Home Privacy Epsilon’s Chief Privacy Officer: Compliance Is ‘An Ongoing Journey’

Epsilon’s Chief Privacy Officer: Compliance Is ‘An Ongoing Journey’

SHARE:

Ashlen Cherry, Epsilon’s chief privacy officer, would bet on federal privacy legislation happening – just not before the end of the year.

“This can be a bipartisan issue, and there’s an appetite for it on the hill,” said Cherry, who joined Epsilon last October after almost a decade as the global privacy program manager at Dell. “It will take at least another session of Congress, though.”

Cherry has been in the privacy business for 20 years, and knows that technological innovation often drives public interest in government action.

Despite industry lobbying, lawmakers on both sides of the aisle have said they don’t want a federal privacy law that isn’t at least as tough as the California Consumer Protection Act (CCPA) set to take effect in January 2020.

But whoever wins the debate, Cherry and her fellow chief privacy officers across the industry have to be ready.

“It’s CCPA today, who knows which states tomorrow and what could be coming on the federal level,” Cherry said. “We’re preparing where we can and using flexibility as our guiding criteria.”

AdExchanger spoke with Cherry about getting acquired by Publicis, mobilizing for CCPA and why GDPR prep didn’t end on May 25, 2018.

AdExchanger: Publicis is a data controller with hundreds of subsidiaries around the world. How is the Publicis acquisition of Epsilon/Conversant changing how you approach privacy compliance?

ASHLEN CHERRY: Because of where we are with the integration, I can’t go into specifics. A lot of that will be nailed down after the acquisition closes [sometime in the third quarter]. But we will of course have to look at the current organization and how we can continue to provide adequate support to deal with this shifting landscape, both internally and externally.

I’m optimistic that Publicis will continue to support our commitment to notice, transparency and being good custodians of data. That’s part of the reason Publicis appeared to be interested in Epsilon, and it was a big part of their due diligence. There were a lot of questions about our data privacy and security practices.

How has your job changed before and after the General Data Protection Regulation (GDPR)?

GDPR has definitely raised the profile of data protection in parallel with some not-so-great stories that hit the headlines. The last few years were hard on those of us in the privacy world. There was a lot to do, and it’s an area we need to continually monitor for additional guidance.

Now, we’re looking at what we did – and do – with GDPR and thinking about how we can apply that work elsewhere, including to the CCPA. Privacy-by-design is baked into how we approach technological innovation, but GDPR underscored how important it is. Privacy is a team sport, and we need to be having these conversations across the organization.

How many hours did you devote to GDPR prep?

That’s hard to quantify, but I will say that I don’t know of any privacy professionals who reached May 25, 2018, [the day of GDPR enforcement] and did a full victory dance. This is an ongoing journey, there’s still guidance coming out and detailed documentation is an ongoing requirement.

Everyone was working long and hard hours before GDPR and they continue to do so.

How are you getting ready for CCPA?

We know we need to act now and focus on the parts of the law that seem somewhat straightforward. But there is considerable confusion about definitions and requirements that are still not altogether clear. We’re trying to be as thoughtful as we can and we’re working with trade associations to understand how other industries are approaching this.

Where things are unclear, we’re working with legal counsel to try and interpret them in a way we believe is defensible.

Nevada also has a data privacy law that goes into effect in October, three months before CCPA.

There are so many open questions, and so it’s all about flexibility. When we design tools, such as our consent tool, which gives people the ability to see what data a company has on them and then to delete it on the Conversant side, we do so with an effort to contemplate future regulations.

We build so that when the rules become more defined, we can easily modify tools and processes as needed.

This interview has been edited.

Must Read

With Match Rates Falling, Is Effective Attribution Just An Illusion?

Attribution isn’t all it’s cracked up to be. Just ask Cimin Ahmadi Cohen, founder and CEO of Idea Peddler, a full-service agency based in Austin Texas.

Google’s Meridian And Meta’s Robyn: A Gift To Measurement Or Trojan Horses?

Google and Meta are quietly rewriting the rules of ad measurement, and they’re doing it with open-source marketing mix modeling tools that many marketers don’t even realize they’re using.

This New Training Framework Gives Publishers A Say In How AI Uses Their Work

The SAIL initiative compensates publishers when AI scrapes their content and guarantees the outputs adhere to the same cultural standards they apply to their own coverage.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

AI Is Spreading Inaccurate Information About Brands. This Tool Can Help Fix That

Brands can’t just focus on how often they show up in AI search. They also need to pay attention to accuracy – and know what to do when AI gets it wrong.

This K-Beauty Brand Is Collapsing The Marketing Funnel To Grow Its US Customer Base

The “K” in “K-beauty” stands for “Korean.” But it should also stand for “kaboom” because Korean beauty product sales are exploding internationally, especially in the US market.

LinkNYC Kiosks Have Started Airing World Cup Games – TV Ads And All

The cinematic trope of people stopping to watch the news on a storefront TV display feels pretty out of date today. But sometimes, life can still imitate art.