Doing more with less: How to scale your privacy team in these dark times of layoffs

Anyone reading the news or doom-scrolling on Twitter knows we’re in a time of downsizing and layoffs. That makes a privacy professional’s job even harder. You’ve got programs to run, reviews to get back to the product team, and ROPAs to complete. That’s to say nothing of the onslaught of state privacy laws to track and map. If your team is small or made smaller by this anticipated economic downturn, how can you scale your program to do more with less?

This practical blog series aims to help you identify what of your processes you can automate to free you up, how to work cross-functionally to leverage shared goals, and how to use tooling to gain the visibility you need on what’s happening with data flows across your organization.

Anthony Prestia, head of privacy at TerraTrue, and Chris Handman, TerraTrue’s co-founder and COO, met each other at Snap, formerly known as Snapchat. Snap was under a consent decree with the FTC after some privacy missteps.

“That put them under the 20-year yoke of the administration and required Snap, very early, to figure out how to build a scalable privacy program that was going to survive these audits but that also wasn't going to slow down the pace of a relentless product roadmap,” said Handman, who served as Snap’s general counsel. “So we really had a unique challenge of trying to get the compliance right while moving at an incredibly fast speed and doing it with very, very few resources.”

Handman hired Prestia to help him keep Snap’s privacy framework tight. Eventually, it paid off. Snap recovered and eventually IPOd, which meant the privacy team got more resources and could breathe a bit. But it left the two with some lasting impressions on how to build scaleable, efficient privacy programs – friendly to the business without sacrificing on rigor.

“That was something that we lived in the trenches,” Handman said.

And that’s a problem many privacy professionals are facing today. Economic forecasts have resulted in knee-jerk reactions, the most traumatic being mass layoffs at companies across the tech sector and beyond. As a result, privacy teams are smaller. And while the economy may ebb and flow, impacting the industry with its tides, the same isn’t necessarily true for governments and regulators. So we might have to downsize our teams, but the things that we have to do don't downsize as well.

Handman said the circumstances raise a number of challenges: First, you need to ensure privacy remains top of mind, despite the thinning budgets and layoffs. Is there still an advocate for the importance of privacy? Second, you’ve got to identify some places you can change from manual to automated. That frees you up to focus on the more heady exercises that require some additional thought.

If you’re a small – and now smaller – team still running on spreadsheets, it’s impossible to do what you need to do in a fast-paced environment. You need to implement some technology to save yourself. It’s about scaling your efforts to reduplicate and repurpose what you’re doing today for things in the next 10, 15, 20, or 6,000 reviews you have to do.

Prestia said when times are lean, if you’ve done a good job building a privacy culture within your company, that doesn’t disappear. But people’s priorities do change a bit, because everyone’s got new pressure to deliver on things that effect your business’s bottom line.

“Privacy may not be top of mind all the time, so it’s really a matter of trying to establish good processes when times are good,” Prestia said. “If you haven’t done that yet, you should work toward making privacy something that’s automatic. Make it easier to embed.”

That’s where you need to dive in with other teams. In the next post in this series, we’ll talk about how to do that.