Privacy and Customer Trust | In Conversation with Mark Chang & PD
Mark Chang & PD discuss how privacy drives customer trust—learn why transparency, compliance, and governance create loyalty in a digital world.
Privacy and Customer Trust | In Conversation with Mark Chang & PD
Mark Chang & PD discuss how privacy drives customer trust—learn why transparency, compliance, and governance create loyalty in a digital world.
Transcript
The Privacy and Security Innovators Circle
recently introduced their introductory book called Privacy,
API, which stands for Privacy, applied,
proactive, and Innovative.
Hello, I'm Peter Prasad, co-founder at Live beam.ai.
And with me, I have got Mark Chang, an accomplished
industry veteran, and currently the data privacy
and cybersecurity attorney at Sheen.
Yes, the fashion brand
that your teenagers bug you about all the time.
Mark has penned a beautiful article in the book called
Privacy and Customer Trust.
Mark, a very warm welcome to you.
Thank you pd. Uh, and thank you so much for, uh,
allowing me to be part of this particular program, uh,
as well as, you know, being part of this,
uh, uh, publication.
Uh, this is definitely an interesting topic
and, um, I, you know, when I first read about your, uh, uh,
proposal of this ebook to actually help the practitioners
as well as anybody
who is actually interested in cybersecurity
and data privacy, I couldn't be more excited about it.
Uh, and obviously a lot of times
during the last few years when since I joined the, um, this,
uh, particular field, I realized, you know, regardless of
what background you come from IT management
or even from legal, um, there's, you know,
there's definitely a million dollar issue, which is
how do we ensure
and empower the business enterprise to have that best
of practice for, uh, establishing customer trust?
So I'm very happy to, uh, to be part of this,
uh, uh, publication.
Indeed, indeed, mark. And we are delighted to have you.
Customer trust actually is a very topical topic, uh,
actually these days, uh, particularly in light of, uh,
almost weekly events where more
and more customers data unfortunately, gets exposed either
through ransomware breaches
or, um, some other accidental breaches in
or leakages, et cetera.
Um, could you tell us a little bit more about your
motivation behind writing on customer trust, privacy
and customer trust as a topic?
Uh, and tell us a little bit more about
what can readers expect, um, to get when they read,
uh, the article, please? Yeah,
This is a fascinating topic just
because the society is changing, obviously, the role
of big data continue to, um, increase in our dayday life.
So what's happening is that, you know, what,
what was considered an outrageous act
of staying in a stranger's home
or stay, you know, living the, uh,
or cop onto a stranger's, right?
To go from one place to another may seem
to be a very outrageous idea 10, 15 years ago,
but now almost everybody's doing it.
So what that means is the expectation of consumers as well
as enterprise of handling your data becomes even more
important nowadays.
And as we can see, um, being a big fan of the movie, uh,
radio Player One, um, the, the usage of all the big data
and consumer, uh, data will only continue
to grow in the years ahead.
And so for me, I think what motivates me the most is
to actually share, you know, some
of my experience from the past with anybody
who is in this current practice
or anybody who is actually interested in learning a little
bit more of how they can actually, uh,
utilize their skillset experiences as well as any kind
of industry tools that can help them
to establish that best practice.
That's wonderful. And you talked about your
experiences from the past.
One of your many experiences related to privacy
and compliance in the past has been at Florida State
University, uh, now having run privacy programs at
educational institutions.
Do you see any difference between
how privacy programs differ, uh,
between educational institutions, state
and local agencies, perhaps, uh,
versus running privacy programs at enterprises?
Yeah, I think there are definitely, um,
institutional differences.
Obviously, private enterprise has a lot more resources, um,
not just from the funding perspective,
but also you have probably the crop in terms
of talent skills, uh, available from, from all this students
or industry practitioners, uh, yet in a more of a,
I guess a higher education as well
as the government kind of setting.
Then those kind of, uh,
options are a little bit more constrained just
because, you know, it's hard to compete with, you know,
million dollar business, you know, uh,
especially the way everything is moving in the industry.
Um, so, so I think that's that.
Yet at the same time, because a lot of the, uh,
institutions are, uh, especially in higher ed
or even in government, they're dealing with a lot more, uh,
sensitive data regardless of what kind of data, uh,
data they come from, you know, from,
it could be A-D-M-V-D-M-V kind of a situation,
or UU even U-S-C-I-S, they're handling a lot
of those sensitive personal data.
Yet at the same time, do they have the tool or,
or, you know, the talents who can actually, uh, help them
to keep up the government regulations themselves.
Um, those are interesting facts
and also their type of data is a lot more comprehensive.
Um, you know, you probably have heard a lot
of the cybersecurity as well
as data privacy focus has been in finance as well
as health areas, just
because those data seem to have the highest, um,
dollar per data, uh, value in the ISO packers.
So in those industries,
you get obviously a lot more concentrations of talents
as well as resources from the enterprise to make sure those,
uh, damages are not going to to be too great.
Yet, at the same time, in more
of a government public sectors, you have basically from a
to Z type of the data, you know, military data, health data,
student data, children's data, et cetera, et cetera.
So, so I think there's definitely, um,
in the 80 20 peral rule where you have a different focus
of the type of data that has, um, you know, been, uh,
in the news that you may have heard.
Uh, yet at the same time, a data is a data.
How do you establish that full consumer trust by having a,
um, I guess, uh, a program that meets the industry standard,
uh, to, so the customers
or any kind of stakeholders would feel comfortable having
your organization handling those data
will become even more important.
That, that's a wonderful framing,
and I really like the way you have, uh, included, uh,
I suppose in my words three Ts, which is you need to go for
consumers trust, uh, using the right talent
and the right tools, I suppose.
So that's a, that's a really good one, folks, um,
to take home, which is go for trust, use the right tools,
and grab the right talent when it comes
to handling data privacy, uh,
and data protection compliance.
Now, there are a number of early stage professionals, mark,
who are joining our industry
around data privacy and compliance.
Um, as an industry veteran,
what advice, uh, would you have for
That? Well, you know, there's
a beautiful slogan
for Nike, so just do it right.
Um, you know, the way I would recommend is
because this particular field of data privacy
and cybersecurity are so large.
Um, you know, anybody who has any kind
of a background can probably find a very nice
space to come in.
I think the government agency called cisa, uh, CISA,
they have a actually a very good, uh, you know, skill
or career path chart that people can look at.
Um, just, you know, Google it.
Um, you can probably find an area where, you know,
regardless of your background, you can find a couple roles
that will fit your interest as well as skillset the best.
Now, you know, are you stuck in
that particular role, uh, when you started?
Well, yes and no. Um, you know, you, as long as you are,
you know, able to continue to learn
and willing to learn, um,
then I'm pretty sure in the sky's the limit.
You can always, uh, try to see what, what skills
that you wanna pick up along your long career ahead.
Um, yet at the same time, you know, what, what experience
that you want to get as you build out your portfolio
of being a it, cybersecurity or privacy profession.
Got you, got you. And they are all getting
interlinked, aren't they?
It cybersecurity data privacy and compliance.
It's like you can't do privacy perhaps if you're not taking
care of data security and, and vice versa in some sense.
So the great advice, um, folks, I'll repeat that, uh,
for everyone, Mark's advice, start with Seesaw, CISA,
be willing to learn, take on new challenges,
expand your scope, and then really, uh,
as the say, sky is the limit.
Uh, mark, last question for you.
In 2023, if you had to have one wish that in the area
of data privacy and compliance, obviously, um,
that you wish would come true, what would that be?
Better communication.
Um, you probably have heard all this privacy rule popping
out different, uh, jurisdictions.
Everybody's doing their own thing.
Um, yet I think at the end of the day,
it's about communication.
How are we able to communicate
with our own stakeholders within the company as well
as being an enterprise?
How do you communicate with your consumers
what you are doing, being transparent about what you do, uh,
in terms of best protecting their data?
And then have a, you know, really good communication
with the regulators and auditors
who are taking a deeper look
of your practice in cybersecurity and data privacy.
And I think, yeah, at the end of the day, it's, it's hard
to actually be on the same page just
because all the experts come from,
whether it's technology management or legal perspective.
They, they have to be sitting at the same table, you know,
finding out what's the key issue, what's the,
what's the key driver of the value.
Um, so there there's gonna be, you know,
a win-win win situation for everybody, uh, that's involved.
Yet at the same time, as long as people are willing
and able to actually communicate well with each other,
I think, you know, it's, uh, we, we can definitely, uh,
move the ball forward, uh, into the future
of all this big data usage, uh, for,
for everybody that's involved.
Great, great, great advice. Mark.
Better communication internally and externally.
You heard it here first, folks from Mark Chang,
thank you so much, mark.
We look forward to hearing from you again,
and hope to see you pen another article to help us out.
recently introduced their introductory book called Privacy,
API, which stands for Privacy, applied,
proactive, and Innovative.
Hello, I'm Peter Prasad, co-founder at Live beam.ai.
And with me, I have got Mark Chang, an accomplished
industry veteran, and currently the data privacy
and cybersecurity attorney at Sheen.
Yes, the fashion brand
that your teenagers bug you about all the time.
Mark has penned a beautiful article in the book called
Privacy and Customer Trust.
Mark, a very warm welcome to you.
Thank you pd. Uh, and thank you so much for, uh,
allowing me to be part of this particular program, uh,
as well as, you know, being part of this,
uh, uh, publication.
Uh, this is definitely an interesting topic
and, um, I, you know, when I first read about your, uh, uh,
proposal of this ebook to actually help the practitioners
as well as anybody
who is actually interested in cybersecurity
and data privacy, I couldn't be more excited about it.
Uh, and obviously a lot of times
during the last few years when since I joined the, um, this,
uh, particular field, I realized, you know, regardless of
what background you come from IT management
or even from legal, um, there's, you know,
there's definitely a million dollar issue, which is
how do we ensure
and empower the business enterprise to have that best
of practice for, uh, establishing customer trust?
So I'm very happy to, uh, to be part of this,
uh, uh, publication.
Indeed, indeed, mark. And we are delighted to have you.
Customer trust actually is a very topical topic, uh,
actually these days, uh, particularly in light of, uh,
almost weekly events where more
and more customers data unfortunately, gets exposed either
through ransomware breaches
or, um, some other accidental breaches in
or leakages, et cetera.
Um, could you tell us a little bit more about your
motivation behind writing on customer trust, privacy
and customer trust as a topic?
Uh, and tell us a little bit more about
what can readers expect, um, to get when they read,
uh, the article, please? Yeah,
This is a fascinating topic just
because the society is changing, obviously, the role
of big data continue to, um, increase in our dayday life.
So what's happening is that, you know, what,
what was considered an outrageous act
of staying in a stranger's home
or stay, you know, living the, uh,
or cop onto a stranger's, right?
To go from one place to another may seem
to be a very outrageous idea 10, 15 years ago,
but now almost everybody's doing it.
So what that means is the expectation of consumers as well
as enterprise of handling your data becomes even more
important nowadays.
And as we can see, um, being a big fan of the movie, uh,
radio Player One, um, the, the usage of all the big data
and consumer, uh, data will only continue
to grow in the years ahead.
And so for me, I think what motivates me the most is
to actually share, you know, some
of my experience from the past with anybody
who is in this current practice
or anybody who is actually interested in learning a little
bit more of how they can actually, uh,
utilize their skillset experiences as well as any kind
of industry tools that can help them
to establish that best practice.
That's wonderful. And you talked about your
experiences from the past.
One of your many experiences related to privacy
and compliance in the past has been at Florida State
University, uh, now having run privacy programs at
educational institutions.
Do you see any difference between
how privacy programs differ, uh,
between educational institutions, state
and local agencies, perhaps, uh,
versus running privacy programs at enterprises?
Yeah, I think there are definitely, um,
institutional differences.
Obviously, private enterprise has a lot more resources, um,
not just from the funding perspective,
but also you have probably the crop in terms
of talent skills, uh, available from, from all this students
or industry practitioners, uh, yet in a more of a,
I guess a higher education as well
as the government kind of setting.
Then those kind of, uh,
options are a little bit more constrained just
because, you know, it's hard to compete with, you know,
million dollar business, you know, uh,
especially the way everything is moving in the industry.
Um, so, so I think that's that.
Yet at the same time, because a lot of the, uh,
institutions are, uh, especially in higher ed
or even in government, they're dealing with a lot more, uh,
sensitive data regardless of what kind of data, uh,
data they come from, you know, from,
it could be A-D-M-V-D-M-V kind of a situation,
or UU even U-S-C-I-S, they're handling a lot
of those sensitive personal data.
Yet at the same time, do they have the tool or,
or, you know, the talents who can actually, uh, help them
to keep up the government regulations themselves.
Um, those are interesting facts
and also their type of data is a lot more comprehensive.
Um, you know, you probably have heard a lot
of the cybersecurity as well
as data privacy focus has been in finance as well
as health areas, just
because those data seem to have the highest, um,
dollar per data, uh, value in the ISO packers.
So in those industries,
you get obviously a lot more concentrations of talents
as well as resources from the enterprise to make sure those,
uh, damages are not going to to be too great.
Yet, at the same time, in more
of a government public sectors, you have basically from a
to Z type of the data, you know, military data, health data,
student data, children's data, et cetera, et cetera.
So, so I think there's definitely, um,
in the 80 20 peral rule where you have a different focus
of the type of data that has, um, you know, been, uh,
in the news that you may have heard.
Uh, yet at the same time, a data is a data.
How do you establish that full consumer trust by having a,
um, I guess, uh, a program that meets the industry standard,
uh, to, so the customers
or any kind of stakeholders would feel comfortable having
your organization handling those data
will become even more important.
That, that's a wonderful framing,
and I really like the way you have, uh, included, uh,
I suppose in my words three Ts, which is you need to go for
consumers trust, uh, using the right talent
and the right tools, I suppose.
So that's a, that's a really good one, folks, um,
to take home, which is go for trust, use the right tools,
and grab the right talent when it comes
to handling data privacy, uh,
and data protection compliance.
Now, there are a number of early stage professionals, mark,
who are joining our industry
around data privacy and compliance.
Um, as an industry veteran,
what advice, uh, would you have for
That? Well, you know, there's
a beautiful slogan
for Nike, so just do it right.
Um, you know, the way I would recommend is
because this particular field of data privacy
and cybersecurity are so large.
Um, you know, anybody who has any kind
of a background can probably find a very nice
space to come in.
I think the government agency called cisa, uh, CISA,
they have a actually a very good, uh, you know, skill
or career path chart that people can look at.
Um, just, you know, Google it.
Um, you can probably find an area where, you know,
regardless of your background, you can find a couple roles
that will fit your interest as well as skillset the best.
Now, you know, are you stuck in
that particular role, uh, when you started?
Well, yes and no. Um, you know, you, as long as you are,
you know, able to continue to learn
and willing to learn, um,
then I'm pretty sure in the sky's the limit.
You can always, uh, try to see what, what skills
that you wanna pick up along your long career ahead.
Um, yet at the same time, you know, what, what experience
that you want to get as you build out your portfolio
of being a it, cybersecurity or privacy profession.
Got you, got you. And they are all getting
interlinked, aren't they?
It cybersecurity data privacy and compliance.
It's like you can't do privacy perhaps if you're not taking
care of data security and, and vice versa in some sense.
So the great advice, um, folks, I'll repeat that, uh,
for everyone, Mark's advice, start with Seesaw, CISA,
be willing to learn, take on new challenges,
expand your scope, and then really, uh,
as the say, sky is the limit.
Uh, mark, last question for you.
In 2023, if you had to have one wish that in the area
of data privacy and compliance, obviously, um,
that you wish would come true, what would that be?
Better communication.
Um, you probably have heard all this privacy rule popping
out different, uh, jurisdictions.
Everybody's doing their own thing.
Um, yet I think at the end of the day,
it's about communication.
How are we able to communicate
with our own stakeholders within the company as well
as being an enterprise?
How do you communicate with your consumers
what you are doing, being transparent about what you do, uh,
in terms of best protecting their data?
And then have a, you know, really good communication
with the regulators and auditors
who are taking a deeper look
of your practice in cybersecurity and data privacy.
And I think, yeah, at the end of the day, it's, it's hard
to actually be on the same page just
because all the experts come from,
whether it's technology management or legal perspective.
They, they have to be sitting at the same table, you know,
finding out what's the key issue, what's the,
what's the key driver of the value.
Um, so there there's gonna be, you know,
a win-win win situation for everybody, uh, that's involved.
Yet at the same time, as long as people are willing
and able to actually communicate well with each other,
I think, you know, it's, uh, we, we can definitely, uh,
move the ball forward, uh, into the future
of all this big data usage, uh, for,
for everybody that's involved.
Great, great, great advice. Mark.
Better communication internally and externally.
You heard it here first, folks from Mark Chang,
thank you so much, mark.
We look forward to hearing from you again,
and hope to see you pen another article to help us out.
