Let’s Talk Privacy & Technology Episode 6: Measuring Privacy’s Business Value (alternate title: From Ham to Hammurabi) with Michelle Dennedy
As part of my fellowship with Santa Clara Law’s leading privacy law program, I’m curating the Let’s Talk Privacy & Technology video series. Each episode features a privacy expert, practitioner, academic, or innovator. We discuss the intersection of privacy and technology, covering topics ranging from privacy engineering, privacy enhancing technologies (PETs), and data ownership, to data ethics, privacy tech, cybersecurity, and more. I publish episode notes in this blog, including this post dedicated to episode 4. [Episode 1 is available here; episode 2, here; episode 3, here; and episode 4, here.]
Episode Description
I chatted with Michelle Finneran Dennedy, CEO of The iDennedy Project about measuring data value, using the right metrics, and recognizing when to build based on business rules vs. compliance threats. Michelle is one of the first Chief Privacy Officers, former CPO at Cisco, Intel, Sun Microsystems, and Oracle, and author of The Privacy Engineer’s Manifesto: Getting from Policy to Code to QA to Value.
Episode Takeaways
- On personal data as currency, not oil: Michelle prefers to conceptualize personal data as currency over the common analogy of personal data as the new oil. Currency requires complex and contextual valuation yet we’re still able to value currency at market close. Like currency, Michelle personal data valuation is complex and requires context.
- On how to demonstrate privacy’s business value: In her former role as Cisco’s CPO, Michelle and her team conducted several studies to measure privacy’s return on investment (ROI). First, they found that there is a correlation between a privacy program’s maturity and the number of weeks a deal gets derailed for privacy reasons. Second, companies reported a 270% ROI for their privacy program investment.
- On Michelle’s advice to those who are interested in breaking into the privacy profession: First, Michelle and I agree that anyone who’s interested in breaking into the field needs to read and learn the basics. She specifically brought up the seminal article “The Right to Privacy” by Warren and Brandeis as an excellent example. I add others including Daniel Solove’s comprehensive work, Michelle’s own The Privacy Engineer’s Manifesto, and Woodrow Hartzog’s Privacy’s Blueprint: The Battle to Control the Design of New Technologies. Michelle’s second piece of advice involves creating one’s own opportunities. Many of Michelle’s jobs involved roles that previously did not exist; instead, she had to create them for herself. Third, Michelle recommends engaging with the privacy community, through organizations like the IAPP or The Rise of Privacy Tech or on social media.
- From ham to Hammurabi: This episode is alternatively titled, From Ham to Hammurabi because as you will see in the below recording, Michelle opened the episode by making a ham sandwich to illustrate context’s role in valuing a technology stack and its associated data. We ended the episode with a discussion of the Hammurabi Code as an analogy to the GDPR’s penalties.
Episode Links
- This episode is available on Santa Clara Law’s YouTube page.
- Michelle is on Twitter and LinkedIn.
- For upcoming episodes, check out the Let’s Talk Privacy and Technology series page on the Santa Clara Law website.
