Allison Gay, Privacy Manager, RSM US LLP, speaks with Mark Johnson, Regional VP, New Era Technology US and Editorial Board Chair, CDO Magazine, in a video interview, about the company, her professional background, the shifting mindset on privacy with the advent of GDPR, and staying abreast with latest compliance laws.
Gay introduces RSM US LLP as the fifth largest accounting firm that not only offers accounting tax services but consulting as well. Shedding light on her role, she mentions running the privacy practice at RSM that falls in the purview of security and privacy risk consulting practice.
Adding on, Gay states that the firm helps small businesses as well as Fortune companies with cybersecurity and privacy. In her role, she helps clients assess and build their privacy programs and optimize them. Further, Gay is also one of RSM’s AI governance leaders.
When asked about her professional background and experience in the field of privacy law, Gay mentions starting as a software developer before moving into a compliance officer role. Soon after that, she observed how organizations struggle with the concept of privacy.
As her career progressed, the General Data Protection Regulation (GDPR) came out and it shifted the mindset of business owners, especially in the U.S., says Gay. Then, she recalls working for an international development company that operated in 35 countries, wherein, she put in place the privacy program in compliance with GDPR and other obligations.
Commenting on the privacy risks and organizational challenges, Gay states that there are many privacy risks associated with AI. The most significant risk to the organization is alienating and upsetting individuals including customers and employees.
Highlighting the mindset shift, Gay shares that with the advent of GDPR, the individual now owns the data and not the organization. However, all organizations have not caught up to the mindset, and that leads to alienating consumers.
For instance, with Meta, privacy is a concern for its new users that comprises the younger generation. She maintains that the current generation does not use a product or associate with an organization that cannot be trusted to guard the data.
Gay says that organizations must comprehend not only the reputational risk involved with privacy but also understand that not doing it right can lead to losing consumers. To mitigate that, organizations must have a comprehensive privacy program, fit for organizational purposes while ensuring it is built on privacy principles.
Regarding staying abreast of the latest compliance laws and regulations, Gay observes that by the end of 2024, 75% of the global population will come under privacy regulations. Furthermore, she notes that 14 states of the United States have passed privacy-related laws.
To stay informed on updates, Gay relies on her amazing team and organizations such as the International Association of Privacy Professionals, that regularly put out updates, and have trackers for upcoming legislation.
Referring to her conversation with a Chief Privacy Officer, Gay shares that one cannot act on information only by ingesting information all day long. Therefore, she retorts to ingesting information in the morning and acting on it later in the day.
Concluding, Gay states that it boils down to constantly updating to ensure they are looking at the latest and greatest because things change too fast in privacy.
CDO Magazine appreciates Allison Gay for sharing her insights with our global community.