Be knowledgeable of all laws. It’s best to understand the laws of protecting customers’ information because there is a ton of misinformation that range from social media and even industry experts. It is on you to be aware of specific laws so that you can act in the best interest of the customer and your business.
Publish your policies and procedures and make them abundantly clear. It’s never been more important to make sure that your users know what they are signing up for they agree to use.
It has been said that the currency of the modern world is not gold, but information. If that is true, then nearly every business is storing financial information, emails, and other private information that can be invaluable to cybercriminals or other nefarious actors. What is every business required to do to protect its customers’ and clients’ private information?
As a part of our series about “Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information”, I had the pleasure of interviewing Emily Cisek.
After witnessing how difficult it was to wrap up the details of a loved one’s life, Emily Cisek knew there had to be a better way. It was then that she decided to create The Postage, a digital solution for people who wanted to manage their information and effectively control the aftermath of life. Cisek, serves as Co-Founder and CEO of The Postage where she is spearheading tech in the afterlife industry with hopes to provide people peace of mind around the inevitable.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I grew up believing that I could change the world. I always knew from day 1 that I would be doing something to help people for the better. My parents share a story from when I was in kindergarten when the school psychologist sat my parents down and said, “She’s going to be very successful someday, but you are going to have to live with her till then.” Boy, was that the truth! I’ve always lived by my own rules, laying out my own goals, always dreaming BIG, and visualizing what I wanted.
I grew up in a family where being a female never crossed my mind as a weakness. I was raised by my mother, a strong woman who was the breadwinner of the family. I saw her lead cancer programs at nationally recognized institutions, continue her education, and really be superwoman. I used what I learned from her and my own intuitive nature to go after what I wanted.
In college however, there was one time I didn’t trust my gut. My dad had been laid off numerous times during my upbringing due to working in the oil & gas industry and he told me if I went to college for accounting, I would ALWAYS have a job. During my junior year in college as an accounting major, I realized there was no way I wanted to be an accountant. While I respect all of my accountant friends, if you know me at all, you know that’s not where my superpowers lie. That year, I switched majors to marketing and graduated with a marketing degree. Now, whenever I have a crazy idea, my parents don’t ever suggest a different path because they know if I put my mind to it, I will figure out a way. That’s what entrepreneurship is — figuring out a way to tomorrow.
Is there a particular story that inspired you to pursue your particular career path? We’d love to hear it.
When I was 22, I moved to Texas from New York; I had no job and no plan but was ready for a fresh start and to be able to get out of my comfort zone. I got my first go in the world of start-ups when I began working for an energy company known for its digital marketing and e-commerce capabilities. Six months later, they were acquired in a multi-million-dollar deal by one of the largest energy companies in North America. There, I had the opportunity to manage email communications for 11 brands including energy and home services entities. Although it was a great experience, I missed the personal touches and grit that a smaller business offers. I knew it was time for a change, so I followed my mentor to help him lead his operations and sales in his next venture within the marketing space in Austin, TX.
Throughout my career, I’ve watched those founders who took a chance on me in my first job, be able to build, sell and start companies, and ended up catching the “entrepreneurial bug” myself. It was always a dream of mine to lead a company that aimed to better the world and had a real impact on the human experience. I just didn’t know what that was until I experienced three losses in just six weeks. That was when I witnessed how arduous the process of wrapping up after life affairs was, and that time should be spent celebrating, grieving and processing the loss, not buried under the weight of managing affairs. From this realization, The Postage was born and my role as a CEO and Founder began.
Can you share the most interesting story that happened to you since you began your career?
COVID-19 in and of itself is one of the most interesting hurdles we’ve had to face. I never imagined launching my company during a global pandemic. I closed a funding round, moved our headquarters, started hiring, and launched The Postage while the world was dealing with a pandemic. This was one of the most trying and unimaginable obstacles to deal with, but with a strong team we kept our focus on the goal.
The pandemic was awful to experience, and the mass losses have been tragic, but in tough times I always look for a silver lining. The pandemic has afforded us the opportunity to help more people, and come into the market when dying and death, a taboo issue for discussion over the years, was a BIG topic of conversation. This allowed us to launch the business during a movement that could truly change the conversation of how people in our society handle/deal with preplanning and death.
None of us are able to achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?
There have been many people along my journey who have supported me, challenged me, and have been part of the fire that drove me throughout my career. I’m grateful for every relationship from small to large, positive or negative — they’ve all taught me lessons and have allowed me to grow to be the person I am today.
However, one person who has been particularly impactful has been my mentor, and The Postage’s co-founder/board member, Robbie Wright. He was the co-founder and CEO of the first start-up I was part of and gave me my first taste of entrepreneurship. He has been a part of grooming me into the professional I am today. He has seen potential in me from the beginning and has been vital in assisting me build my business plan and seeing The Postage get off the ground.
I continue to learn from him and look to his experience as an entrepreneur who has stayed true to himself starting, operating and exiting multiple successful businesses. Throughout his career he has championed and supported women in the industry to help even the playing field and see women break through the glass ceiling. His tough love and support have truly gotten me where I am today.
Are you working on any exciting new projects now? How do you think that will help people?
Since our launch, we have been working to create The Postage mobile app for the Google Play and Apple app stores. Our mobile app gives our customers complete control over their legacies with 24/7 access to their estate, a secure platform to store their documents and passwords, and the ability to update their files anytime they want to name a few.
What advice would you give to your colleagues to help them to thrive and not “burn out”?
I’ve always believed that in order to thrive in the work environment and not burn out, you have to make sure that you make time for yourself. It’s so easy to get caught up in the weeds and get overwhelmed from meetings, financials, investor updates, to employee engagement and user experience. The little and big things will keep you up at night. You have to recognize how to effectively prioritize tasks and figure out a schedule that works to avoid burnout. For me, self-care has been an important factor in my success because I have been able to close a fundraising round, hire a full-time team, run a successful beta, launch a robust platform nationally, acquire customers and gain traction, and launch a mobile app all within a global pandemic.
I am a huge advocate for making a schedule that works for you. For me, lunch time is that sweet spot where I can leave the office behind and go boxing. When I’m boxing at HTX Fight Camp, I don’t check my watch, my emails, my phone calls at all. It’s that hour when I can really lose myself/or find myself and work through anything I’m dealing with. I also make sure to write a list of 50 things I am grateful for that are specific to that week. This has always been a tool for me to remind myself of the progress I’ve made and what I have to be thankful for. It also allows me to visualize the big picture and where I’d like to be in 6 months, 1 year, 3 years or 5 years.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. Privacy regulation and rights have been changing across the world in recent years. Nearly every business collects some financial information, emails, etc, about their clients and customers. For the benefit of our readers, can you help articulate what the legal requirements are for a business to protect its customers’ and clients’ private information?
Legal requirements for all businesses to protect customers’ and clients’ private information stems from the Federal Trade Commission (FTC). The FTC states:
- Businesses should provide notice of the information they collect from customers and how they plan to use it.
- Customers should be allowed to choose how the information collected about them should be used.
- Customers should have the ability to access data collected about them.
- Businesses must take steps to ensure the security of the information collected from customers
Our services at The Postage cover all of the principles of the FTC’s requirements.
Beyond the legal requirements, is there a prudent ‘best practice’? Should customer information be destroyed at a certain point?
Our best practice at The Postage is to commit to our customer’s privacy and their security and to make sure that we have reliable systems in place.
We store each user’s information in individual containers inside of Microsoft Azure’s cloud storage systems which effectively secures and isolates their information from any other user’s information. When a user decides to share files with other users, they remain locked in place until the other user is given access.
With the General Data Protection Regulation (GDPR), a customer has the ability request their data be deleted from a platform. However, the extent to which you have to delete data information is up to interpretation. For our platform, we have decided to delete it all at a customer’s request.
In the face of this changing landscape, how has your data retention policy evolved over the years?
Data retention has evolved and expanded over the years from the amount of data we can store on hard drives to how much customers will allow us to store.
With our business not yet being a year old, we make sure to intentionally keep our users’ data for the duration of their account being active and for a period of time after their passing. Traditional data retention policies don’t necessarily apply to us at The Postage because the user is largely setting their own retention policy. Our responsibility is dependent on the decisions a user makes.
Are you able to tell our readers a bit about your specific policies about data retention? How do you store data? What type of data is stored or is not? Is there a length to how long data is stored?
We strive for data security that puts our customers first. The data stored on our platform range from financial and medical records, passwords, images, and social security cards.
We have specific measures in place to prevent fraudulent activity. No one will know a customer has an account with The Postage unless they invite or refer someone. Customers can decide how long they want their information stored on the platform and if they choose to allow delegates to see their profile — and even then, it’s only what they approve.
Has any particular legislation related to data privacy, data retention or the like, affected you in recent years? Is there any new or pending legislation that has you worrying about the future?
The most recent issues that have come up are around GDPR and the California Consumer Privacy Act (CCPA). We don’t worry about these things, but we do plan for them. For our startup, we’ve made sure we could easily remove a customer from the system completely. This sounds simple, but if we were not a startup and had years of legacy code, this could have been a daunting task. Our advantage as a startup is that we can plan from the very beginning of how we are going to comply with privacy laws and data retention.
In your opinion have tools matured to help manage data retention practices? Are there any that you’d recommend?
Yes, tools have definitely matured. There are many Governance, Risk, and Compliance (GRC) software systems on the market now that help a lot with compliance and audit practices. Many of these systems keep you updated on new the laws you might need to address in your current policies and having these tools can assist the organization. We recommend ZenGRC or Hyperproof.io which can help to make sure you stay in compliance with data retention policies.
There have been some recent well publicized cloud outages and major breaches. Have any of these tempered or affected the way you go about your operations or store information?
Every outage or breach is like a reality check for the industry and the world. It’s a real challenge to create systems, and possibly more importantly processes, that will help your organization avoid similar issues. In many cases, breaches are the result of human failure versus system failure. A user clicks on a link in an email to open up a backdoor, a user has poor password management practices, etc. It is important to architect your systems to avoid massive issues through separating data to the extent that is practical.
Ok, thank you for all of that. Now let’s talk about how to put all of these ideas into practice. Can you please share “Five Things Every Business Needs To Know In Order Properly Store and Protect Their Customers’ Information?” (Please share a story or example for each.)
1) Be knowledgeable of all laws. It’s best to understand the laws of protecting customer’s information because there is a ton of misinformation that range from social media and even industry experts. It is on you to be aware of specific laws so that you can act in the best interest of the customer and your business.
2) Build it into your products and features from the beginning. Privacy and data retention should not be an afterthought. When you are contemplating a new product or even a feature to an existing product, it’s important to address these issues. Find out how long you need to reasonably keep the data and whether or not there are encryption requirements, data segregation requirements, or other implications that your development team needs to be thinking about.
3) Get in front of any breaches or issues. If you somehow find that despite your best efforts you have an outage or breach, it is imperative that you come clean as quickly as possible with the impacted parties. This can go against your natural instincts, but delaying the notice is only going to make the situation worse and could possibly lead to legal issues.
4) Don’t keep more information than you really need for your specific business. Big data has been a buzz word for years now and many organizations want to collect as much information as possible to arm them with better marketing capabilities and/or other uses. In my opinion, if you don’t need to collect information to provide your very specific service, then don’t ask for it and don’t store it.
5) Publish your policies and procedures and make them abundantly clear. It’s never been more important to make sure that your users know what they are signing up for they agree to use.
You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. :-) (Think, simple, fast, effective and something everyone can do!)
Changing the conversation around death. Right now, we view death as something that’s taboo. We can talk about a lot of other difficult topics like mental illness, sex, and more, but we shy away from having the conversations about something that is certain for all of us. This sounds harsh and some would say morbid, but the truth is the more one recognizes, realizes, and talks about their mortality the more likely they are not going to take anything for granted. Everyone experiences loss, and if we prepared for what’s certain we would give ourselves, our families, and our legacy the peace of mind it deserves.
How can our readers further follow your work online?
The Postage website: https://thepostage.com/
This was very inspiring and informative. Thank you so much for the time you spent with this interview!