Go Back
Data Exposure Podcast

Building a Data Privacy Program from Scratch in a Cloud-Native World

Fahad Diwan and Spectro Cloud’s Jamie Massaro break down how to build a scalable, privacy-first program, the challenges teams don’t expect, and why privacy must connect to data risk.

Building a Data Privacy Program from Scratch in a Cloud-Native World

Host: JFahad Diwan, Director of Product Marketing, Exterro

Guest: Jamie Massaro, Senior Privacy Analyst, Spectro Cloud

What does it take to build a privacy program from the ground up in a high-growth, cloud-native tech company? In this episode, host Fahad Diwan sits down with Jamie Massaro, Senior Privacy Analyst at Spectro Cloud—a platform that helps enterprises manage and scale data environments across cloud, on-prem, and edge—to unearth the practical lessons learned from the frontline.

Together, they explore how to set and evolve priorities when moving from manual spreadsheets to a scalable program, the most surprising roadblocks and biggest challenges in building a privacy-first culture, the essential role of technology in enabling—or hindering—compliance at scale, why privacy can't be a silo and must connect to a broader data risk strategy, and what emerging trends in data governance and security other leaders might be missing.

Subscribe on Your Preferred Podcast Platform

Apple Podcasts | Spotify | YouTube

Episode Transcript

Fahad (00:09)
When you're a scrappy startup building the future of cloud infrastructure, your first tools aren't a sophisticated compliance platform. They're spreadsheets, but as you scale serving clients in defense, healthcare, and manufacturing, manual spreadsheets just don't cut it. In fact, they're a critical risk. Now, how do you move from spreadsheets to a scalable proactive privacy culture? How do you make privacy a choice, not a reaction?

to a crisis? This is Data Xposure the podcast for data risk leaders. I'm Fahad Diwan, and today we're talking with Jamie Massaro, Senior Privacy Analyst at Spectro Cloud, to give you field-tested insights that you can use to build a scalable, proactive privacy program. Jamie, welcome to the podcast. We're so grateful to have you here.

Jamie Massaro (01:00)
thanks. I'm really excited to be here.

Fahad (01:04)
Great, great to hear. Now you're one of our most beloved customers and all of my colleagues that I speak to, say, Jamie's awesome. You could really feel her passion for privacy. Can you tell us a little bit about yourself? what's your background? How did you stumble into the world of privacy and what gets you so excited about it?

Jamie Massaro (01:25)
Yeah, yeah, I'll be happy to, but first I want to say, this sounds so much like I'm ⁓ kissing up to you guys, but Exterro honestly does make it very, very easy to be a great customer. Everyone I've worked with has been fantastic. So a little bit about me. ⁓ First, personally, I'm a huge ancient history nerd.

In fact, if you look at my LinkedIn profile, it's full of comparisons of Greek mythology to the world of privacy. Very nerdy, but I love it. I'm originally from Detroit, Michigan in the United States. I'm currently living in North Carolina. I have a ton of pets, dogs, cats, a chameleon trying to restrain myself from adopting more. And yes, yeah, he's fun. He's a lot of fun, but he hates people. That's okay,

Fahad (02:07)
A chameleon.

You

Jamie Massaro (02:13)
Education-wise, my degree is actually in business economics because back when I was in college, I just kept changing my major and couldn't settle on one. And that was fastest way to get that degree done. But it's really taught me a lot about paying attention to details of things like forecasting. And I've learned so much from it that I've taken with me everywhere.

Fahad (02:23)
You

Jamie Massaro (02:35)
I've also earned my CIPT recently. I chose to take the beta exam for that, which for those who don't know, since people have to review your answers more thoroughly, you don't find out if you passed immediately. So it was a grueling four and a half weeks before I found out, but I passed on my first try. And thanks. And now I'm currently studying for my AIGP.

Fahad (02:54)
Woo!

Jamie Massaro (02:59)
So to go into my professional background a little bit, there's a reason I'm doing this, but I'm gonna go all the way back to my very first paychecks, which were my first jobs in retail, which a lot of people probably started in retail or in food service, things like that. And I'm mentioning it because I like to keep that experience in my mind to this day because frontline workers, they have so much direct customer contact and so much direct contact with the systems that you use.

workflows and processes that you set up. And they know more things about how it can be better, how it's used, what the, you what all the problems are, and what it's really good at better than anybody behind the scenes does. So in every job I've had since I like to reach out to people in those positions so I can understand their perspectives and keep the full picture in mind. So everything can be the best it can be. That was a lot. But after that,

Fahad (03:55)
A lot of great stuff.

Jamie Massaro (03:57)
Yeah, thanks. So after that, my first types of office jobs was working in the world of credit unions. And there I learned things like importance of regulations, protecting data in privacy, education, both internal and external. I mean, for example, we've had some short conversations back when I worked there with some of our members before they sent out wire transfers that prevented them from losing pretty much everything to scammers.

So I really like making sure you're educating your users and everybody in addition to internally. From there, I went on to work in some software companies in highly regulated industries, financial and some government contracting. And I was a business analyst and tech writer in those roles, which I love those jobs. it really, yeah, they were great. They were so fun. But they really taught me the value of building like some of the most important functions.

Fahad (04:45)
Hmm. Yeah.

Jamie Massaro (04:53)
really early on in documenting everything. And it helps you learn how to talk to a lot of the engineers and developers much better. So from there, it was really easy to jump into where I am today, which is data governance and privacy. You know, I feel like I had the perfect background and knowledge to make that transition. And I had some fantastic leadership early on in my privacy journey and still today. And between that, a lot of studying.

lot of reading. It really became my true passion because, you know, this is a role where we can do a lot to protect people behind the scenes, so that's my favorite thing and I'm happy to be here.

Fahad (05:34)
That's beautiful, Jimmy. What a rich and varied career you've had. And you've seen privacy from different perspectives. You've seen it on the front lines. You've seen it with regulated information. And now you're at Spectro Cloud, which is this cloud-first infrastructure provider. I think you're probably one of the best people to ask this question to because you've seen privacy from all of these different angles. What does Spectro Cloud do, for one, for our listeners that may not

Jamie Massaro (05:38)
Thanks.

Yeah.

Fahad (06:01)
know and what do you consider unique about the data privacy, data governance, compliance environment in which the company operates?

Jamie Massaro (06:10)
Sure. Well, to start simply, we're a software company and that shouldn't be a big surprise based on what you've said. And we have customers who are some of the biggest enterprises and public sector organizations around the world, like healthcare companies, federal agencies, some top global restaurant chains. They're all very extremely security conscious and often highly regulated.

Fahad (06:15)
you

Jamie Massaro (06:35)
So we help them run a key part of their application infrastructure called Kubernetes across different clouds, their own private data centers, and even out in edge computing environments. So to answer your question about what's unique, from a data compliance perspective, it's kind of a privacy technologist dream because we really only require certain limited data from our customers in order to provide service.

Fahad (07:01)
Okay.

Jamie Massaro (07:02)
that gives us the opportunity to pay much more attention to all of the other areas where PII might be present in our organization.

Fahad (07:10)
Great, great. So let's dig into that a little bit. So you mentioned that you get to focus on the other parts of your organization in which personally identifiable information or personal data may be present. Can you elaborate on that? So what do you primarily focus on? And is that where you started when you initially started in this role or has it evolved since then?

Jamie Massaro (07:34)
Yeah, that's a really good question. I'm glad you worded it that way too, because there have been a lot of changes. So when I started at Spectro Cloud, we were and we still are a startup. very fast growing. So my first priority when I started was to drive and bring awareness to privacy by design.

and did some of the standard things that we all do, like understanding mapping and data flows, documenting processing activities, ensuring global compliance, understanding our third parties, what they were and how we use them.

And I'm going to say that's like one of my favorite places to start with too, which I think it's overlooked because they process data so much in so many different ways. And if you're not paying attention to that, you know, there's a lot of things that can go wrong. So that's usually my starting point alongside, you know, talking to engineers and everyone. And also I'm going to spend just a minute talking about my very favorite task, which is training, creating training, which ⁓ I'm going to. I love it.

Fahad (08:15)
Hmm.

Are you a training junkie? You like creating training?

Jamie Massaro (08:35)
I love it, I'm gonna tell you why too. This like, our training makes our team popular,

Fahad (08:37)
Yeah, please do.

Jamie Massaro (08:39)
which I don't think a lot of compliance privacy teams can say. My team and I, collaborate to decide what key points are gonna go into our different trainings. Like we provide in my team, privacy training, security awareness training, and AI literacy training most recently, which I hope a lot of other people are doing now. And then...

Fahad (08:43)
Hahaha

Yeah, literacy,

sounds that's really avant-garde that you're already having it in your training programs.

Jamie Massaro (09:04)
Yeah.

Like we are jumping into

the AI, EU AI act head first. But after we decide what's in there, I build the trainings myself from scratch. And I like to do this because we can customize the needs for our organization this way so that we're not spending anyone's time on things that don't matter or don't apply to us specifically. And we can add more focus into the things that might not apply to other organizations and due to ours.

Fahad (09:13)
Wow.

Jamie Massaro (09:35)
So from there, we take the training seriously. We cover all the important topics, but we try our best to make it funny and fun. We add in memes, we add in jokes, we add in silly images. We have quizzes and we make one, at least one quiz question, one answer to each quiz question, ⁓ something ridiculous or silly. Like for example, yes, yes. so because of this, I've had so many people say,

Fahad (09:56)
Right, it keeps people engaged.

Jamie Massaro (10:03)
I really wanted to choose the wrong answers because they were so fun or I kept going because I want to see what was next. And then they start talking about it in our Slack channels and other people join in. So now we have more engagement and we have people just talking about these concepts because they were unexpected and funny to them, but they're reinforcing what they just learned. And that's so fun for me. It's a way to make it fun. know, privacy doesn't have to be a boring topic.

you know, life and work are too short to not have fun with it. So if people be unexpected, make their jobs more interesting by a little bit today. But that's when I, yes, and that's when I started. So I'm talking way too much now, but. So that was all in the beginning. Still do all that today. But as we scaled, my focus shifted towards building a strong culture of privacy.

Fahad (10:35)
You

That's really well said.

Not at all, not at all. This was great, keep going.

Jamie Massaro (10:57)
So all those things that we did, we began to automate and Exerro was a part of that. And we're creating new things like we have internal legislative trackers to follow all of these changes and laws that are going on. We're integrating privacy by design into even more of our systems. We're supporting teams as they explore new technologies. Everyone wants AI tools.

And we try to make privacy an enabler of innovation and not a blocker. You know, there's times when people want software or they want to do things that maybe aren't the most compliant or privacy friendly. And that's fine because that's not everybody else's job to understand those things. That's why people like me and you have jobs because we do that part. So when we come up with things like that, we try to find alternate solutions for people or find ways of saying

Fahad (11:40)
Hahaha.

Jamie Massaro (11:49)
yes, but instead of no, like, you know, maybe the software you want has some privacy functions we can turn on, maybe upgrading to, you know, an enterprise license can help us have more security functions, things like that. It seems like there's answers when you really look for them and there's ways to do things better. So because of all of this, you know, we're able to drive internal engagement and build trust with teams. So people are really comfortable coming to our team.

Fahad (11:52)
Hmm.

Jamie Massaro (12:16)
with questions and answers and will we give the answers? with questions and the see something, say something, it's so rewarding to see just this so embedded in our culture. And even before it has to be, like you're saying early on, we do these things, we get people involved and privacy is evolving from a foundation to a core part of how we build trust, how we work collaboratively and

It's just a foundational part of our culture now.

Fahad (12:46)
Amazing. So you've really taken proactive steps to imbue privacy in the culture of Spectro Cloud. And I think that is really smart and it shows a lot of foresight because ultimately in the space that we play in, changes and evolve so fast, new laws come into effect. And I think if our teammates have a privacy mindset, if they've been trained on it, if they know how to spot issues, it keeps the organization robust.

to an adaptable to whatever changes to the privacy compliance landscape that may arise. And it's no easy undertaking. So kudos to you and your team for really putting an emphasis on privacy awareness and training and embedding that into your organization's culture. Now building a privacy program, bringing a privacy program is challenging to say the least. We're expected to do more with less.

Jamie Massaro (13:33)
Thank you so much.

Fahad (13:41)
And I think you've touched upon some of your challenges already, but I really want to dig into it for our listeners, right? So there are many of them are in your shoes. Sometimes they're often seen as a department of no, or they don't have many teammates to help them carry out the tasks. What were some of your biggest challenges at Spectro Cloud when you were building out the privacy program? And were there any surprising roadblocks or challenges that you encountered?

Jamie Massaro (14:08)
Sure. So when I started, my first challenge was my own assumptions were wrong. I had never worked at a startup company before, so I was thinking, they're not going have anything privacy done already. I'm here to start it all from scratch. It's going to be such a pain and all of those things. And then I started and that...

Fahad (14:15)
Hmm.

Jamie Massaro (14:29)
I unexpectedly had a breath of fresh air because there was a lot of people who are already included into the importance of things like safe data handling and some privacy laws. So for example, you know, like I just said, I was the first person at my company whose entire job was to do nothing but privacy. And I'm talking to people in my first week trying to get, you know, a baseline and

Some salespeople I talked to who, again, this was an assumption on my part, that was a bad assumption. don't expect generally teams like sales and marketing to have a good handle on these things because it can fly in the face of what they need to do. But no, I had salespeople who are like, oh yeah, because of GDPR article, whatever I imply, I implemented these specific controls into our practices. And I'm like, are you kidding me? Where does this happen?

Fahad (15:05)
Mm-hmm.

Wow.

Jamie Massaro (15:18)
you know, and I talked

to marketers who are well aware of things like can spam and they had already implemented their own controls. So they were really aware of all this stuff. They were knowledgeable. I mean, we've hired great people. I cannot speak highly enough of their caliber. So it was a little bit of a challenge and that I had to reset my assumptions, but it was a good challenge to have. I like that's when I was very happy to have.

But then there's other challenges that make things harder in some ways. In the startup, we're now six years old. We have nearly 300 employees. So we're moving fast. We're always experimenting with new ideas, new technologies inside our business, like adopting AI coding tools in engineering or AI chat bots on our website.

Fahad (15:45)
Hmm

Jamie Massaro (16:07)
So there's an expectation to move very fast. And as a privacy professional, it's really important that we can help enable these technologies in every way we can to the degree that we're able to, of course. We don't want to be a blocker. We don't want to slow down organizational agility, anything like that. There's also global.

Fahad (16:19)
Yeah.

Is

the challenge then keeping up with the pace of innovation, not blocking innovation, but still ensuring that the company is complying with privacy rules and regulations? Is that one of the challenges you face?

Jamie Massaro (16:38)
Yeah,

yeah, yeah, exactly. Like an example I just gave with the AI chatbots.

You know, people want implement those right away and it's not their job again to know all the privacy laws. But I know, okay, you know, if you're going to people interacting, we need to have some disclaimers on there about, don't put sensitive information. We have to tell people it's AI. We have, where is the data going that they're entering? How are we processing it? All those things, but do it quickly, get it documented, make sure we have everything in place correctly so that, you know, as people want to get these out there, we're not slowing them down or stopping them. We don't ever want to do that.

Fahad (17:15)
Right, right.

Jamie Massaro (17:17)
Yeah.

Fahad (17:17)
That

is no easy undertaking, right? Because there are new new AI technologies coming out every day. Extero is one of them. We've embedded AI across our platform and we've taken really a privacy first, security first mindset. But there are many providers out there that maybe don't, right? And so many companies, employees want to leverage those tools because they're so powerful. And that keeps privacy professionals like us employed, but it also might cause us to

Jamie Massaro (17:35)
Bye.

Fahad (17:46)
shed a few hairs because how do we keep up with these tools and technologies and ensure compliance when the space is just moving so fast. technology can be something that creates work for privacy professionals, but it can also be one that maybe makes your life a bit...

Easier. What tools have helped you in building your compliance program or scaling your compliance program? What type of tools and how have they helped?

Jamie Massaro (18:16)
Yeah, and honestly, like, when you asked me to come on this podcast, you did not ask me to plug Exterro or say anything about it at all. I will say that clearly. Yes. But I told everyone I'm a huge Exterro fan girl because I've had nothing but amazing experiences. technology through Exterro has been such a huge enabler to scale our privacy program. I mean, it's

Fahad (18:24)
This is true.

Jamie Massaro (18:41)
It is just hard to even describe, especially the difference between when I started and we were doing everything off of spreadsheets, like you said, to now ⁓ we're finishing our implementation journey. think we're getting near the end. And, you you've helped us with tools like data mapping, data discovery, ⁓ retention management, Ropa assessments, all those things. And now we have automation that's replacing, you know, what used to be all those manual processes and, you know, Google docs and Google sheets and all of

that.

you know, part of the technology is great. It's been wonderful technology. And it's not necessarily technology is only as good as you're taught to use it or as you can use it. So the project managers we have been working with at Exterro, ⁓ which are I'm going to name them if that's okay, ⁓ Sonia Hawkins, JB.

Fahad (19:22)
Okay.

Jamie Massaro (19:32)
They've been there every step of the way in our implementation journey, and they're ensuring we can use the products and services that we purchased so that we can meet our own organizational needs. They help us tailor things to our specific use cases. So one example that's going on right now actually is with our third party or vendor vetting process.

I think the way we do things is a little different than most people, so it's not really an out of the box solution that we're able to find anywhere. I mean, it's close, but it's not exactly. So Sonia has been working with our team to help us design workflows that help us, you know.

do all of our reviews that we need to do in the order that we like to do them, you know, with things like security and privacy and risk and any AI elements, all those different things. And like we were saying earlier, we have privacy embedded into our culture. So we like to have ongoing conversations back and forth with the requester of the tool.

as we're reviewing it. So she's also kind of helping us implement the workflow in a way that we're able to continue doing that without having to have our own manual add-ons and, okay, it can automate this much, but you have to do the rest. That's not a situation here. She's really helping us with that.

Fahad (20:45)
Hmm.

Jamie Massaro (20:48)
Even as we were going through all of our other tools along the way, she's helping us come up with new use cases or use cases that apply to our organization. I don't know how, but from day one, she seemed to really understand our business and what we need. She's magic anyway. But she's one of my favorite people. Yes. Yeah. It's just.

Fahad (21:03)
I'm so glad to hear that.

Jamie Massaro (21:08)
All this is just so critical to us because I mean, like anybody else listening or watching, in order to succeed, we have to choose tools that are gonna simplify privacy and compliance. We can't be adding noise or unnecessary complexity and Exterro is meeting all of our needs and not giving us any of the bad stuff.

Fahad (21:27)
That's great to hear, Jamie. And Sonia is awesome. I can attest. And you're awesome. And we're so grateful to have such a customer like you. I think you touched upon a lot of insightful points. But one thing that really resonated with me was you were saying that, yes, technology helps, but it's only as good as

Jamie Massaro (21:28)
Thanks. Yes.

Thank you.

Fahad (21:48)
you know, the how trained the user is in operating that technology to achieve it, each achieve an end goal. And I think training is something that seems central to your philosophy, whether it's training your own colleagues on how to be privacy first, or seeing the value in training how to leverage a tool effectively seems like training is essential part of your process. And I couldn't agree more, I think tools are great, but we need to be trained on using them effectively. And responsibly, responsibly to ensure that

We're complying with privacy rules and regulations and AI regulations and effectively in the sense that we can have the best data mapping and Ropa tool like Exteros, but our users, our customers, you still need to be enabled to use those tools effectively so we can't replace the need for some sort of professional services or some sort of training and enablement by the software companies that we choose to work with.

Now, one thing I love about...

you and your career trajectory is, well, you've seen privacy and you've seen data from many different perspectives. And you also seem to focus more broadly on data governance. And that's kind of our philosophy here at Exterro and my philosophy too, is that privacy is exceptionally important, but it is one piece of a much bigger challenge for organizations now. Organizations need to manage total data risk across security.

legal governance. And so what advice do you have or more broadly what have you done at Spectro Cloud to ensure that privacy doesn't operate in a silo, right? So that you're taking a holistic data risk lens and you're working effectively with your counterparts in security, in legal, and in governance.

Jamie Massaro (23:37)
Yeah, that's a great question. And my strongest advice to start off is just simply come up with a solid communication strategy that works for your organization. Because without good communication, you have nothing.

So for example, my team, my organization uses Slack and my team has our own channels for privacy, compliance, security, everything. So people ask questions, they'll report things that seem off and we'll share the latest legal trends so they can see the legal risk to why we do what we do and know about like the latest things that are in the news that are privacy compliance security related. And we like to share things too that maybe aren't related to our organization, but they could impact

our employees and their personal lives. For example, there was a recent, I think it was a ransomware attack on a daycare chain, which yeah, where they had, I think it was 800 kids, their photos, their information that was part of this attack.

And, you know, we shared information about that that was in the news articles because we knew that there was employees who lived in those areas who had kids. Maybe they were affected. Just good to let people know these things are going on and it can protect them. And people use those to talk to us about different things. For example,

today, a coworker was considering requesting a new AI vendor. But before they did that, they actually reached out to talk through their use case for it with us, because they see everything that we're posting and they wanted to know if there's any privacy implications or things like that. And it's just so rewarding when you get people who are so proactively coming back to you and wanting to have these conversations. You don't see it everywhere. And to go...

to your question about working in silos. I've seen that other companies and that can be so dangerous and you need to have that communication going on. So at my company where I work at Spectro Cloud, privacy sits right alongside security compliance and governance on the same team. So we work together in sync. We also work

heavily with our head of legal. We have regular contact. I myself have bi-weekly syncs directly with him so we can make sure we're on the same page about different things. So we build collaboration right into everything we do and we treat data like it's a shared responsibility and not separate domains. So

Some internal examples are our work with our security team on things like access management or incident response, life cycle controls. You know, with our legal, we align on things like vendor management, contract requirements, policies, global regulations, which are never ending. you know, engineering and product teams, we ensure data quality, retention, transparency. So there's opportunities to work with every team in your organization.

And we've just found success by doing that, by embedding privacy in every existing process. It's not an additional layer added on after the fact. And we try to use shared tooling when possible. you know, we frame privacy as part of the overall data trust. So it becomes part of everybody's responsibility.

Fahad (26:57)
That is so well said and it really is everybody's responsibility. And your anecdote about the daycare that experienced a ransomware attack really resonated with me because it brings to mind this thought that I had when I first joined the world of privacy and which gives me meaning in my role is that as I'm making sure that we're respecting privacy internally within my company or, you know, we're working with our customers to ensure that they respect privacy within their companies.

really

helping myself and I'm really helping my kids and I'm really helping my friends because these are companies that we all interact with our data is that these companies it's something that affects everybody and so that your anecdote really resonated with me and I loved how you shared that with your employees because a you showed them that you care but be also I guess indirectly reminded them that hey what we do really matters and I loved your point about communication I love the fact that you have these bi-weekly sinks with

with your head of legal, you're all part of security and compliance and privacy sit, you know, under the same umbrella. Because I think if privacy does become siloed, not only does it create risk, right, because you're not seeing or hearing things that maybe other parts of the organization are doing, but it also creates duplicative work. I've seen I've seen companies that have two vendors that are essentially doing the same thing, but security bought one.

and privacy bot one or legal bot one and governance bot one.

So it creates risk, creates duplication of work and roles and vendors, and it leads to all sorts of messy, awkward outcomes. So I love the approach that you and your team are taking and how Spectro Cloud has a foresight to operate in a more holistic manner. And so speaking of foresight, Jamie, what do you think is on the horizon? Are there emerging trends or issues in privacy and data risk that you think currently legal security and privacy leaders

aren't paying enough attention to, at least yet.

Jamie Massaro (29:00)
Yeah, think it's the one that we've talked about just a little bit so far is AI governance. I mean, there's compliance laws now like the EU AI Act, there's frameworks like ISO 42001. They're important. I still don't see or hear a lot of people talking about those in the general privacy community, which has me a little bit nervous. I mean, there's a little bit of chat, but I don't see things that implementing those. And maybe that's just because it's so new and people are just starting

But ⁓

Fahad (29:30)
Well, you're one of the first

people I've heard of speaking about, I think, what you do AI literacy training already at Spectre Cloud. That's pretty avant-garde.

Jamie Massaro (29:37)
Yeah.

Thank you. Thank you. We're trying to stay on top of everything and like you said, be proactive. But while all of those things are, you know, they're required or, you know, if you want to follow the 42,001 framework and, you know, get your audit, great. But I think ensuring, you know, transparency and accountability and how AI is used and developed.

It's just a key to setting up a successful baseline, because I think we're still early in the AI game overall in the grand scheme of things. And if we don't start now, when? And I also see things like convergence of privacy, security, and governance continuing. Like we were just saying earlier, think silos are going to be disappearing, and organizations that manage data more holistically, like both of ours do, they're going to be stronger.

you know, another change I see is ethical data use is gaining so much attention. You know, we're moving away from, well, what's legally required? What's the bare minimum to what is right? And what do people expect? I mean, and I, I've said this so many times, but I firmly believe that the true purpose of being a privacy professional is to do what's right by the people.

Fahad (30:44)
Hmm.

Jamie Massaro (30:54)
The laws are the laws, but caring about people and doing the right thing for them at the end of the day is just the most important thing that there is. I think the most successful companies will be those that see privacy as part of a bigger trust and innovation story.

Fahad (31:11)
Absolutely. It's as you as we touched upon before, at the end of the day, it's our data. Do we want people who are just checking the box with our data? Or do we want people who are really trying to use data ethically and do right by the maybe the spirit of the law and not the letter of the law? Jamie, that was fantastic. There's so many golden nuggets in this conversation that our listeners are going to be able to

take away and implement in their own workflows. I think you've given a lot of practical insights and tips. Now, if you had to give our listeners, know, those senior leaders in legal privacy and security, one piece of advice, you know, what's the what would you say? What would be that one thing they should do differently? Or what is that one thing they should take away if they could only take away one thing?

Jamie Massaro (32:02)
I think it would be to focus on the company culture and that includes so many things I've already talked about, know, the communication, making it fun, giving people their own heads up when things might affect them. But just having it embedded in the culture, I think everything else will fall into place once you start doing that.

Fahad (32:20)
Beautifully said, Jamie. There you have it, folks. A lot of great insights from Jamie Massaro, Senior Privacy Analyst at Spectro Cloud. Great insights like embedding a proactive privacy culture within your organization, communicating regularly and frequently to ensure that you're not operating in a silo, and making it fun. Making it fun.

So that's it for

Subscribe and follow so you don't miss the next episode. You'll find us on Apple Podcasts, Spotify, and wherever else you get your podcasts. Thank you again, Jamie, so much for joining us. I'm Fahad. Until next time.

Redefining how your business manages data risk.
Get Started
Mitigating enterprise data risk.
ResourcesBlogPodcastCase StudiesWhitepapers
ProductseDiscoveryDigital ForensicsData GovernancePlatform & Intelligence
IndustriesFinancial Services & InsuranceHealthcare & Life SciencesEnergy & UtilitiesGovernment & Public Sector
CompanyNews & PressCareersTrust CenterContact Us
© 2026 Exterro. All rights reserved
Trust CenterModern Slavery StatementPrivacy Policy
Do Not Sell or Share My Personal Information