Welcome to our video interview series: Privacy Leaders! We interview the best and the brightest minds in the privacy space to get their insights on all things privacy and regulation including the infamous EU General Data Protection Regulation, California Consumer Privacy Act (CCPA), the future of privacy, how to automate your privacy program and more.
Today, in honor of International Women’s Day, we have Linda Häss, Data Protection Officer (DPO) at IF Insurance.
Read on to see Linda’s insights and advice, or if you prefer video you can watch the highlights video below.
How has the GDPR influenced the Privacy landscape?
What’s interesting about the GDPR and what has happened in the data privacy landscape is that many times data privacy has always been associated more from the technical perspective. And I think it’s put focus on personal information and has definitely made it apparent to everybody, from the single individual to corporations, that this is something that has to be done and dealt with – this is important.
For me, it’s revolutionary. The GDPR has really put focus on personal information and is really demanding that everybody take their responsibility. As the individual, you have rights, that’s fantastic to know that you have the right to decide. Some people might just press yes, yes, I accept, because it’s more convenient, but GDPR is raising awareness around the fact that the individuals have the right to decide over their own information and to say no.
Sure, the GDPR isn’t perfect, but if you look at the U.S. States such as California – I’m originally from California – I look at the CCPA and I think this is great, People are being given their rights globally and it’s more about information processing and not just about “do you have a strong password?” or “is there encryption in place?” it’s emphasizing on the actual personal information and the rights of the individuals.
Why is privacy the place to be for women in tech?
Women have a holistic view, which makes them successful in the role. Women in tech who work closely with data privacy, for example, would be a really good combination because you need to have that understanding of tech in order to be able to assess privacy and ‘be compliant’.
In my team, we’re six women with IT backgrounds. This is because, in my experience in the privacy world, I realized that we are often talking about IT solutions, we are talking about Information Security, ultimately we are talking about very technical areas, that’s why I actually chose women that came from IT backgrounds. Sure, it was taking a chance [for me] and it was taking a chance on their part because they were unsure of “what does compliance even mean“? and “Do I really want to work with compliance?” We know that compliance is knowing the law, but it’s also being able to apply your technical skills and your knowledge to comply with the law.
If you look historically, if we just go back 40 years, people were still working manually with the general ledger and accounts payable and receivable, which means they have some experience and training within IT. These women working in data privacy and with the different laws and regulations, is going to result in a combination [of skills]. This is definitely a place for women, in tech and working with tech, to get into the privacy world because women are needed here. They need to dare and try working with compliance because they have so much to gain by doing this, there are opportunities that perhaps they didn’t even think were possible.
During networking and meeting other DPOs that have a legal background, whereas I have an IT background, I often see that they are so dependent on IT and they don’t understand what’s happening [in IT]. This is the advantage for us [privacy] women in IT.Linda Hass
What does a typical day in the life of a privacy Professional look like?
A typical day can be giving support to the business. It could be an external assessment by an external auditor. It could be communicating with the authorities. There is a lot of studying, on what is to come and being aware, surveying what’s happening [in the privacy world] and within the EU, when it comes to fines studying what companies are being fined for. That’s a typical day for us [in the privacy team] here at IF Insurance. Of course [dealing with] incidents is a big part too.
It’s interesting because our days consist of yes, very hands on helping, supporting, training, creating awareness, but at the same time, we’re having to try to keep up with and stay ahead, because it’s often technology that is that is taking the lead. This is something that we have to study and be aware of: what’s going on, and when [technologies] come into our company we have to know how to address the privacy concerns. Research is a big part of our work, such as artificial intelligence. I think that we have spent more time doing research recently, especially with AI, with machine learning, how is that going to influence decision-making?
What is the best way to build a career in Privacy? What advice do you have for women interested in a career in Privacy?
Dare to go outside of your comfort zone. Look into other departments, for example, if you are working with IT then you should look into see what it’s like working with data privacy. If you work in legal, you should look to see what it’s like working with IT.
This is difficult within our industry – insurance – but I encourage this within my team, especially since we all have IT backgrounds, we are involved in what we call ‘a shadowing program’, and that is where we spend a week with actuary observing how they work so that we have a better understanding of how they’re using information. Privacy reaches over such a broad spectrum, it covers areas across all departments. You need to have diverse competence; you can’t just stay within your own. Yes, you have to know your industry but it’s so important that you have knowledge within different areas, too.
Ultimately, my advice is dare to go outside of your comfort zone.Linda Hass
What are your top tips for success?
- Have a genuine interest. We talk about being the “Data privacy nerds”, I think if you have a genuine interest, that’s going to drive you. When you have a keen interest people will actually notice it: you are easily promoted, they trust your advice, you’re more recognized by executive management.
In my team’s case, considering we don’t have a privacy background we come from IT, we have been very successful and it’s because people see that we are genuinely interested, and I’m specifically talking within our group [IF group].
- Lifelong learning. This is extremely important so that you are constantly growing. This is an area right now where it is easy to progress but you have to stay on top of things. People, epecially people from IT, often ask us how we became knowledgeable so quick and it’s because we stayed on top of things and kept learning.
- Networking. This will lead to you becoming more recognized and constantly learning from your peers. In my networking circles other DPOs call me and ask for advice.