Data Privacy Day 2013

by mattysthoughts

Data Privacy Day 2013

A little history in the making – Thoughts by Matthew Ellis

(Please excuse the typos, incorrect spellings, grammar, etc. I mean you would expect nothing else from me)

 

It’s hard to even fathom that the term “privacy” has been a part of my vocabulary yet alone my career since I was 24?  YIKES, I just aged myself since I am going into my 40^th year on this earth (yes I know some of you reading this would have LOVED TO have seen me pass well before this, to bad, I plan on staying around a NICE long time).

 

In the beginning there was Barb Lawler, Larry Ponemon, Brendon Lynch, Kristin Valente (now a HUGE partner at EY and one of my closest friends,) Kate Dean (Deano don’t you recall our little White House visit and then lunch at that DC Institution for a mere $950), and a handful of other’s (apologies if I left you off the short list, nothing personal.)  Lets not forget about the friends we lost from illness, we had a few, and they are still missed today.  About this time this thing called the world wide web was taking off, and business finally found something that it was good for minus online dating (I hear Match.com won that game) but back to “in the beginning” things like “opt in vs. opt out” were the biggest debates on the block.  Funny it is still one of the most debated and discussed issues related to privacy, funny how some things never change.  The US also came up with this swell idea called Safe Harbor to make our EU counter parts feel “good” or “warm and fuzzy” as some may say about us sending and receiving and storing PII, and to top it off the first of many large lawsuits were filed for privacy violations against, at the time, one of the biggest on the street, Double Click.  (OK now I have REALLY aged myself!)

 

Fast forward a few years and I found myself in the middle of a heck of a career at Ernst & Young thanks to Kristin Valente believing in my ability to build a privacy practice from nothing, and I was helping companies like HP, Agilent, eBay, PayPal, McKesson, Sun Micro Systems, Visa, and a slew of others to just get a privacy policy up on the company website, and trying with all our might to get most of the senior management of these companies to put some money where their privacy policy was, and fund the data privacy offices.  I have to call out a few early adopters to privacy, both being female (woman ALWAYS seem to know a good thing before it happens), Meg Whiteman of eBay, as well as Carly Fiorina the CEO of HP at the time (lets that it Carly had the COOLEST jet, it said “Invent” on the tail, how I wanted a ride on that jet.)  Without the support they gave I wonder where privacy would be today.  Recall this was before just about anyone was a CPO (Chief Privacy Officer, this is for Dan Swartwood who used these three little letters yet NEVER held the CPO title at HP, sorry Dan you loose, and you were just NOT very nice.) 

 

Another little fast forward and I found myself in New York City working for Deloitte and Touch, WOW what a change that was from my old firm EY where I knew the practice, loved the people (Kathryn Songco, Tim Stephens, Jan Bono, etc.) and most of the partners I worked with.  At Deloitte I encountered this little woman named Rena Mears, whom at the time I would have liked to have drop kicked right down 5^th avenue, but in the long run became a knowledge source that the privacy community is missing in a huge way with her much earned retirement this past year.  My apologies if I was an asshole to work with Rena, it went both ways, but I have learned something through the years, you were hard on the ones you knew would make it, and I thank you for that.  Also at this time TJ Parks whom is still at Deloitte, and is lighting the world on fire, really hit his stride, wow I found someone who could read my mind, and could put me in my place.  It was like middle east peace had been found at the firm when he arrived.  Sadly my tenure at Deloitte was all of about two years, I was not thrilled with the firm, and I took the first of many mid life crisis time outs.  Important to point out that EVERYONE was getting into the privacy game, CPO’s were everywhere, and money was flowing to prop up the people who literally sweat blood and tears to keep their organizations from having the biggest privacy melt downs alive.  But before my mid life time JetBlue hit, oh JetBlue how I love you.  You made my time at Deloitte some of the best.  In my book anyone that knowingly gives 5 Million passenger profiles away without a subpoena or court order is just destine for 100% of standard billing rates, and so goes the JetBlue story.  I met some amazing people doing the disaster privacy consulting for this, and I give thanks each and every day that I had the 6 PM NBC nightly news on that Friday evening prior to a dinner party at my New York apartment to see Brian Williams tell the world that this little airline just had the biggest public privacy breach known to man kind.  By the next day (Saturday) we were negotiating contract terms and the project was off and running.  Never will I forget Joanna Gherty for her hard work on this issue, and for all the other attorneys that got into the mess. 

 

After departing Deloitte I took some time off, drank wine, went to my county house in Cold Spring NY and tried to figure out my next move.  Then Microsoft came calling.  Peter Cullen was a rock star getting me hired, John Roskill backed privacy in the US Subsidiary, Sara Page was my Privacy Attorney and Mike Hintze and Susan Lyon played leads for me to be able to build a “pay for play” model of privacy where other subsidiaries could pay the US sub to do their privacy work.  I must say it was one of my best idiot savant moments to come up with this strategy, but it worked, and it became a staple for privacy at the company.   Also let us not forget “The Year of The Privacy Dragon” which I think still may be ricking some worlds at Microsoft.  The brainchild for this was Brian Maloney and Margie Fox at the firm Maloney & Fox in New York.  Not only did they create the dragon concept, they created a Chinese menu of privacy choices you could buy from the US Sub.  I recall many a meeting where a foreign sub would look at the menu in horror, and then me ask them if they wanted fried rice.  It was widely inappropriate but VERY fun.  BRILLANT does not even begin to describe the work Maloney & Fox did for me, and still to this day the pitch for the “Privacy Revivals” that they wanted to hold around the US to build the Microsoft Privacy Brand was outstanding.  It was shot down by legal (DAMN!), but I wanted to load up that Microsoft bus and hit the open roads preaching to gospel of privacy to all that would listen!  I worked with some amazing people, Kim Hargraves, Huey Tan, Glenn Foree (sp), Virginie, and the list goes on (sorry if I left you out, three concussions later and I cant recall what I had for lunch today!)

 

Then retirement – well rather forced medical retirement, I got sick, REALLY sick, and it didn’t look good.  But the funny thing was the people who were in privacy SO many moons ago have been with me these past five years to keep my spirits up, to send a note to say hi, a quick text telling me they were thinking of me, to house me when I had appointment after appointment at Stanford (many thanks Scott Shipman) and if nothing else the privacy family as keep be abreast of all the shenanigans that only those in the privacy world could pull.  Words wont ever be able to describe the thanks I have for you, so here goes, THANK YOU for never giving up on me. 

 

So on this “Data Privacy Day 2013” I give thanks for the industry that has been created, for the brain power that has been devoted to protecting my private data (both personal and health) and I sit in awe of the people and places I got to see and meet.  WOW what a ride it’s been, and WOW is there a lot of work to still be done.  I will forever be grateful for the trips around the world, the “Privacy Laws & Business” Punting events (remember Barb when we didn’t know what punting was) as well as the life long friends I have met through this odd and often times obscure industry.  How lucky am I to have been a part of the history in the making of privacy, even as small a part of it as I was.