by Haidee LeClair, Senior Content & Community Manager

We were lucky to be joined by Ruby Zefo, Chief Privacy Officer at Uber, for our In:Confidence Digital series in October. Ruby contributed her thoughts on privacy investments, how to embed data privacy into corporate culture, whether data privacy can become a competitive advantage, and how to build out best-in-class privacy operations.

Ruby has a unique perspective, which she shares candidly. Below are some of her insights, based on her experiences in the heart of data operations at Uber, a global data leader and one of the world’s most innovative, digitized, and highly scrutinized organizations on the planet. To hear all of her responses to each question, watch her video. It’s well worth your time.

How do you justify your privacy investments and show ROI?

Well, like many compliance areas, the first place people usually go when they’re trying to show the efficacy of a privacy program is proving a negative. How do you prove something that didn’t happen? Something bad didn’t happen?

That can be difficult, but there are ways to show the activity that goes behind making bad things not happen; a lot can go into that. One of the ways you can do that is by tracking the number of privacy impact assessments that you’re doing — and not only the number, but also how risk reduction has happened. So you may have taken high-risk items and lowered them to low risks, or maybe medium risks to no risks. That’s one way.

And it also helps you with your compliance. As the products are going out with better legal compliance, there’s also a better user experience. Because you’ve now developed a product that has better privacy controls and therefore is more attractive to customers and improves trust.

What steps can organizations take to ensure data privacy is a priority and is embedded in the company culture?

You have to start with the tone from the top. You really need to have your executive staff on board for this one. Because if you’re going to a better culture, you need everybody, including the most visible, respected, and followed people, the leaders of the company, to be able to toe the line on this one. And it’s very hard for a privacy group to do that alone without that tone from the top. So one of the ways you can do this is by describing how the privacy program actually helps the organization, beyond just compliance.

For example, I used to have a client who was hired from a very well-known Silicon Valley company, known for its very innovative product designs. I went to talk to his department about how to design their products with privacy in mind. And I had not mentioned the word compliance once; I used a race car analogy, and I described a pit crew and how important that pit crew is to make that machine run well. And then what happens if it doesn’t run well.

I had the best diagram at the end, and it’s a man in a convertible-like race car, and he is going so fast outside in this race car that the wind is blowing his cheeks open. And the first thing you noticed is that this man is just really enjoying the ride, but what I noticed was that there’s a padded roll bar in the car, and there’s a padded steering wheel in the car. And he has on a five-point harness seat belt like you would put on a toddler in the backseat of the car. I’m sure he was aware of all of those safety features when he got in and buckled up and was checking out his ride, but he quickly forgot about them all — because he felt safe and secure in taking this ride, and therefore he was just able to enjoy it.

So that’s what I described to them. I said, do you want our customers to be able to forget? They know that these privacy and security controls exist and so they feel safe. They really want to enjoy the ride and forget all those controls, and just take the ride, enjoy it, enjoy the customer experience.

Could Uber go as far as to make data privacy a competitive advantage?

Well, there are companies out there right now trying to do just that — making privacy a competitive advantage. It’s difficult for people to understand how exactly that happens because it’s a very contextual practice.

How privacy impacts any given product or service is specific to that product or service, and helping people understand how that happens can be difficult. So you have to figure out a way to highlight it enough so that they understand it and understand that what you’re doing is different from your competitors. It’s not impossible.

One of the great things about Uber being an app-based company is that we can communicate right in the app. So we like to choose special practice area holidays to do that for. For example, National Cybersecurity Awareness Month. We had a security awareness month program, where if you open the app, you’d see a little card in there to remind people of some security features.

How do you find the skills and experience to build out best-in-class privacy operations at Uber?

Privacy is really not a new area. What’s happened is that it has just gotten much more complicated with the digital economy and e-commerce. I mean, we’ve had curtains on our windows forever, and that’s a form of privacy. So, privacy rights have been around, and the knowledge of them, and the desire for them have been around for a really long time.

But the privacy practice itself is reinventing itself literally every day as technology changes, our cultures change, and so do the ways we interact with technology. That makes privacy a practice that you have to keep up with every day.

Even if you’ve been doing it for 20 years, you can’t just sit back and rest on your laurels. So even a new person has to do the same work as the person who’s been around 20 years. Privacy is a great field for new people to enter, because everybody, no matter what your experience level, has to be a continuous learner.

On the skills front, I really look for a constant learner. I mean, the other skills that come along with an experienced practitioner are leadership and management skills, and those things just come with time. But in terms of competency in the field, you can’t remain competent unless you keep up. So you have to be a constant learner, which anyone can do.

Watch the full video to learn more from Ruby Zefo, Chief Privacy Officer at Uber:

Learn more from our In:Confidence Digital conference recap from December 10, 2020, where NatWest Group’s Chief Data & Analytics Officer, Zachery Anderson, joined us to discuss using data privacy to unlock digital innovation.