Bamboo Data Consulting with Sharon Bauer | E270
Helping companies develop policies around the responsible use of data.
On today's episode of Fintech Impact, Jason is going to talk to Sharon Bauer, founder of Bamboo Data consulting. It is a niche privacy and security consulting firm that basically helps companies figure out how to foster trust and responsibly profit off the use of their data. Sharon's purpose is to empower businesses to make better decisions that will build sustainable privacy and security programs so that they can instil confidence in their customers, partners, and investors.
Episode Highlights
01.23: Sharon started her company as a litigator. For 10 years, she didn't love her job, was trying to find something to be super passionate about, she stumbled across privacy and the issues related to privacy and it intrigued her.
02.52: Data and monetization of private data came to be through companies like Google and Facebook.
03.48: Sharon explains the process that they follow. The first thing that they do is try to figure out what privacy regulations apply. If you are a Canadian company, misconception is you think, well, only Canadian privacy legislation applies, which is absolutely not the case.
04.44: Once we identify the regulation, the next step that we usually do is we conduct an assessment on either a particular process or program or platform tool that you are using or the entire organization, says Sharon.
06.07: Sharon explains how laws were first and foremost designed around the surveillance economy.
08.01: Any company that knows that they are going to be relying on personal information to run their business to generate a profit in their business needs to think about privacy from the very foundation of their business.
08.15: Business is what we call privacy by design, and it is not necessary to have a robust privacy program, but you need to think about from the initial stages of your design what information you are collecting, how you intend to use it, or do you have a lawful basis for collecting that information, says Sharon.
10.02: It's easier to build a platform to basically move faster on later as opposed to going back and reinventing everything that is as a painful way to do things is in those processes and everything else are already well laid out.
12.28: Sharon shares while setting up frameworks, what are the key best practice areas they look at.
15.38: Talking about the privacy laws Sharon says that it all depends on what jurisdiction clients are talking about, both the originating country where the data was originally obtained and where it is being stored.
17.02: Sharon explains the importance of having a standard contractual clause.
19.20: Sharon talks about the misconception around data breach and how that happens.
20.22: The SEC passed the rule that basically requires everybody to be certified if they are going to be a vendor that is used by someone licensed by them.
23.15: The ability to trace is pretty good within most modern systems. If you are using a modern CRM, if you are using Google Docs or OneDrive. If on a corporate level, there is definite history of that.
24.41: Once we identify the risks, we put together a road map to figure out, how are we going to prioritize all of the puzzle pieces that need to go into place, says Sharon.
26.33: If you are not going to respond to the liking of the individual or in a timely manner, they are going to go to the privacy commissioner.
29.30: Sharon highlights awareness and bringing awareness to employees and making them feel really empowered that they are doing the right thing and that they are trying to work with their existing processes.
31.03: It takes 8 months to a year to truly implement a privacy program that is robust and operational.
35.06: Privacy is not always top of mind for all companies. It is a huge, endeavour to educate, educate, educate, and bring awareness so that.
3 Key Points
Sharon explains how explains privacy program is for companies.
If you have a chat on your website, an AI tool or maybe not even an AI tool, but it is recording. There is a transcript recording that chat and you are collecting information from the EU or UK users. You need to seek explicit consent.
You need to make sure that the vendor that you are in business with also has good privacy and security practices and are not using that data for their own purpose.
Tweetable Quotes
"It has become a highly profitable stream of revenue to basically harvest this data and utilize its direct ads and doing a number of other things." – Jason
"If you are collecting personal information from residents in the EU or UK or in the US, or any other legislate or jurisdiction, you need to consider whether those regulations also apply." – Sharon
"Most recently Facebook came under fire again because they were collecting personal information for the purposes of hitting ads at them instead of seeking explicit consent to do that, what they did was they embedded it in the terms of use terms of service." - Sharon
"Standard contractual clauses is an agreement between the exporter and the import order that the data will be handled in to the same level of protection that they would receive in the EU, so we know the EU has a GDPR super high standard, very robust regulation, all those rights that individuals have in the EU they should also have even if the data is stored in the US. So apart from signing a piece of paper saying yes, we will comply, those companies actually need to comply and actually we need to be able to provide the same level of security, the same level of rights. So if an individual wants their data to be deleted, even though they may not have that right in the US. It doesn't matter if they're an EU resident, they still have that right, even if the data is stored in the US." - Sharon
"I feel so fortunate to be working in an industry that is very collaborative and everyone is so supportive of each other." - Sharon
Resources Mentioned
Facebook – Jason Pereira's Facebook
LinkedIn – Jason Pereira's LinkedIn
Woodgate.com – Sponsor
Podcast Editing