Senior Privacy Consultant
What drew you to privacy and how many years have you been in the privacy space?
I’ve been working with clients to address privacy, security and data management concerns for more than 20 years, focusing not only on the legal and compliance drivers of data protection, but also on the ways organizations can use technology to achieve their goals. What I find so exciting about the space is the blend of policy, strategy and technology issues and opportunities. Sitting between the worlds of Legal/Compliance, and the Business Units and IT/Information Security, I get to play a pivotal role in bridging communication gaps, translating needs and facilitating the open dialog of “how do we work together” to protect and strengthen the company. It’s an exciting but challenging time in privacy, and it’s so satisfying to empower my clients to first build and then know they have a solid foundation to work from.
Favorite GDPR Article and why
How to choose just one! But since I have to pick, Article 5 is my favorite because I see it as the heart and soul of the regulation. In Article 5, the Regulators have laid out all the ways in which companies need to respect not just what amounts to the rights of the individual data subjects, but really the ways in which companies need to respect the data itself. And I think that’s paramount to the GDPR – it is about the documentation, policies and processes companies need to develop. It is also about the security and technical controls that must be implemented; but fundamentally, I view it as a statement to companies that our personal information has value and worth, and it is entrusted to them with the idea that they will respect it and by extension, do everything necessary to protect it.
One thing you’ve noticed that has changed about privacy since you’ve started
The increasing awareness of privacy’s worth and how we’re affected as global consumers – and I see it in my clients from their perspective as in-scope businesses, but also as individuals, themselves. I also see my clients’ growing understanding that this is not only an IT or only a Legal/Compliance issue, and that privacy is something that all areas of the business need to work on together. Not only is this coming with more evident executive sponsorship, but overall I sense a greater willingness to break down some of the silos that separate corporate teams.
Advice for new privacy practitioners
Read, read and listen! Privacy is a fast-paced sector, and it is critical to keep on top of the evolving positions and opinions of governments, regulators, commentators and industry groups. The best way to do that is by taking advantage of the many quality websites from associations like the IAPP, providers like TrustArc, and government resources like the ICO’s and the GDPR’s own sites – read articles and privacy blogs; subscribe to newsfeeds; listen to podcasts; and attend webinars and conferences. Our clients are thirsty for information about what they need to do and how to do it most efficiently, so the broader your knowledgebase the more effective you’ll be.
Janalyn Schreiber brings more than 20 years of experience consulting with Fortune 500 companies in the Financial Services, Healthcare-Life Sciences, and Technology sectors on the complexities of managing privacy and protecting data in today’s evolving regulatory landscape; and in leading computer forensic, incident response and eDiscovery project management teams responding globally to high profile investigations and litigations.
A testifying expert witness, Janalyn is a regular speaker on data privacy, management and security issues, including presentations at the IAPP’s Global Privacy Summit 2018 and in IAPP Webinars; in the TrustArc & Ogletree Deakins GDPR Privacy Workshop Series; at CBI’s Data Privacy for Life Sciences Summit; and as a panelist on Global Privacy at the U.S. Securities & Exchange Commission FCPA Unit Annual Training.
In her role as Director, Consulting-East with TrustArc, Janalyn is focused on helping clients evaluate their privacy posture against global regulatory core requirements; mapping data inventories, flows and risk factors; and delivering prioritized implementation plans to achieve ongoing compliance.
Previously, Janalyn was a Managing Director at Navigant Consulting, a Principal at Deloitte Transactions & Business Analytics LLP, and a Vice President at Xerox Corporation. Her certifications include: IAPP Certified Information Privacy Manager (CIPM), (ISC)2 Certified Information Systems Security Professional (CISSP), CompTIA Security+ and Network+.