years, 90% of the world’s data has been created. This is crazy, you know, 1.1 trillion megabytes are created each day. And 175 zettabytes will be residing in the cloud by 2025. And that is about a year an increase of around 60%, from where we are now. So as I said, mind bending numbers and moving at mind bending pace, and you know, all of these numbers are going to do really is just drive data privacy going forward, compliance is going to be such a massive part of what is being done with data in the future. So coming back to me personally, I had an opportunity to reinvent myself as a privacy lawyer at an interesting time at at varizen. At the time, I kind of got into big global privacy changes or on the distant horizon. I always been interested in data protection, compliance, and Verizon was a great place to learn my new trade, and it turned out to be a great career move.
Daniel Barber 3:31
Yeah, that’s great. So I mean, you know, I think given your experience at Verizon, and now seeing what you’re seeing at four DRock, what has been a surprise in sort of those changes?
Unknown Speaker 3:41
A few things, actually, I think the first primarily the speed at which data protection is transformed from a kind of a stale compliance issue into a business critical function for global enterprise. I suppose part of that is to do with a wider story regarding the drive towards a global digital economy, that another thing that surprised me is the influence of GDPR on global privacy developments, I think we got to do really is look at what’s happening with a consumer privacy legislation in California ccpa. That’s morphing into GDPR medium at the moment from GDPR live. And I suppose a related topic, you know, fingers crossed, we’ll be getting a federal privacy law in the US during Biden’s presidency.
Daniel Barber 4:20
Yeah, I mean, I think that’s a that’s a topical point for everyone in privacy at this time, you know, with Virginia’s move this past week, 50, different separated states running different regimes will be very challenging. And so I think, you know, to your point, fingers crossed,
John Phantis 4:38
he was using this huge, hugely challenging and it’s not scalable. In a certain point, the US is gonna have to bite the bullet and put a federal privacy law in place. And I think that, you know, closing out that points in a say, eu privacy law is going to continue to drive improvement in global standards. It’s great that California has got this law in place, but the you As the rest of the US, the rest of the states in the US, so to say are lagging behind. I think the final point, and I think this is quite topical, which is, you know, is how COVID-19 is impacted enterprises in 2020, I think there’s been my understanding has been an exponential increase in remote working and digital workforces. And that’s had a big impact on security and privacy issues, that in itself is driving the need for more sophisticated identity and access management tech, I think that you know, the cats out of the bag. Now, you know, people are working from home, they used to work from home, they may not have had the latitude in relation to that previously, employers are seeing how that’s working. So I think there’s gonna be, you know, more of these hybrid models of you know, working at home working in the office, that’s going to be way more common as the economy starts to power up after the awful pandemic, and we start getting back to normal, I think that’s going to become the norm.
Daniel Barber 5:51
Right. Right. Yeah. So I mean, sort of related to that. Right, you and we were talking about earlier, you interface with the number of federal customers on a regular basis? How do you see for drug customers, you know, taking advantage of privacy, and perhaps, you know, leading to competitive advantage?
John Phantis 6:08
Well, I can safely say that data protection is top of mind for our customers. And it’s usually one of the first diligence items a customer leads with during pre sales. So as you say, do customers leverage privacy? Well, I might I have a philosophy whereby data protection should be a background issue during customers diligence phases, I think that philosophy is reflected in full draft Mo, particularly because we have a customer first approach, which provides the appropriate level of assurance that our customers require around data protection compliance. And that philosophy also provides our account executives with greater freedom to focus on how unique technology stack will benefit the customers enterprise. Clearly, in times when the digital global economy is powering forward. Data Protection is really a core aspect of our brand, and is reflected in our advertising.
Daniel Barber 7:00
That’s great. Yeah. So I love to ask these two next questions to everyone on the show. So the first one being, you know, we’re all looking for different information sources, I find it very interesting to see what people are reading? What are your top sort of three sources as a privacy pro? And where do you go to learn about privacy?
John Phantis 7:20
So yeah, so you know, my my professional life revolves around interpreting global privacy laws and taking a risk based approach towards privacy compliance, that means I need a lot of clear guidance from regulatory sources. So my go to regulatory source tends to be the UK data protection regulators website, ie the Information Commissioner’s Office, that’s an excellent website, it’s got sorry, guidance offering. And I don’t think Brexit is going to impact that too much. And my second go to site is the EU data protection regulators website, that’s the EU Data Protection Board. That’s a good website. It has a few gaps, but it is fairly solid, where it has offerings on particular topics. And then I tend to look at UK law firms and Irish law firms, websites, you know, follow their webinars, look at other material, podcasts, newsletters, and that really, they really do tend to provide excellent guidance on issues that we hang on on a day to day basis. Makes sense?
Daniel Barber 8:19
Awesome. He’s the last one. So obviously, you’re now leading privacy at forge rock. But you know, for folks that are perhaps starting out their career or considering a career in in privacy. If you had one piece of advice you could offer, what would it be my job to do is develop a risk based approach mindset towards data protection as early as possible in your career,
John Phantis 8:41
I have a saying that the privacy tail shouldn’t be wagging the business dog. And to me that translates into when you’re designing a privacy compliance measure, you need to do so in a way that strikes a sensible balance between protecting the business which is every privacy lawyers, main imperative, but then also fitting that measure around the business model. And making it very easy for the business to buy into that it’s very easy, very easy, actually, for a data protection officer to fail to see the wood for the trees and get hung up on unfriendly measures and creative friction, because they can’t actually see past what their main function is, ie in relation to protecting the data. And they need to be sensible in the way they approach these things. And I think that’s, you know, if you don’t take that perspective, Outlook, you’re gonna have a super hard time selling any kind of concept around a privacy matter to the executive leadership team, ultimately, the you know, the executive leadership team of the enterprise you work for. And I think a kind of a related tip to that is, I think it’s a great idea to be enhancing your collaboration, communication and presentation skills at the same time. That really helps you successfully sell and implement privacy compliance measures, particularly when those measures are going to be transformative and that particular day stakeholders are going to be impacted by that and have to live with it. I think that really is a critical, soft skill for your career progression. And, you know, clarity and precision in your communications are always key. And then I suppose, you know, the final tip is everything that you do has to align with the objectives of the business. So essentially, you have a business case for whatever you do.
Daniel Barber 10:21
That’s awesome. Well, thank you, john. This has been a lot of fun. I always love to hear from folks what drew them into privacy and you’ve definitely got quite the story and I got a couple of new information sources for myself, so I’m gonna check those out. But yeah, thanks for coming on the show. You can check out John’s session and other speakers across all the different channels. So Spotify, iTunes, SoundCloud, Google podcasts, and yet keep a lookout for john at ForgeRock. And thanks again and talk soon.
John Phantis 10:53
Again. Thanks for the invite in greeting with you, Daniel. Cheers.
Also available on
Stay informed on privacy regulations, weekly insights, and the latest GrailCast updates with our weekly newsletter.