Executive Women in Privacy – my recollections and reflections

This past weekwip,  I had the privilege to speak on a panel with three amazing women, Ruby Zefo (intel), Sharon Anolik (Privacy Panacea), and Debra Bromson (Jazz Pharmaceuticals) – moderated by Lourdes Turrecha at the inaugural Privacy+Security Forum in DC. Our topic: Breaking the glass ceiling – executive women in privacy.  We have all been to other presentations on this same or a similar topic, so we were determined that we would present candid, authentic, and hopefully inspirational content. I did not take notes, so we are relying on my admittedly poor memory to bring you the best of what I took away – without attribution to the speaker in an effort to preserve the safe environment.

Challenges we faced and how to overcome them:

In privacy, whether staffed in the legal department or not – it is hard for others in the business and in legal to comprehend the impreciseness of our area of law. Privacy means complying with laws/rules/regulations. We all happen to be attorneys, but privacy executives don’t have to be lawyers. Privacy is a fluid, rapidly developing, and capricious field. For us, we have faced the same challenges that most women in law face. We have faced people not knowing what the heck we are doing or aiming for. We have faced the typical challenges of working in male-oriented fields – technology, medicine, etc. And that is a situation that women in privacy face whether they are lawyers or not.

Best advice

  • Be flexible. Be creative.
  • Be business savvy.
  • Demonstrate your value. Toot your own horn.
  • Do not waste 30 seconds in an elevator with the CEO cracking a joke…be prepared with a recent accomplishment to share that contributed to the company.
  • Bring yourself to work, but keep it professional.
  • Be authentic.
  • Leave toxic environments.
  • If you are meeting with executives, be an executive presence. If you are meeting with IT, dress to fit in. You don’t have to agonize over it, but impressions count. Do they see you as one of the gang? Don’t set yourself above them just to make a point.

Is the privacy field an equal playing field for women?

In most part, yes. Some of us have not really seen the inequality in our privacy area, but it still exists within the company. We have met the “Queen Bee” – that woman who rules the roost and is unwilling to help others or share the limelight – but not really worked with such people in privacy. Okay, well, maybe we did, but it’s old school and we managed to change the situation.

In general, our technical counterparts are typically male. Learn to work with them. And in most cases, form a bonding relationship where there is mutual trust and respect (mine was my “at work husband”). Don’t be afraid to ask them to “dumb it down,” but also don’t be afraid to challenge them.

We are often still the only woman in the room. I am unapologetically feminine and proud of it. It does not mean that I am inferior. And we certainly don’t help ourselves with apologizing for being women – which is what we do when we act as if we expect to be treated as inferiors. Do we have to prove ourselves? – yes. But we already earned the position, so we deserve it. which leads to the….

Imposter syndrome

Do we feel like imposters? I do, just sitting on this panel. I am ambitious. I have been an executive and also not an executive – and not in a linear path. I have taken jobs that were a step back in rank in order to step up in expertise. All four of us came from different perspectives, but in general, the tone was that we have earned what we have. It may be a tendency of women to think that we have somehow been put in a position that we don’t truly deserve, but that is our own self-doubt and not something that anyone pushed on us.

When given more responsibility, one women faced quite a few people who asked if she was okay – was she going to be able to handle it? Her response – if I were a man, that person would have said congrats, it will be tough, but you have already shown that you can handle such responsibility. And she told him so.


The points to take away from this panel were that we are accomplished, qualified professionals who happen to be women. We face unique challenges, but being confident in your talents and skills will take you far. How to take that next step? Volunteer. Network. Don’t be afraid to stand up or stand out.

Be unapologetically you. As long as you are not a serial killer.

Go beyond Talking Heads: How to build a panel presentation that Pops

Wanh. Wanh. Wanh.fireworks

No matter how interested you are in a topic, talking heads start sounding like the teachers in the Charlie Brown cartoons. Sometimes, the panel can even put their audience to sleep.

Most people who speak at an event choose to do so – meaning that they have a message that they want to share. I am not a professional or fabulous speaker, but I do speak on occasion at the typical talking heads conference. And while you cannot please all of the people all of the time, there are some basic tips that can improve just about any panel presentation.

My ten top popping panel tips:

1. Create a diverse panel
Whether the diversity is in gender, sector, perspective, opinion, race, title, role – whatever – make the panel diverse. Give the audience someone to whom each one of them can relate.

2. Be creative, but keep it within limits
There are ways that even talking heads can present the same material, but creatively. I have participated in presentation based on the dating game, family feud, a political debate, and more. Recognize that not everyone in the audience will relate to creativity, but the overwhelming majority will like it.

3. Get organized before the presentation
Get on the phone. Speak to each other. Know who is going to change the slides. How will the chairs be organized? Determine if you want to sit behind a long table. Will you rise to speak at a podium? How will you handle too many questions and comments? How will you handle none?

4. Appoint a control person
Someone needs to be in charge of keeping the presentation moving. This should and could be done with ruthless charm. You can disclaim at the beginning how you will handle questions and comments. If time starts running short, the control person can keep it moving.

5. Do a true dry run
You may have everything planned out, but a true dry run – a real one – (cannot emphasize realism enough) should help ferret out problem areas, such as a long-winded speaker.

6. Speak to the slides, rather than read from them
There is not much worse than a presentation with paragraphs of material on each slide. Ugh. The audience will be reading them and not listening. You should have impactful slides that you can easily speak to. You can develop substantive material to submit for continuing education credit, and inform the audience that such material is available, just not what they will see in the panel presentation.

7. Stay on time and on point
Often, panelists have no say in the topic, title, or description of presentations. Yet the audience chooses that session based on those. Panelists should ensure that their presentation lives up to what is promised. I hate walking away from a presentation not having learned what was in the description. For the time, see #4 above on control person.

8. Interact with each other
Have a point person on each topic and interact. Whether in agreement or disagreement, the panelists should interact. Please do not separate the program into evenly divided topics and let one head bobble for ten minutes. Have fun. If you don’t, they won’t.

9. Have questions teed up
Seems basic. Is basic. Do it.
It’s pretty disheartening to save ten minutes for questions and there are none. You can announce at the beginning that although it is a safe environment, anyone who doesn’t want to raise his/her hand can submit questions electronically (in the manner of your choice). If you don’t address the questions during the session, you will at the end.

10. Engage the audience

How does one get into Speaking?

At a recent conference, I was asked by several people “How do I start speaking at conferences?”

There are several ways to do this, but to be frank, I don’t know that I ever approached the activity in a deliberate manner. I have spent some time (a short time) thinking about it and have arrived at some methods- and in no way do I mean to sound cynical at the suggestions, they truly are legitimate ones.

How to start speaking at events:

1) Be employed in a key position at a major company.
It doesn’t seem to matter if you are a good speaker or have something profound to say, if you hold a key position and your company is making headlines (good or bad), people will likely want to hear you speak. Anyone who speaks from Google, Facebook, Twitter, Target (breach-related), etc. are all draws for audiences.

2) Be a major contributor or sponsor.
Throw a little money at the issue and opportunities open up.

3) Speak after you write.
Write something significant or write a lot on topics of interest to people or the field. One of my favorite privacy professionals, Dan Solove, writes the books on privacy. I have had his books/papers on privacy in my library for years.

4) Develop a niche area.
Either through passion or expertise, develop a niche area. You’ll still probably need to write about it to establish that you have some expertise, but niche areas are attractive as long as they are relevant.

5) Become an expert.
Whether in a niche area or a broad area, if you become an expert, people will want to hear you speak. Several people come to mind on this one: Chris Hoofnagle, Paul Schwartz, Dan Solove (listed above), Christopher Wolf, and many many more.

6) Get involved. 
Join industry groups, task forces, action groups, committees. National, international, state, local, tribal. And when you join, be active and involved.

7) Be passionate. 
Get passionate about something. Speak to individuals. Write. Speak to groups. Help solve or illuminate a problem. I just heard a keynote from a lady along these lines: Danielle Citron, speaking on Revenge Porn. Another recent example was Oren Yakobovich with the NGO Videre est credere, which helps people in oppressed areas expose the oppression.

8) Solve a problem. 
or at least work on one towards a solution. Also, many come to mind, but some of the ones that stand out are Jules Polonetsky and Marty Abrams.

There are other ways to get involved in speaking, but these are the ones that stand out to me. I also recommend becoming a good speaker and I will write another entry on my perspectives on how to become a good speaker – or even a great one.

IAPP Global Privacy Summit 2015: session highlights and closing session

In this post, I won’t go into details about each day or every session. You can see the schedule and descriptions here. However, I do want to touch on some key points.

With over 3,000 attendees, several sessions were standing room only. The venue worked with the IAPP to move some of the more popular sessions to larger rooms, but nearly every session I went to had ten-fifteen people standing in the back and along the sides.

In general, the sessions were staffed with qualified professionals, albeit not necessarily gifted speakers. Sometimes, it really is their experience and knowledge we crave, so we can tolerate a lack of creativity and speaking skill.  I will say though, that after one of my speaking sessions, all of my co-panelists and I were stopped over the next two days by attendees and profusely thanked for the quality of our session – entertaining and informative. As a speaker, there is no better compliment. Additionally, there were quite a few really good speakers in sessions that I attended.

On the other hand, there was one session I attended that I enjoyed the speakers, enjoyed the session, smiled, clapped, and walked out of there wondering what I actually learned. I even went back to the program guide to see what I was supposed to have learned.

Closing general session: Google guy. not impressed (very sorry, I wanted to be and I am sure he is a heck of a qualified professional). I probably just blew any chance of a job at Google. I really wanted to be impressed. I was interested. Google is a huge topic of interest in the privacy world. But sadly, this one simply did not hit the mark.

Sarah Lewis. Blown away. Fabulous speaker. Great topic. Hit the delivery spot on. An amazing presence. Had us laughing, listening, and enthralled. She spoke about creativity and gave examples such as Samuel Morse, J.K. Rowling, Albert Einstein, and Charles Lund Black, Jr. – whose meeting with Louis Armstrong entrenched his interest in civil rights.

And last, Oren Yakobovich a social entrepreneur who uses cameras to capture violations of human rights.  He co-founded Videre, an NGO which equips people in oppressed communities with cameras to uncover information. He showed us some videos – the gain of which endangers the lives of those who wear the cameras – cameras hidden in clothes, wood, stones. He was poised, passionate, and persuasive. He humbled us all.

In conclusion of this short three-part series, I met wonderful professionals, learned a lot of information, and reconnected with people I seem to never see outside the conferences. The IAPP serves such a true purpose – to give both roots and branches to those of us in privacy. Beyond a doubt, the IAPP has moved this profession forward by huge leaps. I am a raving fan. If you have a chance to get involved (if you like privacy), take advantage of the opportunity.

Pre-conference Workshops – an overview (IAPP Global Privacy Summit 2015)

if you are interested in privacy, pay attention to IAPP and attend the conferences. Don’t write off the pre-conferences. They are powerful, informative, valuable sessions well worth your time and money. Read further to learn more.

In the first post to this series, I discussed the location, venue, attendees, and opening session of the IAPP Global Privacy Summit 2015. In this post, I will briefly discuss the pre-conference workshops.

The IAPP designates the day before its summit as the “pre-conference” day. I was honored and delighted to participate in the pre-conference this year, so I cannot speak directly to the content and quality of this year’s workshops – but I have attended some previous pre-conference workshops of the same topics. And some I have not.

In addition to workshops, the pre-conference day includes training sessions for the IAPP certifications, several KnowledgeNet meet-ups, and various networking events – such as peer-to-peer roundtables, young professionals, and 5-minute mixers.

In general, the workshops all seem highly relevant to privacy professionals and seem to contain valuable information. The IAPP does charge extra to attend the pre-conferences, but every year, there are quite a number of people who attend.

Half-day morning workshops: There were three workshops presented on Wednesday from 9 am to 1 pm:
– the Data Breach Notification Bootcamp,
– the EU Privacy Bootcamp, and
– Piecing Together the Privacy Engineering Puzzle.

  • Given the number of breaches in the recent past, the first workshop was probably a popular one. Ponemon Institute named 2014 as the Year of the Mega Breaches.
  • The EU Privacy Bootcamp is also popular with anyone whose company does business in the European Union. The EU is the strongest multinational privacy regime in the world and is thus a topic that a global company – or simply one who is active in the EU – should know quite well.
  • The last session on the privacy engineering is not one with which I am familiar, but OH MY GOODNESS, I should have been there. (my excuse was inshlepping back and forth from the Mayflower, but seriously, I should have just got my sillybutt up and attended). Here are some excerpts of the description:
    • Include privacy considerations in the systems engineering and development process.
    • …a survey of the evolution of “privacy engineering” and how it can be used to achieve Privacy by Design objectives…
    • …explore the current efforts underway to define the privacy engineering discipline, including the status of the federal privacy engineering model the National Institute of Standards and Technology (NIST) is developing…


Half-day afternoon workshops: there were three sessions presented on Wednesday afternoon from 2 pm – 6 pm:
– Globalizing Your Privacy Program: The Hot Buttons,
– Healthcare Privacy—Diagnosis vs. Prognosis of Hot-button     Topics in Healthcare, and
– Privacy Bootcamp.

  • Globalizing a privacy program sounds like an incredibly practical and useful workshop. I recognize some of the names presenting and know them to be very knowledgeable and practical.
  • Healthcare privacy was the one in which I spoke. Trust me, it was riveting! Seriously, good speakers and great material. We did not get to discuss some of the topics in depth because our fabulous audience was highly engaged.
  • Privacy bootcamp is a successful annual workshop presented by Trevor Hughes, president and CEO of IAPP and Kirk Nahra, partner with Riley Wein and frankly, one my favorite privacy attorneys ever. ’nuff said.

And last, there is one full day workshop, Privacy in the Cloud with a Silver Lining. Cloud services are always a controversial topic for privacy professionals, so it was likely a packed house.

I apologize that I cannot give you summaries of the sessions nor true feedback on their value. The purpose was to give you an overview on the offerings and some insight into whether attending the IAPP’s pre-conference workshops is valuable.

IAPP Global Privacy Summit 2015

I love conferences. I had a boss who told me he did not like conferences, they were just big parties. I found that to be odd – all the conferences I had ever gone to – whether with the IAPP, HCCA, the Equal Justice Conference with the ABA, etc. – I had been subsumed with attending the sessions and learning. Then I attended the ACC, which is incredibly informative and educational – but for those it appeals to, there is definitely an opportunity to participate in social events and networking.

Let’s break down the IAPP Global Privacy Summit 2015. I’ll do this in a few posts as I have more to say than should be shared in one post.

First: location. This conference is always in DC in the Early spring. March seems to be a little too early, more late winter than early spring. It’s been freaking cold COLD the past couple of years. Last year was my first year to come to the Global Privacy Summit and there was ice and snow on the ground then, too.  I have heard rumors that they are moving it to April for 2016. I hope so!

Hotel: The venue was moved to the Mariott Marquis this year and it was wonderful. Well…other than those who were here on Monday were shifted to the Mayflower for the night. Now the Mayflower is supposed to be awesome, but it fell way short of that. The floor I was on was being renovated, including the room next to mine. I dealt with construction noises and fumes the entire time I was there. I am horribly allergic to chemicals, so I was miserable. The Marriott was pleasant. The movement from floor to floor for sessions was easy. Even schlepping over to the huge ballroom for the opening and closing sessions was fine.

Attendees: The IAPP has reached over 20,000 members and over 3,000 of them were at this conference. There were not enough seats for meals and people were eating at vendor booths, standing in hallways, etc. But that was a minor inconvenience. There were a huge number of IT/Information Security professionals there which was truly encouraging for the collaboration between the fields. Also, one of the big draws for this summit is the number of government personnel and foreign privacy professionals who attend. I met quite and few. Discussions tend to range from personal to professional, privacy to education, kids to processes – seriously, the scope and breadth of topics individually and in small groups was enormous – thought-provoking and entertaining. Networking is like breathing. Never met a privacy professional I did not like.


Opening session was typical. Trevor Hughes, president and CEO of IAPP, is exactly what one would expect for such a group. He is engaging, informative, and enthusiastic. (I had a couple of personal minutes with him as he was locked out of his room and waiting for security. He really is as human as the rest of us.)

Hilary Wandall, Associate Vice President, Compliance and Chief Privacy Officer of Merck & Co., Inc., current Vice Chair for the IAPP Board of Directors served as emcee for the event. I had the opportunity to meet her later during the conference and was surprised that she knew my names – and of course responded with my typical complete lack of sophistication. I only have one time to make a first impression so I sure hope her impression was formed long before we met! She is charming, quite intelligent, composed, and a wonderful public speaker.

Glenn Greenwald, journalist, who authored No Place to Hide, a book detailing his coverage of the NSA scandal and Edward Snowden’s disclosures. He is an excellent speaker – and no matter your opinion on NSA, Snowden, US surveillance – he is in the thick of exposing privacy and security concerns. He is not an inspiring speaker, but his words are riveting.

Next up was Michael Sandel, Anne T. and Robert M. Bass Professor of Government, Harvard University. Now here is an interesting speaker. He is obviously a law professor – he has a charming habit of leaning on the podium at times that makes him seem like an average joe…kinda. It is evident by his words that he is far from average. He engaged the audience directly – calling out questions, seeking impressions, and near-Socratically delving further into a speaker’s opinion.

Tune in for the next installment of the pre-quel to the opening sessions, the pre-conference.