Prior to joining the tech industry, I ran a consulting practice. Much of my work involved helping corporate and nonprofit leaders build or restore a level of trust with their partners and their communities. It is much easier to build and maintain trust than to repair it, and sometimes the solution required massive structural changes.
For the past eight years, my work at Archive360 has also centered on trust: protecting data is at the heart of what we do. Heavily regulated organizations in the public and private sector trust us to help them secure and manage their data in the cloud, giving them ownership and control over their own data estates.
The ability to store and manage data in the cloud and move away from outdated processes—for those of us who remember running tape back-ups—has completely changed day-to-day activities, not just for IT and Legal, but also for Security, Compliance, Internal Audit, Records Management, even Accounting and HR. It makes business operations more efficient and has created new opportunities for data-driven innovations.
At the same time, the enhanced ability to collect, store, and use data in the cloud has justifiably raised concerns about privacy and cybersecurity. Navigating these challenges successfully requires the tech sector and policymakers to work together.
Common Ground for Businesses and Consumers
We can better understand and meaningfully engage in discussions of data privacy if we work from one key point: namely, responsible companies want to protect their customers’ data. They are stewards of highly personal information, and they take this responsibility seriously.
In other words, consumers and businesses are allies, not adversaries with respect to data privacy. Policymakers have an opportunity to provide protections for consumers and give businesses clear guidance that will help them operate successfully and reduce risk.
While many countries and the European Union have recently adopted stringent data privacy regulations, the U.S. still lacks a national data privacy law. In the absence of action from Congress, several states have passed their own data privacy legislation, and more are looking to take action in the near future. Having a patchwork of state laws is far from ideal: among other things, it puts a tremendous burden on businesses, especially small and mid-size companies. But I am hopeful that well-crafted legislation will serve as a model for Congress and compel them to act.
My Advocacy Journey
I strongly believe data privacy policies can serve the common good by meeting the needs of consumers and businesses, and protecting national interests. I’ve become passionate about supporting good governance on this issue—as both a consumer who has experienced identity theft and as a member of the tech industry.
Over the past several years, my colleagues and I have engaged on a variety of fronts to advance digital privacy policies. In 2017, Archive360 joined an amicus brief in Microsoft’s lawsuit against the U.S. Department of Justice, which essentially sought clarity about how law enforcement can access consumer data held by cloud providers. As a relatively small company, it was an extraordinary opportunity for us to leverage our expertise in data management, specifically data ownership and access.
This suit went all the way to the U.S. Supreme Court but became moot when Congress passed the Clarifying Lawful Overseas Use of Data (CLOUD) Act in 2018. The CLOUD Act was an important step forward, but it did not address the larger issue of how businesses collect, store, and use consumer data in their everyday operations. While these shortfalls were apparent at the time the legislation was being considered, a coalition of data privacy advocates from the tech sector (myself included) spoke with Congressional leaders and voiced our support. Both in business and in political arenas, compromise often gets more accomplished, and the CLOUD Act was a step in the right direction.
Engaging at the State Level
More recently, in the absence of Congressional action on data privacy, I’ve engaged on this issue in my home state of Connecticut. Earlier this year, I shared my support for proposed data privacy legislation, and underscored the need to provide rights to consumers, clear rules and reasonable protections for businesses, and alignment with established data privacy practices.
Connecticut’s data privacy legislation did not advance in the 2021 session. While this was disappointing, the bill’s sponsors took this as an opportunity to bring together a working group, comprised of people with expertise in various sectors, including healthcare, insurance, manufacturing, hospitality, tech policy, and consumer advocacy. We discuss components of the bill, listen to each other’s perspectives, and share ideas and concerns. There is far more alignment than disagreement. It’s been helpful to hear from others about the potential impacts of new data privacy legislation on their constituencies. As with the other state bills that came before it, my hope is that our work will become part of a larger model for federal legislation.
In the past, I’ve volunteered with various organizations, but it was a separate activity from my professional life. Now, l have a seat at the table to advance public policies that will improve outcomes, and (I hope) provide the basis for increasing trust between business, consumers, and government. It has been a fascinating and exciting experience.
Voices for Innovation deserves much of the credit for bridging this personal/professional gap, for opening doors, for providing much-needed tech policy briefings, and for offering me meaningful opportunities to lend my expertise. It has been very rewarding—both professionally and personally—to help shape policies that will benefit the public. I encourage others in the Microsoft partner community to pursue their own advocacy journey.
Marian Breeze is Director of Regional Sales and Business Development for Archive360, a global provider of intelligent enterprise information management and archiving solutions. She is a member of Voices for Innovation’s Advisory Task Force and serves on the Connecticut General Assembly’s working group on data privacy.