Episode 101

full
Published on:

27th Feb 2024

From Outsider To Industry Leader: How To Leverage Your Unique Skills To Succeed

Learn The Secrets To Build A Successful Privacy Career From Two Industry Powerhouses.


Global privacy expert Jamal Ahmed sits down with Saima Fancy and Jay Averitt to uncover strategies for operationalising privacy, communicating impact, and creating a fulfilling career path.

Discover tips to:

  • Shift privacy programs from blocking innovation to enabling it
  • Adapt privacy to business goals and foster cooperation
  • Gain real-world and hands on experience if you're transitioning into privacy roles
  • Use teaching and writing online to establish your expertise and credibility
  • Turn career challenges into growth opportunities

Whether you’re new to privacy or a seasoned pro, this info-packed episode shares hard-won lessons on advancing your skills, attracting opportunities, and making your mark.

Tune in now to shape the future of privacy and equip yourself to empower businesses with honest data practices.

Jay Averitt is a Senior Privacy Product Manager and Engineer at Microsoft. 

In his current role, he focuses on technical privacy reviews and incident response related to Microsoft's O365 product line. He has been focused on Privacy for over a decade, both as an attorney and in technical operational privacy.  He graduated from Auburn University with a BS in Management Information Systems and earned his JD from the University of Alabama School of Law.

Saima has over two decades of professional experience in chemical engineering, privacy engineering, law, data privacy and security sectors.

She is passionate about protecting the privacy rights of consumers and facilitating cross-functional partnerships to design and implement privacy-centric solutions. Saima has a proven track record of advising project teams, reviewing, and contributing to technical systems and product development life cycles, and monitoring privacy trends and best practices. She contributes to her professional ecosystems by presenting talks, lecturing at universities, mentoring, and is a strong ally for privacy and security professionals and STEM advocates for women and girls. 

If you're ready to transform your career and become the go-to GDPR expert, get your copy of 'The Easy Peasy Guide to GDPR' here: https://www.bestgdprbook.com/

Follow Jamal on LinkedIn: https://www.linkedin.com/in/kmjahmed/

Follow Jay on LinkedIn: https://www.linkedin.com/in/jay-averitt/

Follow Saima on LinkedIn: https://www.linkedin.com/in/saima-fancy/

Ready to become a World Class Privacy Expert? Book your call to join the World's Leading Privacy Program

Subscribe to the Privacy Pros Academy YouTube Channel

► https://www.youtube.com/c/PrivacyPros

Transcript
Jay:

Zuckerberg said long ago, privacy is dead. And no one cares about it. We've got to switch that mindset because ultimately if we have that mindset, we're in all kinds of trouble, especially with A. I.

Saima:

Privacy is a shared responsibility. It exists in marketing, exists in communications, exists in finance, it exists in HR, it exists everywhere. You could be that trailblazer.

Intro:

Are you ready to know what you don't know about Privacy Pros? Then you're in the right place. Welcome to the Privacy Pros Academy podcast by Kazient Privacy Experts. The podcast to launch, progress and excel your career as a Privacy Pro. Hear about the latest news and developments. Discover fascinating insights from leading global privacy professionals.

And hear real stories and top tips from the people who've been where you want to get to. We've trained people in over 137 countries and countries. So whether you're thinking about starting a career in data privacy. Or you're an experienced professional. This is the podcast for you.

Jamal:

Hello and welcome to another episode of the Privacy Pros podcast. I'm your host Jamal Ahmed, award winning global privacy expert and founder of the Privacy Pros Academy, where we're building a community of high performance privacy professionals that empower businesses to adopt honest privacy practices. I'm thrilled to have you listening and joining us today. And this episode is brought to you by Kazient privacy experts. We provide pragmatic and easy to implement solutions for governments, SMEs and multinational corporations. We're creating a future where every woman, every man, and every child enjoys freedom over their personal information. And to learn more, check out our bestselling book, the easy peasy guide to the GDPR available at best GDPR book. com.

Now, are you ready to shape the future of privacy? Join us in this episode as we unlock the secrets of a privacy engineering career with two industry powerhouses. They share the strategies for operationalizing privacy, communicating your impact and building a fulfilling career in this industry. Get ready to be inspired and equipped to make a difference.

Our first guest today is Saima Fancy. Saima has over two decades of professional experience in chemical engineering, privacy engineering, law, data, privacy, and security sectors. She's passionate about protecting the privacy rights of consumers and facilitating cross functional partnerships to design and implement privacy centric solutions. Saima has a proven track record of advising project teams, reviewing and contributing to technical systems and product development life cycles, and monitoring privacy trends and best practices. She contributes to her professional ecosystems by presenting talks, lecturing at universities, mentoring, and is a strong ally for privacy and security professionals and STEM advocates for women and girls.

And we also have Jay Averitt. Jay is a senior privacy product manager and engineer at Microsoft. In his current role, he focuses on technical privacy reviews and incident response related to Microsoft's Office 365 product line. And he's been focused on privacy for over a decade. Both as an attorney and in technical operational privacy.

He graduated from Auburn University with a BS in management information systems and earned his JD from the University of Alabama School of Law. Wow.

We have a packed episode with two great, amazing people today. So first question I have before we get into the Nitty Gritty Privacy Tech stuff is what's one thing most people would be surprised to learn about you? I want you to answer that for each other. because I know you guys know each other very well.

So, Jay, what's one thing that we'd be surprised to learn about Saima? And Saima. What's one thing that we'd be surprised to learn about Jay?

Jay:

Oh, interesting. So if you know Saima well enough, you probably know this, but Saima has the most intense love of learning that I've ever seen. If you look on LinkedIn you'll see that she posts numerous times a day.

Seems to have an appetite for putting out just great content and the more I talk to her, the more I'm learning from her.

Jamal:

We'll have to find out your top tips for doing that because I I'm on LinkedIn and I'm quite active, but

Saima:

You are,

Jamal:

Compared to how active you are and the value that you're adding to our community is absolutely amazing. So first of all, thank you very much for that. And what's one thing we'd be surprised to learn about Jay?

Saima:

Know, talking about LinkedIn. I look at Jay's posts and he posts quite frequently as well. And it's not so much that I'm surprised, but I'm every time refreshed after I read his post about how sincere he is, how his, Advice within the space of privacy and security and privacy engineering is just coming from the bottom of his heart with real practical use cases Applying his knowledge to those use cases and every time I take away so much. And I end up copying and pasting a lot of advice in my little cheat sheet notes that i'm constantly Reviewing for myself to help me in day to day my work practices.

Jamal:

And all of the people that are following you on LinkedIn have been following you guys for some time. And you can see you've built up a very loyal audience. And I think people keep coming back because they know there's so much more value. And I think sometimes when people take a week off, the first thing they do is come and have a look at what they've missed based on the things that you've been sharing, so thank you for taking the time and the effort and really being so generous with all of your insights, with all of your ideas, with all of the news of stuff that's coming up.

Now, what I'm interested to find out is in your experience, what are some of the biggest challenges in operationalizing privacy while still fostering innovation within the actual businesses or organizations?

And particularly, what strategies have you found most successful in trying to achieve this balance?

Jay:

I think you hit the nail on the head is that a lot of times privacy can be viewed as a blocker to innovation. And I can see how that can be the case, but a good privacy approach should not make that the case because I am just as passionate about technology and innovation as I am about privacy.

So ultimately, I want innovation, the coolest tech to be getting out there. And I don't want privacy standing in the way of that. But I think that if you want to have the best innovation, the privacy should be kind of wrapped into that innovation. So if you get privacy into the innovation early on in the process then, it makes it a more innovative product because when your customers use your product, they see how much privacy is actually embedded in your product, then they look at your product as even more innovative because so many products out there are not considering privacy early on. And so many products out there haven't considered privacy at all, actually, and have terrible privacy practices.

And then no matter how innovative your product is, if your privacy is terrible, you can look at things like 23andme, which were pretty novel at the time when they came out, but we've learned that their privacy practices weren't great and now the brand is completely suffering. So to have great innovation, you need to be considering privacy and baking it into the process.

Saima:

Absolutely, Jay. I echo all those sentiments, but there's something that I'm noticing that's happening uniquely, at least in the Canadian space. So the whole idea of practicing privacy is starting to get recognized. The public is getting educated. The public is demanding a lot more from their providers where they're consuming services. Within working in privacies, either there is a buy in or there isn't. It's very hard to find a medium. And what I mean by there is a buy in. Sometimes project teams are saying, Oh, privacy, come along and you look after everything. And that's not fair either, because we're supposed to work together as teams, right? To make sure the product comes out of the pipeline safely.

And then the, on the other hand. Privacy is not given any space, any bandwidth at all, and then we have to fight barriers to say, no, you, you can't put this out without having all these measures in place, without having privacy by design principles in place. I mean, one of the things, if you take artificial intelligence, for example, one of the criticisms that OpenAI is getting is that ChatGPT was released too early. It wasn't ready. And that's a constant concern. So where I'm sitting right now, I'm battling between those two forces and trying to desperately find a medium. It's a struggle that's ongoing.

Jamal:

And what are some things that you found have helped you to meet or overcome those challenges sometimes?

Saima:

It's to find allies within the org. It's to try to go to leadership and get them to buy in. Once they buy in, then that filters down the pipeline and then the others do have to follow that mandate. But the issue there is to get ahold of leadership. Because they're so extremely busy. I have to say that currently I'm very lucky. I'm working with a group of over 40 privacy professionals and it is becoming top of mind for a lot of the leadership. So it's getting better.

Jamal:

Okay, great. Thank you for sharing those insights. So what I'm taking away from what you've both just contributed there, first of all coming to you Jay, is you're saying look, the first thing you need to do is have this attitude where we're actually enabling and not blocking. Like we need to get away from this reputation that kind of precedes privacy in a way where they're seen as blockers and actually say, Hey, we're here to enable, and that's what we need to do.

But to be able to enable effectively and not restrict innovation and actually be a part of that, what we need to do is get this privacy embedded early, get in the conversations at the initial stages so we can actually wrap privacy around the innovation. And actually, what you found in your experience is that releases a much more effective Superior product to the market. And Saima, what you've come in there and added and complimented on that is saying, look, it's very important to understand where we are because sometimes we get really good buy in, almost too much and they say you do everything, which isn't fair. And on the other end of the spectrum, you don't have that buy in.

So you have to work very hard to find that balance and find somewhere where it works in the middle of that scale somewhere where there's complete buy in, in fact too much and they've given everything to you and there's nothing. And what you found in your experience that's really helped you to find the balance or try and make something work is actually finding senior leadership, getting, Buy in, meeting them where they are, and actually getting those sponsorship and getting that awareness. And what you're finding is the more you're constantly raising that awareness, both formally and informally, the easier it's becoming over the longterm. And what's also helping is now the public are starting to wake up and there are a lot more interested. So it's getting a lot more attention.

Saima:

One more point to add into that, Jamal, and that is that privacy is a shared responsibility within the organization. So the onus, I feel it shouldn't be on privacy at all. When we are starting to build a product from the get go, from the beginning, principle number one, privacy by design principle number one, it shouldn't just be privacy at the table.

Security should be there. Architecture should be there. Operations should be there, comms should be there. And sometimes the struggle is to get all the stakeholders together because they're not also given the space in the driver's seat. That's another struggle that we're facing to make sure that everybody comes to the table because it is a shared responsibility for the entire organization, laterally and vertically.

We've had the directive since:

Give them a little bit more responsibility. There is a lot of pushback, but what I found is if we actually go and ask them questions about where they are, what their department goals are, how that aligns with actually where the company or the CEO's mission and vision is, and how we're there to support them, how we're there to look after them, how we can actually enhance them. They actually start asking more questions and become more curious and more interested and they want to know more. So I think it's always about taking the time to go and meet your stakeholders where they are showing an interest in them and then aligning to what they're doing rather than forcing them to accept something that they're not actually open to at that moment in time. That that's certainly what's been helpful for me, my colleagues when it comes to serving our clients anyway.

So my next question is, how do you define success when it comes to operationalizing privacy? Are there any particular metrics or frameworks used to measure the effectiveness of your privacy engineering efforts?

Jay:

I think that's a good question. And metrics, particularly in the privacy space, are a bit challenging because, for example, in my day to day role, I do technical privacy reviews. So my metric was the amount of technical privacy reviews I accomplished or signed off on.

That'd be a pretty poor metric because that could just mean that, Hey, I just signed off on everything. So I got everything.

Jamal:

Rubber stamp.

Jay:

So I'm going to need to be slated to impact and slating that to actual impact, that can also be tough because that's not something that's actually quantifiable.

So that that can be challenging. But you kind of have to try to figure out a way to measure it by what kind of impact. For example I also work on privacy incidents. So look at, hey, this, this is what we found in the privacy space and we prevented this amount of incidents because we've seen these amount of incidents occur.

And since we stopped it here, we've prevented all these potential incidents down the line. So finding something quantifiable in something that's murky, I think is, is what you have to do. And that's going to vary from org to org and you've got to look at okay, what is the key impact I'm trying to do here from a privacy standpoint.

What exactly am I trying to do? Maybe it's embed privacy early on in the design process, how we accomplish that or, you know, What incidents have we prevented from happening instead of just privacy has looked at this many things because you know, that's not necessarily a good metric because it could mean exactly like you said, Jamal, you're just rubber stamping.

Saima:

I mean, checking the compliance box is absolutely not good enough. It's just the beginning. You're just scratching the surface, right? One of the metrics that I found that does work in some of the practice that I've been involved in, as you're doing your PIA, your PTA, identifying risks on an ongoing basis and actually bringing them to the forefront of your group at large that you're working with, don't wait till the PIA is done. If the risks are high enough, get them out there right away and start the mitigation process. Because PIAs can take sometimes forever to complete, especially when a lot of stakeholders have to have inputs in them, or you can't get a hold of people, or a whole bunch of things slow them down.

Same with privacy risk assessments. That's the kind of metric that I love to gauge my work standard by. And I've noticed that when I do reach out to different groups where I do identify higher high to medium risks, they really appreciate it because that means when they're building out the product, when they're operationalizing certain metrics that they're working on, they can actually build that in early on as opposed to wait for the PIA to go through.

Legal and governance and all the other stakeholders that are involved. And then, you know, by the time it gets out, it's like, well, wait, why didn't you tell me before when you recognised this problem? So I find that works really, really well, whichever, whichever tool you're using, whether it's PTA, a privacy risk assessment, whichever it may be, communicate, communicate to all the relevant groups, don't just work in silos.

Jamal:

I'm actually a big fan of what you sort of said there at the end Saima that working in silos, it just doesn't make any sense.

And what you can find is when you start speaking with each other you find that you're actually trying to solve the same problems, but you're using different tools and different resources.

And actually sometimes you don't need to duplicate that investment. You can actually use what's already existing within the company and just make sure you benefit from those things. So there's so many different advantages that come from that. And going back to what Jay was saying earlier about actually creating a better product, I found that actually when there is cooperation. Everyone's on board and you do actually create those better.

But coming back to my key takeaways from what you've shared there about metrics and frameworks, what I'm getting from Jay is look, we can have all the metrics and KPIs and all of the numbers you want and create massive dashboards and everything's amazing. That is actually not very effective. What we want to do is have a look at what is the actual impact, what is the benefits that we're having and find things that are actually quantifiable that offer some kind of insights into what it is that we're achieving or what it is that we actually need to start focusing on achieving and Saima, what you've also said there is instead of just taking a risk based approach, waiting for a process to go from end to end, you'd like to be pragmatic. And if you've identified a risk, then you will make sure that the relevant stakeholders know so they can start working on coming up with a solution rather than leaving it to the last minute, just for the sake of bureaucracy.

And that's actually what fosters that practical pragmatic solution where everyone comes together to really move the privacy program along and achieve the privacy objectives and the privacy goals of the program.

Saima:

And may I add one more point in please?

Jamal:

Would you please do it?

Saima:

We're talking about operationalizing privacy practice within within your workplace, right? So it's almost as if what you're creating is a product, whatever tool that you're working with. Communication is such a huge part of that. A lot of times if you do end up working in silos, you're not seeing what's being operationalized at the development front end and the back end. I mean, what if the product is going on technical go live or before it reaches a prod stage, right? you have to communicate those risks before any of those go lives happen. And then what happens if you don't, the folks that are in the front end, they're like, well, you didn't tell me.

So I thought it was okay to go live, right? Things of that nature. We have to avoid those problems. And that's all comes down to communication. And that's what privacy engineers are really good at, being able to translate those deliverables between all the groups involved.

Jamal:

Great, and I couldn't emphasize or overemphasize how important I believe communication really is. One of the challenges sometimes people have with communication is conveying the information to non technical or non privacy educated colleagues or peers. What have you found is a way that makes that easier? Apart from your great LinkedIn post.

Jay:

I think that at the end of the day, people get lost in the alphabet soup of privacy, GDPR, ROPAs, DPIAs and it all sounds extremely complicated, but when you boil down privacy to its fundamentals, look, I mean, it's all about being fair to our users and looking at some of the terminology we use, principles like data minimization. I mean, look, let's not take data just for the sake of taking data. Let's think about what purpose we need to use that data. I think it's really just kind of boiling it down to, what are the fundamentals of privacy and moving away from we're doing this because we need a DPIA or you know, all of the complexities of that. Because really I think the GDPR principles themselves really do a good job of pulling down the fundamentals of privacy. The law itself has a lot of murkiness and and other things in it.

The actual principles around fairness, transparency, data minimization, all of that, is stuff that is easily conveyed to the public and people can easily understand, if you can convince them, this is why we're doing this. Then you don't have to say, Hey, look, we have to do this because the GDPR requires this and you know, throwing around all that terminology and the 4 percent hammer.

But really pulling down the fundamentals is the best way to get people to understand privacy and get people to actually understand the value of what we're doing.

Jamal:

I like that a lot. In fact, I like that so much that I actually wrote the easy peasy guide to the GDPR. And one of the things that motivated me to do that was because I could see that when I'm working with other privacy pros, one of the things that constantly came back is people were not understanding what the requirements are because they weren't able to explain it in a way where we could actually simplify it enough for people just to get it.

Ah, that's what it's all about. Like nobody cares article 35 says something and article 14 requires something else in the privacy notice. That doesn't mean anything to them. They just want to know, okay, what do we need to do and why are we even doing this? And what I found is when you actually Understand the foundational principles, like you were saying, Jay, and you really get what it's all about and what we're trying to achieve. The hows come for themselves. Like everyone just wants to understand the why.

A lot of the time, most people don't understand why. They think it's some kind of legalese technical compliance checkbox that I need to sign. So what's such a big deal? Just sign where you need to sign and do what you need to do. Right. But I think. Where we actually add real value is taking all of that, making it easy peasy so they actually understand the foundation of why we're trying to do what we're trying to do.

And when you explain those things in a way you just did, now we say, Hey, we don't wanna collect more information than we actually need to, because number one, if we do hold that information and we shouldn't have it, then imagine if some got that into the wrong hands, like we've just exposed them and violated their privacy for no reason and at the same time. The more records we have, the more expensive it is going to be for us to store. The more it's going to cost to insure. And if something was to go wrong, then there's more compensation to be paid. So all of this is actually about doing the right thing and also protecting the company's best interest. Ah, yeah, that makes sense.

I get it. Yeah. We probably don't need that. We probably don't need that. We do need that, but we could do with that kind of thing. And then everything just becomes easy and you're on the same page. So thank you very much for sharing that. I completely resonates. Saima, what would you like to add?

Saima:

You're both saying the right things. Bringing in the elements of semantics and economics. So semantics count a lot. So if you're educating your internal staff imagine taking the fair information principles and putting new wording around it such that it actually aligns more with the importance of the data itself.

So for example, calling it crown jewels, calling a certain circle of data sets, the circle of life. When you start putting semantics like that, I found that it catches everybody by surprise. And when you call something crown jewels, you know, as you right away, your mind goes to, okay, that's really important.

We need to protect that, right? So semantics is very important. And then there's the economic side of things. Like you said, storing data is very expensive. Imagine duplication of data and now you've got data sprawl everywhere. It's a matter of what I'm saying is communicating to your internal and external stakeholders as to what the downsides are and where the highlights are of, of containing that data. Having too much of it, looking at compliance, explaining that the law is punitive in certain parts of the world, right? Especially if you're a global company. When you bring it all together, I really believe that it sinks into both the consumer and the producer side of things.

Jamal:

I love what you're saying there about semantics. In fact, when I'm doing the actual mentoring and the teaching, I often use these kinds of examples to really drive home why it's so important. So for example, if I was explaining controllers and process and the responsibilities and obligations, what I usually say is imagine you're taking your child and putting them in daycare. Right. Now, what would you expect from the person who's providing that daycare? And if they're working with somebody else that you've never met before, how would you be expecting them to look after your child? And should they just work with anyone? Or should they do their due diligence? And should they actually have a contract that puts these minimum guarantees in place and things? And so when you explain things the way you've just said with the crown jewels and gold and whatever else we do, It actually resonates a lot more with people and they go like, ah, like you see the aha moment comes and it just suddenly becomes so much easier. And on the legalese part, obviously that's our job, but we don't need to burden and make things onerous and dry for other people.

We can just have normal everyday conversations because we know what it is we're trying to achieve. And we should always look for the path of least resistance to get there in a way where we take everyone along and everyone buys in. And at the end we create win, win, win outcomes.

Saima:

Exactly. And there will be friction between departments, right? It's just, how do you put a spin to that friction? Make it a positive friction and then get everyone to the table and say, okay, look, we can work on this together. And then let that be your driving force.

Jamal:

Thank you. Now. What role do cultural and organizational changes play in effectively embedding privacy into operations?

And before I let you answer that, I'm going to share two stories . I think last year there was a delegation of CEOs and people who came from Bangladesh to the UK government because they wanted to increase business between the UK and Bangladesh. And fortunately I was one of the people that was invited to go and sit along and see how the conversation progresses. And obviously me being me, I was like, one of the biggest challenges that we have with doing trade with Bangladesh is that there are no data prediction laws. There is no privacy in place.

So that is often going to be one of the reasons why when it comes to digital trade that it just doesn't happen. And I I think I probably went on about privacy too many times and the CEO stands up and says Jamal What is this privacy privacy you keep talking about? Do you know where I come from in my village? Anyone would give up his privacy, his dad's privacy and his forefather's privacy rights to download one free song and I was like So, you know, this is it, like, we have to appreciate the cultural things. And then more recently I was out in the Middle East working with some clients there and I was speaking to a few people both within the company and just outside, just trying to get an understanding of it. So they've obviously introduced the PDPL and they're all implementing it. And what they're saying was, look, we're more likely to invest in building high fences to protect our privacy than we are about our digital privacy. Because we believe all of our phones are all observed all of the time anyway. And so when it comes to that kind of digital privacy, they're less concerned. But from a legislation point of view, we're now trying to bring that in. So it's understanding those cultural differences where the individuals are, where the users and also where the leaders in the company are, I think it's key to delivering good work, but making sure you get the balance right.

Because how we do things in one company or in one continent is completely different to how we do things in the other ones. And with all of your extensive experience, what I want to know is from your insights, what are the cultural and organizational changes and how do we actually use what we know and what we understand and what we need to understand to make sure we are effectively embedding privacy into the operations.

Jay:

Yeah. I mean, a couple of great stories that you just gave there. And they illustrate the problems perfectly. The first cultural change is we have to have individuals, and individuals, I mean, consumers actually care about privacy to begin with.

Like you said about give away the farm to download one song. I mean that's what people kind of are expected to do. They're like, all of our data is out there. We've given up privacy as Zuckerberg said long ago, privacy is dead. And no one cares about it. And we've got to switch that mindset because ultimately if we have that mindset, we're in all kinds of trouble, especially with A. I. And if we can't take back our privacy from a consumer stance you know, it's bad. You don't want that kind of mindset. And cyber security was there probably 10 years ago where people were reusing the same password over and over again.

And now they're actually seeing the ramifications of what can happen if you just completely ignore security from a consumer stance? And while there are people that certainly are still ignoring it, I think people realize why it's a big deal.

Another thing that you were discussing in your stories about the cultural differences, not just there, but geographical cultural differences. I mean, the UK or Europe in general is mild ahead of where the U. S. is in terms of actually having a privacy legislation.

Here in the US, we've got a patchwork quilt of legislation. And so trying to actually adhere to all of those individual state requirements would be kind of a nightmare. The better approach is to look at what the GDPR does and try to adhere to that standard. And if you adhere to that standard, you're probably going to be okay with the U. S. Standards because C. C. P. A. Pretty much modeled G. D. P. R. And some of the states have done you know, similar to what California did. But they certainly haven't gone more stringent than what California did. So that's one part of it.

And going back to what we've discussed prior, it shouldn't be just legislation that is making you take actions, it's just the right thing to do.

Just because You may not have to adhere to a DSAR because that person lives in North Carolina. You probably should do it just because it's the right thing to do and probably down the line you're going to have to adhere to it anyway. So your system should probably go ahead and take account what the GDPR is doing, what CCPA is doing and adhere to that nationwide because one, you're going to have to probably do it eventually and two, it's just the right thing to do.

Jamal:

I completely agree with the that approach actually, Jay because one of the things that we do when we work with multinational companies is we say, look, let's take the most comprehensive requirements. And if we map everything out to that, I would say 99 percent of the time you already met what you need to meet.

Sometimes there might be differences in definitions and there might be a different way they define a breach and they might need to hit certain records, but those nuances you deal with separately. So for example, if I was going to go and write a privacy notice. What article 13 and 14 of the GDPR require is pretty much the same thing as the CCPA requires.

The only thing I know I need to add is a do not sell my button or a declaration that they don't actually sell your data. So it's just making sure that you understand what the most comprehensive requirements are and then just build according to that. Rather than what I've seen some people doing is they look at every single regulation or legislation and try and do a little bit here and a little bit there.

I'm just like, I would go crazy. And the business, how can they have the patience for this? Every time something comes up, you're making changes? Like, why don't you just look for the most simplest and most pragmatic and effective way of doing that to begin with? So, I'm a big fan of that approach that you shared there.

Saima:

I absolutely agree to o. The GDPR is our global golden standard. So all the countries, as they are now starting to draft their own legislation, should use that as a precedent. To your question, Jamal, about how culture impacts all this, I think that's a tricky consideration, right?

So for example, with Bangladesh, as Bangladesh embarks upon coming up with their own laws, it should suit the culture at large of that country. Making them cookie cutter, there's some danger in that, right? Because what the understanding of Bengalis in terms of their privacy is different from what Americans understand or those in Germany understand, right? So I think those cultural nuances should be taken care of, should be accounted for. I don't think it should be a cookie cutter legislative landscape all across the planet. Yes, use GDPR as your precedent, but do keep in mind that people in Saudi, people in India, people in the African states, they look at privacy differently. I mean, if you go back to the ancient notion of privacy, you know, houses were built in certain parts of the Middle East such that your neighbor couldn't look into your building, into your window, right? I'm just using a physical example. Similar to that, there are digital examples as well as to what privacy means to people it's nuanced around the world. And I do hope countries as they are rolling out their privacy policies such as Saudi Arabia, which is really a good thing. And the UAE and other parts of the Middle East and Africa, they are slowly starting to take those cultural nuances into account. And that's really important. And it would be good to highlight that as all those rollouts happen.

In Canada, we're behind, we're trying to keep up too, and you know, we're a very breadbasket mix of different cultures, so it's tricky when you're a country like Canada, because you are made up of so many cultures, but it's the right thing to do, and I'm sure everybody will come through accordingly.

Jamal:

Thank you for sharing that. And what you just touched on the Middle East, it reminded me of some of the conversations I was having there, actually. And one of the people I was meeting, there were saying the reason why we're so late to the party with data privacy laws is because privacy is embedded into our faith and into our culture. So for example, the etiquette is if you knock on someone's door, you stand to one side when they open the door, so you don't peer into their privacy. They were talking about when the religion of Islam first started the prophet, he instructed his companions not to enter their own houses from the back door in case they disturbed the privacy of their wife or the people living at home. So they're like, this is something that's embedded in us. And they have this concept of our Amanah, which is trust, which is we have to make sure that we uphold that trust that someone places in us, whether it's with their things, whether it's with their money, whether it's with their information, whether it's with their secrets. So we haven't really felt the need to have to bring something in, but we understand from a commercial point of view, to be able to do trade internationally. This is something that's actually becoming more and more important. But when it comes to our personal digital privacy, that's something that we are a little bit late with just because of the way things are done here. And so, for example, when we went to one of the restaurants there, somebody gave their number and they're like, Oh. You're so and so and they're like, how do they know that? Have you been here before? They're like, no, that's just the way it is here. Everything's related to your phone number. The other thing they were telling me when I was working with this travel company is, it's just normal for the salesperson or the person sending you holiday tickets to ask you to WhatsApp a copy of your passport to them.

Saima:

Yeah,

Jamal:

I was like, I don't know about that. Yeah, I'm not sure how comfortable people in the UK and Europe would be if we went into a bazooka just WhatsApp me your passport. And so really understanding and appreciating all of those things is also very important But just because some places don't necessarily have laws doesn't mean that the cultural understanding of privacy is not worth it And I'm grateful to you for highlighting that

Saima:

So, exactly. To elaborate that a little further and why these countries do need to have such laws is because we're living in a digital global world and we've all become so close to each other just being online, right? Hence, those cultural privacy nuances kind of have to dissipate and take a larger approach to design them as such.

So, if you're going to be on the worldwide web and you're shopping at Amazon or Alibaba, Yeah. Yeah. Chances are your, your data is flying all over the world now, right? So those same principles now need to be embedded, whether you're shopping in Riyadh or whether you're shopping in the Himalayas or wherever you're at. I think there's now a level playing field in terms of privacy principles. Those, those 10 principles have to come in play with all commercialization.

Jamal:

Yeah, 100 percent and one of the things that a lot of people keep talking about is the GDPR being the gold standard the GDPR actually being The thing that everyone's modeling. But I say actually if we go one step beyond that What we see in the GDPR is actually what's already in the OECD and OECD, they're all about, Hey, these are the principles that we need to make sure that there is this global circulation of goods and services and money.

So we can all have that empowerment and prosper. And so if you align all of the actual privacy laws. You can see that they have derived or looked at the OECD for inspiration. It might read and look like the GDPR, but even the GDPR, if you go back to it, you can see they actually derived from the OECD guidelines. And so when I'm actually going even to organizations where they want to bring stuff in, and they're not in a particular jurisdiction that's regulated, We know that if we bring in the OECD guidelines and those principles, then whatever does come along eventually, there might be a few tweaks, but overall, like Jay was saying, they should actually be okay.

[Saima:

Agreed. Exactly.

Jamal:

Now let's say there's somebody listening who's interested in pursuing a career in privacy engineering. Maybe they're looking to pivot from a technical role or some other type of role. What are your top tips that you have for them?

Jay:

The first thing is really just get some experience in privacy. One, if you've read enough about privacy that you think that you have the passion for privacy, the next step really is to get some experience in privacy and all decent sized orgs are contemplating privacy in some form or facet. So find out who in your organization is responsible for privacy, talk to that individual and say, Hey, look, I'm, I'm really interested in privacy.

I would never turn down a volunteer to help me on the privacy project. So that's a great way of actually getting real life experience. I mean, there's certifications and things of that nature, but I don't think that's a replacement for actual real life privacy experience.

And you know, figuring out what is a DPIA, what is a technical privacy, actually understanding all of the alphabet soup will take you a lot further instead of just What it is functionally, but like okay, this is how we do a dpia. That's going to take you further than just understanding the alphabet suit, from a conceptual level.

Jamal:

Thank you, Jay. So what you're saying there is The best way to really progress and to really advance in a role is get some exposure, get some experience and okay, if you're applying for roles, you're not getting them because you don't have the experience. That's not an excuse to say no one's hiring because I don't have the experience. What are you doing to take responsibility to find a way to get that exposure? You can go and volunteer and like Jay says, he'll never say no to a volunteer and I'm sure that would be the same in almost every single organization. Nobody says no to an extra pair of hands that could actually help you. You can also go and get mentors. And what you're saying is, look, what a lot of people, and I think this is the biggest misconception in the privacy industry is everyone believes, Hey, if I just go and get certified and get all of these letters after my name, then that's it, but that's not the case because knowledge is one thing, but then without the skills to apply that knowledge, it's completely useless. And if you look at the state of the market at the moment, you can see that there's so many great privacy roles on offer, there's so many people who are certified, but because they can't demonstrate that they're competent in actually taking that knowledge and operationalizing it into skills, there is a mismatch and there is a gap in the market. And so what we need to do is steer away from actually this infatuation of getting certified and adding all of these letters after a name, and actually just roll your sleeves up, get stuck in, and just understand how this works, what you actually need to do, because once you do that, any certification becomes easy because All they're doing is assessing your knowledge and application of the skills to what you already know. Thank you for highlighting that actually it's not just about certification, like that's just a false sense of security and economy. I think a lot of people waste their time and money thinking suddenly that once they go on LinkedIn and say, Hey, I've now got this, there's going to be people knocking on their door and offering jobs and it doesn't happen.

They just go from one place to another place, trying to figure out what's happening without actually ever addressing hey I might have a knowledge or I might have a piece of paper that says I'm supposed to have knowledge, but unless and until I can demonstrate that I'm competent in applying that knowledge through skills, then I'm always going to be stuck here.

Saima, what would you like to contribute to that as well?

Saima:

1, 000 percent agree with both of you. I'll also add in that wherever you are, whichever organization you're working for, look for opportunities there to get experiences. So I had said to you earlier that privacy is a shared responsibility. It exists in marketing, exists in communications, exists in finance, it exists in HR, it exists everywhere. You could be that trailblazer and recognize the need for it, find the gap within, say you're in human resources, you're working there and bring that, elevate that and bring it to leadership's eyesight and get them to recognize that that gap needs to be filled and hey, I can be that person who can do it for you, assuming that you've got a lot of the knowledge that you need and then you build that up, build it within your organization if your organization doesn't have it, look for those opportunities because it is hard to get a position in privacy.

Okay. If you don't have a little bit of experience, right? And this way you can do that, roll up your sleeves that way. The other is volunteering. The third is finding a mentor. For this networking on LinkedIn network, network, network, ask people to share about half an hour of your time. Get them to talk about what they're doing within their workspace. People love to talk about that. Don't ask them for a job. Don't ask them for anything else. Just say, Hey, can you share some experiences with me? And you learn vicariously through, what they're doing and blog. These are all amazing opportunities but they need to be done simultaneously.

It's not just a linear path, right? Because it is a newer field.

Jamal:

Absolutely. Some, some really top tips there. And, you know, I think you were like taking about 30 minutes worth of content and just summarized it like you do in your LinkedIn post to give us a very rich top tips on exactly what we should be doing. And I think networking is super important, right?

First we need to get the knowledge, then we need the skills, then we need to have the network, but then we also need to gather the resources and also our reputation comes last and what a lot of people do is they think, okay, I'm going to get certified.

So I get the reputation and I have the knowledge or I have the rubber stamp that says I have the knowledge But what they're missing in between is the skills is the resources and is the network. And networking isn't hey connecting with everyone that comes along in the IAPP group and says I'm connected now I'm networked and hey, can you give me a job?

I'm looking for a job. I've got 10 years experience No, that's not networking is actually Opening up meaningful conversations that are professional, that are related to work, and then seeing how you can add value or who you know, that can connect people, or just taking an interest in what they're actually doing right now and sharing resources, tagging them on Saima's and Jay's posts so that they can actually benefit from those things too. And that's how networking develops. And so as I must, Oh yeah, I can see your interest in this. You know what? We've actually got a position opening up and I'd love to put you forward for it. And that's exactly what happens. And the other thing that you shared there Saima what I love most is, I think the best way to learn is to teach. And one of the things that I show all of my mentees when we first start any session is Bloom's taxonomy. And it says, look, at the most basic level, it's being able to remember and recall something. And you go on LinkedIn and you see in other places, a lot of people are just regurgitating something that they've read somewhere or they've heard on a webinar without actually having any understanding of what that actually means in practice or being able to look at it in different ways. And so we need the ability, or you need to develop and demonstrate you have the ability to analyze and evaluate. And at the top of Bloom's Taxonomy, it talks about creating. Right. And not everyone's going to have the time to go and write a book or create a video series or something, but we live in the digital age, right?

We can leverage media, we can leverage medium like social media. I'm not saying go and do some TikTok dances, but just look what Jay and Saima are doing on LinkedIn is they're at the top of Bloom's taxonomy. Every day they're teaching us something. They're creating something. They're taking information. Digesting it, adding their own insights to it and giving it to us in a way where we can understand, and you've positioned yourself as the authority in the industry, which is the reason we're on this podcast, right? But you do deliver value, but if you just kept all that information to yourself, how would anyone benefit from that?

How would we know you are the people that we need to go to, to get answers? But you are the people that we need to consult with, right?

You are the people that the top tier companies need to hire to solve their business goals.

Saima:

Absolutely such, such a critical point that you just put across Jamal, teaching. When you're teaching, I was teaching at Northeastern University, the Toronto campus yesterday to a bunch of data science students about the importance of data privacy and cybersecurity. When you're teaching, you become a student because they test you.

And so one student put their hand up and they said, okay, you're talking about data minimization, but don't you think you're compromising data utility? I was really surprised. I didn't think they'd understand the nuances of data utility, but they did. And, and, and I said, well, look, I'm coming at it from a personal vantage point, corporate vantage point.

Yes. Data utility is a huge issue. You know, they keep you sharp. They keep you on your toes and then you go back and you think, okay, how am I going to tweak this for my next talk? But yes, being a teacher, you are a perpetual student and that's a wonderful state to be in because you're always learning. And then vicariously through others, you're teaching..

Jay:

You hammered exactly why I write to begin with is most of the topics I'm writing on are things I'm trying to work out in my own head. And I'm writing so I can understand it better. And I get feedback from others about things I might have missed because for example, I'd post about responsible AI versus AI governance. And what are the differences between the two? The post was really me trying to figure out in my own head what the differences of the two were. But as I'm writing and thinking about it, I'm actually learning myself and then the community is helping me learn.

So yeah, excellent point Jamal.

Saima:

It's true. And then a student chimed in yesterday from their Boston campus because my lecture was being webcasted to all of their campuses. And the student chimed in and said, well, you know, we have internet of things. We've got all these Apple devices sitting at home. Why would you tell us not to connect all of them?

What is the issue with that? Isn't the idea for technology to make our lives easier? And then, you know, you have to pull back a little bit and you have to tell them, yeah, it is, but here, are the downsides. Here are some things that you need to be educated about. As long as you know them, then go ahead and connect all your devices, right? So, it's a great perspective to have and to provide.

Jamal:

I think what's really endearing right now is the humility you're both showing. And I think that's so important to us as professionals, especially if we're trying to make an impact in the industry, is to know that we don't know everything. We're always learning. And the more we learn, the more we realize how little we know. And so when we're actually sharing things, it doesn't mean that we get it right all the time. It just means that we're putting something out there to see what comes back. And sometimes we learn from those discussions and we go down a rabbit hole sometimes, maybe a little bit. But someone somewhere knows something, has worked on something, has seen it from a different angle, and that's what the value of community is really for me.

Surrounding myself with positive forward thinking people who are there for you, who want for you rather than want from you, and who are actually actively looking to contribute and. Say, have you thought about this another way? And I think one of the challenges that I find when I'm getting my mentees to, and encouraging them to share their takeaways, share their posts, go and comment is, they're worried about what other people are going to say.

They're worried about making mistakes. They're worried about being put down. And sometimes that kills their confidence. And I say, you're asking yourself the wrong question. Like your subconscious mind is like a four year old, is there to protect you. So yeah, it's going to say, hey, stop you from getting embarrassed like you did when you was in school kind of thing. But what you need to do is ask yourself instead, Wouldn't it be great if, and then fill in the blank and you'll see that motivates you a lot more and that actually helps you. And so what if you get something wrong, own it, learn from it, use it as a opportunity to grow and connect with more people. For me, when I don't know the answer to something, it's never about what don't I know?

It's about, okay, who do I know that can help me with this?

Right. And I either go and seek them out or I pay them for their advice and their guidance. And that's it. But it's always. Who can help me with this? And that's why it's important to have a powerful network, because if I don't know who can help me, I need to know somebody who does.

Saima:

Even with my mentee, someone's asking me something about the metaverse and I tell them, okay, you know, I'm not the right person to answer your question, but I do know someone in my network who can help you. And then I connect them and there's power in that. It is power and being able to knowledge share, tapping into a network and connecting the right people together.

Jamal:

Awesome. Now we all face challenges in our careers. Can you share a particularly challenging moment that you've had in yours? How you tackled it and what the lessons that you took away from that were? That's helped you progress in your career.

Jay:

For me, once I discovered that privacy engineering is what I wanted to do when I was a consultant, the toughest part is just what we were talking about, how to break into that field where, you know, I was A lawyer and then I was a consultant, but convincing somebody that you actually have the skills to be a privacy engineer even though I had a privacy experience is difficult.

For me, it was sort of one I had to establish credibility from a technical's. standpoint, I went through like a 750 hour bootcamp learning to code, to show people that I was really serious about having sharp technical skills, but also I think a lot of it is, I was putting stuff out there on LinkedIn and showing everyone that this is what I was passionate about and learning from that.

If you've got the passion for something, you're going to probably have challenges along the way to achieve whatever your end goal is surrounding that passion. But I think remembering where your passion lies and just keep fighting to get there and, you know, taking the baby steps necessary to reach your end goal. So for me, it was really just one, getting the credibility I needed to land that first privacy engineer role and see that growth in there.

Jamal:

That's great. Thank you for sharing Jay. I must say you're probably one of the most coolest privacy attorneys or in fact any attorney that i've come across. The challenge for you was transitioning from being this legal person to actually saying hey Give me a chance as privacy engineer and what you found really helped you was actually just demonstrating how passionate you are talking about it. Because then that helps build your credibility and brings your position in that hang on This person clearly knows their stuff, right?

You can see they're talking about it. And they're not just copying and pasting or reposting other people's content. It's original, authentic content. And so that's really helped to attract the right kind of attention from recruiters and hiring managers. And then you get a chance to sit in front of them. They check, you know, does this person actually want to work for us? Is this person competent? And will they make a great cultural fit? And if you can show yes to all those threes, that's it. It's game over. But it all starts off by creating your own luck. By taking control of what you can and showing your passion and delivering valuable insights on platforms like LinkedIn.

So thank you for sharing and reinforcing that. What about you, Saima?

Saima:

So mine was a little reverse. I started being off being a chemical engineer and working in the chemical industry and not being satisfied with that and venturing off into law and in civil litigation, medical malpractice law and being a scientific legal advisor. So essentially it was bouncing around different careers, trying to figure out what made me happy.

And I realized at the end of the day, it was the amalgamation of my life sciences, my engineering and my legal background that together would make me happy. And then I went on to a journey of trying to figure out, okay, where can I be where all this gels?

And that's how I discovered data privacy and protection. And when I ran into trouble there, what I ran into trouble there with was not going down the rabbit hole of the alphabet soup, like Jay had mentioned before, I didn't want to just follow the crowd and get one letter after another letter, after another letter. So what I did was, and I learned this the hard way is basically pick and choose from different schools, schools of thoughts, and take different courses to fill in the gaps that I needed to, to bring in the corpus of knowledge that I needed to be able to practice in this space.

And also to realize that just because my first role doesn't have the word privacy in it, doesn't mean I'm not working in privacy, right? My first role was called senior policy analyst. Word privacy wasn't there, but I was working on privacy policies within the public sector. Right? So being able to overcome all those nuances that are perceived. But not actually the case is a challenge and it's an evolutionary process, right? You'll get there.

Jamal:

And it sounds like what you're saying to me there is you was able to look at all of the different things that you have and tap into your zone of genius and where you actually wanted to operate. And so you looked at what are you uniquely gifted with? What are the skills and what the experiences that you have, and what is the intersection of all of that where you're actually passionate? And even though you might not have had job titles that demonstrate that, What you had the foresight to do, what you had the humility to do and what you had the determination to do is say, okay, where are the gaps in what I'm trying to achieve and what I need to fill in to be able to go and really do a great job on these things.

And you actively pursued those opportunities to close down those gaps by investing in your professional development, by investing in your knowledge, by investing in people who can actually help because they have expertise in those areas to help you to get to where you are. And I

Saima:

Well, you know who taught me that you've got him right here. Jay taught me

Jamal:

Jay, oh wow.

Saima:

And, so I went for doing vendor courses like data protocol and some of the others, which were not in your linear path of a privacy professional to take on, right. Went to Carnegie Mellon University. You know, it wasn't something that an organization offered.

So, Jay taught me that, find your passion, find your gaps. Don't go for titles. It doesn't mean much. And then go for it and do what you love to do. And that really helped me.

Jamal:

Wow, that's inspiring. How did you two first come across each other?

Jay:

You know, I think we met actually on LinkedIn. And you know, it's funny. We had talked a lot on LinkedIn. And then I ended up getting hired at Twitter. And my manager said, Hey, we're, we're talking to this great person. We're about to extend an offer to her Saima Fancy. And I was like, Oh, Saima.

And so I reached out to Saima. I heard we're about to give you an offer. Can't wait to work with you. And so then Saima and I started talking and then the whole Twitter experience was a

Saima:

Drama.

Jay:

Was a full drama and it was something that yeah, I, I bonded with those folks extremely during that whole turmoil.

so we've been really good friends ever since.

Jamal:

Okay, well that that's really interesting to know and you know, I'm sitting here and I've only spent an hour with you both and I'm feeling super inspired. So when you guys have had the opportunity to work together I can just imagine how much that respect has grown and that mentor mentee relationship vice versa must be strong and you know what?

I'm so happy that you both came here together it's absolutely priceless. i'm so grateful.

So the last question is actually more of a question. So my podcast producer says I always have to give the guest an opportunity to ask me a question. So if you have a question for me feel free to ask and I'll do my best to answer. That's a,

Saima:

Oh, absolutely. Please tell me what drives you. Your passion is so contagious in this area, but what's your driving force to be in this space?

Jamal:

Question. And the answer goes quite a bit quite deep. So a few years ago I lost three children within the space of about nine months. They were all related to challenges with them being born a little bit too early.

So I had my first daughter Aya and. She unfortunately survived for 20 minutes and God took her back and then around nine months later My wife was blessed with twins and this time we had Isaac and we had Noah. Isaac survived for eight days and Noah survived for two weeks and then God took him back all praise to God. But by the time I buried my third child, it was game over for me.

Like there was Not, I, I just saw darkness. I was just very down. I was destroyed. I managed to bring myself to client meetings and objections and I'd be like, Hey everyone, everything's good. But I was just putting on a show just to get by. I don't know when it was daylight, I don't know when it was darkness.

I was just in a really bad place. And it was just me. It was both me and my wife. And we were both in a very dark place. And we'd put on a show you know, pretending we're okay if somebody called or check around, but we were in a cycle where we were actually destroying ourselves because it was just too much.

And then eventually there was a charity that came and said, Hey guys we're taking you somewhere. We're taking you for a trip and we're taking you abroad. And actually they took us to pilgrimage in Saudi Arabia. And so that started the healing process. And when you go there and you look at all of these people you realize that your problems, your challenges, your pain is actually quite insignificant compared to everyone else. And what was really special about this trip was we was actually in a group of people who had suffered really horrendous, traumatic experiences.

So there were people that were victims of war. There was one person there who had lost their whole family in the Grenfell tower incident. And so we were surrounded with all of these people who had been through pain and trauma, and as we was all healing together when we came back, we decided, you know what, we want to actually. See what we can do to help and make a contribution like the people that helped us.

And so my wife started selling cupcakes and I got involved and we managed to help people in Uganda, build some community centres places for worship and provide some kind of education empowerment.

And that felt really good. It helped me to come out of my sadness, come out of that cycle of despair. But I didn't want to switch my career and go and join the charity sector. Right. I still enjoy doing what I do for privacy. And when I had first passed away, what I said, I was like, I'm going to do this and I'm going to do it as a legacy in her honour.

And then when the kids, the twin boys went away, I was like, okay, all of this stuff that we're doing, it was like, you know, it's in legacy or dedicated to my children.

So in my faith, we believe that they're actually resting in the garden of paradise with, Abraham right now, and I'll be reunited with them. So I was like, when I am reunited with them and we meet other people, what would I want other people to say? And what is the stories that I want to tell them? And I was like, you know what? I'm going to create a world where every man, every woman, and every child actually has freedom over their personal information. And so that's what inspires me is I know I have got a lot to achieve.

So I can't do that with my consultancy, right? It doesn't matter who I serve, it doesn't matter how much work we do for companies like Facebook or anyone else, it's still a drop in the ocean. And that's when I started the Privacy Pros Academy.

It's like, what I want to do is attract a tribe or a community of world class professionals all over the world. And if we all have the same vision, and if we all are at the top of our games, and we're really helping companies, That are actually collecting and processing that data. Then eventually we would have an impact where actually my daughter, now I have a two year old daughter now where she can go anywhere in the world and wherever she goes, she knows she has complete freedom over her personal information. So that's the drive. I'm trying to change the world. It's all coming from a good place and it's coming from a place because I know how bad things were and I know how great it is to help and add value and be of service. And that's what drives me. It's just like, I wake up and I know what I need to do kind of thing.

Saima:

Love that, love that philosophy. Philosophy, philanthropy is a huge part of being in the privacy sector, isn't it? I mean, what's driving us,

right? It's our philosophical belief of what the right thing to do is. That's wonderful. And I'm so happy for you and your wife and your little girl. Me

Jamal:

You like to ask me anything?

Jay:

Jamal that was a very touching story. And it also shows why, you know, I like to evangelize privacy and also now it shows where your passion is coming from. But 1 thing that struck me during this discussion is you have a very good ability to take a bunch of words you hear from other folks and summarize them down into nice little packages.

I mean, how did you develop and flex that muscle or how did that muscle get developed because it's a good muscle to have, because a lot of times people say a lot of words and don't mean a lot of things, but they have a good message and you're good at distilling that message.

Jamal:

So I think it started off with me being somebody who was curious and me being somebody who was kind of like always trying to make fun of my friends. So I would listen to what they've said and pay very close attention to what they said. And then I would actually try and dissect what they said and prove them wrong or win the debate or win the argument.

Now you can't actually win arguments and debates. Persuade and influence people if you haven't paid attention to what they've said, because they're like, no, I didn't say that. I didn't mean that. And so when you use someone's words and you resonate that and you say back to them, it's either, yes, you've understood me or actually you're right.

I did actually say those things and I did mean something. So I guess it started off like that when I was a little bit early. But growing up, as I was becoming more professional and I started investing in spending time with people who inspire me, just like both of you, I really value when someone gives up their time to come and talk to me or when someone who is knowledgeable has something to share with me. And so I try to make sure that I'm fully present. And what I used to do in the early days was just make my notes and go away. But I realized that I'm limited to my own understanding based on my experiences and based on what I perceive them to say. But when I repeat it back to them, it gives them an opportunity to, first of all, feel valued and respected that I've actually paid attention to what they've been saying. But if I've got something wrong because of my own perceptions or my own limitations, then it gives them a chance now to correct me or to steer me in a different way or to contribute more and add some more insights to that. So it's really started off with me making sure that what I've heard and what I've understood is actually what's being delivered and not my perception and I go away with the wrong thing and do the wrong thing. And also actually just saying, I value you taking the time out to share this with me and I'm going to make sure I absorb that and pay attention. And this is how I take that to mean. And obviously doing podcasts like this, speaking with clients really helps. I think one of the things that has helped me in my career is actually making the clients feel understood.

Right. So when I go to the businesses, when I go to the different departments that might not have previously been interested in privacy, but I pay attention to what's important to them, what some of the challenges are, what the things that they're most proud of.

And then I show them, I've understood taking that in and then I align how privacy or what we're trying to achieve is going to help them with that. They give me a lot more respect and I've earned their respect now. And so they say, okay, this guy is not so bad after all, he's here to help us and let's see how we can make things work.

And you know what? There are some things that actually might be quite useful to us, whether now or down the line, and they're a lot more open and you've now got their buy in. When I found that working, I just doubled down on it. You do what works and you do more of that. And one of the reasons I started this podcast is I realized with my background, there's only so much I know, actually, there's not so much, there's how little I know. So how can I actually go and increase my knowledge, increase what I know, increase the value I add to people. It's like, let me go around and expert people who do know, inspiring people like yourself, the people that you've seen on the podcast. It gives me an opportunity to speak with you, take some lessons away, reflect on that. And see how I can continue growing and adding value to the industry. But it'd be pretty selfish if I just bought you a coffee and just had a chance to have a conversation.

But the fact that we're sharing this and taking the time to do this and getting the message out there to I think 137 countries and thousands of people, that's like a gift. That's us giving back. That's the philanthropy that you talk about. And that's really showing commitment to the vision that I have. And I hope there's somebody listening who's being inspired by this and they will actually take the step to progress their career or even come on board with a privacy career. And now there's Saima and Jay, just both of you to look out for on LinkedIn. And I look forward to the conversations that we will continue to have. Hopefully that answers your question, Jay. I know I kind of went off distracted a little bit.

Jay:

No, no, that was, that was perfect. Thanks so much for your time today. I really enjoyed the conversation.

Jamal:

So much value in this podcast, guys. If you are listening to this podcast, please make sure that you reach out to both Jay and Saima and share your takeaways from this podcast and just explain how much you appreciate some of the little nuggets of wisdom that they've shared. Until next time, peace be with you.

Outro:

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released. Remember to join the Privacy Pros Academy Facebook group where we answer your questions. Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class Privacy Pro.

Please leave us a 4 or 5 star review. And if you'd like to appear on a future episode of our podcast, Or have a suggestion for a topic you'd like to hear more about, please send an email to team@kazient.co.Uk Until next time, peace be with you.

Show artwork for Privacy Pros Podcast

About the Podcast

Privacy Pros Podcast
Discover the Secrets from the World's Leading Privacy Professionals for a Successful Career in Data Protection
Data privacy is a hot sector in the world of business. But it can be hard to break in and have a career that thrives.

That’s where our podcast comes in! We interview leading Privacy Pros and share the secrets to success each fortnight.

We'll help guide you through the complex world of Data Privacy so that you can focus on achieving your career goals instead of worrying about compliance issues.
It's never been easier or more helpful than this! You don't have to go at it alone anymore!

It’s easy to waste a lot of time and energy learning about Data Privacy on your own, especially if you find it complex and confusing.

Founder and Co-host Jamal Ahmed, dubbed “The King of GDPR” by the BBC, interviews leading Privacy Pros and discusses topics businesses are struggling with each week and pulls back the curtain on the world of Data Privacy.

Deep dive with the world's brightest and most thought-provoking data privacy thought leaders to inspire and empower you to unleash your best to thrive as a Data Privacy Professional.

If you're ambitious, driven & highly motivated, and thinking about a career in Data Privacy, a rising Privacy Pro or an Experienced Privacy Leader this is the podcast for you.

Subscribe today so you never miss an episode or important update from your favourite Privacy Pro.

And if you ever want to learn more about how to secure a career in data privacy and then thrive, just tune into our show and we'll teach you everything there is to know!

Listen now and subscribe for free on iTunes, Spotify or Google Play Music!

Subscribe to the newsletter to get exclusive insights, secret expert tips & actionable resources for a thriving privacy career that we only share with email subscribers https://newsletter.privacypros.academy/sign-up

About your host

Profile picture for Jamal Ahmed FIP CIPP/E CIPM

Jamal Ahmed FIP CIPP/E CIPM

Jamal Ahmed is CEO at Kazient Privacy Experts, whose mission is safeguard the personal data of every woman, man and child on earth.

He is an established and comprehensively qualified Global Privacy professional, World-class Privacy trainer and published author. Jamal is a Certified Information Privacy Manager (CIPM), Certified Information Privacy Professional (CIPP/E) and Certified EU GDPR Practitioner.

He is revered as a Privacy thought leader and is the first British Muslim to be awarded the designation "Fellow of Information Privacy’ by the International Association of Privacy Professionals (IAPP).