I. Areas of focus

  • privacy compliance

    I develop and enhance privacy programs for global commercial clients in preparation for evolving privacy regulations. I define and implement governance and operating models, stand up individual rights processes and platforms, roll out change management materials, and structure reporting metrics and processes.

  • privacy SaaS implementation

    I lead privacy software as a service (SaaS) platform implementation programs, including strategy, technical, and change management work streams. I liaise with enterprise architecture, system administration and engineering teams to develop reference architecture, discuss integration trade-offs and align on system design and requirements. I codified Deloitte’s privacy SaaS implementation methodology and team structure for data discovery, privacy impact assessments (PIA), records of processing activities (RoPA), and consent and preference management (CPM) tools.

More Details

I’ve seen privacy regulations compel companies to increase resources for data governance and privacy programs. But the shift in companies’ privacy culture has been slow; consumers have not felt the full effects of the existing patchy network of privacy regulations.

A Pew study from November 2019 found that eight in ten Americans feel they have little or no control over the personal data that companies collect Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information, Pew Research, 2019. Despite this demonstrated concern, the same study finds that a combined 74% of Americans only sometimes or never read a company's privacy policy.

And who blames them? Privacy policies are riddled with daunting legal and technical jargon, and the “I agree” button is easy to click. I confess that I, a doubly accredited privacy professional, have merely skimmed privacy policies and terms of service before agreeing so I could more expediently sign up for an application or check out of an e-commerce site.

Despite consumers' distrust of companies’ data use, benefits of service compel users to provide the data. Sometimes the immediate benefit is so great that the risk of personal data collection is secondary, like having a home assistant tell you the weather as you rush to leave the house.

I believe consumers should not have to sacrifice privacy or security simply because companies do not face restrictions in data collection, protection and use.

II. Experience

2018 - PresentDeloitteData Privacy ManagerI support global commercial companies to build resilient data privacy and protection programs with the goal of providing consumers with data security, transparency and choice.