Shoshana: 00:00

The place where DEI and privacy intersect really has to do with the fact that just like anything else, you can't fix what hasn't been measured right. If you can't evaluate a situation, you can't set goals. And if you can't set goals, you rarely accomplish anything you actually intend to. The data that you need for DEI is something that will help the program move forward, but unfortunately, it's also something for a lot of us that we wouldn't want to disclose.

Intro: 00:28

Are you ready to know what you don't know about Privacy Pros? Then you're in the right place.

Intro: 00:33

Welcome to the Privacy Pros Academy podcast by Kazient Privacy Experts. The podcast to launch progress and excel your career as a privacy pro.

Intro: 00:44

Hear about the latest news and developments in the world of privacy, discover fascinating insights from leading global privacy professionals, and hear real stories and top tips from the people who've been where you want to get to.

Intro: 00:59

We're an official IAPP training partner.

Intro: 01:03

We've trained people in over 137 countries and counting.

Intro: 01:08

So whether you're thinking about starting a career in data privacy or you are an experienced professional, this is the podcast for you.

Jamilla: 01:24

Hi, everyone, and welcome to the Privacy Pros Academy podcast. My name is Jamilla, and I am your host. With me today is my co-host is Jamal Ahmed, Fellow of Information Privacy and CEO at Kazient Privacy Experts. Jamal is an astute and influential privacy consultant, strategist, board advisor, and Fellow of Information Privacy. He's a charismatic leader, progressive thinker and innovator in the privacy sector who directs complex global privacy programs. He's a sought-after commentator contributing to the BBC, ITV News, Euro News, Talk Radio, the Independent, and The Guardian, amongst others. Hi, Jamal.

Jamal: 01:57

Hi, Jamilla. How are you?

Jamilla: 01:58

I'm all right. How are you?

Jamal: 02:00

I'm delighted. Well, I've just crossed 20,000 followers on my LinkedIn profile.

Jamilla: 02:05

Congratulations.

Jamal: 02:06

Well, thank you very much. But I have no idea why that many people think I have something valuable to share. But I'm going to do my best to make sure everyone who is following now and in the future, I share as many valuable and resourceful tips as possible so everyone can have a thriving privacy career. And to help us with that, today we've got an amazing guest. And I actually had the pleasure of meeting this guest at the end of last year when we had the Piccaso Privacy Awards. And one of Shoshana's guests, Emerald de Leeuw, was kind enough to introduce us. And then Shoshana and I got on really well and was like, we need to do more things together. And I was speaking to Shoshana. She was so inspiring. I said, you know what? We need to get you on a podcast. And here she is today. She has given up a time to share some amazing things. So let's get straight to it Jamilla.

Jamilla: 02:50

Yes, I'm excited, too, for our guest today. So our guest is Shoshanna Rosenberg, and she is the founder of SafePorter. SafePorter provides a means to isolate and protect identity characteristics that organizations are seeking to better track diversity. She is also a member of the IAPP Diversity and Privacy Advisory Board and a board member of Inclusion by Design. Hi, Shoshana.

Shoshana: 03:11

Hi. I want to thank you so much for having me. I think my first question is, I see some balloons behind you, Jamal. There's a two, and then it looks like a zero. Is that for your 20,000 followers? I think it's worth marking twice that's gorgeous.

Jamilla: 03:28

Yeah, I saw them on a call yesterday, and I thought, Jamal, who are you kidding? You're not turning 20. But then I realized it was for the LinkedIn.

Jamal: 03:33

Jamilla don't tell everyone I'm 21.

Jamilla: 03:38

So, as we always do on our Privacy Pros Academy podcast, we always start with an ice breaker question. And Shoshana, in your notes, you said you like comic books. So my question for you is DC or Marvel?

Shoshana: 03:50

Oh, Marvel. All day. Yeah, I would agree with that.

Jamal: 03:52

Jamilla what is even DC?

Jamilla: 03:57

DC do like Batman, Justice League?

Shoshana: 03:58

It’s a very divisive question. DC has some wonderful characters, but from a comic book standpoint, it's all Marvel all day.

Jamilla: 04:07

Now, would you say that from a film perspective as well, Marvel over DC?

Shoshana: 04:11

Yeah, absolutely. I never thought it would be so easy to answer that question, but I didn't think I'd get to talk about it on a privacy podcast.

Jamilla: 04:19

Well, funny you should mention. I think it was about two years ago now, we had Avishai on our podcast, one of our very first ones, and for some reason, we got onto the topic of the Marvel universe. And my question to him was, would GDPR apply in the Marvel universe? Would it apply on Asgard as well? And he answered very well.

Shoshana: 04:41

Yeah, it would be a lot about geolocation tracking through universes. Okay, we'll move on. I don't want to cover anything you've already covered.

Jamilla: 04:50

Interesting question. So let's get into the privacy questions. Shoshana, you're passionate about DEI, diversity, equity, and inclusion, but what does that mean for anyone who doesn't know what it means? And what are the regulations that come with?

Shoshana: 05:07

DEI and sometimes it's called diversity and belonging. Belonging and inclusion. This is an important part of writing the discrepancies that exist between opportunities available to minorities and marginalized people, but also that can vary from different regions. So it is a massive question because in some countries, for instance, in southeast Asia, for instance, a lot of what's happening might be case based, or it could be based on whether or not you're actually from somewhere other than the country you're working in. Right. So it means different things. What I think I can narrow it down to here, for our purposes to talk about is the place where DEI and privacy intersect really has to do with the fact that, just like anything else, there are two lenses on it, but one is you can't fix what hasn't been measured, right? If you can't evaluate a situation, you can't set goals. And if you can't set goals, you rarely accomplish anything you actually intend to. And then there's also the aspect of I'm sort of just going to jump right into the meat of it here, which is that for privacy professionals as many of us who are sort of grandparents in this universe, who've been here for 15 years or more. And I know some have been here much longer than that. There's something very important about what happened when the fines got big enough with GDPR. Right. You were begging, you were pleading, you were waving your hands, you were doing all you could within your organizations, to colleagues at other organizations to say, you really need to pay attention to what's happening, to the act, to the implementation, all of this.

Shoshana: 06:38

But once the fines came, all of a sudden you had the gravitas, you could move things, right? And everything started to open up. And here we are with all manner of privacy professionals, thank goodness, that are coming into the fore that you're trying to help find their way on their career. So that was what moved things for us, for DEI, for the people who do the work in diversity and inclusion, they are constantly being put in the position of being told by the organizations that have hired them that they want them to make an effect change, but they don't have the data to move it. So when they ask for uncomfortable moves and changes to be made within the organization, the pushback is so great that they're essentially in a locked, they're trapped. And so the data that you need for DEI is something that will help the program move forward. But unfortunately, it's also something for a lot of us that we wouldn't want to disclose. So you could be a number of things, right? This is me, I'm Irish, Jewish, over 40, and I like comic books, as if that was a question. But when I put that out there, I'm telling you also that I'm not a terribly private person about these things. But you could very well want representation without anyone knowing it's about you. You want someone to know that you are in the organization, you are in the university, you are a member of an association, you are listening and you are impacted by their policies, but you don't necessarily want them to know it's you. So I set out to address that problem. And for me there are two pieces here, which is diversity within the privacy profession itself, which I think is a critical thing to address, and that we all have the power to do so, and the DEI initiatives that are part of ESG for the organizations that we're helping with privacy. We have a lot of ways that we can help push that forward and impact it as privacy professionals.

Jamilla: 08:24

And it's interesting that you mentioned about privacy itself as a field and the diversity within it. I know that's something Jamal is passionate about is amplifying kind of people from diverse backgrounds in the sector. Do you think it's getting better? Do you think it's getting more diverse? Do you think there's still a need to push for more diversity and inclusion?

Shoshana: 08:42

There's always a need to push for more diversity and inclusion because by default the opportunities are constantly available in most countries, right to Caucasians who are already established or to people who have, because of whatever other situational, things they fought for or were born into who are already situated, those who are not yet situated where they want to be or where they could afford to financially or mentally, stress wise, take on another piece of learning. There's always going to be an imbalance there. So yes, I think it's needed to push for, I think strategizing about how is very important. SafePorter, for instance, we have sponsored a number of people in DEI to join privacy because I consider this and I'm going to take it two layers deep, but there's diversity within the privacy profession and then there is the sheer fact that we need people in every aspect of the universe. Right now we'll go back to Marvel, but we need someone in the old folks home who actually understands privacy, right? So we need a 75 year old to be a privacy professional. I need someone who's a yoga instructor to be a privacy professional so that they can keep their organization on track no matter how big or small. We need both diversity of privacy professionals with regard to race, gender, ethnicity, all of these aspects that we want to pull out of sort of an imbalance and also to make sure that we are looking out into the world and telling people who will never practice as privacy professionals that they need to. Maybe they don't want to get a certification. Maybe that's not their path. But they want to make sure that they are the person looking out for the others around them.

Jamal: 10:23

You're absolutely right. That's exactly what we need to do. On one hand, we’ve got the challenges of the actual privacy professionals in the privacy professional industry where we say we need to see more representation or people from more diverse backgrounds, but at the same time, when we're looking at the world and we're looking at different things people are doing. We need to say we need privacy awareness, we need privacy understanding. We need privacy advocates in everything that we do. So together we can all protect an individual's right to personal to their personal information wherever they are in the world. And I really resonate with that. In fact, our vision at the privacy pros academy case and the reason why we set up everything, was to make sure that regardless of where anyone goes anywhere in the world, their personal information will be free. And they'll be free to decide what happens with their personal information. Whether they're a woman, whether they're a man, whether they're a child in any part of the world.

Shoshana: 11:17

I think that's so critical. So I realize you're getting all of these big tirades from me because I have so many ideas, and I'm so excited to be talking to you, to you both. One thing is, I think that one of the things we need to do is understand how we're going to start setting privacy, layering it into the education for children, right? Because what kids grow up knowing about is what they grow up chasing. But just as important, of course, they're living in this digital age before they even realize it. And if we can start to build that in, it's a big deal. I will say also, Jamal, when you're talking about in every country around the world, there are so many pursuits for digital identity. It's been going on for 15 years already, but it's getting really advanced and blockchain for digital identity, for underdeveloped countries and all of these things. But what I keep pushing for and some people think it's pie in the sky, but I'm going to stay pollyannaish and I'm going to say one of the other things that I think would be so phenomenal to raise awareness and also help, I think, with understanding policies and the various other things that people sort of get hit with a brick wall of information is to create I don't actually want it to be called nutritional information, but you have at the bottom of a menu, you have a symbol that says there's fish, there's dairy, there's nuts. I think that if we were to get a summit together of privacy professionals and it would have to be an international group it doesn't have to be political, an international group of senior and junior privacy professionals. People interested. In people who are mired in it to go ahead and try to at least come up with a draft on what could we create a symbol so you could more easily navigate a cookie policy? Knowing what you like and you don't like? Right. A privacy policy, any of it, and use maybe those symbols as a way to also teach young kids and build things into comic books and other places that are more accessible. So these are my many ideas to share with you and take and run with them as we can.

Jamal: 13:10

It sounds like a great creative idea, and it makes it very easy for people to understand. And if they get used to this now, then in the future they can make better privacy decisions about what happens with the personal information they have now the right to choose rather than having to look at a privacy notice, trying to digest what it actually means and then just come and void and skip it and say, I don't to read through this.

Shoshana: 13:30

Except for AI, where you see the AI symbol, it means you have to. Stop and just read everything and try to contemplate your own existence for about ten days and then decide. But everything but AI it might work for yes.

Jamal: 13:42

So with AI, you need eleven days’ time frame. Shoshana, I want to ask you a question, what are the benefits? Like if I have a company or if there's a company, why should companies care about diversity? Why is that important?

Shoshana: 13:57

It's interesting. Things are happening at a different pace in different countries. In the US I think we all understand that much came to the fore that was always here. And so we had to face ourselves, or we've been working to face ourselves as a country, at least within the corporate level, to try to right some wrongs to the extent we can. In the US, we've sort of said it's not right to make the business case for DEI. I can do it. I would just actually refer anyone who wants to make it to go to any McKenzie report for the last several years on diversity and inclusion so that we can move our conversation forward. Which is to say, it's not just common sense, it's not just justice, it's the understanding that nothing you make, build, do or receive will occur in the same robust way if you are dealing with a locked tunnel, right? If you have an isolated universe of people thinking who only come from the world from one angle, if you don't have neuro divergence, if you don't have different backgrounds, if you don't have different vantage points, you lose out. Not just from everything. From the way that people engage on a day to day basis and whether they're continually learning from each other to the actual tools products that you deploy to, of course, whether or not marginalized groups have been considered in a privacy impact assessment in a way that actually and I learned about this, the UK government actually has in some of their procedures, a diversity and inclusion impact assessment, which is something that I have actually said to privacy professionals for years. Sorry, I'm sort of jumping around, but privacy impact assessment is a painful process to get a business to become accustomed to. Once it's there, it is absolutely simple to say does this policy, does this choice, does this new sharing or use of information impact inclusion? Does it impact our ability to retain or generate diversity within our organization? So the business case to me is not the right way and there are statistics that will make it for you. It's something that I think we all understand is a balancing out of the scales and also an enhancing of the vantage points from which we're looking at something.

Jamal: 16:11

Thank you very much for sharing by the way. And one of the challenges I come across when I'm speaking with clients and they're trying to measure the diversity equity and inclusion in their companies. And oftentimes some of the larger companies actually have a legal obligation and a requirement to put those scores out there. The challenge they often have with their private team is the privacy team will come in and say, oh, we can’t ask for that special category information. We need consent, and if we need consent, then we're an employer and an employee relationship, and it might not be valid. So just to be safe, better not to do any of this stuff at all. And really, like you said earlier, you can't fix what you can't measure. So if we can't measure, if we don't understand what's happening in the city and we don't have the right kind of numbers, then it becomes a challenge to improve and enhance and get that richness that you spoke about that we get from having different viewpoints, different tastes, different cultures, different ideas. So you went around and you created something called SafePorter. Tell us more about how Safe Portal helps us or helps clients, help the organizations to come across those challenges. Because we have a worldwide audience of privacy professionals who will come across this challenge, either today or they already have, or it's going to come across sometime around the corner. When that happens, we want to know, how can we solve those problems? SafePorter is one solution that can definitely help us with that. So I want you to share and make it easy for all the privacy pros to understand how they can actually go about measuring this so they can improve it by whilst doing it in a privacy friendly way.

Shoshana: 17:37

I want to make sure to acclimatize the audience who may or may not be mired in diversity, equity and inclusion. It is worth noting, diversity is a number, right? So that will change. So inclusion is an important part of that. And when you start to realize that you can't just collect the DEI data, you realize that your problem is, as you've stated, jamal is what dei data, what diversity data do we need for our census? What do we need to understand who we are as a business? And then wait? When you realize if you don't have inclusion feedback, those people that you work so hard to hire might not be here in a year and you won't have had the chance to correct it. So that becomes an additional layer of information, right? Am I comfortable here? If you say I'm not comfortable here and you don't have it tied to diversity data, then you don't know who's uncomfortable and you don't know what to fix again. So when we're looking at this problem, I set out to create SafePorter five years ago. We've been working very hard with some amazing clients over these last several years to make sure that basically we've removed identity from the equation in terms of all contextual information. So SafePorter, for those of us we're all privacy professionals. So Safe Porter is the controller, and we have the direct relationship with you as an individual. You come to SafePorter, we don't know who you are. I can explain how it works another time, but the critical part is we don't know who is giving us the answers. And in our databases, the ID itself is hashed by Salted hash. So it's randomized in several different ones and it doesn't sit next to the ID that you were given and you've given over. You've opted in or you've opted out to give us your diversity identity data, whatever your company is trying to understand. Some companies want to know if you're also a caregiver, if you're an introvert. They want to understand in the aggregate, in the deidentified aggregate with privacy by design control. So you're not identifying someone due to scarcity or recency. They want to understand who they are as an organization. And then we also have an inclusion feedback portal where you can opt in to allow your diversity information to accompany that, but you can provide your understanding of the culture and what's happening there so that the company can make corrections. So we built this out privacy by design. And the really critical part was that we'd be incredibly inexpensive so that organizations of all sizes could afford us. We have just two fixed pricing models, one for NGOs and universities and one for businesses. And the notion is we needed to be incredibly inexpensive so that anyone who wanted to have a DEI program could do so without having to build out a robust privacy team because we eliminate all data risk associated with DEI information, it's really quite an impressive thing, I think that it hasn't already been done, and we've done it as a BCorp so that we have a higher level of transparency and accountability and we serve essentially as a data trust. So when you're no longer with the organization, the ID is automatically removed, as is all the data, and all of your data privacy rights are retained. That's how we've addressed it. And part of the reason that we did it was we realized that DEI consultants, where the company didn't want the data risk, they would have the DEI consultants do the interviews and on their laptop. These colleagues of mine who are in DEI were carrying so much risk for the individuals and frankly, I think for themselves. And we were trying to set it right for organizations and consultants and the individuals.

Jamal: 21:00

Awesome. It sounds like an awesome solution to a very tricky and challenging problem. Just from working with our clients, I know the extent people sometimes go to try and find the solutions, you have to get another company in, they measure all the data and they got to strip it out. And then you need to know by department and you need to know by actual whole organization. They need to know how it compares with other people in your industry. So if we can just go to one place where we don't have to even worry about any of those things, instead of trying to solve this from a privacy point of view and trying to recreate everything, we can just say, let's sign up for SafePorter. Everyone can share their information there. No one will no one will have a clue what is being revealed about anyone else. And anyone that chooses for that information to be fed back to the business, the business gets the information they need.

Shoshana: 21:45

orts very cheaply starting in: 2024

Jamilla: 23:06

Do you also look at kind of like the levels that different people are in?

Shoshana: 23:10

So, okay, so you're talking about equity, right?

Jamilla: 23:13

I guess so, yes.

Shoshana: 23:14

It's really important. So we use trust metric data, which is very cool. So everybody that’s a privacy professional, huddle round because this is where it gets complicated and interesting, at least for me. It's so much fun. So the notion is, I have to say this quickly, it's a three section aspect, right? We have a container that sits on the server of the client that it's an email distribution machine. The only thing it gives to SafePorter is the ID and its activation status. It's either activated, deactivated, or assigned a new survey. That's all. But with that they can actually plug in trust metric data to say that Jamal is an executive. When they put it in to send it out to them, they say he's an executive and he's in the UK. Right. And then we don't get that information, but it's appended to the ID, so when they log in, it says you've been identified, like this ID number is tied to an executive in the UK. Do you opt in to allow this information to accompany the information you're about to give us? Your diversity identity information, do you opt into it, it doesn't come into our systems unless they opt in. We don't even see it. Right. So it just reads it out and it comes over if they opt in. So that there is an equity component and an understanding of that and that's a really critical piece. But again, it's something that individuals have a choice as to whether or not they're going to help the company that way. It is all rolled up in the aggregate. It doesn't even come through to us if the individual doesn't deign to allow that to happen. And it's very conspicuous.

Jamilla: 24:46

No, I thought it was interesting because, for example, we want more women in the sector, but if all the women of a company are at entry level positions and there's no one at management, then is that really diverse?

Shoshana: 25:00

That's right. And there is a reporting in the US around equity in California now that's required and we all it's just a really valuable aspect of it. The only thing is that people will be able to opt out and you will only get that information if you on your side, have worked to explain and engender that trust. And so we see that as much as we don't want DEI to be a marketing communications campaign only within an organization if you wish to build trust SafePorter actually really helps to say we care so much about you and about diversity that we've understood that our privacy protocols if we use a company that cares this much about privacy, then we can know what we need to know and protect you completely. And that actually does create a sense of something very different than, listen, if you want to be comfortable here, we have to know who you are.

Jamilla: 25:52

What got you interested in privacy in the first place?

Shoshana: 25:56

, actually, I think it was in: 2010

Jamal: 26:33

When you're hiring privacy professionals to come and work at SafePorter, what are the kind of things that you're looking for when hiring them?

Shoshana: 26:39

Right now, we haven't been hiring privacy professionals to work at SafePorter because we have three who were baked in, who helped us start it, including our Deputy General Counsel. But one of the things is that whenever looking for privacy professionals, there's a level of curiosity and energy, right? There has to be a certain energy level. I also look for people who do think and approach things differently. Pretty much. I have found that even if they're not comfortable maybe being in front of the whole organization, the people who have served us well are the people you have. Some people who are more shy is all I'm saying. They don't necessarily want a leadership role. Or even if they want a leadership role, they want to be a bit isolated in how many people they have to deal with on a daily basis. But when the approach to it comes from something very genuine and passionate and that energy is brought to the work, that's everything, because the landscape is changing, but the horizon is clear, right, in privacy. So if you have that passion and there's a level of indefatigable curiosity within you, then you're someone that we want on board, on our team, that is everything. Because if you can get excited about something, you're going to make it happen and bring it into the organization in a very important way.

Jamal: 28:02

Awesome tips. So thank you for sharing this, Shoshana. So what makes people really stand out for you is the unbridled curiosity about getting curious and genuinely coming from the right place in the heart that this is something I want to get curious to solve or identify the challenges. And with that you find that they bring a certain amount of energy to the table. And all of that is fuelled by the passion they actually have for protecting other people's privacy, for getting to the heart of the issues and coming up with pragmatic solutions to overcome them by looking at it from a completely different angle, regardless of how much of an introvert or an extrovert they may be.

Shoshana: 28:37

I think that's it, yes. And also the fact that if you're passionate about something, you're going to find where it's relevant in all sorts of things because the bigger an organization is, the more pockets of things are happening that the organization itself might not be aware of. So if privacy is something you bring to every conversation you have and the lens through which you see the world, you can help with things that might not have been identified otherwise.

Jamilla: 28:59

And what advice would you give to people wanting to found their own organization? And how's that experience been for you of starting up your own organization?

Shoshana: 29:09

Well, I thought you were going to ask to become a privacy professional, because I love by the way that you do that, that you're trying to get people that leg in. So I'll start with the organization thing, which is if you call two of your smartest friends, maybe three, and one of them should be the person who is always likes to say no or tell you you're wrong, call your people who steal sharpen steel. Call those people, possibly from a storage cabinet in another country on a break from a meeting, but call those people and say, I have this idea. Is it sound? Call me back in three days if it's sound or if it's not sound, and if they get excited, then call two more people, you know, who like to tell you you're stupid or not, or who like to give you a hard time and check it there and then just do it. Go ahead and form the entity and put yourself what I did was I put a date on the calendar for about a year and a half after where I would start the dissolution process for the entity if I hadn't done what I intended to do at least and started getting traction and just do it. There's absolutely nothing well, I mean, don't go spending a bunch of money, but start yourself on a path that you have to live into and you will find out if it was not the right path, but what you will learn along the way will carry you all sorts of places.

Jamal: 30:23

Great advice. So go and find some people who are usually quite pessimistic, share the idea with them. And if they tell you it's a good idea, ask two more people. And once you've got three people that say, you know what, this is something that might fly, then go and give it a go. And the worst thing that's going to happen is you're going to learn along the way. Just make sure you be careful with how much money you invest and don't put all of your eggs in one basket.

Shoshana: 30:46

I should have you speak for me. Really? You sum it up much better than I get it out there unless I'm very formal. You're very yes. Brilliantly said. I didn't say it better myself.

Jamal: 30:58

Thank you, Shoshana. I've picked up active listening skills throughout my career. I found out the better I listen to my clients, the better I listen to their customers, the better I listen to their employees and the team, the more effective I can be. And actually something that we teach at the Privacy Pros Academy. So one of the programs we have is the Privacy Pros Accelerator program. And essentially I found that the success that I've been able to enjoy throughout my career essentially comes out of five things. The first thing I found, what was most important is that actual mindset, that curiosity, that passion, that energy, that having the growth mindset that anything can be solved. And I just want to find what the challenges are so I can help solve them in a pragmatic way and looking at it from a way that other people might not look at it. So the first step we look at is the mindset. And one of the things I found is especially people from disadvantaged backgrounds, from minority backgrounds in the UK landscape here, one of the challenges they find is self limiting decisions, negative beliefs that they've had have been told and things they've experienced in the past kind of holds them back. So we strip all of that away and build them up with the assumption, what I call the assumptions of an empowered privacy leader. So they now approach everything using that mindset. And one of the key lessons I love teaching them is everyone is doing the best they can with the knowledge and resources available to them. So it's up to you, when you find challenges, to empower them with the knowledge, with the resources, with the understanding and kindness, so they can now do what it is that you believe they should be doing better. But nobody is silly, nobody is stupid. Everyone's just doing the best they can and just taking that attitude to clients, to anything that you approach, even in their personal lives, they've seen so much change. So the first thing we do is focus on the mindset. Once you've got the mindset sorted, I say that's the kind of foundation on which we build on.

Jamal: 32:40

The next thing we focus on is the actual subject matter expertise. You have to know your stuff, you have to understand how privacy laws have developed. Okay, it's not the most exciting thing in the world, but we need to know where we've come from in order to see where we're going. Like you said, the landscape is changing, but the horizon is still there, right? So we need to make sure we understand what we're trying to achieve, how we're going to get there, understand all of the nitty grittiness of the law. The next thing is you need some credibility. Nobody's going to be interested in anything you have to say unless you can explain things to people in a way they understand. And adding credentials, certifications to that definitely helps by just going and reading a book and passing an exam, unless you can explain it in a way where people understand ah ah so that's what you mean. It's not going to add any value. Everyone can Google the GDPR, the articles, the hippo. You don't add any value or credibility by doing that. Where you add the credibility is by being able to distil it and break it down and show them how it applies for them and break it down in everyday language. So we've got the mindset, then we've got the subject matter expertise, then we add the credibility. And then you actually have to know how to do the stuff, right? You need to know how to go and do a data protection impact assessment or a transfer impact assessment, how to create a privacy notice that when the customers or the employees or whoever looks at it. Oh, yeah, I actually get that. It makes sense. I don't have to spend so much time reading three, four, five pages, which they won't actually do. Very simple, very clear, very effective. And the last thing we focus on is the actual personal branding element of it is you need to show up and you need to be outstanding. And what I found is I tried early in my career to do everything I could to fit in. And obviously I didn't fit in. And when I first entered the privacy industry, I thought, you know, if I just go and fit in and I remember I went to one event in the city. It was one of my first events, and I went there. There was a gentleman, he took off his coat and he gave it to me. He thought I was part of the catering team because I clearly didn't belong there. And so I was like, you know, we have to come and challenge these things and we have to do something about it. So personal branding is one of the things I focus on. What I found is when you become outstanding, when you do everything with excellence, it doesn't matter if you're a man or woman, if you're black, brown, or white, if you come from a certain privileged background or not. By doing everything with excellence and branding yourself in a way where everyone can see the value you bring, everything else gets forgotten about. So those are the key five steps that we have. And I can see you're leaning forward to say something, so I’m going to stop there for a moment.

Shoshana: 35:07

No, I'm just excited. I agree. I think you put it out there so clearly, and I just have to say that standing out or risking standing out, right? If you just try to stand out, you might really go wrong. But the integrity of your own person, I think is a very big part of it. That's all. And I think that once you are an established privacy professional, you see a lot of recycled air, and so that strange slant you have on it, right? Like, oh, a lot of people say, oh, Shoshana the nutritional thing, like these symbols that could never work. Okay. But it's something that I really think has validity. And I'm happy to be wrong. I'm happy to be wrong in everyone's eyes, but I'm comfortable with at least getting you to think about something differently. Right? And I think that that's part of it. But yes, the notion that anyone doesn't belong is something that I love, that you're empowering people to find a way within themselves, to insulate themselves against that and just walk in and find it it's phenomenal.

Jamal: 36:03

Thank you Shoshana.

Jamilla: 36:04

Thank you so much for coming on our podcast Shoshana, it's been an absolute pleasure to talk to you.

Shoshana: 36:10

Thank you so much for having me and for what you've taught me. Tomorrow, I think I'm going to have to dig deeper into your active listening. I certainly do listen, but I'm not sure I could come away with as much as you do, so I appreciate it.

Jamal: 36:20

You've been absolutely amazing Shoshana and thank you so much for coming and sharing with our audience all of the things about SafePorter, about privacy, and even telling us about Marvel Comics being better than DC Comics.

Outro: 36:33

If you enjoyed this episode, be sure to subscribe, like and share so you're notified when a new episode is released.

Outro: 36:40

Remember to join the Privacy Pros Academy Facebook group where we answer your questions

Outro: 36:46

Thank you so much for listening. I hope you're leaving with some great things that will add value on your journey as a world class privacy pro.

Outro: 36:53

Please leave us a four or five star review.

Outro: 36:55

And if you'd like to appear on a future episode of our podcast or have a suggestion for a topic you'd like to hear more about, please send an email to team@kazient.co.uk

Outro: 37:07

Until next time, peace be with you.