#PrivSec webinar with industry leaders: our roundup

Our roundup from a recent #PrivSec webinar with industry leaders.

Trace partners with Bearer to grapple with the tough #PrivSec questions

“How do you bridge the gap between security and privacy teams?” is one of the thorniest questions facing fast-growing fintechs. 

Trace’s Founder Sorcha Lorimer recently tried to tackle this with Peak’s Gary Myers,  FreeAgent’s Richard Grey, and Bearer’s own Guillaume Montard in a very well-attended panel discussion.

The full video of this fascinating session is available here . We’ve also prepared a summary of key takeaways:

PrivSec is a team sport

Agile development cycles removed the ability for a traditional handoff from product to development to legal to ops, and so on. As a result, the skill sets of everyone involved in the process has grown.

It takes a team to keep track of all the changes in laws, technology and industry that apply to data protection and privacy.

Enlist cheerleaders

General training on the key areas and expectations is a great place to start, but you’ll still need individuals to cheerlead certain topics. 

Harness interest where you find it.

Red teams and squads

On the flip-side, it can be highly valuable to form multidisciplinary “squads” which come together to facilitate communication and knowledge-sharing on key privacy issues. 

The cross-functionary view is vital for effective risk management. 

Emphasise it’s not about saying “no”

Answering requests isn't always about saying no. You can often say yes, with context. Data sharing isn’t necessarily a bad thing, as long as individuals have made an informed decision about how their data is used. 

When the whole team is aligned—more on that later—this is much easier.

Culture eats strategy for breakfast

Privacy and Security may be “everyone's responsibility”, but the leadership team is accountable for making that happen - through culture, values, and training.

You need to have set Privacy by Design in the DNA of the organisation and ensure people understand that 'why' and understand that motivation. It’s not just about the stick of fines and enforcement action, but the business benefits of being a trusted data steward too.

You can view the full discussion here.