Debbie Reynolds “The Data Diva” talks to Jennifer Hamilton, General Counsel, Exterro.In this conversation, we discuss Data Privacy issues facing businesses today. Hamilton discusses her background in technology and how she came to her role at Exterro. The conversation covers the importance of data privacy for businesses, the challenges of implementing data privacy solutions, and the potential benefits of data privacy for businesses. Jennifer discusses the role of privacy in the new world of cybersecurity. She believes that the law is ahead of the technology in some ways, which can be good if it doesn't stifle innovation. She agrees that the challenge for privacy professionals is to find practical, grounded solutions that consider the work's complexities. We discuss her work with different teams for success, over-retention of data as a risky business, business needs to be proactive, understanding how risk can be effectively mitigated, her current concerns in privacy and security, the cyber insurance market reflects increased risk, the importance of risk mitigation, and her hope for Data Privacy in the future.
Debbie Reynolds “The Data Diva” talks to Jennifer Hamilton, General Counsel, Exterro.In this conversation, we discuss Data Privacy issues facing businesses today. Hamilton discusses her background in technology and how she came to her role at Exterro. The conversation covers the importance of data privacy for businesses, the challenges of implementing data privacy solutions, and the potential benefits of data privacy for businesses. Jennifer discusses the role of privacy in the new world of cybersecurity. She believes that the law is ahead of the technology in some ways, which can be good if it doesn't stifle innovation. She agrees that the challenge for privacy professionals is to find practical, grounded solutions that consider the work's complexities. We discuss her work with different teams for success, over-retention of data as a risky business, business needs to be proactive, understanding how risk can be effectively mitigated, her current concerns in privacy and security, the cyber insurance market reflects increased risk, the importance of risk mitigation, and her hope for Data Privacy in the future.
41:20
SUMMARY KEYWORDS
ediscovery, people, companies, data, risk, technology, processes, problem, privacy, business, develop, leader, solutions, area, organization, role, cyber, teams, started, security
SPEAKERS
Debbie Reynolds, Jennifer Hamilton
Debbie Reynolds 00:00
Personal views and opinions expressed by our podcast guests are their own and are not legal advice or official statements by their organizations. Hello, my name is Debbie Reynolds; they call me "The Data Diva". This is "The Data Diva" Talks Privacy podcast where we discuss Data Privacy issues with industry leaders around the world with information that businesses need to know now. I have a special guest on the show, Jennifer Hamilton; she is a Chief Legal Officer of Exterro Corporation. Nice to meet you.
Jennifer Hamilton 00:40
Great to meet you. Thanks for having me.
Debbie Reynolds 00:42
Well, actually, that's not true. We've met before. So we met at a conference in Chicago, it was the eDiscovery conference that I typically will go to, and this was I think, its first year since COVID that they started having in-person events. And so I was able to jump over there and we met and you're a handbag and a scarf fanatic like me, so we have lots of stuff to talk about in technology. And I thought it would be fun to have you on the show. So thank you so much for joining.
Jennifer Hamilton 01:18
Yep, same here.
Debbie Reynolds 01:20
Now, I always say this. And it's true. I love to talk to lawyers who work at technology companies because I feel like you have such a deep perspective on technology because you were, you know, you are a customer of your organization. And as technology and data people, you just touched on so many different aspects of not only just legal and compliance but understanding that the data flows within a business. So if you can give me a bit of background around about you and how you came to your role at Exterro.
Jennifer Hamilton 01:57
When my dad was in technology, he developed software billing programs for attorneys when I was growing up, and I worked for him for the summer before college. And I ended up with a degree in Business Marketing. And then it seemed to me, as I started my first job, I was selling computers to the Federal government for Gateway and it occurred to me that that wasn't going to be my long-term career. And so I went to law school instead. And I started my journey as a lawyer and at a law firm practicing in court, learning the rules of civil procedure, and had really a fabulous experience with it. But I was also interested in going in-house so I could be more proactive. So I could build solutions to be more creative. And helping companies manage risk. And I received an opportunity to go in-house. In fact, to build an eDiscovery Program. This was in 2006 On the eve of the new Federal Rules of Civil Procedure. And so this is a natural next step for me with my interest in technology and software platforms working for my dad, and there's being driven to solve problems and be a change agent. This is where it all came together for me. And in the course of the 15, almost 15 years I was at John Deere, we did a lot of cool things. As an eDiscovery team, we developed a scalable, global eDiscovery and data transfer program; we implemented different technology. So I drew on my experiences with my dad's company and selling computers, and then ultimately received the recognition from cost savings and risk mitigation and got to feel rewarded for the cool things we got to do. The company offered us and I learned I liked building teams. And I also learned I liked building programs, not necessarily only eDiscovery programs. And so that really put me in a position to think more broadly about my career. And so I went in-house in a similar role to what I am now for Haystack ID, professional eDiscovery services firm. And then ultimately, the CEO of Exterro came to me and asked me if I'd be interested in helping build out the legal compliance program for Exterro. And we've known each other for a number of years, we had bought the external technology and used it and he appreciated that I had a unique perspective from all these different angles. So that's where I am today. And you know for me, I've loved this journey because initially I felt schizophrenic almost and my different interests, my mom's an artist dad's a CPA and a technologist. And, you know, how is that all going to fit together and with this role today, having a broader role to build, but also to support our clients, in solving their problems, there's a lot of creativity and artistry in it, we know that I'm doing it, you're nodding your head that, you know, it's as much of an art as a science and then you get to continue to solve problems. But also I get the opportunity to steer solutions with the next arrow for our customers and then can connect our customers with each other and talk about what's working and what doesn't work. So I really get the best of all the worlds now.
Debbie Reynolds 05:45
Yeah, your back story really resonated with me, I read, actually, my research team was reading up on you and they really love you; by the way, I love stories about you, your dad and your mom. And, you know, I resonate with that because, you know, my father was a mechanical engineer; he was very curious. And I think that's where I get a lot of my curiosity From my mother; she was a very common sense woman who was just kind of plain-spoken. I get that from her. So I see a lot of you know, your parents influencing you and the work that you do, and you're such a personable, nice, fun person. And I knew that we would get along really great because you just have all these different interests. But I think it makes you more interesting; it probably gives you a lot more creative ways to be able to express yourself and be able to excel in this type of role, right?
Jennifer Hamilton 06:45
Definitely, you know, this is a new world for all of us. And I've talked about this in the past. We may have seen this in your research, but I liken where we are with privacy to where we were in 2006 and eDiscovery. And I've called eDiscovery and privacy close cousins because there's some rules that have been laid out. But we don't actually know what compliance with those rules really looks like. We don't know what the kind of intended or unintended consequences are of the different processes we put in place or technologies we're using. And we're in this period of just improvising and experimenting and seeing what works and then trying to build on what makes sense that we've done in the past. So it's like everything's a pilot test. And then the regulations are interesting to me. My view is the regulations have gotten ahead of us in the law, usually, or in the technology world. Right? Usually, technology gets ahead of the law. And I think there's been a time it's done that. Now, I think in some ways, the law is ahead of the technology, which can be a good thing. It can influence the technology, as long as it doesn't stifle, you know, that innovation. And so we're in a unique time where there's so much complexity to the work; we don't want to invent the wheel; we want to draw on what we've learned in the litigation world in the eDiscovery world and apply it to cyber risk, into the privacy regulations and coming up with really practical grounded solutions.
Debbie Reynolds 08:36
Yeah, I agree with that. I agree. I say that a lot. I think you're right about where we are right now in privacy; there's a whole new world; it's kind of people creating things, figuring out what works. That's very accurate. Tell me a little bit about your working within or your organization with people in these different teams, right? Because I think there's been so much siloing in the past, you know, like say, the cyber people, the privacy people, eDiscovery people and so now, there has to be in order to be successful in the future, there has to be more of a symbiotic relationship between those teams and how they work. So how do you work in this environment where maybe in the past the old style, you know, there was a reason why those silos existed? Obviously, they're different subject matter experts in those teams, but how do you work where those teams get to work together more?
Jennifer Hamilton 09:43
Yeah, there's a quote that I love called that says progress depends on unity. And, you know, we like to think that if we, you know, a strong leader can push change and, you know, create progress very quickly. And it really isn't the case at all. And it took me many years and some heartache to learn that and a very large organization. And yet we aren't set up traditionally, in most companies to drive that kind of unity that you need; we need a corporate speak is alignment, you need, you know, to really make progress. And why is that? I give this a lot of thought; I philosophize about a lot of these different topics. And I think it's because, you know, the in-house world really inherited the structure from the law firms, which historically been set up by these very siloed practice areas, and there wasn't a lot of overlap. Right, I think it's only been in the last, you know 10, 20 years that we're starting to see the convergence of all these areas. And it's kind of like a, you know, hospital system, where, you know, the more you learn about how to treat, say, diabetes, you understand, there's all these other issues, but they all tie together, right, you have wound care, and you have, you know, the blood sugar and the nutrition. And, you know, the doctors are similar to lawyers, they've always been, you know, specialized and stayed in their lane, and you're not going to get the kind of alignment you need to get to move forward like that. So I believe that we start to foster that kind of alignment for progress, you start with the organizational structure, and you do what you can, because of this overlap, and roles, responsibilities, to, you know, make the case that, you know, to get this going, you really need to have all these different areas rolled to the same functional leader. And that's what's going to help the company organization avoid this duplication of effort. Because, you know, when you give, I think a lot of people became lawyers, so they can have more autonomy, and develop that expertise, and be a leader in some kind of niche area. And now you're coming in and saying, well, you guys are all doing a lot of the same things. And now I'm going to tell you what to do. And there's like, one thing it took me again, many years to learn, is that you aren't going to enact change by telling people what to do. People hate being told what to do. You know, you can look at Facebook, and you know, when we get into election cycles, you know, vote for this person, but then they, they deliberately vote for the other person if they're pressured, right, too much on one candidate so. So what you've got to do is you have to figure out, again, how to create that system where it's symbiotic. Otherwise, when you have the different leaders of these three groups, privacy, security, you know, eDiscovery, rolling up to different managers, then you can make it can be done, that the amount of time it takes you to lose ground, and we're talking about the logging technology, and sometimes technology's gonna have a law, you can't keep up, especially with all these, you know, cyber attacks. So I think that you really have to push for that. And I think that what happens when you have those silos is everybody thinks they know. And then this is a unique problem to them, and they're uniquely positioned to solve it, and they're going to start to duplicate the same processes, they're going to buy duplicate tools, you know, and before it knows that they're gonna be saddled with unsustainable costs, and then you're not mitigating the risk. So, you know, what, the old school way of doing this right is like that Iraq method, where you explain to people what is the issue? What's the rule, and scare them into compliance based on you know, what it's truly going to cost and where the risk lies. And so with privacy, cyber, eDiscovery, what you're having this convergence of challenges and processes is you've got CPRA and these privacy rules, and you've got these regulators in Europe, who are starting to heavily fine companies for over-retaining data. And who's traditionally been in charge of data retention, data schedules, but also fishing from that like, right, that's the eDiscovery folks. Right now you got cybers in charge of protecting that data lake, or I always call it a river because of the flow. But in any event, on top of that we have now in the US, the plaintiff's bar, your records have become a class action risk. Who would have thought 15 years ago we were talking about records management and really their job is to manage that record retention schedule and make sure that it's translated to all the different or languages and updated online and do some training and tell people to do some record cleanup and carve out the time. And now records become the front and center Class Action Plan of CPRA. And these other states coming online. So, you know, we've got to come up with a way to support this alignment and find leaders who can listen to each other if you don't have a cohesive org strategy. So that they can focus on solving the problems and not proving that they can come up with their own independent solution.
Debbie Reynolds 15:41
Yeah, I agree with that. I would love your thoughts. We touched on it a bit. And this is data retention. So data retention has been the bane of my existence for decades now. So I've always been an advocate for people not to over-retain stuff. And I think, especially in the legal process, a lot of times is the thought was, let's keep it forever because we may need it or something. And now we're seeing regulations come into play where keeping that data longer than you need actually becomes a business risk. So it's not the type of thing where it's like, okay, let's buy a new server and just put it in the back room is fine. You know, a lot of that legacy data, this is kind of what I feel that a lot of companies have; you can give me your thoughts about this. But it's a huge problem. Because I think, traditionally, there hadn't been any true reason why you couldn't keep the data because there just was no good reason. So now, these logs really hitting on the point about keeping data only, you know, for as long as is needed. I think it's going to be a wake-up call for companies. And you know, as I say, I think it's huge class action risks that companies have. And we're seeing that in my view, and a lot of the cyber breaches, because if you read deeply into the cyber breaches and the stuff that gets breached, a lot of it is legacy data because it's stuff that doesn't have a high business value, but has a high cyber privacy risk. What are your thoughts?
Jennifer Hamilton 17:21
Yeah, I think it's going to be much easier. Now I mean, the regulators are, I think, a bit outraged and coming from an outside perspective, not understanding that companies weren't just taking the easy road by keeping the data; they actually were incentivized to keep the data. Because the strong worker's management programs were actually in the US in my experience, and, you know, continents like Europe didn't even care until GDPR was coming online. And then they were like, oh, we need a records retention schedule. And that actually was an area where we were, you know, kind of far out ahead. And also in terms of data breaches and disclosures. So then all of a sudden, the pendulum as it always does swings really hard on the other side, which is now going to be getting rid of it, get rid of it, get rid of it, we don't want to do that then incentivize to keep it because we were afraid of what happens, if, you know, we get rid of it, and it's on hold. And now we're, you know, at risk of slowly eating data. So, you know, we have a long cycle, a system that supports keeping it. And now the question is, you know, what's the risk of continuing on this path and I was attending the American Bar Association Cross Border Institute in the Netherlands and listening to the regulators, and the company is clear that companies are going to be held accountable for overtaking the data. That's not the question anymore. It just is what it is. Now, the question is, how are we going to execute on that? How do you do it? It's so overwhelming, right? Like, you know, like you said, all the legacy data, most people don't even know where it is in an organization until a lawsuit comes up. And you know, you kind of stumble into oh you know, 20 years ago. So this is the question. And it really reminds me of the challenges that we face 10 years ago, and eDiscovery is a technology problem. And luckily, there are technology solutions, and there's proven processes to tackle them. So at least again, we can build on what we've done in the past to move forward.
Debbie Reynolds 19:43
Also, many, many deeply entrenched tools that companies use were never made to get rid of anything. So it was kind of a one-way deal. So it didn't really have capabilities to delete or remove data, so companies are having a huge challenge with that because they just weren't made to actually get rid of it.
Jennifer Hamilton 20:12
Yeah, it's a quandary that I don't think a lot of thought was put into again because we weren't really incentivized. Think about getting rid of data. And it's just so expensive and time-consuming. But again, I think that, you know, using our processes and eDiscovery, and using, you know, the basic technology for me, eDiscovery can help us figure out at least, where are the hot at-risk data sources, running searches and looking for patient health records looking for PII, looking for what the company perceives to be the highest risk? And then you look at it, you know, look at the numbers, the numbers paint the story? Is there PII in places you don't expect it to be? Is it higher than the amount that you expected? Is there adequate security around it, if it's in the right place? Is it past the retention schedule? Now, now we've got finally a mandate for the records retention group to have a seat at the table and push for change and designated; go back to the eDiscovery problem; the data still might need to be held for other reasons. And so once you have at least the numbers in your story about what your risk is, now, you can actually go and use a technology to remediate the raw, the stuff, that's redundant, obsolete trivial, and develop your process, right? And then apply it to the next system. And it's iterative, and it's agile, but you have to start it. And you have to give somebody in the organization that mandate, which usually comes when the risk is high enough when there's lawsuits when there's extreme fines. But I find that a lot of companies still aren't aware of the fines that are coming out of Europe, and they're still overwhelmed with other challenges, like maybe in the cyber area, or, you know, just data mapping still that they're not ready to, you know, push for this kind of data remediation for getting rid of the stuff that's beyond the schedule. So I don't we need to be there. I don't know if everyone's really there yet.
Debbie Reynolds 22:37
I don't think people are there yet. Because I think so many people are firefighting, and they're still in their reactive mode. So they feel like, you know, I don't know, I feel like people are taught this in business schools, like, okay, when this problem happens, then you execute, so it doesn't really talk about how to prevent the problem from happening. So we need more prevention and less reaction, so more offense and less defense, you know, the defense will always be there. But you know, the real gains in value, I think, is more proactive management. So you want to, I tell people, instead of being a firefighter be Smokey the Bear.
Jennifer Hamilton 23:19
Ok so the analogy I always come back to is similar to yours, but it's the hospital emergency room triage. Right? We're still operating out of the ER, right? And that's not where you want most of your patients to come. And, yeah, we've had to learn this the hard way over and over, we're in ER mode, you actually get overly comfortable I think with you know, you've got that you develop your processes to triage, you appoint, you know, the people to be the triage nurse. And then you've got specialists, you have the general doctor that comes first and you have a board, you have metrics, you're measuring how long people are sitting in waiting rooms, and you're reprioritizing, deprioritizing patients, depending on how bad it is. And I think it becomes addictive. So it makes sense as to why you know, we're there because it's almost like telling us what to do next. But we actually to your point to be smoking very actually have stepped back. Just because it's urgent doesn't mean it's important. And I love this. I do a lot of reading. And I love this book called The Power of Moments. And it really resonated with me. I only read it last year and then read the whole thing, but my takeaway was we spend too much time trying to pave over the potholes and not enough time trying to elevate the moments that matter. And I can certainly see myself in this, that perfectionism where I'm just going to sit there and try to you know, and to some degree, my team probably suffered from that perfectionism of let's fix this and, and optimize it and further optimize it. And it's like, yeah, but where's the strategy in that? Where's that? How do you elevate the program, how you elevate your risk management system and protect the company, when you're constantly just focusing on what's a more efficient way to get the data from, you know, this server to the vendor and process it and speed it up? You know, so it's really taking that step back and saying, that's where your value lies as a change agent, as a leader of one of these programs, or a true information governance program where they all roll up, which is to figure out what place do you need an organization to be for that? To meet company goals and legal risk management goals? Where do you need it to be Brene Brown would say what does dumb look like? And then what needs to be true to get there? And so going back to the hospital ER mode, the thing that I thought about after I read an article in Harvard Business Review talking about how to fix the healthcare system said it's not a life or death issue, then what matters is not the outcome, as much as the experience of the process to get the outcome, that when you're a patient, and, you know, you're you've got COVID, then you know, what is the experience to get to the point where you get better, or you know, something like, break your arm, and you'd get a cast and whatever. And all of a sudden, what matters is how you're treated the bedside manner, the doctors, and the front desk person, you know, how long it takes to get an appointment? What are they, you know, screwed it up, and you have to go get another cast. And so that really hit me when I was trying to lead the team through a lot of change and supporting attorneys who really didn't want to change. And it was like, you know, we've got to make this a more pleasant, fun experience. Yeah, and take the focus off of, you know, not losing the case. Right, we assume we're not going to lose the case anyway. So that's not really the goal. And make this cater more to our stakeholders to the attorneys; of course, they don't want to have to upend all their processes and change all their outside counsel relationships. And I think we're a bit like that, where they're a bit in privacy, where we're just bombarding our business constituents with a questionnaire and the next questionnaire, realizing that, you know, we need to be more strategic. So we're doing things once, and we're not trying to be perfect. Right, and try to stop making the goal like to strip the company of all risks, it's not going to happen, business can operate that way.
Debbie Reynolds 28:15
Yeah, right. Right. Exactly. There's no one who's 100% risk-free ever. So I think if that's your goal, and you will fail miserably, but I think the place we need is for companies to understand what their risks are. So there are a lot of hidden risks that people may not see. And a lot of that ties back to the data. You know, what data do you have? Why do you have it like your example? You know, you may let's say you do a scan of your environment, and you find personal health information in places that you didn't expect it. So, you know, your risk is, you know, like you said, is it protected in a way that it shouldn't be protected? Is it in the right place in the right or the wrong place? So those types of risks, I think, help organizations because once you know what is happening in your environment, you can at least come up with a plan to figure out what's the best way to handle maybe a particular incident that has to be handled and then, as you said, come up with more of a strategy. In the future when we have X, we'll do Y, right? What's happening in the world right now, in privacy or security or something that's concerning you most that you see you like, oh, I don't like the direction this is going.
Jennifer Hamilton 29:42
Maybe the idea is that companies are going to be held strictly liable, liable for cyber breaches. And I think there's some thought leadership out there that's heading in that direction. And I am certain that would serve the plaintiff's bar well, but with the volume of ransomware attacks, you're seeing the insurance industry suffer and say, do we care? Well, we do because the insurance industry is, you know, starting to crack down and, you know, pressure companies to develop these fortresses of, you know, security, to, you know, protect the data is understandable. But the pendulum always swings too hard, right? We always go from one direction to the other. And you again, you know, how feasible is it for a business, a small or medium-sized or large business with a long history, and it's complex and global to spend, you know, an infinite amount of resources to lock everything down. And it really does impede the business; I think this is an area where you end up spending a lot of time trying to figure out like finding that balance. When you're in a position to say, No, we're not gonna use Slack. No, we're not gonna do that. And COVID really kind of washed all that, you know, authority away from legal in a sense that people just did what they needed to do to survive as a business. And so there's kind of a reminder that, that that balance is necessary, but the idea that, that we're going to perfect security, and that that is the goal. And otherwise, companies are going to be strictly liable; they're not going to be able to get cybersecurity insurance and protect their customers from these events. That's, that's not the right direction, it's not going to work, it's going to have a lot of unintended consequences.
Debbie Reynolds 32:00
I agree with that. And I saw an article recently, and I knew it was going to happen, where they said that the cyber insurance market is tightening up. So there are a lot more questionnaires or a lot more restrictions, their premiums are a lot higher, and some people can't even get cyber insurance. So I think the issue is a lot of companies have risks that they don't they're not aware of so trying to figure out what those risks are really important. And figuring out what's the best way that you have in your power to mitigate the risks, shift risk, however you want to handle it. But I think a lot of companies are caught by surprise because they have an understanding in their heads sort of like, oh, well, nothing bad has happened. So then we must be fine. And nothing's happening, you know. So you may have been just been lucky that nothing bad has happened to your organization. But that doesn't mean that you don't have risk. So I think just not knowing your risk is a risk in and of itself, isn't it?
Jennifer Hamilton 33:09
Yeah, in that sense. And then the crackdown on the insurance companies and from the insurance companies flowing to their insurance is a good thing. Right? Awareness, it all starts with, you know, awareness. And when you're really busy in your silo, when we go back to that, that that actually can become the most challenging issue is raising that awareness than from that, that's where you create your intention. Right? And if you don't have the awareness, you can't steer with intention. And if you're not steering with intention, then you're just what to your point, assuming everything is great. And it really the clock is ticking. So that's probably the lawyer's worst nightmare. Right? You know, and in my role, and in a broader role, it's terrifying. Right, the fear of now you're responsible for everything. Yeah, is something that does keep you up at night and drives you to see things very differently than you might have when you were focused more on one particular area like eDiscovery.
Debbie Reynolds 34:26
Yeah, yeah. Well, if it were the world, according to Jennifer, and we did everything that you said what will be your wish for privacy anywhere in the world? So whether it be regulation, technology, or human stuff, what are your thoughts?
Jennifer Hamilton 34:46
Well, I'm a big believer and no matter what you do, the powers and alignment and in relationships, right, you can buy technology and you still have to tell it what to do, and then tell it what to do, you have to have, you know, the buy-in from the people who have the most at stake. And it's hard to do that, you know, an agile effective way unless you have the right relationships and the right perspectives, and you know, what you don't know. And so, you know, to me, we have to continue to remember and learn about how to communicate, how to provide feedback, how to hold people accountable for doing their job, but without judgment, and deepen those relationships. And even if it's somebody you don't think you, you know, interact with on a day-to-day basis or have a direct impact on your work and privacy. You still need to invest in certain relationships and broaden your network. Because you never know when that one day comes. And you need to call a "The Data Diva" You know, and get help, you know, from the different areas of the company and the different, you know, functional leaders. So we're all in this together. And I think that is a mandate to continue to have these fantastic conversations, like what I had with American Bar Association and other great organizations who are bringing us together so we can learn from each other. We're not inventing the wheel.
Debbie Reynolds 36:46
Thank you for the plug there. I really appreciate it. I think that you're right; I think we need to have deeper, more complex conversations that are not siloed. So we need more people reaching across from different areas and being able to talk together because we're all having the same problems. So knowledge sharing is really critical and key and can probably save companies millions of dollars in resources and efforts if we're just learning from one another.
Jennifer Hamilton 37:19
Yeah, and if I can add one more thought to that, Maureen Allison, the CFO for Johnson and Johnson. And I've quoted her in interviews before, but either she stood up at a conference and said, We need people from all walks of life. And if I could say the thing that frustrates me the most about cyber is that there's folks who got into it, so they could develop their area of expertise and, you know, become a leader, and they don't always see things in a different way, or welcome other different perspectives, different backgrounds to the table. Right, it is sometimes you know, they're using knowledge as power, and we are not going to move the conversation forward, we're not going to develop these solutions in privacy or security, without diversity and, and valuing that. It's not just, you know, a programmer you need at the table. It's not just, you know, a security ops leader; it's you need PR people, you need creatives, you need people who can draw on their background from other types of areas. And I saw this in law firms; you know when the law firm valued the worker bee and only wanted associates to sit in an office and crank out briefs. Right, and not learn how to litigate, interact with clients and develop, you know, solutions for them. You know that the law firm started to run out of clients, right, you have to bring other people to the table and value that there are other skill sets that you know that you don't have, and then you can do it, you know, create the solutions a lot faster when you have the right group of people, but a much broader skill set at the table.
Debbie Reynolds 39:28
I agree. It creates more richness within the organization. So I always like to say I use an analogy. Let's say you have a subject that you want to take a photograph of when you gave 20 people a camera and told them to take a picture of the same subject; those 20 different people will have different pictures because they have a different perspective of that subject. So I think you the types of problems and issues that we're having. Even though we're talking about data, these are human problems, right? So you need different types of humans to be part of the conversation to really, truly get a fulsome view of what the problem is and the solution.
Jennifer Hamilton 40:15
Yep. Bingo.
Debbie Reynolds 40:17
Very cool. Well, thank you so much. I'm so excited that we were able to get together and hopefully in the future, we can collaborate and hang out and have drinks and talk about fashion.
Jennifer Hamilton 40:29
I'm looking forward to it.
Debbie Reynolds 40:32
All right. Thank you so much, Jennifer. I'll talk to talk soon.
Jennifer Hamilton 40:36
Okay, Great.