Intro: 00:01

Are you ready to know what you don't know about Privacy Pros? Then you're in the right place.

Intro: 00:06

Welcome to the Privacy Pros Academy Podcast by Kazient Privacy Experts. The podcast to launch, progress and excel your career as a Privacy Pro.

Intro: 00:17

Hear about the latest news and developments in the world of Privacy.

Intro: 00:22

Discover fascinating insights from Leading Global Privacy

Intro: 00:25

Professionals and hear real stories and top tips from the people who have been where you want to get to.

Intro: 00:32

We're an official IAPP training partner.

Intro: 00:36

We've trained people in over 137 countries and counting.

Intro: 00:41

So whether you're thinking about starting a career in data privacy or you are an experienced professional, this is the podcast for you.

Jamilla: 00:57

Hi, everyone, and welcome to the Privacy Pros Academy podcast. My name is Jamilla, and I'm a data privacy analyst at Kazient Privacy Experts. I'm primarily responsible for conducting research on current and upcoming legislation as well as any key developments and decisions by supervisory authorities. With me today is my co-host is Jamal Ahmed who is a Fellow of Information Privacy and CEO of Kazient Privacy Experts. Jamal is an established and comprehensively qualified privacy professional with a demonstrable track record solving enterprise-wide data privacy and data security challenges for SMEs through complex global organizations. To date, he has provided privacy and GDPR compliance solutions to organizations across six continents and in over 30 jurisdictions, helping to safeguard the personal data of over a billion data subjects worldwide. Welcome, Jamal.

Jamal: 01:43

Hey, Jamilla. How's it going?

Jamilla: 01:44

I'm good, thank you. How are you?

Jamal: 01:46

You know what? I'm fantastic. Look at this. Check this out, we've just received this in the post. It is an award. It's an award to the Privacy Pros Academy for the best data privacy training provider as the Global Choice for 2022. So super delighted about that.

Jamilla: 02:02

That's excellent. Congratulations.

Jamal: 02:04

Thank you. It's all of the amazing podcast you've been doing that you must have persuaded someone to award that to us.

Jamilla: 02:10

Clearly, it's definitely down to that not. I'm very excited for our guest today. Our guest is Matthew Lowe, who is a senior consumer data privacy attorney at IBM. And he has previously held roles such as global cybersecurity policy Manager and data privacy expert. Matthew is also lead instructor, data Privacy and cybersecurity at BrainStation, which is the global leader in digital skills training. Matthew received his JD and MA from the University of Illinois College of Law. And he received his Masters of Law LLM Cyber Law and Data Privacy from Drexel University's Thomas R. Klein School of Law. He has been published in globally circulated academic journal, and in his spare time, he teaches privacy and security. Welcome, Matthew. Thank you for joining us.

Matthew: 02:52

Thanks for having me.

Jamal: 02:53

Welcome to the Privacy Pros podcast. Matthew, I feel like this podcast was really created just so that we could have you feature on it with such a credible and demonstrable history of all of the amazing things you've been working on and continue to work on.

Matthew: 03:06

I appreciate that. And also, congratulations on the award. I didn't know about that, but now I feel like I'm definitely in the right place. So I'm excited to have this conversation. All thoughts and opinions on my own here. If anyone takes any issue with anything I've said, if I accidentally said anything super controversial, my own thoughts, don't go after anyone that I'm affiliated with or anything like that.

Jamilla: 03:24

You can come after me.

Jamal: 03:26

Listeners, don't worry about that Matthew. She's got your back.

Jamilla: 03:35

As we always do on the Privacy Pros Academy podcast, we always start off with an ice breaker question. So, Matthew, what website or app doesn't exist, but you really wish that it did? I can tell you mine. It’s been borne out of my housemate being away for three weeks, and it's like a version of Tinder, but when you need someone to remove a spider from your house that's what I would want..

Jamal: 04:03

I would want to match somebody who's going to come and remove a spider from your house.

Jamilla: 04:08

Yeah, or just any bug, really. That would be great. Or because I'm quite short if someone could reach like high shelves so I don't have to fall off a chair whilst doing so. Some version of Tinder for like, household.

Jamal: 04:20

Have you tried asking your neighbours to help?

Jamilla: 04:22

No, I don't talk to my neighbours. Maybe I should.

Jamal: 04:25

Yeah, maybe try talking to your neighbours.

Jamilla: 04:29

We live in the digital age. I've forgotten how to make friends.

Jamal: 04:31

I'm sure we can help you with that. I was thinking about this a little bit earlier today, actually off the back of a conversation I was having with somebody. I was thinking, if I could have a website or an app that doesn't exist yet, what would really be useful right now is if I could go on one website, or if people could go on one website and report when somebody is making malicious or fake accounts of them, when someone is posting pictures of them because they've broken up into a relationship or something. Especially like women who get all of these revenge profiles created and pictures posted that they're not comfortable with because of whatever delirious partner or boyfriend relationship they've ended. Because right now so many people get in touch all the time saying, look, there's this guy who is harassing me, or there's this person who is harassing me and they're posting pictures from when we were in a relationship. Or they're creating all these fake accounts and I'm trying to report it to Facebook, I'm trying to report it to Instagram. They're not doing anything about it. What can I do? It's really making me distressed and depressed. If there was a website where you could go put in some details and you could actually go and make contact with all of the different providers for you, search for those things and alert you or alert those providers to those things. I think that would be great.

Matthew: 05:39

Awesome. Both of those answers are great. Two completely different directions.

Unknown Speaker: 05:42

Yes.

Matthew: 05:44

But both really good ideas, I think. Is it okay, I'm going to remove the qualifier of doesn't exist yet because I don't know what doesn’t? Honestly, there's so many apps ideas out there that it probably does, and this is maybe my ignorance of technology, but you know how when you're using your credit card, right. You can go into your mobile banking app and you can lock it so that if someone else makes a purchase, they can't, I would love to do something like that for my vehicles. Right. So if somebody is, I lock it when I get out on my mobile. So if anyone starts the ignition or tries to move the car in any way, I get an alert and I can just kill the engine. That would be fantastic. I think that's like the next layer of security that probably exists in some way.

Jamal: 06:27

What you're saying is what you'd like to do is be able to control the immobilizer on your vehicle from, like, a mobile device.

Matthew: 06:32

Yeah, I think that technology does exist, but the extent to which you are notified and you have control over when it's locked and when it's available, I don't know if that exists, but I like it.

Jamal: 06:43

Sounds like it's pretty cool. I think that's something quite sensible, actually. And I can see as people get more and more of these electric cars, it's probably going to be like one of those default settings that should come with every electric car. Probably.

Jamilla: 06:59

Can we say these ideas are all copyrighted?

Jamal: 07:04

IP. Well, Matthew is probably most versed in IP law than all of us?

Jamilla: 07:08

Yes. And we will sue. I've heard Americans like to sue. We will sue if anyone steals these ideas.

Matthew: 07:15

Okay, thank you.

Jamal: 07:17

Jamila is going to sue in her own capacity. I'm not taking any liability for that at this stage unless we can get someone to underwrite the risk.

Matthew: 07:27

Okay. Well, thank you, Jamilla.

Jamilla: 07:28

You're very welcome. Right, let's get on to the proper questions. Matthew, how did you get into data privacy?

Matthew: 07:35

to effect. So that was May of: 2018

Jamal: 09:40

Sounds like a very fascinating journey and I'd never have put labour laws leading somebody down into data privacy. But you know what, it's amazing that has happened and one of the things that we find is so many people who are training as paralegals who are actually doing legal work, are a little disheartened and disenfranchised with how their career is looking, especially here in the UK. And they find that when they pivot their career towards data privacy, they can actually now start thriving. And it sounds like you came across something that you found quite fascinating and as a result of that fascination its kind of really led you down to get more knowledge and you certification, you find that you really enjoyed it is actually making you feel great about the work you do and you can see the impact it has. You mentioned human rights, the impact it has on the actual people who this person data relates to. I think everyone we speak on this podcast is we all share this common passion is that we actually want to stand up for people's rights. We understand how this can have an impact, and that's probably why we do what we do in anything other than a straight line, and let’s not beat around the bush. Data privacy is fascinating. It's constantly changing, it's constantly shifting, and by the time you learn something, it's outdated because something new has come to replace it. So it's a very challenging place to work in. Unless you have the passion for it, you're going to hate it. So this is for all of the people who are really passionate about having that challenge and really doing something that's meaningful. Matthew, you mentioned you went and got your CIPPE. For those of you who are listening that don't know what the CIPPE is, the CIPPE is one of the IAPP certifications that's the International Association of Privacy Professionals and CIPPE demonstrates that you have a strong grasp of European Data Protection law. So it actually stands for Certified Information Privacy Professional Over Europe. And the IAPPE have the CIPP E, A, C and basically each of those that signifies a different jurisdiction. So the US is Certified Information Privacy Professional of the US. The C is for Canada. The A is for Asia. Do you have any other jurisdictions? I think that's what we have right now. What I wanted to ask you, coming from the academy where we actually take people on a mentoring program, rather than just giving them two days of training, we actually take them through a mentoring program when they come on and really grasp how all this stuff applies. Rather than just memorizing information to go and pass an exam, at least know how to really learn how to do things properly. How all of this stuff applies in principle and how case studies and enforcement action and all of that really feeds into the spirit of the GDPR to really understand this and learn how to do things properly, what was it that actually drove you to seek a certification? What led you to do the CIPPE certification, and how do you think that's helped you in your career?

Matthew: 12:16

Good question. A couple of things. First, I figured that in preparing for the certification, it would naturally force me to have to study, learn, and figure out what data privacy is. Obviously, taking the certification, there is an expectation that you're going to have the requisite knowledge to demonstrate some level of expertise, and I wanted to have that. And then I think once you have the certification, it is a signal to the marketplace that, look, I have at least that experience. So even if I haven't worked in a professional capacity or have years of experience, in that sense, I at least have the certification. I know enough to be dangerous. I'm conversationally proficient in data privacy principles, and so I thought that that was a great way to get my foot in the door and to show people that I was serious and that this is something that I wanted to pursue. I think it was definitely a fantastic investment and it did exactly that. I think it was a great conversation starter, fantastic icebreaker, something that stood out on the resume, something I certainly encourage people to get. There's plenty of data privacy professionals who are fantastic at what they do and who don't have the certification. But I think that these tend to be people who are maybe more technical and kind of found a natural path in. For people who are really trying to break in with no other past experience. I think that that's the best way to do it.

Jamal: 13:28

Yeah, absolutely. I couldn't agree with you more. And we have this twelve-week Privacy Pros accelerator. And what we've discovered there is, there is a proven methodology that we have using our five pillars, and one of those pillars include that. So on the Privacy accelerator program, we take people on for twelve weeks. And this week, in fact, one of our mentees on the current program, he grew up working in his family restaurant. He's done that for about ten years, and for the last two years, the business didn't go according to plan and he became an Uber driver. And his wife and himself, they're like, you know what, he's got so much more potential to fulfil. He came onto the program, he's gone through the twelve weeks and now he's secured an offer as a data protection professional in this market with no previous experience. I mean, this is how crazy it is. When he joined the program, he did not even have a CV. He'd never applied for a job in his life. So he was like, we don't even have a CV. So we took him through our accelerator program and there are some videos out there of people on our LinkedIn, and you can really follow his journey. He inspired a lot of people. But let me just tell you about these five principles because I know you're big on mentoring and you can tell me how you feel about this program that we take people on. So the first step we found is before you do anything else, we need to build a foundation. And that is all in the mindset. So the first pillar is all about the mindset. And we really take people from wherever they've come and strip away any self-limiting beliefs they might have. Anything that's happened in the past where it's knocking their confidence. I'm really helping them to adopt the Privacy Pros mindset, which is the growth mindset, and really get let go of any kind of fixed mindset, anything holding themselves back, and get a little bit more awareness and realize that there's a much greater level on which they should be playing once they’ve got the mindset sorted so the next thing we do is we focus on subject matter expertise. This is where we break down all elements of European Data protection law and we go through the master classes and help them to really get an in-depth understanding of each of the different areas of data protection law, how it applies in practice and why it actually matters. So they get the subject matter expertise and this helps them with the conversations that they're going to have with their colleagues, with their peers, especially when it comes to having conversations with hiring managers and recruiters, because they really know that they actually know their stuff, rather than just say, hey, I know the seven principles that I've memorized. Article 29 means this, but nobody cares what Article 29 says. Everyone knows what it says. Just because you memorized it doesn't mean I'm going to give you a job. I want you to explain to me what that means to me as a business, what are the challenges I'm going to have with that, and how you're going to help me solve that. Unless you become a subject matter expertise, just regurgitating text is not going to help. And what we find is sometimes people who self-study, all they can do is memorize text because they've never sat with a mentor to try and understand how this stuff applies. So we've got the first mindset, we've got the first pillar. That's the mindset. The second is a subject matter expertise. And then the third step is exactly what you've just mentioned here, Matthew, is they need that credibility. How are you going to get that credibility? It's by going through a certification. It can't just be any certification. It has to be one that is recognized by industry, not just in one jurisdiction, but in all jurisdictions. How do you do that? You have to get something that is either ISO certified or IAPP approved. Right? So the IAPP certifications, they are ISO standardized, which means that you can go to any part of the world and everyone will recognize that as a bona fide legitimate qualification. And of course, the International Association of Privacy Professionals is the most recognized body when it comes to awarding privacy credibility. So we take them through the IAPP official training. So now they have the mindset, they have the subject matter expertise, and now they have the credibility. The next thing they need is there's no point talking about all of this stuff. You have to demonstrate you actually do it. So we take them through the practical experiences and we give them practical experience with our clients or some case studies, and we really get them to have a go at doing this stuff. And they will shadow us and work with our consultants. And we focus on four key areas. We teach them how to write privacy notices in a language that anyone can understand, so they’re clear, concise and transparent. We help them with responding to data subject access request because a lot of businesses, especially here in the UK and Europe, are struggling with those and understanding exactly how they should be responding to those when they need to ask for more information when they should be denying them. And we also teach them how to do data protection impact assessment. And we also teach all the stuff to do with the data mapping so they can effectively put together a very good record of processing activities. So that's the next step is giving them the practical experience in all of these key areas. And the final bit that wraps it all up is the personal branding, which we kind of start from day one, when we start focusing on their mindset. And the personal branding is all about branding themselves in a way where they are actually showing the value they can bring to an organization; how passionate they are about privacy and why there's someone that needs to stop trying to fit in and actually be outstanding. Because at the Privacy Pros Academy, we're building a community of ambitious professionals, and together we're empowering businesses to adopt honest privacy practices so that together we can make sure that every woman, every man, and every child on this planet has the freedom over their personal information.

Matthew: 18:19

That's fantastic. Honestly, I think that there's such a demand now for this skill set. To your point earlier, it is so new and it's just ripe for folks who have no previous background in becoming subject matter experts and really being able to contribute to it and to jump into it. And my path into it was a little bit more haphazard, a little more diagonal along the way, as opposed to a straight line. I feel like if I had known about this, it probably would have helped to accelerate a few things. I think that's fantastic, and I think that the thing that you're offering, especially of value, is that practical aspect, right? Because you're absolutely right. I think that whether in law school or you're preparing for taking a written certification exam, a lot of it is memorization, but not focused on applicability to industry. And that really is the value. Right. So when you join a company and they're expecting you to add value from day one, do you understand how to do a privacy impact assessment? Do you know what to look out for? Do you know how to respond to a DSAR effectively? And on paper, again, it seems like when you read the CCPA, when you read the GDPR, this is fairly cut and dry until you get your first one, and then you're like, okay, hold on a second. So I think it's really great that you offer that and you provide that context because it's an incredible value add on anyone's journey. Kind of jumping into the space.

Jamal: 19:37

Yeah. Thank you. Matthew, the other thing you mentioned when you were speaking, you said that your investment in the CIPPE certification was really worthwhile. Now, a lot of times we speak to individuals who struggle or who are really on the fence about whether they should make an investment in their own personal development. A lot of people like, you know what, I don't want to pay for this. I'm going to wait for my employer to pay for it, or I'm going to find another employer who will. Why is it important to really take control of your own personal development and believe that you are worth investing?

Matthew: 20:07

Yeah, I mean, it's great the idea of being able to break into a company and then have them pay for the certification. Obviously, if you can do that, do that. It's just very difficult to do, especially if you don't have that initial background, if you don't have the work experience, if you can't really create that clear narrative as to why it makes sense for you to join a data privacy team, then you kind of do need to invest in something that is going to signal to people that, hey, I'm serious about it. And I do have this requisite knowledge. I think that once you break in, certainly further education, further certifications, you don't have to stop at let's say you have a CIPPE. You don't have to stop there. You can also get your CIPP US, you can also get your CIPM, and those things you can ask your employer to invest in. I also have my LLM in Data Privacy and Cyber Law, which that is a massive investment that no one needs to make, quite frankly. Right. That's maybe a little bit more over the top. But that initial investment in a certification, I think if it has the potential to make that big of an impact on your brand and how prospective employers are viewing your qualifications, then I just don't see why you wouldn't.

Jamal: 21:19

Thank you. So on that note, then, what advice would you give for people going into or seeking to pivot their careers into data privacy?

Matthew: 21:26

he CPRA coming into effect in: 2023

Jamal: 24:21

Thank you, Matthew, that's super valuable. And from speaking to you in the past, one of the things I know that you're quite keen on is also giving back and you actually take on a lot of mentees. So for the people who listen to this podcast, who are doing quite well in their careers, they've established themselves, who are in a little bit of a position of authority, a little bit like yourself. Why is it important for us to give back and take on mentees?

Matthew: 24:43

I think because we have an opportunity now to shape the next generation, the incoming folks in these spaces. Right. We have somewhat of a say we’re potential I don't want to say gatekeepers, but we have a really interesting position where we can take a look at people where we're like, yeah, this person would be awesome on my team, right? And even though I might not have availability on my team or at my company, I know that this person would contribute significantly to the industry. And I think we have a responsibility, once we get to this position, to kind of scout and look out for people who have that passion, who have that interest, who are aligned with values and helping them get to where they are going. For me, I can tell you that years ago, it was really a lot of people who stepped out of just offered to mentor me. That helped significantly. I couldn't have done it alone, right? I mean, there were a ton of people who really took the time out to teach me, to walk me through their days, who even today, I have multiple mentors as well. Just because I take on mentees doesn't mean that I don't still seek out mentorship and have mentors. The bond is really necessary. It helps with constant learning and growth, and it goes both ways. I mean, the things that I also learned from my mentees is fantastic, especially if your mentees are a little bit younger. The technologies that they're using and how they're using, it very helpful because I personally, I don't do TikTok dances, right, and I don't use instagram reels the way other people do and stuff. So just learning about how the next generation of users are interacting with technology is also incredibly invaluable for me too. So it's benefits that go both ways.

Jamilla: 26:16

I think it's definitely important, even when you're mentoring people, to have your own mentor as well and always keep improving. Matthew, have you faced any challenges when breaking into the data privacy field or just in your career generally, and how did you overcome them?

Matthew: 26:30

Yeah, I mean, there are challenges every day, even now that I'm in it. Right. And I think a lot of it just comes around with you can do as much as you can to prepare. You also need experience. There is nothing that can ever substitute for experience. Which is why, again, I think that when we talk about experiential learning, when we talk about case studies, when we talk about practical knowledge, of really defining what a privacy impact assessment is in context, critically valuable ,because there's no amount of reading in the world. And I think that was probably a challenge initially, was great. You know, all this stuff. You have the certification, you have this background, you've written articles about it, but what do you actually know about doing it right? That's always, I think, going to be the biggest challenge when breaking into the space. But clearly there are ways to demonstrate that.

Jamal: 27:21

I'm super pleased that we have actually opportunities and programs in the Privacy Pros academy where we give people that hands on learning, either working with live clients or simulations where they can actually get that hands on practical experience. So not only do they know it from a theoretical point of view, but they actually know what to do when it comes down to it.

Matthew: 27:37

Yeah, that's awesome.

Jamilla: 27:38

I know one thing that you're passionate about, Matthew, is around facial recognition technology. I don't know very much about it, but what I do know is that on my latest Apple update or my latest iOS update, they have now made it so that the Face ID can recognize you even with a mask on. What do you think about things like that? Do you think it's useful or more of an invasion of privacy?

Matthew: 28:01

he first iterations of it. In: 2020

Jamilla: 30:23

Yeah, go ahead.

Matthew: 30:23

I'm just curious, what are your thoughts on the use of facial recognition technology from, let's say, like a law enforcement perspective. When it comes to things like transparency and consent at scale, right? Because when we're talking about biometric data, which facial recognition technology definitely is, it's a much higher level of consent that's needed. Right. Usually you need affirmative consent, not just like opt out. And when you're scraping so many different photos of so many different people, how can you do that in a way that is truly ethically, safe and compliant? I struggle with that one. I don't know if you have an answer?

Jamal: 31:02

But no, I'm the same. I don't think there is an answer right now. And look, even if people say, look, we're only going to do it this way and we're going to have a strict, robust policy in place, what we've seen time and time again, what we've seen from state and state again, is this purpose scope creep. They start off saying we're going to do with this and nothing else. You know what? We've got it, and now we're going to find a way of justifying it to do this. And then the policies kind of disappeared, things change and suddenly somebody discovers all of this stuff is being used in this way. And when people find out there is public outro or outrage, I think at Kings Cross Station here in the United Kingdom, they try to have facial recognition cameras. Why do you need to recognize what time I'm coming in to buy my ticket and which train I'm getting on? I'm just trying to use public transport. Why do we need facial recognition there? And then what else are you going to do with that? What else are you going to couple that information with? And I think it's getting to a stage where people are increasingly worried about living in surveillance states. If there's facial recognition that can recognize you even when you're wearing a mask, that means potentially somebody knows about your movements at any given time, where you've been, who you've been with, how long you've spent there, which kind of protests you've been to, where you've been to worship. What's left to know?

Matthew: 32:09

Yes, really well said. I just want to go out on a limb here and also say that I don't think that facial recognition technology is like the bogeyman. I don't think that anything that targets people in a certain sense is necessarily evil. Some things are really cool, right? Like, if you can use facial recognition technology to help you with, for instance, enhanced security and you can recognize even when I have the mask on, so I don't have to compromise my safety if I'm in a crowded train station and I want to get access to my phone, that's kind of cool. If I'm walking through a mall and something recognizes like, hey, it's Matt and here's something cool that you might like. There's a new video game that just came out. I think that's awesome. When I think about the future, I think that's really cool. But then when you are like, hey, here's an advertisement for something that's really deeply personal to me and I don't want other people hearing about or things like that. You know what I mean?

Matthew: 32:55

And we've seen a lot of instances of things like that. It's like facial recognition technology can be fine, you just need to roll it out thoughtfully and slowly and have proper regulations. And to your point, Jamal, exactly, like that scope creep right of like, this is what we're going to use this for. But then in the back end, we're also using it for all this other stuff that you don't know about and it completely goes against the principles of transparency. And at the end of the day, correct me if I'm wrong again, Jamal, please, because I know you're the GDPR guy, but yes, there's a lot of regulations, there's a lot of requirements, there's a lot of nuance. But at the end of the day, I think if you take a principles perspective to privacy, that is the thing that's always going to steer you in the right direction. And what it really comes down to is user friendliness and transparency and consent.

Jamal: 33:39

Absolutely. You hit the night on the head there, Matthew. This is the thing that we keep going back to time and time again with all the mentees in the academy is like forget everything else, go back to the basic principles. What are we trying to achieve? What are the principles and how is this keeping in line with the spirit of those principles. And as long as you strip everything up and you come back to those basics and I say that we should be using this as a compass to navigate what is acceptable and what isn't acceptable, in which direction we should be moving towards. So absolutely always bring that down to the principles. The other thing I was going to say with all of these facial recognition technology and stuff is one of the things that we've seen, let's forget about facial recognition for a minute, but when we're actually able to profile individuals, when we're actually able to learn things about them, whether that's through their cookies or their device fingerprinting, let's not even talk about facial recognition. We're seeing that people's views are becoming more and more polarized. We're seeing people are becoming more and more distant and it's because they're getting targeted with more of the stuff that they're looking at, more of the stuff that they like, and they're losing this sense of a balanced perspective because now every time they go on the device. The device has learned, hey, this is the kind of stuff interesting and they're getting more and more extreme. And this is something that I'm getting very concerned about. I'm thinking, like, I've recently become a father to my daughter Amy, right? But I feel like if this is the way things are by the time she is a teenager, how is technology and her choices that she makes and the way she's being profiled is going to impact the choices she makes? Although she's believing she might be having a free choice, right. How is that going to shape who she becomes, the thoughts she has, the views she adopts and who she ultimately becomes? And it's something that I've been thinking about a lot recently. It's quite scary right now, actually. What are your thoughts on that Jamilla and Matthew?

Jamilla: 35:19

I think when technology feels like you're in a spy movie, then that's really cool. When it feels like your phone and your Internet adverts know what you've been thinking, then that's the line.

Matthew: 35:33

Yeah.

Jamilla: 35:34

And that might be because I've been watching Marvel movies all week and I got an Apple Watch and I kind of talk into it like I'm in Spy Kids, but that's my line.

Matthew: 35:43

It's interesting because on that point, it knows what you're thinking. Jamal is taking a step further here by thinking about to what extent also is it maybe influencing your thoughts and you think you're thinking that and it's giving you the advertisement actually it's influencing what you're thinking. At what point is it a chicken or egg? Yeah, it is an interesting thought and one that I haven't really personally looked into the research psychologically or technologically as to what influence that's having. I think it makes sense. It's interesting, it's thought provoking. But I think that that's why major brands and big companies who are players in these various tech spaces have an even larger responsibility today than ever before to be responsible with tech. Right. So I think, like ethical tech, responsible tech, these are becoming common buzzwords among consumers. That's something that they're really looking for. And any company that is looking to continue to succeed and thrive and do well and not constantly get fined and slapped by regulators or have consumers drop off your platforms in droves, you need to be not only responsible, but transparent about how you're being responsible. Just the same way that we have nutrition facts on everything that we consume, digital content is no different. And you have to be very upfront with users of like, hey, this is, by the way, what we're doing, and this is how we're doing it, and this is how you can opt out of it, by the way, if you don't like it. So these are all important things that I think a lot of the companies are taking seriously and doing, which is great that we are evolving more towards where we should be when we're using this technology because consumers have become so much more hyperconscious about it than they were in the past. I'll be honest, 10,15 years ago, I wasn't thinking at all about how my data was being collected, right? And it wasn't a concern for me and I didn't think that much about it. And usually when I would see an ad or like whatever tailored experience, user experience, I would just be like, this is magic. Right? I don't understand the role of data, but today the average person on the street, I think, knows so much more about privacy. And so hopefully, Jamal, especially with your background and your expertise, your daughter is going to grow up and kind of learn, hopefully what to watch out for, right? It's going to be like, hold on a second, this is a little too good to be true. So that's what we have to hope for.

Jamilla: 38:04

Matthew, what kind of things, what kind of qualities do you look for when you're hiring in your industry?

Matthew: 38:10

So I've moved away from, my previous role as a hiring manager on our policy team and now I'm back to being an individual contributor, which is like, fantastic. But back when I was hiring and did have the opportunity to hire and this is going to sound maybe like cliche, but genuinely, it's really about intellectual curiosity, right? Anyone can kind of come in and say that, yes, I have the basic qualifications or I have certain work experience and things like that. But can you collaborate with the team? Can you get along with everybody? Do you have the right values? Do you care about things that you should be caring about? Because again, data privacy is not just about compliance. That is one of the first things that get my ears perked up, is it is not just about the regulatory frameworks and compliance. It is not about Jamal, to your point, how well you can spout off different laws and what the text says, how on a human level are you interacting with these principles and how does that inform your day to day? Because then that gives me trust that when you're in the driver's seat, you're going to make the right decision and I can trust you there. You know what I mean? So as long as you are hardworking, you're genuinely passionate, you do have an intellectual curiosity and you do care about people and users, that shines through. I think it really sets people apart.

Jamal: 39:27

So what you're saying, Matthew, is the number one thing that you look for above everything else is the character of the person who's applying. You want to see that they actually have a passion for what they're talking about. They're not just here to take a compliance box and say, you have done my 8 hours day and I'll see you in the morning. You're looking for the character to come through. The certifications, the experience, all of that is secondary.

Matthew: 39:47

Yeah, absolutely. Because look, at the end of the day, a lot of these more harder skills, so to speak, you can get trained on that. We'll show you what to do. We'll show you what our processes are. We'll show you how we treat these different things. That's where the training comes in. I can't train you to care. I can't train you to be passionate. That has to come from you from day one. So that's why I think that those are the most valuable characteristics.

Jamal: 40:11

Yeah, absolutely. We couldn't agree more. And one of the things that we mentioned is as part of the pillars, the pillar we have is about personal branding. And that personal branding also includes how do you actually secure a highly paid position, a respectful position with a good company within data privacy. And we have to kind of explain to them the psychology of what employers are looking for. And what we teach them is anyone can get trained, anyone can get obscured, but it's the character they're looking for. Ultimately, we say they're looking for three things. They're looking for your motivation to actually want to do that job in that role for that company. They're looking to see that you're actually competent in what you're doing. And they're looking to see that you are actually going to be a good cultural fit to that team. And most importantly, before they even look at your competence and your cultural fit, they want to understand that you have the right mindset, the right character, the kind of person that they would love to bring on to their team. And you want to demonstrate that you're the kind of person that they should say, don't let them leave the building without signing a contract because we need them. And how do you do that? How do you develop that passion for privacy? That's where you need to have the right mindset, you need to foster you to have your activities on places where you get hired, like LinkedIn. Talk about the relevant kind of things. Show that you're actively engaged within these communities, within these networks, and really start bringing the conversation and be aware of exactly what's happening around you to show your motivation to really want to thrive and do well in this area for this specific business and in the role that you've applied for.

Matthew: 41:39

Absolutely. When I talk to somebody who has those qualities, I have the same sentiment where I kind of circulate the resume and I'm like, you got to talk to this person. Right? Because those of us who are in space, we all value it, we all know it when we see it rather right? It's like this person gets it. And again, it has nothing to do with your memorization skills of the CCPA or what have you. It's really about what is coming across and how you're communicating that passion. So 100%.

Jamal: 42:09

Fantastic. So Jamilla that brings us to the end of today's podcast.

Jamilla: 42:12

It does. We really enjoyed having you on the podcast today, Matthew. Thank you so much for joining us.

Matthew: 42:17

Thank you so much for having me. Time flies when you're having fun.

Jamilla: 42:20

I know. Yeah.

Jamal: 42:21

Matthew, it was such a valuable podcast. I mean, I wish we had another hour every week to be able to talk about some of these things. You've got so much experience. I don't think we've managed to tap into all of that, even a 10th of that knowledge that's inside that brilliant mind of yours. From all of our listeners, I just want to say thank you so much for coming on and sharing all this valuable information, and we look forward to having you back as a guest again soon.

Matthew: 42:43

I'm really looking forward to it.

Outro: 42:46

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released.

Outro: 42:54

Remember to join the Privacy Pros Academy Facebook group where we answer your questions.

Outro: 42:59

Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class privacy pro.

Jamal: 43:06

Please leave us a four- or five-star review.

Outro: 43:09

And if you'd like to appear on a future episode of our podcast, or.

Jamal: 43:13

Have a suggestion for a topic you'd like to hear more about, please send.

Outro: 43:16

An email to team@kazient.co.uk

Jamal: 43:21

Until next time, peace be with you. Bye.