Trinity Davis, Managing Director of Strategic Intelligence, 360 Privacy, tells what time in tech has taught him so far.
What is the state of data privacy today?
In the United States, there’s no nationwide data privacy law like they have in the EU with GDPR. Instead, we have around 20 states each with their own rules and regulations. And they’re all a bit different, which makes it challenging for companies to keep current and for regular folks to understand what protections are in place. For example, some states require businesses to obtain your permission before collecting data (opting-in), like an implicit opt-in, while in other states it’s okay to collect your data unless one requests a stop or opt-out. This creates confusion and provides uneven protection for citizens.
The challenge is that almost every business has adopted the selling of data as a secondary revenue stream. In 2022, a large Fortune 100 manufacturing company made more money selling data than they did selling their product. It’s a big issue. In fact, the selling of data (known as data brokering) is now a $270 billion industry.
How does your position as Managing Director of Strategic Intelligence at 360 Privacy play a pivotal role in advancing the company’s vision?
I come from the client side. Before joining 360 Privacy, I served as the operational security lead for two organizations where I was responsible for protecting not only the executives, but their families. In that role, I used the 360 Privacy platform to help secure the digital lives of my clients. So, I understand the security space from both the client and provider perspectives. I can speak directly to the challenges clients are facing because I too face them and can guide them through solutions based on real-time trends and the evolving tactics that we’re seeing from bad actors. Those conversations with clients give me valuable insight into emerging issues, which I bring back to our teams to help design targeted solutions or mitigation strategies on how to solve the problems clients are facing that we may not have seen yet.
As AI continues to advance, what’s the impact on digital identity and reputation?
AI is a serious concern, especially given how quickly it’s evolving. Since AI is fueled by big data, we’re seeing some language models return personally identifiable information (PII) that appears to be pulled from lead generation sites or platforms. Historically, those websites have been focused on corporate contact details, such as emails, office addresses, business phone numbers, etc. But as employees shifted to remote work during the pandemic, a significant amount of personal data was pulled into those databases. That’s why having a strong digital privacy protocol in place is so important; you need to limit the amount of personal data that can be exposed or surfaced in AI-driven queries.
How can organizations build a comprehensive digital executive protection strategy?
The starting point for any security initiative should be a measured risk-based approach. The first step is to conduct a digital threat and vulnerability assessment and to identify the current digital risks faced by key executives or employees. From there, consider the potential impact on the organization if those individuals were compromised, whether through digital harassment, fraud, reputational damage or even physical threat.
It’s important to look beyond the executives themselves and evaluate the broader executive ecosystem. If a bad actor can’t get to the primary target, they’ll shift left or right to the pathway of least resistance. That’s going to be someone that’s close to the inner circle, such as spouses, children, executive assistants, personal assistants, etc. Let the data guide the design of the program so that you’re building a defense that reflects the true exposure.
How should physical and cybersecurity teams work together within an organization?
Historically, infosec and physical security have had challenges in collaboration. The responsibility for digital protection should be shared between both organizations. And the sooner that we acknowledge the need for cross-functional collaboration, the better we can protect the individuals we’re tasked with safeguarding.
Most of the physical risks that we encounter in the executive security space originate in the digital world. The shared goals should be preventing digital harassment from escalating into a physical confrontation or worse. Teams should focus on managed devices and promote strong digital hygiene practices. For example, people should be mindful of having WiFi or Bluetooth actively turned on at all times. We have developed free hardening guides for cell phones, laptops and tablets that can be downloaded from our website to help with this and other privacy concerns.
What advice would you give someone aspiring to obtain an executive position in your industry?
First, you’ve got to have a passion for this space and truly care about protecting people. From there, learn as much as you can about both physical security and information security, because the two are more closely connected than ever before. If you want to grow into a leadership role, it’s not just about being technical. You need to understand how to spot risks, explain them in plain language, and tie the security work back to what matters most in the business. You must anchor your security strategy in your long-term business strategy. Also, stay curious. Pay attention to how threats are changing and work with people who push you to get better. Finally, identify young talent, give them the tools and resources available to succeed and don’t be afraid to lean into new technology once it’s proven to be effective.
