Data Privacy Day: a Q&A with our 4 Top Privacy Experts

Author: Annabelle Baxter, Senior Manager, corporate affairs, Alliance Data

Today is Data Privacy Day, a day we mark at Alliance Data, since the importance of protecting our Company’s data, our clients’ data, and our clients’ customers’ data is an integral part of our DNA. I recently sat down with Kellie Watts, corporate ethics officer for Alliance Data, Jeanette Fitzgerald, chief privacy officer for Epsilon, Lori Mininger, chief privacy officer for Alliance Data Retail Services, and Mitchell Merowitz, vice president, corporate affairs and chief privacy officer, LoyaltyOne, to get their unique perspectives on data privacy.

	Kellie Watts, Corporate Ethics Officer, Alliance Data: In her role as the top ethics officer for Alliance Data and its three businesses, Kellie Watts developed and oversees all aspects of the Company’s global corporate ethics policy, which has received one of the highest ratings by a leading ethics and compliance consulting firm against nearly 1500 ethics policies.
	Mitchell Merowitz, Vice President Corporate Affairs, LoyaltyOne: Mitchell Merowitz is responsible for the corporate reputation, global privacy practices, regulatory and legislative affairs of LoyaltyOne. As Chief Privacy Officer, Mitchell also oversees the company’s database governance and international consumer privacy and data protection policies.
	Lori Mininger, Senior Director, Chief Privacy Officer, Compliance, Alliance Data Retail Services: Responsible for Regulatory Program Compliance initiatives including Data Privacy, Fair & Responsible Banking, Fair Credit Reporting, and Anti- Money Laundering/Bank Secrecy, Lori is also a contributor to the IAPP publication ‘Building a Privacy Program: A Practitioner’s Guide.’
	Jeanette Fitzgerald, Chief Privacy Officer, Epsilon: As Chief Privacy Officer, Jeanette leads Epsilon’s government affairs, legislative and regulatory initiatives related to data protection and privacy. With her extensive knowledge of data privacy issues, she has spoken before domestic and international industry associations about the implications of data privacy for businesses and consumers, and has provided testimony before U.S. Congressional committees.

Question: What does data privacy mean to you in your role?

Kellie Watts, Alliance Data: My role is to ensure that as a business and employer we are adhering to the strictest of legal and ethical protocols/best practices that are expected of us as a highly successful, reputable and responsible organization. Our Code of Ethics, which every associate must review and agree to abide by on a yearly basis, is the bedrock of our corporate values. A core tenet of those values is making sure that we protect the privacy of not only our employees but the businesses we serve, including appropriately safeguarding the financial and other personal data that relates to individual consumers we service on behalf of our clients, as well as the confidential information of our clients. To that end, we have a duty to abide by the systems, tools, and practices designed to maintain our clients’ and their customers’ data in a secure manner and protect against the unauthorized disclosure of or access to such data. We are all expected to comply with Alliance Data’s privacy and security policies and procedures and all applicable laws on privacy.

Lori Mininger, Alliance Data Retail Services: Privacy professionals play a unique role in the organizations they support in that they are both an advocate for the organization and for the organization’s customers. It is important to ensure that customers understand how their personal information will be collected, used, shared, disposed of and secured. Transparency, choice and security all aid in ensuring that customers trust the organization and thus will continue to do business with the organization. These concepts are also expected of the regulatory bodies that govern various organizations. Consistent application of these concepts is necessary to ensure compliance with laws, rules and regulations.

Mitchell Merowitz, LoyaltyOne: Although broadly-framed and generally discussed as a legal and compliance matter, we at LoyaltyOne have long treated privacy as a fundamental business imperative. In fact, respecting our customers’ data and establishing principles and guardrails around how the data is collected, used, accessed, shared, challenged, protected and destroyed was one of the key imperatives addressed when we created the AIR MILES Reward Program in 1992. Today, we embrace the same broad-principle based approach to privacy to all of LoyaltyOne’s lines of business as appropriate. I may be LoyaltyOne’s Chief Privacy Officer and accountable for our approach to privacy, however I more accurately believe that I am just one of the more than almost 2,000 stewards of privacy within LoyaltyOne and our lines of business today, who are responsible for maintaining our globally-recognized approach and practices.

Jeanette Fitzgerald, Epsilon: As both General Counsel and Chief Privacy Officer, I view data privacy through two lenses. First, data privacy encompasses a set of rules and regulations that our businesses must adhere to on a global basis. With recent high-profile incidents involving data breaches and data thefts, data privacy has taken center stage with government officials and regulators at the state and national levels, including governing bodies in Europe. And these rules and laws are different for different types of data, with stricter safeguards placed around health data, for example. In my role as Chief Privacy Officer, however, data privacy has a broader context. At Epsilon and Alliance Data, the notion of data privacy has a cultural and ethical significance. Our companies – both the corporate entity and the business units – are built on a foundation of trust and ethics. So we must constantly reinforce the underlying principle of doing what’s right, ensuring that data privacy is an ongoing consideration and not just a box to be checked off when executing a client assignment.

Question: How is data privacy different today than it was 5 years ago?

Merowitz: It’s all the rage and almost everyone has an opinion on it. Trouble is, most people are talking about it because of the negative – breaches, snooping, misuse and fraud just to name a few. Very few are talking about it in terms of a positive-sum outcome. As Giovanni Buttarelli, recently appointed European Data Protection Supervisor wrote, “Looking forward, if better quality personal data is needed for effective analysis (to deliver more value, monetary or otherwise), it is possible that big data will be even bigger. In a nutshell, big data needs equally big data protection solutions. We don’t need to reinvent data protection principles, but we do need to “go digital”. We need innovative thinking.”

Mininger: Technological advancements have enabled customers to opt for interactions via the internet and e-commerce over traditional brick-and-mortar settings. These types of interactions present different types of risk. Criminals are constantly looking for ways to exploit vulnerabilities in security to take advantage of the monetary value associated with personal information. To combat this, organizations look for ways to build privacy and security into the design of products, services and capabilities.

Fitzgerald: The marketplace is truly global now, and our business also has gone global in a much bigger way over the past five years. Regulators in both the U.S. and EU are trying to stay ahead of technology developments, and craft laws that will be relevant now and in the future, without stifling innovation and commerce. The U.S. currently is considered an opt-out society – individuals must opt-out of data collection and usage through the various channels that marketers provide. The EU is considered an opt-in society, where personal data is “owned” by the individual unless they opt in to share it. As commerce has gone global, the U.S. and EU are attempting to find ways to align their privacy policies and approaches, with a goal of ensuring continued cross-border communication without unduly burdening either consumers or businesses.

————————-

Join us for the second part of our Q&A tomorrow. We’d love to hear your thoughts on how data privacy has changed in the last five years. Keep the conversation going below by leaving a comment!