The Data Diva E269 - Kimberly Lancaster and Debbie Reynolds

Show Notes

In Episode 269 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Kimberly Lancaster, Founder and CEO of Avalon Privacy and Compliance. They discuss the evolving relationship among privacy, security, and compliance and why companies must treat these functions as interconnected elements of trust rather than isolated disciplines. Kimberly explains how organizations of all sizes can build stronger programs by emphasizing transparency, shared responsibility, and thoughtful data stewardship throughout the enterprise.

The conversation explores the real world challenges companies face when scaling governance, including vendor diligence, access controls, continuous monitoring, and the risks created when teams assume that technology alone can solve problems. Kimberly describes why proactive privacy practices, including data inventories and lifecycle thinking, make companies more resilient, reduce downstream crises, and strengthen their ability to respond to new regulations without disruption.

Debbie and Kimberly also examine the human side of privacy work, highlighting how culture, empowerment, and community learning shape successful programs. Kimberly shares her wish for a future where transparency becomes the foundation for trust and where companies design experiences that offer convenience without requiring people to sacrifice their data unknowingly. She emphasizes that privacy leadership is ultimately about enabling people to grow, make better decisions, and help organizations operate with integrity.

Support the show

Become an insider, join Data Diva Confidential for data strategy and data privacy insights delivered to your inbox.

💡 Receive expert briefings, practical guidance, and exclusive resources designed for leaders shaping the future of data and AI.

👉 Join here: http://bit.ly/3Jb8S5p

Debbie Reynolds Consulting, LLC

Transcript

[00:00] Debbie Reynolds: The personal views expressed by our podcast guests are their own and are not legal advice or official statements by their organizations.

[00:12] Hello, my name is Debbie Reynolds. They call me the Data Diva. This is the Data Diva Talks Privacy podcast, where we discuss data privacy issues with industry leaders around the world with information that businesses need to know.

[00:25] Now I have a very special guest, Kimberly Lancaster, all the way from Seattle.

[00:32] She is the founder and CEO of Avalon Privacy and Compliance. Welcome to the show.

[00:38] Kimberly Lancaster: Thank you, Debbie. I'm thrilled to be here.

[00:41] Debbie Reynolds: Well, I'm so excited to have you here. I have wanted you on the show, like, forever.

[00:47] And we always chat on LinkedIn about stuff.

[00:52] We know a lot of the same people, so we bump into each other in different circles. So I was so excited that you agreed to be on the show. Cause I wanted you on the show forever.

[01:02] So thank you. Thank you for being here.

[01:05] Kimberly Lancaster: Oh, thank you.

[01:06] Debbie Reynolds: Yeah. Well, tell me a little bit about your.

[01:09] Your background, your career, how you got into this place.

[01:13] You're fascinating. This is a funny story. So I know because I'm a data person. I know people in, like, all different types of industries.

[01:22] And you're one of these people that I bump into into, like, all these different groups. Like, like, my cyber people know you.

[01:28] The privacy people know you.

[01:31] I'm like, Kimberly. Oh, Kimberly's, you know, doing this or doing that. Like, I'll see you on a webinar or something. I mean, it is so funny to see you in all these different spaces.

[01:40] But just tell me. You're just fascinating. Tell me about your career and the things that you're interested in.

[01:46] Kimberly Lancaster: My career has been interesting. My first career was in banking and finance, and I had the opportunity to spend quite a bit of time learning all the different areas of banks and audits and things.

[02:02] And that's where I first got introduced to privacy and security.

[02:06] And then I moved into software, and I really found,

[02:10] oh, this is fun.

[02:12] I like this.

[02:13] I spent a couple years at Microsoft and at SAP, and then I went into smaller companies.

[02:19] And what I found is that it didn't matter where I was.

[02:24] Privacy, security and compliance always kept coming back into my realm. And part of that was around.

[02:32] I just naturally gravitated towards protecting the data because it was so personal to me as an individual.

[02:42] And my job was to help others understand that.

[02:46] And so I've had a lot of opportunity to grow and learn,

[02:51] explore a lot of different things.

[02:53] I am not a programmer.

[02:55] Don't profess to be, but I love talking with them.

[02:58] They are so creative and getting them to understand why privacy by design or security by design or hey, we have to meet this regulatory requirement. How do you think we can do it?

[03:11] Is so much fun and just really enjoy it. And so that's where my career's gone. I've always stuck my nose in a lot of different things just because I was curious.

[03:25] And then I ended up finding I really liked it and just kept going.

[03:30] So that's where the business came from. That was how do I help people get there? Because especially small businesses, they don't really understand and they don't have the manpower to do it.

[03:42] So how can I help?

[03:44] Debbie Reynolds: That's true. Now, this is fascinating. I didn't know that you had a background in banking. That sort of makes sense. I feel like people who have had experiences in like more highly regulated industries,

[03:57] you can help a lot of other people who maybe aren't in those industries, but maybe need to align better with some process, procedure or something that just helps them do their jobs better.

[04:10] So that makes perfect sense.

[04:11] Kimberly Lancaster: And it's fun because I learn about what they're doing.

[04:15] Debbie Reynolds: Well, I feel like you are someone who is a master at communicating and with people in all these different realms and that's why you've been very successful. But I want to talk about that communication for a bit because I feel like people who are in privacy,

[04:35] or what I said called data adjacent,

[04:38] people who work in data adjacent spaces, you have to be able to learn how to talk with different groups of people and understand,

[04:49] you know why? Because a lot of times when you're like, you made an example, like you were talking with someone who works in software development,

[04:55] they just want to do software development and they're not really concerned about or they're not taking a look at what regulation has come now, or they may not know that maybe a choice that they think is doesn't have a consequence actually does have a consequence down the line.

[05:12] But tell me, how do you approach that communication and get those talk to those different groups and even getting those groups to talk to one another.

[05:22] Kimberly Lancaster: The first thing is I want to go in and ask questions.

[05:26] Tell me about what you're developing.

[05:28] You know, and we can use two examples. We can use the software and then we can use like an operations person.

[05:35] Tell me what you're developing.

[05:38] What code are you know, what languages are you developing in.

[05:43] What data do you want to have to do that?

[05:46] What do you think you need to have to achieve your definition of done?

[05:52] And I always relate requirements or goals or things around what do they want to Achieve. And then I try to come into that sideways and add a couple of pieces.

[06:08] So if they're saying,

[06:10] well, I want to go build this great dashboard for the customer and it needs to have all of this information in it.

[06:18] Okay, tell me why you think that they need all that information.

[06:21] What gives you that prompting to do that and break it down to a level that you're actually having an honest conversation with them around what they're trying to achieve?

[06:34] The minute I understand what they're trying to achieve, then I can say,

[06:38] hey, can we add in this and this and this, and add it into your definition of done. Because at that point, you know what? You give me three things. I've met a security requirement.

[06:48] I've met a privacy requirement. I've met a compliance control.

[06:52] It's really helpful. And then if they say, well, I'm not sure about that. Okay, well, let's talk about it. Let's figure it out.

[06:58] You're the creative one. You tell me how you think we can get here. This is what I need at the end,

[07:04] you tell me how we get there.

[07:06] And it actually empowers them to step out of the focused area that they're in and really start to understand these other things. Because I'm putting it in a language they understand.

[07:20] I'm making an effort to understand what they're doing,

[07:24] and they feel heard.

[07:26] And then you flip over to the business side and it's the same thing. Hey, I'm running 90 miles an hour. I've got to get all of these things done.

[07:34] I need to download all this data to my desktop. I need to do all this stuff in Excel or in Google sheets or whatever.

[07:41] And I'm like, hey, can we build some stuff where you've got a private share that you can work in that you don't have to put it on your desktop? Would that be easier?

[07:51] Because then if you ever had your laptop go down or get lost or stolen or whatever, you wouldn't lose all that work.

[07:59] Hey, great idea.

[08:00] So the minute that you put it into something that they understand,

[08:04] that's where the communication comes in and.

[08:09] Repeating back to them what they're saying so that they know they've been heard. That's huge.

[08:14] Debbie Reynolds: Yeah, it is.

[08:15] Kimberly Lancaster: That's huge.

[08:16] Debbie Reynolds: The way that you work with them, you allow them to take some type of ownership also. Yeah.

[08:23] Of the problem of the issue,

[08:25] and then you become partners in trying to solve something completely.

[08:30] Kimberly Lancaster: It's a partnership, no matter what. I can't do my job if I can't empower them to do theirs.

[08:35] Debbie Reynolds: I think it's so funny. So I have seen people in the privacy space try to go into organizations and try to do like Alexander Haig, like, hey, I'm in charge here,

[08:49] and you're gonna do what I say. And you're laughing already because you know that just 1000% doesn't work. Not only does it not work,

[08:56] that means that people will start working against you because they know that you.

[09:01] Them to. To help you to do that job. Just tell me your thoughts about how you go into organizations and make sure that people understand. Because a lot of times they feel like, oh, my gosh,

[09:12] this person's gonna. This is like the office of no person who's just gonna tell me no about everything. But how do you get people to open up to you so that you.

[09:23] They're more part of the solution and they don't see you as being a blocker to them.

[09:28] Kimberly Lancaster: I always start the conversation with yes, and it's never no.

[09:32] It's helped me understand why.

[09:35] Help me understand what the value is, what the goal is.

[09:40] Are we really working towards what's best, where, at the cost, what the customer wants? There's a lot of times customer requirements come in, especially in software.

[09:49] They're over on one side and the developer's on the other side. And you're kind of bouncing between the two here.

[09:58] And so you have to understand both sides and help navigate that area.

[10:04] Privacy and security and compliance,

[10:07] if you can help them understand why.

[10:11] And yes, we're going to get there.

[10:13] We may need to take a slight sidestep here and do this and then come back,

[10:19] but we're going to get there.

[10:21] We're going to help you get there.

[10:24] It's a much easier conversation.

[10:26] The really bringing in the importance around being open to listening and understanding is huge.

[10:37] Debbie Reynolds: Right?

[10:39] Being a good listener is very important.

[10:41] I want your thoughts about something that you call a trifecta of privacy, security and compliance.

[10:49] And the reason why this intrigues me is that I feel like these are the three things that are very much confused within organizations. People don't know what they are, and they don't know.

[11:02] Sometimes they think one is the same. Like some people think privacy and security are the same, or they don't understand how compliance is not privacy or security.

[11:11] So tell me your thoughts about how you explain those three things as separate concepts and how they work together.

[11:19] Kimberly Lancaster: Okay, so security protects assets,

[11:22] data systems, environments,

[11:25] privacy protects people.

[11:28] We're protecting their identity, we're protecting their information.

[11:32] And compliance proves to others that you're doing both.

[11:36] So it really comes down to what goals you have set for each.

[11:41] So security, you're protecting the confidentiality, the integrity and the availability of data and systems.

[11:50] Privacy, you're protecting people and their rights.

[11:53] This is the freedoms they have to manage their own information.

[11:59] And compliance shows that you are aligning and meeting external and internal obligations.

[12:07] So for me, there has never been.

[12:10] There should be this team, there should be this team and there should be this team.

[12:14] You may have different groups of individuals,

[12:17] but if you don't have cooperation and collaboration between the three,

[12:21] you're not as successful as you could be.

[12:25] And then you're giving others out in the teams, the software developers, the business front end, the customer support team, the executives, you're all driving for different variations of the same thing.

[12:43] If you work together,

[12:44] it's much easier to provide a single set of requirements and meet those effectively as a business,

[12:53] especially in smaller companies.

[12:56] If you've got a company like Microsoft, yes, each organization has their own groups,

[13:02] but you still roll up to the top and you're still aligning to the same thing. And those upper groups have to to meet together too.

[13:11] In small companies, often you have divided focus and that's not as successful as it could be.

[13:19] Debbie Reynolds: Wow, you give me so much to think about.

[13:22] Also.

[13:23] That is brilliant, by the way. I've never heard anyone explain it so simply. I feel like people get twisted up and complicated about those three areas. But I want your thoughts about this.

[13:36] And when people say this, it kind of makes me go bonkers.

[13:39] And so some people feel like encryption solves privacy.

[13:45] And I'm like,

[13:46] what are you talking about? So to me it's like the difference between,

[13:51] let's say security is a key to a house and say privacy is a deed to a house.

[13:56] Kimberly Lancaster: So yes.

[13:58] And compliance is the insurance that makes sure that you're got the fire alarm and you've got the smoke alarms and yeah, totally,

[14:07] it totally is.

[14:09] When we talk about encryption and when we talk about protecting data,

[14:15] you're actually protecting assets.

[14:19] Like I said,

[14:20] privacy is the fundamental rights behind that data.

[14:27] I give consent for you to use this data for this reason.

[14:31] I don't give you consent to use it for that reason.

[14:35] And then compliance is okay, you've got encryption, but do you have a privacy policy?

[14:41] Do you have process for dsar? Do you have this? Do you have that?

[14:46] So yeah, this is where the factor of the integration is so,

[14:54] so important because without strong security measures, without privacy aware design and without compliance governance,

[15:04] it leaves the business exposed. Technically, Legally and reputationally.

[15:10] Because if you don't have those things,

[15:13] we see them way too often.

[15:16] I mean,

[15:17] I just saw The IBM numbers, 20, 25. How many emails do I get a day saying,

[15:23] hey, you've been pawned.

[15:26] How many times do we see the notifications coming out?

[15:30] It's an important thing and the more that the three teams can collaborate, the better.

[15:36] Debbie Reynolds: I agree. And it's not an either or. So it's not compliance and then not the other two and it's not privacy and not the other two. So it definitely is a trifecta.

[15:47] So the fact that you described it that way is absolutely perfect.

[15:51] Let me know what is happening in the world right now that's concerning you most about either of those areas. Privacy, security or compliance.

[16:02] Kimberly Lancaster: I think that there's two areas, insider and misuse.

[16:08] People are running faster and faster and faster.

[16:11] It's so easy to make a mistake.

[16:14] Example, customer service rep emails the wrong information to the wrong customer. Not on purpose, didn't do it on purpose.

[16:22] Just trying to get their tickets done, just trying to answer calls, trying to take care of things.

[16:27] Someone loses a phone,

[16:29] that happens.

[16:30] And then we've got the all encompassing AI addition to the picture.

[16:37] I want to do this,

[16:39] I want to use AI to help me draft a deck.

[16:44] Debbie Reynolds: Okay?

[16:45] Kimberly Lancaster: As long as there's governance in place,

[16:47] it's great.

[16:49] As long as you're not putting personal data or IP data,

[16:54] critical business data into it.

[16:57] I think that there's a perfect use for AI in a lot of areas.

[17:02] I use it for things I do,

[17:04] but I'm very, very careful.

[17:07] I also do a lot of reading around what's going on in the world,

[17:13] but I think those are the two areas that we have much more.

[17:17] AI is allowing hackers to hit more and more. So our security functions need to be stronger.

[17:25] We need to think before them.

[17:27] We need teams and people and business and executives to understand that.

[17:33] You may think it's okay to absorb the cost of a fine or a breach,

[17:40] but what does it do long term to the people that you're serving?

[17:44] And that's my biggest concern.

[17:48] I think that there's a lot happening out there.

[17:51] Our technology in the last two years has gone completely up to a thousand miles an hour.

[18:00] And we are in a massive growth technology wise and it's really hard to keep up.

[18:07] And a lot of businesses when they're setting up, they may still be on an older version of OS because the software they use may need to have that version and they haven't upgraded.

[18:21] There's a lot of things. We look at hospitals, we look at infrastructure across the country.

[18:27] You know,

[18:29] there's a lot.

[18:30] And so people being cautious,

[18:34] taking the few minutes that they need to understand what happens if I do,

[18:40] if I'm not careful.

[18:42] Debbie Reynolds: Absolutely. And I want to go back to something you said, which I think is a fascinating topic and that's around insider threats.

[18:50] So I've done many like cles and talks on insider threats and I try not to roll my eyes when I do it because most of the time when people do these webinars and seminars about insider threats, they're talking about these Mission impossible,

[19:09] Tom Cruise hanging from the ceiling scenarios where we know that most insider threats are not nefarious.

[19:17] Right. They're just like you said, someone's trying to get some work done, someone lost phone,

[19:22] the architecture wasn't put up, put together the right way, which I could tell you a good story about that.

[19:27] And so all those things are insider threats and those are probably the most threats that companies have.

[19:37] Right. So they probably, especially a small to medium sized company,

[19:41] they're probably their weakest links are probably within the organization, not necessarily even the people.

[19:47] It just may be the way the systems are put together.

[19:51] I have an example, and this is many, many moons ago,

[19:55] where there was an organization, they were putting together a system and they only wanted to have it so that people went through this one login.

[20:04] Right. And then when they logged in based on who they were, it was kind of primitive that they could only see certain things and that's fine.

[20:14] But then I was like, all they have to do is if they get the URL to where the base of the application is,

[20:22] the data folder's right there so they can see everything.

[20:26] So to me,

[20:27] that's one of the biggest problems that companies have where they assume that everybody's going to go down the.

[20:33] Kimberly Lancaster: A single path.

[20:34] Debbie Reynolds: Yeah, a single path. When basically everything is open in the back end. And that's one of the bigger things that I feel like, especially cyber criminals or people who have nefarious intent.

[20:47] That's what they go for. Why would they try to break a password when they can just get into everything?

[20:53] Kimberly Lancaster: Yeah,

[20:54] oh yeah, completely.

[20:56] Phishing has gone up.

[20:59] There's just all sorts of things going on.

[21:03] And we're getting into the holidays where,

[21:06] face it,

[21:07] social engineering is going to jump drastically over the next couple of weeks.

[21:11] You're going to see people that are trying to get stuff done.

[21:15] You've got people that are.

[21:17] And AI bots are,

[21:20] I'm a dozen now.

[21:22] And you brought up a good point.

[21:26] Using software, using vendors,

[21:29] if you don't have vendor diligence in place and you don't have user access controls in place, and you don't know who has access to what.

[21:40] I've seen too many times in small companies where everybody needs access to stuff.

[21:45] Okay, well, let's set it up so that there's at least two factors.

[21:49] Let's set it up so that we are auditing that continuously. We're logging for stuff, we're monitoring. That's where the security comes in.

[21:58] You're thinking about the access they have. Do they have access to all of the data? Or can we segregate it down and keep it otherwise than a URL based on what they need at that time?

[22:12] And they can request just in time, permissions.

[22:16] Are we auditing it from a compliance perspective?

[22:20] And so this comes back to very honestly why I really believe that if you don't have someone thinking about it from all three perspectives,

[22:32] you've got some gaps.

[22:34] Debbie Reynolds: Right.

[22:35] And let's talk a little bit about privacy and the reason why privacy needs to be proactive as opposed to reactive. So I've seen and I don't. Maybe this is a us thing.

[22:48] I want your thoughts. So a lot of times when you hear about data in the news and stuff, they're talking about cyber, they're talking about cyber attacks and this risk.

[22:57] And this is what you need to do. Like after this bad thing happens to you, you do X, whatever X is.

[23:03] And privacy really is about that more proactive,

[23:06] foundational look at data and how you manage your data kind of through a life cycle. And so.

[23:15] These reactive approaches don't really help,

[23:20] don't really solve your privacy issues. And so I think that's one of the things the companies don't think about when they think about privacy, because they think, well, we haven't had a breach or anything, so we probably don't need it.

[23:31] Kimberly Lancaster: And it's like, well, we don't need it. Yep.

[23:33] Debbie Reynolds: It's not about breaching, it's about you having a data strategy that makes your risk less. But what are your thoughts?

[23:42] Kimberly Lancaster: Completely agree.

[23:43] I mean, there's three legs to that discussion. There's the data inventory. You've got to understand what you've got,

[23:49] you've got to understand how it's being used. And then you've got to decide what your governance and strategy is.

[23:56] Are we going to use this data for what we intended or do we have other uses in addition to that strategy?

[24:06] Being proactive versus reactive?

[24:11] Thinking about opportunities to help the business grow by being able to put into place,

[24:19] hey,

[24:20] if we gather consent or if we have approval to use data for this means versus this means,

[24:27] and we were up front and we're transparent about it and our policy and our notice and everything else,

[24:33] you can allow the business to grow.

[24:36] You can actually use that to help the business be more productive. In sales.

[24:42] We're forward thinking, we want to do these things, we want to have this stuff.

[24:47] The language around that is really important.

[24:50] And it also allows for alignment on the other two,

[24:58] you know, the compliance and the security,

[25:00] if the privacy is leading the charge in that area,

[25:05] because these two are reactive,

[25:07] they are very reactive. And so privacy has to take that forward step and be the group that actually drives forward and how the data is used and what the purposes of it are.

[25:20] I also really strongly believe that there are opportunities for data gathering that as long as you're open and transparent with people,

[25:31] most of the time, they're okay with it.

[25:33] And that's a proactive.

[25:36] Being reactive in that scenario tends to bite you in the, you know what?

[25:42] Debbie Reynolds: Totally.

[25:44] Kimberly Lancaster: You're like, oh well, we were doing this and hey, we're going to notify you now and there's something that's happened or that privacy has to be a forefront,

[25:55] period.

[25:56] They have to lead the charge.

[25:58] Debbie Reynolds: I agree with that. Selfishly, I agree that that's true. Because.

[26:04] As you say, and I tell companies this all the time, a lot of times they're afraid to ask.

[26:10] They rather almost get in trouble for doing something than, or ask for forgiveness, even though forgiveness is very expensive than asking for permission. But if you, I always tell companies if you are doing something with data that benefits the person,

[26:27] chances are they will let you use the data. But where companies go off the rails, it's like you're doing something that benefits you or the company and it does not benefit the person.

[26:38] And so they were like, well, why would I do that?

[26:41] Kimberly Lancaster: Exactly, exactly.

[26:43] Because.

[26:44] And I like you, I'm a privacy geek at heart. Everything I do is trying to teach people.

[26:52] And that's where awareness,

[26:55] understanding, relating to them as an individual.

[26:58] I can't say the times that I've gone in and done a presentation to a team and just sat down and started to talk and said,

[27:07] how many of you have gotten a notification that your data's been lost?

[27:12] And three quarters of the room raises their hand and then finally pretty much everybody in the room raises their hand and then you have that one to one connection. So you're on, you're you're relating to them as individuals.

[27:26] It's.

[27:27] And when you do that,

[27:29] you can then start to have that forward thinking conversation, hey, let's talk about what it means,

[27:36] how do you want it for you?

[27:38] You know,

[27:39] and a lot of times when you're in a company,

[27:43] the employee side is kind of forgotten.

[27:47] Hey, I'm here to protect you as well.

[27:49] You know, my job as a, as that person is I'm here to make sure that our HR systems are clean and that they meet the requirements and that they're being governed and they're doing the security and that not everybody can go see your information.

[28:05] So it's really important to have that.

[28:09] Let privacy drive forward,

[28:11] let it be that one and then the other two really are supporting that drive.

[28:19] And then all three are successful because then you can sell all three to your customers.

[28:25] Debbie Reynolds: That's so true.

[28:27] Give me a scenario. You know,

[28:29] the names and locations have been changed. Right. To protect the innocent.

[28:35] Where maybe a company didn't understand before they worked with you why those things were important and then how they, once they got with the program,

[28:46] it helped them in tremendous ways, including maybe even revenue for them.

[28:53] Kimberly Lancaster: Yeah,

[28:54] I worked with one company where I came in and they were,

[29:00] they were medium sized, but didn't have a privacy program,

[29:05] had somewhat of a security program,

[29:08] had an audit program.

[29:10] And when I came in, I'm like, okay.

[29:13] First thing I did is I sat down with the security leader and the compliance leader and I said, how do we work together? Where do we commingle?

[29:20] I shouldn't have to bring in additional requirements on top of yours. Tell me where your controls are, tell me what's there.

[29:28] I can add little teeny tiny bits here and there and tweak this so that we're not making the engineers or the business people want to pull their hair out or ignore us.

[29:41] And it took a few months.

[29:42] They were very skeptical at first. Didn't want to talk to me, didn't want to party,

[29:47] didn't want to do this.

[29:49] There was a famous old saying that being a project manager means providing meals.

[29:55] Well, I brought a lot of donuts.

[29:58] To the table and kept trying and kept talking. And finally we started to have the conversation.

[30:06] And then it was very easy to really start.

[30:10] Then I could branch out and start to have the conversation with the other teams. I'd go to meetings with these guys, I'd go to their reviews of tools and I'd ask questions and then,

[30:21] you know, engaging with the different teams across the company.

[30:25] And about nine months later,

[30:29] My boss came to me and he's like, you know what?

[30:32] I'd really like you to present something to the executive team about what you've done.

[30:39] And I'm like, okay,

[30:42] why?

[30:43] And he says,

[30:44] because I want you to put it in words that they can turn around and use it to sell.

[30:49] He says, because what you've done has built a cohesive partnership.

[30:55] We turned around and we were able to start using that language in a way that allowed us to improve sales,

[31:04] it allowed us to retain customers because we were able to show in security awareness and security questionnaires.

[31:15] We were able to improve audits because we were getting better evidence.

[31:20] And we were able to show alignment among different control families and frameworks and things. And I was able to show from a privacy perspective, we were meeting and leading this area and then having data governance and a strategy on the use of the data allowed us to go build a couple new tools.

[31:41] So it takes time.

[31:44] It is not easy. And it took a lot of effort and a lot of patience and a lot of listening.

[31:52] And I wouldn't have done it had I not had the team I had behind me and partnering with me because it took those individuals. I couldn't have done this alone.

[32:03] It was not a me show. It was an us show. And without them,

[32:08] we would not have been able to engage these larger groups and move things as far as we did in the time we did.

[32:19] So it truly takes a village,

[32:24] and I'm a firm believer in that.

[32:26] Whether it's a one person compliance, security,

[32:30] privacy team,

[32:31] or it's 50,

[32:33] you have to have a village and make it work.

[32:38] Debbie Reynolds: It's true. It's true.

[32:40] Right? Whether those people are within your company,

[32:43] external. I mean, we all have to rely on each other. We all call each other up,

[32:48] we have questions about stuff. And it's great to be able to have that type of community where people feel comfortable to say, hey, I have this issue. What do you think about this?

[32:59] Kimberly Lancaster: Oh, I will hit people up left and right if I got some.

[33:06] Totally. I think I've even bothered you a couple of times.

[33:10] Debbie Reynolds: Oh, you're never a bother. I'm never a bother, but I love it. It's like having super friends.

[33:15] Kimberly Lancaster: Yeah, it is.

[33:17] I am not the smartest person in the room, but boy, I'm sure gonna ask the ones that I think are and I'm gonna listen and there are a lot I don't know, but, oh, man, if I'm gonna learn something, I'm gonna go learn it.

[33:31] Debbie Reynolds: Yeah. I'm like, why would I want to take the pain of a lesson when someone can just tell me.

[33:37] Kimberly Lancaster: Yeah,

[33:38] exactly,

[33:39] exactly.

[33:40] But it. I think the thing that I was most proud about that is that it not only empowered me as an individual and as a manager, but it empowered the people that I, that I was lucky enough to work with,

[33:54] whether they were directly reporting or they were partners and enabling them to grow as individuals.

[34:02] And it also empowered our sales team and empowered our engineers. They started to think about things differently.

[34:09] Our business people started to think about things differently. How can we improve this? How do we improve that process? And it really was a nice change.

[34:19] Debbie Reynolds: Yeah.

[34:20] And I think too,

[34:21] that was a perfect story because I think a lot of times when people think about compliance,

[34:29] privacy and security, they think about no revenue. Right. This is sunk cost. So we're never going to see that. We spend this on that. You know, it'll be a black hole.

[34:38] They're never going to get that.

[34:40] They're not going to generate revenue. But the types of changes that you're talking about really can transform organizations.

[34:47] Save them money, make them money. For sure. Absolutely. And I think especially as we're seeing more consumers becoming a bit more savvy about their data and they're asking questions. So I think it's incumbent upon companies that want to lead in the future to do those things where they understand their data and they can answer those questions.

[35:08] And especially your comment about audits. This happens to me all the time where I'm like,

[35:14] once we get everything connected together and we understand what we're doing, it makes it easy. So if a new law comes up, we're mostly covered. We may have to do one or two things, but it isn't a hair on fire moment if something changes in a regulation or a new standard comes out.

[35:32] We're already kind of aligned there.

[35:34] Kimberly Lancaster: No. And that's it, you know, and it allows the company to ebb and flow much easier.

[35:40] Oh, we want to bring on this new vendor. Okay, great.

[35:44] Give me two hours. Let me go do a review. Let me understand what they're doing. Let me read the privacy notice. Let me talk to them.

[35:51] It enables people and culture to grow,

[35:55] and it really enables opportunity for individuals to grow.

[36:02] And the more that you allow individuals to grow in a company,

[36:07] the more willing they are to take on a little bit more work,

[36:13] a little more strategy, a little more thinking, a little more,

[36:19] oh,

[36:19] this isn't a cumbersome thing because I'm learning from it.

[36:23] And, oh, hey,

[36:25] third time around, I've got it down. I know what I Gotta do.

[36:29] No big deal.

[36:31] So it does build.

[36:34] Debbie Reynolds: That's true sage wisdom. Excellent advice.

[36:38] Oh, my gosh.

[36:39] Well, if it were the world according to you, Kimberly, and we did everything you said, what would be your wish for privacy,

[36:46] security or compliance anywhere in the world? Whether that be human behavior,

[36:52] regulation, or technology?

[36:54] Kimberly Lancaster: Oh, boy. I think it'd be human behavior.

[36:59] We are creatures of comfort and habit.

[37:03] And because we are creatures of comfort and habit, we want things. We want to be able to make things convenient.

[37:11] I would love to see a world where.

[37:14] Data can be given without drastic and still get convenience.

[37:22] There are many apps out there that we give our data to that we give it willingly or unknowingly.

[37:33] But awareness,

[37:35] and where that starts is transparency by the companies.

[37:39] That would be my wish.

[37:41] The transparency by the company allows for privacy to lead security to make sure that things are in the right place,

[37:50] and compliance to prove it.

[37:52] It really is a triangle.

[37:54] You've got security on one side, you've got compliance on another, and you've got privacy on the third. And in the middle, it comes down to trust.

[38:04] Debbie Reynolds: That's true.

[38:05] Kimberly Lancaster: Being able to trust the companies we work with.

[38:08] Debbie Reynolds: I say trust is the new goal. So trust is what all.

[38:12] Kimberly Lancaster: Trust is the new goal.

[38:14] Debbie Reynolds: Trust is what all companies need to endeavor to achieve from people. And so doing those things will put them on that path.

[38:25] Kimberly Lancaster: Yes. Fully agree.

[38:28] Debbie Reynolds: Wow. We solved everything, Kimberly.

[38:31] Kimberly Lancaster: There we go. All right. We dropped the mic for me.

[38:35] Debbie Reynolds: Oh, my goodness. Well, such a pleasure to chat with you today and being able to share your insights. Wow.

[38:42] Unbelievable. I mean, you. You solved everything. Oh, my goodness.

[38:46] Kimberly Lancaster: Oh, hilarious. If only. Unfortunately, I think we're all going to have jobs for a while.

[38:52] Debbie Reynolds: Yeah, right?

[38:56] Kimberly Lancaster: Yeah, I think that's okay. That's part of the fun.

[38:59] Debbie Reynolds: It is.

[39:01] Kimberly Lancaster: That's part of the fun is new challenges, new opportunities to learn, new people to engage with and, you know, an ever changing environment.

[39:15] Debbie Reynolds: Yeah. Oh, my gosh. That's tremendous. Thank you so much. And I'm sure.

[39:20] Kimberly Lancaster: No, thank you.

[39:21] Debbie Reynolds: I am so sure that we'll be able to have. We're going to bump into each other as we always do in just wacky places on the Internet.

[39:28] And yeah, I just love, love to see what you're doing. People definitely follow Kimberly. She always, no matter where she goes, she like dumps a comment on someone is like, mind blowing.

[39:40] She knows everything. She knows all these things that people need to know and very wise being able to communicate it to all levels of organizations. So, yeah,

[39:50] check her out, check out her website,

[39:52] follow her on LinkedIn she's amazing.

[39:54] Kimberly Lancaster: Well, thank you. I. I have great people I follow like you.

[39:58] Debbie Reynolds: A thank you so much and I'll talk to you soon.

[40:02] Kimberly Lancaster: All right, Take care.

[40:03] Debbie Reynolds: Thank you.