Grailcast

Ep. 14

Paola Zeni,

Chief Privacy Officer at RingCentral

May 19, 2021

Paola shares how accelerated digital change impacts privacy teams and provides advice for executives seeking to staff privacy teams.

Text Transcription

Daniel Barber  0:16  

Today, we’re thrilled to welcome another industry leader in privacy. Paola Zeni who is the chief Privacy Officer of ringcentral. Welcome, Paula.

 

Paola Zeni  0:24  

Thank you for having me.

 

Daniel Barber  0:26  

 Yeah, I mean, I reached out to you, because I feel like you’ve been in the field of privacy for a long time, and some really respectable organizations, perhaps, you know, just kick us off with a little introduction on your background.

 

Paola Zeni  0:36  

Thank you again, for having me. Yes, I’ve been doing privacy for quite a few years. I am an international attorney. I’ve been in technology all my life. And I used to have multiple responsibility mostly as a transactional lawyer. And privacy started being a bit of a big thing in Europe about 20 years ago. 

 

And I was in Italy at the time in, I started adding privacy to my responsibilities. And at the time, it felt like one more thing, but it looked like it could grow. And I thought it was very interesting from the legal point of view. So I started spending more and more time and establishing myself within the organization I was working for I was at Agilent Technologies at the time, establishing myself as a little bit of a subject matter expert for privacy for European privacy issues when you know, privacy was exploding in Europe. And then when I came to the United States, I kept working at Agilent. For I was I was a attorney who supported the chief Privacy Officer at the time. 

 

And then I had semantic in Palo Alto Networks, I joined us organizations, and we can build the program from the ground up. So I had a multiple responsibility, which was not just as a council, but also as a as a program person. And then our drink center. I also am also responsible for for the program. So for the legal portion, or programmatic portion.

 

Daniel Barber  2:01  

Yeah, well, congratulations. You’ve been at ringcentral for three months now. Right. But something

 

Paola Zeni  2:07  

that I started at the beginning of February, yeah,

 

Daniel Barber  2:10  

yeah. Wow, time flies, I have to say, you know, as I was looking through your background, you know, Symantec and Palo Alto Networks really do stand out as kind of iconic companies, and especially in the fields of security and privacy, you’ve kind of watched over the last few years, especially right as we sort of moved from the EU privacy directive to then the GDPR. And then the California and states are all evaluating who wants to go next. How have you seen things evolve since that period of, you know, joining Symantec, and then through Palo Alto Networks? And now what were some key sort of milestones that you saw as environment shifted?

 

Paola Zeni  2:41  

Well, GDPR definitely was one. But there’s been an enormous evolution on the regulatory front, some more laws. And you know, at the time very early, the only thing we needed to worry about was European directive. But then we’re more and more things that happen. So those definitely were important milestone, and before GDPR, even the invalidation of safe harbor, which is you know, Safe Harbor was an important data transfer mechanism and an important thing for companies. So when that went away, and companies had to figure out what to do. 

 

And then, you know, the emergence of binding corporate rules as an option company is also fairly important step. But then obviously, GDPR was was enormous because GDPR really brought privacy to management level to executive level bility, and then also introduced a few requirements, which are, you know, challenging to operationalize for companies. And I think GDPR is responsible for really initiating and spearheading the rise of privacy technology. So the need for privacy technology, because of the complexity of operationalizing, some of those requirements at the same time going out. And then obviously, then last night, the last member, the last person on the table is the United States with ccpa. And then the other state laws. 

 

I do notice, though, that as the moat, as the legal requirements multiply, and it can feel overwhelming for professionals, and unfortunately, companies and professionals like me, I’ve started trying to make sense of it interpret our role, not just as a compliance role, but more as as a really a business enabler. So what what do I do? How do I make sense of all these different requirements? And how do I translate this into strategies and initiatives that really support the business? And you know, I think the evolution has been a privacy leader, a privacy officer really needs to be an advocate for the products, somebody who’s really supporting the revenue generation for the organization that they work for.

 

Daniel Barber  4:41  

Yeah, we’ve seen that. I mean, I think the leading organizations that we work with, you know, really trying to use privacy as a competitive advantage at this point, right in terms of how do they propel their products and provide and build trust with their customers so that you know, ultimately it is revenue generating shifting gears a little bit, obviously, the last 12 months Or 15 months or even maybe longer now have been an interesting period for for change. And I’m sure you’ve seen even just, you know, joining ringcentral, the the business environment is different things have accelerated from a technology standpoint to kind of accommodate for that. How do you see this impacting privacy teams in terms of digital transformation and acceleration there,

 

Paola Zeni  5:20  

there are multiple aspects. Obviously, one aspect that’s important is as companies adopt the different ways to work together and use technology in a different way, it triggers a, you know, different requirements. So the need, for instance, from your policies, more transparency with your own employees, more transparency with your own customers, but when you’re using technology, the other thing that digital transformation is done, it also adds to the biggest problem for privacy professional, which is understanding where your data is, and understanding all the different tools that the company is using. 

 

So that is an ongoing challenge. And it’s like a top priority for all of us. Because understanding how you use the data that is, you know, the determination of the risk, and drives your priorities and drives your investments and all of that. So obviously, anything that increases the use of technologies or changes the way we use technology has this huge impact on that. So it really is our world and the world of the data. And the technological architecture that our companies use is what we need to get a handle on and maintain a handle on. So that’s what has a huge impact. Yeah, so

 

Daniel Barber  6:31  

you know, I, that was an interesting comment there you made of just like trying to maintain this sort of understanding of where all the data is, there’s been a bit of research came out from PwC, in the past week around CEOs concern and they had a survey that came out on privacy is now in many of the publicly traded organizations, it’s actually as a risk area annual reports, I was just very curious, like your perspective, you know, for the folks who are CEOs, or perhaps founders of companies, you know, what advice could you provide them to think about how to staff a privacy organization and when to build one and, you know, any nuggets that you could provide there? And given your experience?

 

Paola Zeni  7:11  

Before answering the question, I want to just elaborate a little bit on the idea of risk, because a lot of people when they think about privacy is to think about the risk of you know, getting fined by regulators, there is actually an another important source of risk for, especially for companies that are in a business to business space, which is the agreements you’ve signed with your customers and with your vendors. So your your salaries, those relationships, and those relationships are critical to your business and to your business model. And that they’re in there, you’ll have a lot of risks in there as well. 

 

So if I were to think about the CEO, stuffing the privacy, hopefully, the CEO has a general counsel who is going to stop him or her so hopefully, that that would that’s the first place where I would start to do it, we’ll make sure that if you’re hiring a GC, the GC understands the importance of data for your organization, and how it impacts the business. So that that she can go out and, you know, staff, the privacy team at the right time. And that time, you know, may vary based on the progress if you’re an independent of the company’s doing, obviously, but for some companies, you know, some companies are, you know, still pre IPO, and they may not have a very large legal team. And yet the privacy professional is maybe one of the very first specialists that they hire once they have. Yeah, so I think the skill set kind of brought it up a little bit about the skills, I think the skills are, you need to have your legal team, somebody who’s able to manage the production and aspects of privacy go, you know, there’s a lot of work on transaction and commercial. So it’s important to have some skill set in that area as well. And that skill set may not be in the privacy team, but you definitely need it in your legal team. So you need someone who’s able to advise set privacy in managing those contractual relationships I was mentioning, you also need somebody who is really able and willing and interested in understanding the technology. 

 

So if you have a product or a service, that’s very data intensive. Now we all are, but there are more than others. You need somebody who’s passionate and wants to really sit down with the engineering teams and understand the product. So someone with an undergrad in computer science or data science or something like that would be very good. A very good type of very good type of skill. So So that’s, that’s important and other aspects of privacy, but maybe not at the very beginning. But eventually, you need somebody who’s going to really be interested in understanding how to operationalize the program. You need to have passion for that. Not just somebody who is going to look at privacy as a legal issue and just, you know, an area where you provide legal advice and then hope that people do what you told them to do. But you really get into you really get into the What does it take to to operationalize automate. processes, get metrics, get data and just become more efficient.

 

Daniel Barber  10:04  

Oh, that’s fantastic advice. You know, we were joking about it earlier, privacy is definitely a hot field. There is shortages everywhere. So I think lots of opportunity for folks earlier in their career to look for exciting roles. I asked every speaker this point, just as I’m always curious about, you know, what people are reading and where they go to read their content. You know, as you sort of think about what you consume on a weekly or monthly basis, where do you go to find your sources, sort of as a privacy pro? And anything you want to share with folks of things that you find interesting?

 

Paola Zeni  10:33  

Well, maybe by another no interest? My, my answer is going to be I’m a member of the Association of your advisor, professionally, the IAPP. And I find the daily dashboard or even the weekly digest that they put together a very helpful rate that want to see what’s going on. And so that is something that I do, I just scan the headlines, and any if I see anything that I may click and read the article, but just the headlines give me a sense of what what’s going on, then, one of the things that I find that very helpful is to being on the, on the mailing list of some key law firms that are some law firms that have a very established Privacy Practices. And so they the quality of what they

 

Daniel Barber  11:15  

any share there that you’d recommend people go to?

 

Paola Zeni  11:17  

burning bird for Europe, very strong in Europe, most of the DLA Piper also has a good 100. They used to be called Antonin Williams, I think they changed the name, but they but it’s hands on. So they also have a newsletter. That is very, is very good. So those are really my Yeah, go twos. And then the other thing is, you maybe expand that and have some newsletters, indicating not just privacy as your interest, but also other aspects, you know, ai or telecommunication. So kind of employment has a lot of privacy implications as well, when you’re setting up for some of this. And the Association of Corporate counsel also has a very good way to organize a digest digest, and you can get the newsletters from them. 

 

And when you’re setting up your filters, just to branch a little a little bit into other areas. There’s a lot of talk about privacy also in when people are talking about cloud, for instance, you know, cloud right now is a very broad term. But privacy is a key component of the legal aspects and legal, legal considerations on cloud. So you’re expanding and you can filters that capture some of that stuff is usually helpful.

 

Daniel Barber  12:31  

Awesome, good ones. I love to close on this question. Just because, you know, I think, you know, obviously, we get executives like yourself joining joining on the show. But we also get a number of folks who are perhaps earlier in their career, and perhaps aspire to be where you are today. You know, if you could offer sort of one piece of advice to perhaps a listener, starting out their career in privacy, considering a potential path down that journey. What would it be?

 

Paola Zeni  12:55  

It’s really more than one, I think that one of the challenges with privacy is that there’s a normal hunger for talent. But when managers have a possibility of hiring someone, they’re generally at the point in which they need the help so quickly, that they go and look for somebody who’s already an expert. So the reason why it’s difficult is that, again, once you get your headcount, you really need someone who’s able to hit the ground running and the reason a lot of opportunity to or bandwidth to train someone. 

 

So that’s the challenge. I think for people who want to start, I think, basically, what I would recommend is, if you’re interested, just get the CFP certification because that’s a good sign that you are what you’re willing to invest more year. If you’re still in law school, make sure that if your school offers any privacy classes or courses, make sure you take those and you add them to your curriculum, and then try to maybe pursue an internship while you are still lost. If you’re if you’re a lawyer, when you sit in law school textbook, or even if you’re not doing many, if there is an opportunity for internship tried to see for instance, that I just hired my very first pharmacy intern who’s going to start a little very excited about that. So that’s a good way to get in the door and then maybe get to a company to know your end a lot of internships and turning to opportunities to get an offer later on. 

 

If you’re writing the profession, and all those things are passed, then you know, then you cannot go back to law school to take private classes anymore. I think that it would need to sit down and do a little bit of maybe networking with people that are in the field, to be able to develop your story of your transferable skills. What is it that you do today, even if you’re not a privacy expert, that would be very, very helpful or would would transfer very easily into a privacy profession, you could be a product counsel, and you know, a lot of transfer. 

 

Yeah, or you could be a compliance person or I don’t know, I’m just thinking or you could be in employment. So that’s another area where they’re definitely or it could be a marketing attorney, and then marketing also vacation. So So that would be my recommendation is to maybe seek out out people that can talk to you, where you can really look at what what are on what’s my complete skill set? And how can I reorganize it? And how can I tell the story that makes me suitable for for a privacy role?

 

Daniel Barber  15:12  

I think that’s great advice. We’re big fans of internships at DataGrail. As well, we actually just give a chief of staff is joined as an intern for the summer from from Columbia. And I love to see folks investing there because I just think it’s, you know, it’s powerful to see people you know, move forward in their career and start out and get mentored from from folks, and so greatly appreciate that. So Are you hiring? Paula? Is there anything you want to share? If folks are looking to join your team?

 

Paola Zeni  15:34  

Well, I just hired so it’s now a full capacity. But if I can, if I can recommend or if you can give any suggestion I mentioned also the challenge of operationalizing operationalizing privacy, if anybody is maybe even people who are in legal operations can be interested in and looking for opportunities to for privacy operations roles. I understand there’s a lot of hiring going on right now in the in the marketplace. And so I’m fully staffed and very excited about my first intern

 

Daniel Barber  16:09  

well look, at definitely appreciate your time today Paola. And thank you for joining us on the show. You can find this recording and other recordings from previous speakers on iTunes on Spotify, on SoundCloud, and all the major channels and obviously on datagrail.io as well. So thanks again, Paula, and look forward to chatting soon.

 

Paola Zeni  16:29  

You’re welcome. Thank you so much for having me. It was fun.

Share

Stay informed on privacy regulations, weekly insights, and the latest GrailCast updates with our weekly newsletter.