Let’s Talk Privacy & Technology Episode 2: Navigating the Intersection of Privacy & Security with Daniel Barber
As part of my fellowship with Santa Clara Law’s leading privacy law program, I’m curating the Let’s Talk Privacy & Technology video series. Each episode features a privacy expert, practitioner, academic, or innovator. We discuss the intersection of privacy and technology, covering topics ranging from privacy engineering, privacy enhancing technologies (PETs), and data ownership, to data ethics, privacy tech, cybersecurity, and more. I publish episode notes in this blog, including this post dedicated to episode 2. [Episode 1 is available here.]
Episode Description
In episode 2 of the Let’s Talk Privacy & Technology, I chatted with DataGrail CEO, Daniel Barber, explored Daniel’s journey into the B2B privacy tech space, including his founding of DataGrail, and their partnership with one of the leading security companies, Okta.
Episode Takeaways
- On the B2B vs. B2C privacy tech space: While acknowledging his bias from experience as a B2B founder, Daniel observed how the B2C privacy tech space is playing catch up because no one in the B2C space has quite cracked the business model yet. People don’t want — and, in my opinion, shouldn’t have — to pay for privacy. In contrast, enterprises are willing to pay for privacy compliance tools to help them manage compliance with privacy regulations like GDPR and CCPA.
- On the pandemic-accelerated digital transformation’s two sides: Daniel believes this is one of the biggest issues we currently face, observing how it has made opportunities for cybersecurity and privacy tech companies. On the flip side, it has also opened us up to privacy and security vulnerabilities because companies were ill-prepared for a remote workforce and cloud-based infrastructure.
- On privacy practitioners deserving automated tools: Daniel believes the privacy community deserves the long-overdue innovation. Other functions’ — customer success, marketing, or sales — day-to-day basic activities have been significantly improved by technology. In contrast, he characterizes privacy teams’ available and existing tools — some of which still include spreadsheets — as primitive and needs improvement.
Episode Theme: Privacy & Security
We talked a lot about the intersection of privacy and security but because of time and our engaging conversation on privacy tech, we didn’t quite get to address the difference between privacy and security. (Don’t worry: I am resolved to get to it in the upcoming episode 5 with Paola Zeni.) I’m offering my two cents in the meantime:
Information privacy is concerned with the collection, use, dissemination, retention, and other processing of personal information, including the associated individual rights that empower individuals to take control over their personal information. Whereas, information security is concerned with the confidentiality, integrity, and availability of information (not just personal information, but also trade secrets, intellectual property, and other information that warrants securing) and the systems that process such information. The two domains intersect: privacy requires that personal information be secured during its entire lifecycle — from collection and use, to transit, storage, and destruction. But the privacy domain covers a breadth of inquiries beyond security, such as transparency (notice and consent), data minimization, purpose specification, individual rights, etc.
Episode Links
- This episode is available on Santa Clara Law’s YouTube page.
- Daniel is on LinkedIn and Twitter.
- For upcoming episodes, check out the Let’s Talk Privacy and Technology series page on the Santa Clara Law website.
