VP, Deputy General Counsel & DPO at Twilio
Mar 22, 2021
Sheila Jambekar, VP, Deputy General Counsel & DPO at Twilio shares how the relationship between engineering and privacy has evolved over the last decade, what stands out to Twilio customers when it comes to privacy, and how her career transitioned from litigation to privacy.
Daniel Barber 0:17
So today, we’re thrilled to welcome another industry leader in privacy. I’ve been really looking forward to this one, Sheila, Jen Baker, VP and Deputy General Counsel and DPO at Twilio. Welcome, Sheila,
Sheila Jambekar 0:29
thank you so much. It’s, it’s great to be be joining you,
Daniel Barber 0:33
indeed. So do you want to give us a brief introduction? Obviously, we’re just having a chat there. But we’d love to learn a little bit about how we’re talking today.
Sheila Jambekar 0:42
Yeah, so I as you mentioned, I am the DPO. And I head up privacy at Twilio built our privacy program here. I joined Twilio way back in 2015, about three or four months before safe harbor went down. So if those who go way back, remember, remember Safe Harbor, it was a very interesting time to join a new company that was growing very fast.
So have been excited to be building the program at Twilio, during a very dynamic time, both at Twilio, which has grown like crazy in the last five years. But also during a very interesting kind of crazy time in the world of privacy between safe harbor GDPR. Now ccpa, the privacy shields getting taken out. That’s been a very interesting time and to be at Twilio and building the privacy program, but also very exciting one. And a lot of fun, frankly, you know,
Daniel Barber 1:43
I find it very interesting seeing books path to privacy, in your case, obviously, coming from the litigation side. But you know, over 10 years ago now and so I just find it very interesting to sort of understand how people landed here. And I’d be curious just to hear about, you know, what drew you into privacy?
Sheila Jambekar 2:00
Yeah, it sort of it was somewhat happened by chance. Certainly I was I was a litigator. When my baby lawyer years, I think that as a litigator, you learn to learn. And that’s what I really enjoyed about being a litigator, you learn about businesses, if you’re going to have to argue a business’s case, you have to understand the business very well. And so I enjoyed that aspect of what I did. And so when I went in house, it was a continuation of just being really excited about being able to get to know a business very deeply. Then I went over to Zynga, great opportunity to do more of that. But it was sort of at Zynga, as privacy issues started to crop up more, both just in the ecosystem, and then having to deal with them at a different kind of technology company.
It was really interesting, those kinds of digging in with the product teams and getting to understand what exactly is happening with the data. And where is it going? What are we doing with it? What’s happening, I just found it really fascinating. So I was lucky to have the opportunity to kind of veer my career at Zynga into more of a product counseling role, which then overlapped with privacy. And then when I came over to Twilio, they were really looking for somebody who had privacy in their wheelhouse. But we were such a small company at the time I joined and the small legal team, they needed someone who was a bit more of a jack of all trades. So privacy was always my mandate at Twilio.
But I was also wearing a bunch of different hats. And so I, I kind of found my way into that. And now as we’ve grown as a company, and we’ve been able to fill out the team more, I’ve been able to focus more in on what I really love. And so it’s really just sort of, oh, that’s really interesting. And taking the opportunities that Kate got presented to try something different in new, and then found my way kind of wormed my way into Can I do more of that? Could I do more of that? Can I do more of that? And here I am today? Yeah, really, it was it was about finding what I enjoyed and got lucky that privacy to also happen to be a good time to decide to move over into privacy, as we’ve seen in the last few years.
Daniel Barber 4:06
Yeah. So I mean, I think there are a couple things that stood out there, just you know, in your party today, and one that I think is relevant to our discussion. You know, you’ve worked for two very developer focused organizations. Twilio is known for having a developer focus community and, and Jeff has a mantra and a book about this now. And so I just find it kind of interesting to understand, you know, that relationship between engineering and privacy and how have you seen that evolve, working through those two organizations,
Sheila Jambekar 4:36
given that what’s happened in the privacy world, I don’t know whether to correlate it to the companies or the changes in those companies or whether it’s really related to just the way that you know, privacy has become so much more important and in the forefront of what of technology in particular so that it’s become more top of mind. But I think that in the way that privacy has developed in the time period that I’ve been Practicing in this area, it used to be much more of a compliancy kind of thing.
It was Oh, yeah, we got to do this thing. Okay, check the box, or the engineers might be thinking I don’t, I don’t know what you’re talking about, okay, they might have a piece of it. Now. It’s something that they’re it’s much more I think, not just embedded within Twilio culture, but I imagine at other companies as well, that privacy is something that you are much deeper in to the technology with your engineers and your product people. It really is not just a it’s not just a check the box compliance thing anymore. And it’s not just because of, Oh, well, the fines got bigger, which is true, the fines got bigger. But it’s also because of just the ecosystem and the reputational concerns and the importance with technology of making sure that your technology is trusted. For that reason, it becomes much more of a core value. And you are seeing that moving into working with engineers and product teams, that they are, instead of us coming to them and saying, Hey, here’s a checklist. It’s much more like let’s consult, let’s brainstorm, how can we do this and really kind of getting in to the weeds with them, and in a partnership way, where they’re trying to achieve something that’s that you know, their product goal. And we’re trying to make sure that we are thinking through how we make sure trust gets baked into what we do. And that we’re thinking ahead to how consumers will be impacted by by how individuals will be impacted and how their data would be handled.
So that that there is that trust that gets kind of built in from from the foundation, rather than something that kind of gets tacked on at the end. And I think that’s been a real shift as well as like, rather than kind of tacking it on to the end really building it in from the infrastructure.
Daniel Barber 6:56
Yeah, there are a couple things he said this or like trust baked in stood out to me. And I just I see that too in in engineers sort of appetite for being involved in the privacy program and where this is going. And more of a partnership. You know, shifting gears a little bit, I think that there’s some interesting things I’m sure you’ve observed over the last year, right. I mean, we’ve had a tumultuous year is probably an understatement.
And there’s been this sort of tremendous transformative change. That’s happened. Twilio seen a lot of success as a business. And I think Twilio as customers have gone through change as well. Just curious what you’ve seen over the last year, you know, involved with Twilio as customers and speaking with customers. What does that look like in terms of privacy?
Sheila Jambekar 7:42
Yeah, I think what I would say there is that it’s somewhat parallels what I was describing in terms of the internal working relationship that we have with the product and engineering organizations where they’re coming to us. And they’re using the terminology and saying, Hey, we have to be careful, there’s PII in there where we have to be, you know, extra careful with how this data gets handled. You’re seeing a similar thing with customers as, for example, it used to be kind of privacy might be something that we just worry about, or customers might be mostly worried about in the context of what language ends up in the contract.
Okay, the contract, we have, by law, we need to have these contracts in place. And now the customers are really much more interested in, well, no, like, What are you? What’s your program? What are you actually doing? Not just what are you saying on a piece of paper, it’s not enough to say we have agreed to comply with all applicable laws, like, yes, they still want that and that assurance, but they’re wanting a little bit more. They want to know that there’s a little bit more meat behind that, and to build that trust, because when they’re using us as a service, they’re putting their trust in us, you know, we are their service provider. And so they have to know that in some way that like what we do is an extension of what they do.
It’s a reflection of what they do. And so that sort of Oh, well, the paperwork looks right. doesn’t quite take it might take care of it on a legalistic level in the sense of like, well, if something bad happens, like we’ve got terms, and we can claim a breach of contract, but that’s not the same thing is you don’t fix a reputation in through those sort of legalistic means. You that’s why more and more we’re finding it’s not just the lawyers that are interested in privacy, and how and our privacy program. It is the product people, it’s the security folks. So it’s not kind of waiting just until that last moment of like, do we have the right words on the paper to have those conversations line
Daniel Barber 9:47
Sheila Jambekar 9:49
exactly. Exactly. So that’s just the end goal. But there’s a lot more conversation that’s happening earlier on in the engagements with customers.
Daniel Barber 9:59
I love to ask Question I mentioned to you earlier, just because I find I find it very interesting to sort of hear the blogs and the publications people are reading. Sometimes it’s outside counsel, sort of publications that people follow. But, you know, what are your sort of top three sources that you read? Maybe on a weekly basis? And where do you go to line and inform yourself?
Sheila Jambekar 10:20
Yeah, no, it’s a great one. I think everybody probably says, Okay. IAPP, which is true, because I do yeah,
IAPP is a wonderful source for a lot of information. And I get all their global newsletters. And, you know, I see things that pop up there that are interesting. It’s always a nice, reliable source for finding a lot of information. But there’s also a few places where I might go for a little bit more commentary or overlay.
I love I follow field fishers blog, and they have this great like data protection newsletter, which I enjoyed that they send out, which kind of gives you some of those those overviews. And so those are kind of my two immediate I go to, I frankly, follow some folks on Twitter and LinkedIn that I just like, oh, they like to post interesting tidbits or information and, and they keep tabs on on what they’re, they’re doing. So believe it or not a little bit of Twitter, a little bit of just LinkedIn, I have enough kind of folks in my network that I’m like, Oh, interesting stuff and pick up some interesting stuff that way.
But then in terms of kind of, like, kind of core sources, tends to be IPP fieldfisher, or check out Hogan, those got some nice stuff on their website, as well as will Jim. So kind of my few of my favorite firms that I like, have that I also leverage is sort of the go twos of what’s going on in privacy. Awesome.
Daniel Barber 11:42
I would say the last one, I asked everyone, whether they’re in security and privacy or everything in between, you know, for folks looking to do perhaps what, you know, your path has been right, that are starting out their career, and they’re beginning or they’re even considering a path and privacy. You know, if you had one piece of advice for your former self, what would it be?
Sheila Jambekar 12:04
that’s a good question. Well, definitely, I would say today, to kind of break in to privacy, definitely get I mean, this is gonna sound so kind of bare minimum, but like, get some of the credentials under your belt, which will give you the opportunity to get the opportunity, take some of the classes, attend conferences, keep tabs on things, like IPP, if you’re looking for jobs, like go find those opportunities to be product counsel, or privacy, or, or find a job to be a privacy analyst, maybe you’re not, you know, you’re not in the legal side of things, but you want to, you want to break in from more of the tech side or the governance side.
Look for those opportunities to work with the privacy team at your company. If you’re maybe not in privacy today. It’s a growing field. And because it also stretches so far across companies, right, like your HR team has privacy concerns, your marketing team has privacy concerns your IT team, well, there’s a lot of opportunities to say, hey, put your hand up, I’m interested in this, let me understand it. And then you know, build some skill sets become the go to champion at your organization, in your department on privacy. And that can be a good starting point to find your way into a privacy focused career. So it’s, in some regards, it is along the lines of what I described of how I got my way into privacy, which was like, Oh, this is interesting, I’ll do that, put your hand and then find your way there. And then you can kind of grab some of those credentials along the way, which also will show kind of commitment to potential future employers that you really mean it. But we have an interesting group on our team of people who are coming from different backgrounds. Not my entire team is not all just lawyers.
We have lawyers, we have folks who came originally from the audit angle, folks who came from it. Certainly some recovering lawyers who are no longer wearing your hats. And we have some engineer for engineer and technical folks as well who are working on my team focused on privacy issues. So there’s a there’s a lot of there’s a big tent, because there’s a lot that can be done in privacy. And so taking those opportunities, I think, to to put your hand up, say I want to work on that project. I want to I want to get to know that a little bit better, is a good starting point, as it gives you a sense of like, do I really like this? Yeah, that would be where I would point people if they’re interested in privacy.
Daniel Barber 14:30
Oh, that’s good advice. I love the just the statement of like, put your hand up and take take the responsibility. I think that’s a that’s a good one. Especially if there’s interest there.
Sheila Jambekar 14:38
Yeah. And I think you know, you’ll probably find there’s a number of people in your department who are like thank God that person put their hand up for that. I did not want to have to do a deal like that. So you will be your your privacy team will be so glad you did and your colleagues will probably also be glad that you took that one so
Daniel Barber 14:58
well. This has been wonderful Sheila, I was really looking forward to our session and, you know, definitely exceeded expectations. And so yeah, look forward to joining again soon. And you can find Sheila’s podcasts on all the major channels. So Spotify, SoundCloud, Google podcast and keep an eye out for the next one in a couple of weeks. Thanks for joining us. You
Sheila Jambekar 15:20
Thank you so much. Take care.