Home Privacy Epsilon’s Chief Privacy Officer: Compliance Is ‘An Ongoing Journey’

Epsilon’s Chief Privacy Officer: Compliance Is ‘An Ongoing Journey’

SHARE:

Ashlen Cherry, Epsilon’s chief privacy officer, would bet on federal privacy legislation happening – just not before the end of the year.

“This can be a bipartisan issue, and there’s an appetite for it on the hill,” said Cherry, who joined Epsilon last October after almost a decade as the global privacy program manager at Dell. “It will take at least another session of Congress, though.”

Cherry has been in the privacy business for 20 years, and knows that technological innovation often drives public interest in government action.

Despite industry lobbying, lawmakers on both sides of the aisle have said they don’t want a federal privacy law that isn’t at least as tough as the California Consumer Protection Act (CCPA) set to take effect in January 2020.

But whoever wins the debate, Cherry and her fellow chief privacy officers across the industry have to be ready.

“It’s CCPA today, who knows which states tomorrow and what could be coming on the federal level,” Cherry said. “We’re preparing where we can and using flexibility as our guiding criteria.”

AdExchanger spoke with Cherry about getting acquired by Publicis, mobilizing for CCPA and why GDPR prep didn’t end on May 25, 2018.

AdExchanger: Publicis is a data controller with hundreds of subsidiaries around the world. How is the Publicis acquisition of Epsilon/Conversant changing how you approach privacy compliance?

ASHLEN CHERRY: Because of where we are with the integration, I can’t go into specifics. A lot of that will be nailed down after the acquisition closes [sometime in the third quarter]. But we will of course have to look at the current organization and how we can continue to provide adequate support to deal with this shifting landscape, both internally and externally.

I’m optimistic that Publicis will continue to support our commitment to notice, transparency and being good custodians of data. That’s part of the reason Publicis appeared to be interested in Epsilon, and it was a big part of their due diligence. There were a lot of questions about our data privacy and security practices.

How has your job changed before and after the General Data Protection Regulation (GDPR)?

Subscribe

AdExchanger Daily

Get our editors’ roundup delivered to your inbox every weekday.

GDPR has definitely raised the profile of data protection in parallel with some not-so-great stories that hit the headlines. The last few years were hard on those of us in the privacy world. There was a lot to do, and it’s an area we need to continually monitor for additional guidance.

Now, we’re looking at what we did – and do – with GDPR and thinking about how we can apply that work elsewhere, including to the CCPA. Privacy-by-design is baked into how we approach technological innovation, but GDPR underscored how important it is. Privacy is a team sport, and we need to be having these conversations across the organization.

How many hours did you devote to GDPR prep?

That’s hard to quantify, but I will say that I don’t know of any privacy professionals who reached May 25, 2018, [the day of GDPR enforcement] and did a full victory dance. This is an ongoing journey, there’s still guidance coming out and detailed documentation is an ongoing requirement.

Everyone was working long and hard hours before GDPR and they continue to do so.

How are you getting ready for CCPA?

We know we need to act now and focus on the parts of the law that seem somewhat straightforward. But there is considerable confusion about definitions and requirements that are still not altogether clear. We’re trying to be as thoughtful as we can and we’re working with trade associations to understand how other industries are approaching this.

Where things are unclear, we’re working with legal counsel to try and interpret them in a way we believe is defensible.

Nevada also has a data privacy law that goes into effect in October, three months before CCPA.

There are so many open questions, and so it’s all about flexibility. When we design tools, such as our consent tool, which gives people the ability to see what data a company has on them and then to delete it on the Conversant side, we do so with an effort to contemplate future regulations.

We build so that when the rules become more defined, we can easily modify tools and processes as needed.

This interview has been edited.

Must Read

The Trade Desk Maintains Its High Growth Rate And Touts New Channels

“It’s hard not to be bullish about CTV when it’s both our largest channel and our fastest growing,” said The Trade Desk Founder and CEO Green during the company’s earnings report on Thursday.

After The Election, News Corp Has Harsh Words For Advertisers Who Avoided News

News Corp’s chief exec blasted “the blatant biases of ad agencies and ad associations,” which are “boycotting certain media properties” due to “personal political prejudices.”

LiveRamp Outperforms On Earnings And Lays Out Its Data Network Ambitions

LiveRamp reported an unexpected boost to Q3 revenue, from $160 million last year to $185 million in 2024, during its quarterly call with investors on Wednesday.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Google in the antitrust crosshairs (Law concept. Single line draw design. Full length animation illustration. High quality 4k footage)

Google And The DOJ Recap Their Cases In The Countdown To Closing Arguments

If you’re trying to read more than 1,000 pages of legal documents about the US v. Google ad tech antitrust case on Election Day, you’ve come to the right place.

NYT’s Ad And Subscription Revenue Surge As WaPo Flails

While WaPo recently lost 250,000 subscribers due to concerns over its journalistic independence, NYT added 260,000 subscriptions in Q3 thanks largely to the popularity of its non-news offerings.

Mark Proulx, global director of media quality & responsibility, Kenvue

How Kenvue Avoided $3 Million In Wasted Media Spend

Stop thinking about brand safety verification as “insurance” – a way to avoid undesirable content – and start thinking about it as an opportunity to build positive brand associations, says Kenvue’s Mark Proulx.