E53- Demeka Fields, Counsel, Global Sports Marketing, Data Privacy at New Balance

42:08

SUMMARY KEYWORDS

data, people, breach, company, Vikings, privacy, thought, information, contract, business, lawyers, dealing, plan, talking, third parties, world, layman, long, fans, legal

SPEAKERS

Debbie Reynolds, Demeka Fields, Debbie reynolds


Debbie Reynolds  00:00

Personal views and opinions expressed by our podcast guests are their own and are not legal advice or statement by their organizations. Hello, my name is Debbie Reynolds. They call me "The Data Diva." And this is "The Data Diva Talks" Privacy podcast, where we discuss Data Privacy issues with industry leaders worldwide, with information that businesses need to know now. Today I have a special guest. I always say that, but it's also true today. I have Demeka Fields here; she is counsel, general sports marketing, Data Privacy, and New Balance. Demeka, welcome to the show.


Demeka Fields  00:45

Thank you so much. I'm so honored to be here with "The Data Diva" herself. Thank you.


Debbie Reynolds  00:52

So I contacted you. Well, you and I have met right. Several months ago, we did a couple of collaborations together. I have a shout-out to Ironclad and Vera over there. Who brought us together, right? To be able to do we've done a couple of like Ask the Expert sessions about different Data Privacy laws. And I don't know why I sent you a message, and I say, oh my god, I'm so upset at myself. I had never asked you to be on my podcast, and I was thinking, oh my god, I'm totally happy we are here. So glad to say yes, I'm happy to have you on the show.


Demeka Fields  01:35

No, thank you so much. When you message me, I'm super excited. I'm like, what I mean, you know, I'm in the company of all these great little grades that you have talked to, but I think from our first meeting with the panel, I'm like, okay, I can you know, I can get with Debbie. And we always, you know, start having our own conversation. We have to bring others into it because we connect so well. So though I am super excited to be here and honored. You asked me to join you.


Debbie Reynolds  02:04

Oh, yeah, totally, totally. Yeah, I just beat myself up; what was I thinking? We have to have you on the show. Well, I love the role that you've done. Also, you know, you're with the Minnesota Vikings at one point too. So I would love to talk about sort of your journey into privacy. Because I think it's really interesting, the way that sort of you've gone there. And then part of your role also is marketing and how that touches privacy.


Demeka Fields  02:35

Yeah, so I mean, with the Vikings, I didn't when I first started with the sports team, you know, did not think I would be working on any privacy matters, right? I'm thinking I'm going to be doing things working with the football team and different companies, but never that privacy aspect. But when you start to dig down deep into a team, when you work for an NFL team or any team in any league, you're a contract generalist. So you make the sexy contracts with, you know, your coaches and the doctors. But then you do the not so sexy contracts, which is like trash removal. You're like, wait, what, like long someone has to do that contract, it's you. And then you know what data, I would say my last two years, I really started to dig down deep into the Data Privacy and the breaches aspect. Because we are expanding, we're expanding our platform at the Vikings online, and you really start to think of your worldwide fans. Right. So outside of Minnesota, parts of Wisconsin in the Dakotas, you know, we do this goal chant at the stadium. And so we have a lot of fans that are in like Iceland, and Greenland, and Europe, the NFL is growing. But then we have to start really thinking about GDPR. And how, how does that touch us? Because we're not biased, you know, in the UK, but we want to reach those fans, and is it worth it right, then you start looking at the risk associated with it isn't worth targeting those fans and really trying to get them involved? Or does that open us up to an entire can of worms that we don't need to open ourselves up to for 10,000 fans, you know, when we can just focus on the fans in the states, and that's millions of people? So we really had to think about that. And the last few years have just really opened my eyes to really look into, you know, how does this impacts our sports team, as well as also with your data breaches. I think that is something I left at the Vikings, and now I'm doing with really, really closely with New Balance. It's just you know If you're if there is a breach, how do we deal with it? And dealing with third-party companies? Because we would have so many third parties? What, you know, what standard are we holding them to? What are we putting in their agreements? Are agreements buttoned up? Because maybe we're not controlling the data. But if someone else is, you know, people are going to look to the Vikings; no one else knows that that's a smaller third-party vendor. So are we protected if something happens? And are we making sure we're getting notified? So all of that, all that stuff, so I started the experience with the Vikings and then coming into a New Balance, I am a, I would say, a sports attorney through and through whatever that means, by when they said, you know, a portion of your job will be Data Privacy, and handling corruption and data breaches. You know, I'm like, okay, let's see, you know what that means. And I think I am still trying to figure out what that means. But it's totally different from the Vikings. Because you know, the Vikings, you're dealing with a national organization, international, of course, international reach. Still, you're really focused on your smaller area versus this is a global brand, right? There's New Balance, UK, and there's New Balance, Italy, New Balance Australia. So New Balance is really a global brand. And so then, of course, there's a lot of different regulations that come into play when we're developing marketing campaigns, which is probably smarter for us to have our different entities all over the world versus just having one entity in the US and trying to have that reach. I think that would be tough. And then really dealing with ransomware attacks, like how do we deal with that? Do we have the proper protocols? And that's a little bit what I'm in. Right now, we're starting to figure that out. So, you know, I never thought I would see myself as a data expert. But now, as I talk, okay, maybe I know something. But it was never my goal to get into this industry. But I mean, now the way the world is going, you have to your company, maybe not you personally, but your company has to have some type of expertise or have an expert to know how you all should govern yourselves. And so that's where I am just learning and growing. But it's really interesting. And it's top of mine now. So it's been good.


Debbie Reynolds  07:33

Great, yeah, I know someone heard someone say, I don't have the exact quote, who coined the phrase, but they said every company is a data company now. Right? So regardless of whether the data is electronic or not, you're dealing with the data of people. And then you know, you, of course, being very consumer-facing right human facing people facing you know, you're doing campaigns or selling products all over the world. You know, your, your reach is so broad, right? In the types of things you guys do. And you probably, I'm sure, when you went to law school, you probably didn't think to be dipping your toe in the into the data ball of wax.


Demeka Fields  08:12

No, I am still a bit surprised that I am even doing a podcast with you. Right? I just never thought this would be my sector, or, you know, part of the sectors I'm in, and as I say, it's really, really interesting, because it's so expansive, right? Like I'm dealing with the breaches, including the ransomware attacks and getting the protocols in place. And for a 200 person company. It's a little bit different from a 2500 person company across the world. So no, I don't even know if we have the right classes to even touch this topic. at Tulane or any law school. I don't know how many law schools are really teaching this. But for sure. Yeah, that's good, that's a good thing. Yeah, sure. Yeah, it just touches I think, I'm I feel like technology as a whole hasn't gotten the foothold in law school. So they should have just in general, and then this whole data element is just crazy, right? Because these regulations are changing so much and, and a lot of like what you're talking about when you're talking about having plans and protocols in place. You know, that's really about the future. Right? You know, you're trying to prepare for a future. It's not, you know, it's not about a precedent. It's not about something that has happened in the past. Right, but even though it's gonna have a breach. Obviously, that's something that would, you know, require, like the typical, you know, legal, you know, judgment and, you know, redress and stuff like that. I think one of the really interesting things that are happening with privacy and data right now is that, you know, we're coming upon situations where There can be harm or harm and happens to people for which there is no adequate legal redress. Right. So a lot of it, like you said, like having a contract buttoned-up, knowing who your third parties are getting understanding about, you know, what that handshake is, like, you know, what, this is our responsibility. This is what your responsibility and us together, you know, this is how we're going to do this, right? So, it's almost like, you're, you're baking a cake with someone, and like, you have eggs, and the milk or someone else has the butter, you know, but you know, just because you have those ingredients, doesn't mean that you're going to make a good cake. Right, you have to find a way to really collaborate and communicate together.  Yes, it takes so much effort, you know, you have to make sure there's an actual agreement first, right? And there are times where you find out there was no agreement. And as a lawyer, I'm always like, there's never an issue until an issue, right. People in other departments are like, yeah, we don't need a contract the contract's basic, it's fine, we can sign it, you know, and then when there is a breach or something happens, then it's like, oh, wait, we didn't let you see this contract, or we didn't have a contract. But we never had a problem with them before. And so of course, it first has the paperwork, but then it takes some thought and planning, like you mentioned, to make sure that just because we have the ingredients like I have the eggs and the milk, and someone else has the flour and the yeast, what are the measurements, right? Like what we can't just all put in what we think is gonna be the right measurements and like, let's just see how it tastes. And it will not taste good. I can tell you that, right? Oh, I was thinking like, let's say, and, and plan this out and think about it. And you know, sometimes just in our day-to-day, you know, people get so rushed, right? Like, there's always a rush; we just need to go, go go, we need to hurry. We just need to make this happen. And most of the time, that's just not the way to go. Because we want to make sure, you know, we need to know, what information are you actually collecting? And how do you store this information? And what are you going to use it for? And one thing that's big with this on the sports side of things and teams is, you know, are you going to sell that information? And what stance are you going to take as an organization that you're not going to sell, right, your fans' information? That's pretty big. And just making sure that people are aware of where their information is going to be used. And I remember you use this great analogy of making sure, like with the bank, making sure if you deposit money, you know where your money is going and where it's at. And when you want to go get it from a bank, you're able to. And I think that's kind of where we're going into that space now where you don't when someone has my data now I'm actually like, what, wait, what are you using this for? And can I ask you to remove it? And so we really have to stop and think and spend time on these contracts. And that's one thing I'm always pushing. And so, let's think about how we are drafting this. And is it realistic? Because if we draft these 20-page documents, 30, 40 pages, and this section aren't realistic, and something happens, and we can't actually go by this, then what was the point? It makes no sense. So that's something that I'm doing in drafting realistic plans. Let's make sure this makes sense. But we need the details.


Debbie Reynolds  13:34

Right. And I'm glad to mention a kind of realistic plan. So because there are so many privacy laws that have things and about third party data sharing, I can see how some companies get, you know, concerned about it, right? Because there is a risk there. So it's not like you can say, oh, we can't. We're gonna start doing business, all third parties. Like that doesn't work. Right. So third parties have existed as long as the business has existed in the world, right. So that's not really realistic. But, you know, I think some companies may try to write in things like contracts that are very unrealistic for a third party. And one thing I tell companies is that you shouldn't ask someone to do something that you can't do, so. So if you're not willing to go to the top of Mount Everest, you probably shouldn't ask somebody else to do the same thing.


Demeka Fields  14:24

Right? And because realistically, you know, they can't, so why put in my drafting mind. I'm like, Why ask them to go to Mount Everest? And you know, they don't work out. So you know, there might not even make it past the foot of the mountain. So it's like, let's start small, or go to another vendor, right? Like if they don't have the protections we need, that we just need to go elsewhere to find one that works out a little bit or is willing to do the training and really willing to invest the time versus, like you said, asking and telling someone They're going to climb Mount Everest. And we know that it's just not going to happen because we're setting ourselves up for failure.


Debbie Reynolds  15:06

Right, exactly, exactly. What is your thought about the kind of digital transformation? So when I say that, you know, because of COVID, obviously, companies when they want to do business, whether it's, let's say you want to install accounting software or bring on some new technology, you know, you know, like, biometrics is the new hot thing right now, or things like, you know, even these vaccine passports and stuff like that. So we're getting into a situation where companies are, you know, in order to stay in business, they have to get into these rounds, they were never in before, of collecting more data than they had before. And then you're bringing all these new tools, you know, what is your thought process around, let's say someone bringing in a tool to have like biometric data in it or whatever, you know, you, again, you're collecting data that you've never had before about people. And obviously, there's a concern about, you know, whether you click it or not how it gets stored and stuff like that. But I think one of the challenges I'm seeing because I work a lot with developers is that a lot of times they want to, they want to create tools that can be used by the broadest range of people possible. Right, but not everything that they put in those tools should be used, right? Or is it even legal in certain places? So, you know, it's kind of incumbent upon a company to find a way to vet that make sure, okay, well, can we turn this thing off? Or? Yeah, you know, what parts of this product am I going to use? Or how we're going to be able to implement it within our organization in a safe way? In terms of privacy?


Demeka Fields  16:51

Yeah, no, I think you have it completely right. One thing that, at least with my marketing group, that I'm always asking is, what's the full plan? Right? As you said, if a new tool is collecting some data, you know, a lot of times we focus on what they can do for, you know, what, how it can benefit our business. But do we know the complete, like, the robust nature of this tool and what it can actually do? Because that's where we also, as you said, want to protect ourselves and say, okay, we want to collect this data, but we don't want this data. And if they aren't going to collect this, like, how do they handle this? Right? And what is their plan? And maybe they've been looking at one state, but if we have customers in California's or Virginia's or, you know, abroad? Is this going to work for those states, because those states with the like the highest, or the most regulations, that's what we really have to reach out for, right? We may have to make sure we hit what they're asking us for. And so I'm always asking, I need all the detail, right? Like, I need as much detail as possible. I don't need you to send me just what you think I may need or what you want me to see. Because then I'm gonna dig deeper and find out the information anyway. But like, let's look at this entire tool, and look at all aspects of it and really decide is this too much for us? Do we have too, too, too much, you know, regulation? Are they collecting too much? And we don't even want to get in that space. We were like, maybe we don't need biometric data, we only need a name, number address for shipping? Do we even need to go with this company? Right? And have that be a risk, or if hackers are targeting this company, because they have this data, you know, that we don't need, we don't even want our customers to be, you know, be in that line, right? Like, let's go somewhere that they just really have what we need is little more just targeted for our, for us. And so, you know, that's what I felt like lawyers are always the bad guys. But it really is like, okay, we're gonna filter this. You also have all of your ideas. We know this is the new product that's going to take us from zero to a hero like there's always something, but when you send it to us, just know, okay, we're gonna start talking about risk in these crazy scenarios where everyone's like, lawyers are so dramatic until that crazy scenario happens. And we're in the news, like my beloved Howard University, which we may talk about, but, you know, it'll never be you until it's you. And then you're figuring out how to deal with it. So about knowing as much as possible and then figuring it out from there.


Debbie Reynolds  19:46

Yeah, I agree with that. You know, and so that the back end of digital transformation is kind of the I call it almost digital degradation. Right. So let's say you have a tool it's old doesn't work for what you want. It has all this data in it, what do you do? So the past was like, put it in the background, put it on a service, or don't delete it or whatever. And what we're seeing with a lot of these data privacy regulations, you know, they're not making it easy. They're not saying delete it after seven years if they're saying delete it after your business purpose has concluded. So I mean, that's like a hard trigger. To even think about right, you know, because a lot, because I think the, you know, I tell I spoke at a conference General Counsel conference this week in Chicago. And one thing I told, the lawyers that were there is that, you know, the software is created to remember, and not to forget, okay, so you tell me, oh, we want to delete this and, you know, forget that, it's like, it just was not built that way. So you have to think it through in terms of your process and make sure that you have a tool that lets you do that because some tools won't let you, you know, delete, or take stuff out or move stuff around? What are your thoughts about that kind of end of life in the useful business cycle of data?


Demeka Fields  21:12

Now, you hit it on the head, and I feel like I have dealt with that a number of times, where, you know, we have someone in-house, at both my companies have this crazy idea. And they want to collect all this data. And before it was, you know, we're targeting for tickets in, and you know, come to the games, and there may be targeting for footwear ads or different things. That's like, what do you need all of this information for? Right? Like, what are you going to do with this information? Where are they going to be stored? Like, have we thought through this process? And before then was just like, No, you know, we will just use it, we're thinking about just using it for this one thing. It's like, okay, well, do you know where it's going to be stored? Either internally or this third party? Like, what are our options here, and like you said, we run into a couple of companies that we've been using that didn't have the protocols in place if we needed to destroy data, or someone wanted to remove their information from the system. So I was like, hey, we're going to have to look at the companies we want to use in the future and make sure we, they have this technology. Still, some of these companies that we're already using, we're going to have to pivot, like we're looking at when contract dates come up and when we can go somewhere else. Because now you like you said, we have to know your purpose for storing this information. And for us, it's also making sure that we're only storing the information we need. Kind of like I said before; we don't need their height, weight, skin color. I know like some of that we use it for football, because you're trying to see who your fan is and everything. But do we want to store that information? Because that just opens us up? To have this PHI? So we just want to make sure we're storing what we need? Right? Is it just a name, a phone number, name, and email address? Right? Like that's one of the simplest things? Do we need much more than that? And why? And I think that's what I have had to get into the habit of just asking, why? Tell me why. So we can think through this. And because this is not a catch-all anymore. Like no, let's just get as much information as we need. And we'll have it. And then if we need it, we can go to it like that's not fine anymore. You need only to store this sensitive information you need, and everything else doesn't even ask because we don't even want it to come into our grasp. So then we're responsible for it. Like, in this case, which is never the bare minimum is what we want. But in this case, for data of other people's data, we want the bare minimum, like, what do we need? We don't need it. We don't want it like don't bring it here.


Debbie Reynolds  24:02

Right? That's what I love about it. Don't bring it, don't bring it. We don't want it. Right, right. And then, you know, I feel like, especially know a lot of lawyers, they don't like to get rid of things because they think, Oh, we're going to need it for a case or whatever. It's like, No, you don't, you know, especially like after cases are gone, it's been like, I've had so much trouble getting people to delete so who's like, oh, my God it's over with, it's done you know, or has someone do a somersault when I showed a certificate of destruction. Like one thing that, you know, litigation did come up with something, and they didn't have it because it got destroyed, they were happy. So you want to be able to do that. Right? You don't want to be like, oh my god, I got this document request or whatever. You know,  we should have deleted the stuff, but we didn't, and it's still here, and then we, you know, have a thing like, you know, an example of that. It's like the T-Mobile data breach where I think I call it authorized access, man; I don't know. But they had data that was from people who were trying to get T-Mobile accounts and had like very little business use it, you know, the business purpose and business use were really low. Right? But it was like, awesome, you know, again, you know, let's put it in the background, let's put it somewhere, you know, that doesn't have as much security as my as important or whatever. And now, that's like a huge issue. So I've tried to tell people, you know, some people say data has to go. And my European friends hate that term because they feel like data is very personal; you shouldn't make it about money or monetary value. But not all data is good data, right? So someday, that's going to give you high risk, right? So it's like low value and high risk, we keep the stuff, and you don't mean you don't go back and do that. And that's kind of the worst. It's not as sexy, right? No, you know, it's like, I call it like the abandoned amusement park, where nobody wants to do this, you know, no one wants to do it. No one wants to look at this, but it is one of the highest risks that companies have.


Demeka Fields  26:14

Yeah, and that's what we've, I think, in both situations, both companies, I've been part of creating a plan for how, how long were the data retention, right, like, how long do we want to keep this data? And that's what we've had to tell people. I mean, I know lawyers, all school, keep everything right. If you're dealing with coaches, people, sometimes in a different generation, just like keep keep keep, we don't know what's going to happen, right? I might need this information from 25 years ago, because they may call me it's like, it's not going to happen, right? Like, it's not going to happen. But we started to have to spread the message that the more you keep, the more successful we are to like risk, the more, you know, if there's litigation or something like that, and you have emails from 25 years ago, they're going to be able to go back into your 25 years worth of emails. That's like a hot topic right now. But it just, we need to set how long we need to retain this information. If it's five years, everyone, no, it's five years, like let's set this plan in place with it. I know a lot of companies don't have that. Right. So HR may be saving their information for 20 years, legal maybe 25, then some areas might be three. And you're like, well wait, we might need a little more than three years, but we don't need 20 years. So let everyone get on the same page. And that's why these plans are so important. What you have to go further than just having a plan. Of course, you have to practice and all that. But you need to at least have thought about it because you have a plan for the most part; you've put some thought into how long were you going to retain this information? Why? What are we going to retain? What are we going to let go of? And so I think that is super important. And I don't think people realize how important it is.


Debbie Reynolds  28:07

Right? Right? Again, it's kind of the unsexy topic, and no one was talking about, you know, because actually, that's a cost, right? Is my really, you know, this data isn't making money anymore, probably. And this is sort of, you know, something, oh, yeah, we had this, and we want to delete it. And then a lot of times what happens to organizations is, especially as the data gets older and older, the people who know about it leave the company, right, either by choice or other means. And eventually, there are one or two people that know anything about this information. And then a lot of times people are, you know, makes them more reluctant to leave because they're like, oh my God, no one knows about this. You know, I have a friend, my dear friend, Joy Heath Rush. And she made a great analogy. She was saying, some companies keep data, almost like it's like a garbage dump. But they think a diamond ring is in it? So they want to keep it.


Demeka Fields  29:05

Exactly what it is, like, there might be something in there. So let's just keep it just in case, like I'm cleaning out my closet to move eventually. And I just had to get over it. I'm like, okay, you're never gonna wear this, right? Like you've never used this in the past for years. Let it go. It's kind of like a day to like, and you haven't used it. You haven't looked at it. You're not thinking about it until you pull it out. You're like, man, and this is cute. Let me just put it back like no, like if you use it a certain amount of time. You need to depart. You need to let it go. And so that that reminds me of what you're talking about. It's it is like the diamond in the rough. Like no, if you had daddy Joe who retired he didn't look at it when he was here, it's probably okay to not let it go.


Debbie Reynolds  29:55

Absolutely not letting go. That'll be the name of your book, not letting go. What issue or topic in sort of technology or Data Privacy is top of mind for you right now? Like, what do you think about time in the future? This, you know, is getting your attention.


Demeka Fields  30:16

Right now, you know, it's relevant because we're working on this new balance, but it's the ransomware attacks because we are so online now. I mean, as a lawyer, I used to print out everything. And of course, I would store things on my computer, but I would print them out. So it,  my computer went down, I probably have 10 contracts printed that I can like read and redline, whatever. But now, with us being online, so much, like how we thought through how this would work, you know, and I brought up Howard before, but that attack, I mean, I think hybrid classes were shut down for two to three days. I mean, students couldn't go to regular class because they didn't have WiFi, like, it was a big deal. And it seemed like they had some plans in place, which is always great. But I don't know if they had worked through the plans to see what, you know, what was going to happen, and how long it was going to take. I think Colonial Pipeline was the same thing. Where I was reading, they didn't even you, and they didn't even as they paid for the ransom. And then it took so long for that information, I ended up using their backup, but then the backup took so long. So it's like, okay, we have all these systems in place. But do we know how to use them? If something happens? How long are we going to be offline? Like? How is that going to happen? Now that we're all at home? Does anyone have paper copies of our 300-page booklet on how to deal with a ransomware attack? So we have ransomware attacks, the ransomware, the outline is online, we can't look at the outline because it's online. So we don't know how to deal with the ransomware attack. So that's where we are in dealing with it this upcoming week.

How does our plan work? Right, the tabletop exercises of okay, this happened? What are we going to do? Does it take three days for our backup server to get online? How are employees around the world going to deal with this? Do we have one server for everything? Where's it backed up? So that is not keeping me a time. I think the next week it will, but that's top of mind for us. Because we're you know, you're going through different stages in your company of you know, let's see where we're at, let's make sure we're prepared. We see it happen to another company. So you want to make sure you're prepared. And then once you start peeling back the layers, you're like, oh, well, maybe we're not as prepared as we thought we were right. This is super outdated. We have people that haven't been here three years, right? Oh, who was supposed to update this? Oh, they left, and they didn't update, or they didn't send the latest version. So I think that's really where I am from a work standpoint of making sure and helping a company get to a place where we're comfortable. And we're more confident in our breach manual, and everyone's on the same page. And we've had management changes, right. So maybe the people like you said, who knew everything, they're gone. So having a plan, as always, makes me always want to have a plan. But then, like, let's see how that plan works before it happens to us in real-time. We're kind of struggling because we have a plan. But it's not in layman's terms. No one knows what this means, right? It's like, okay, let's make sure we have a plan. And let's update it to make sure it stays how we want it to work. And we don't just have this chart in place. And we don't know what the arrows point to whatever it's like, okay, let's go through this. So we can see, this didn't work. It looks good on paper, but how is it going to work? And if it took three days to get our systems back, how do we reduce it? What steps do we have to take to get it to be a day or three hours? Right. So that is where my focus has been on the data in a Data Privacy realm. It's interesting.


Debbie Reynolds  34:15

Yeah, I think the thing that does happen probably over the last 25 or 30 years is that, you know, people thought of technology, as you know, let's say you're a lawyer, do your job. And technology helps you do something faster, right? It helps you, you know, leverage, you know, do a lot of the heavy lifting, you know, for you to help you like be more efficient, get more insights or whatever. But the thing that sort of has crept up over the years and what a lot of people are starting to realize, especially with AI ransomware, cybersecurity attacks and stuff like that, is that you know, most of us can do our jobs now, without technology like it's so much faster dating of what we're doing that we can not do our job. So thinking through those top issues that you're talking about is of critical importance. And then also make sure that the people that you have supporting you, you know that they understand the importance and understand how important they are in this in this whole thing. So I think, you know, especially out I work a lot with general counsel, and I like, General Counsel folks, in general, because you guys are so you're smart, you're lawyers, but then you also have to be a business person, right? You have to understand the business, and you have to understand how businesses work. You can't like, throw a grenade and then leave the room.


Demeka Fields  35:46

Right? And it seems like with anything like this, they come to the lawyers anyway, right? I think there's two of us, myself, and then our General Counsel, who, as part of this group, and the group is not huge, right? It's coming from different departments, but it's not huge. But we probably have two people, and everyone else has one, right? It's like, everyone's going to come to the lawyers, like, ah, you know, we know this is not legal, but we feel like you would know what to do. And we feel like we can use your mind, and you can help us figure out what to do. So even when you wouldn't think legal is going to be involved. I remember looking at our manual for the first time. And I'm like, I don't know, like, I do not know what we shouldn't do. And so, but you know, talking it through and looking at our resources is like, okay, we understand, and I understand and that people are going to come to us even just to help sort it out, and figure it out and get everything into place and get a plan. And it may not be a legal plan, right? Of course, we need to know who we're going to contact if there's a breach, and what's the threshold, all those things, but it may not be an overall legal plan, but legal is going to be involved. And so, as you said, we got to know the business, we got to know our counterparts in different areas of the business, it's super, it's critical to make sure this plane goes down without a hitch. And I know we talked about one of our panels; it's important to make sure everyone knows their part. And that they are critical to this, and they don't think it just falls on the data team or security team are the legal team, but there's going to have to be a multi-person team from across the business, they have to come together make this work. So I think that's super key.


Debbie Reynolds  37:34

I agree. I agree. So if it was the world, according to the Demeka, and we did everything you said, what would be your wish for privacy anywhere in the world, whether it's technology, law, anything, human stuff, consumer stuff?


Demeka Fields  37:53

You know, I wish if there is a perfect world, as someone who is I feel like newer to this world and other people, I would want more information available in layman's terms. You know, I think I'm reading some of this information online. And even though, you know, I'm a lawyer, and I've taken the bar, I've taken multiple bars, and I've done all this work. I mean, some of the stuff and like, what does this mean? And if I'm reading it, I don't say I read this two or three times. I don't know what this is saying, and I'm sure someone else may not have to read legal books, or they're in a different field. They're just like, what does this mean? You know, and so I think it's always important. I know there are so many resources online. But I think it's really important for us to explain this information in layman's terms. So the person who's just Googling information can read it and have a basic understanding, because like you said, while other departments may have to focus on it, everyone's going to need it, right. Like everyone should know a little bit about what data breaches or ransomware attacks are because, in addition to your company, your information may be involved in something, and you get this email. You see, you've been involved in a data breach. And you're like, what does that mean? And sometimes it'd be really small words, just like the first few letters of your first name, the first few letters of your last name, and half your email are the only things that were taken. So you're like, okay, not a big deal. But other times, it may be your credit card information, right? It could be some really important information, critical information involved in the breach, and you get the email or the notice you're like, I don't even know what this means. So maybe it takes I wouldn't say people like me, but take someone who's willing to put this information in layman's terms, so that just the everyday person can really read it and just have that basic understanding and feel calm. Because our companies are dealing with information, but they're dealing with our information, right, like new balances, taking holders and information that I'm giving my information to my gym or my, my church or whatever. So we're all part of this like data world. And some of us think about it more than others. But I think that's my, that would be like a perfect Demeter world is like layman's terms, everyone understands what's a data breach data security and how it may impact their everyday life.


Debbie Reynolds  40:33

Yeah, I agree with that. I think I say once, you know, it should be as easy as reading the paper. Right? So the paper is written at a certain grade level that almost, you know, I was my mother had us read the paper when we were like little kids, right? So I can read, you can read the papers be able to read these notices. And they shouldn't be 80 pages, you know, so I think they can be way shorter.


Demeka Fields  40:54

Yes, I totally agree. Because I even get lost. I'm like, okay, let me just pray this works out. I'm sure other people are looking at this. And you'd like you said, once you get to pages 20, 25. You're like, okay, well, let's just see what happens.


Debbie Reynolds  41:11

Yeah, that's right. Exactly. Cross your fingers crossed. Oh, well, this has been great having this conversation with you. And I'm so happy we were able to connect, and obviously, I'm looking forward to the other collaboration that we do in the future. Oh, this is awesome. Thank you so much.


Demeka Fields  41:28

No, thank you so much for having me. You know, I'm excited to talk about data, and we're talking about in layman's terms, so hopefully, you're listening and listening like okay, I can give what there is today. I enjoyed us talking in normal person talk.


Debbie Reynolds  41:46

I agree with that. I agree with it. All right. I'll talk to you soon.


Demeka Fields  41:50

Bye.

Previous
Previous

E54 - Chris Roberts, Chief Geek, Hillbilly Hit Squad, CyberSecurity

Next
Next

E52 - Jimmy Sanders, Information Security, Netflix