Frankie Benjamin is the Privacy Program Manager and Legal Operations Lead at Indiegogo, where she focuses on championing cross-functional alignment on user data privacy.
Indiegogo is the leading crowdfunding platform that gives entrepreneurs a way to surface their innovative ideas to individuals to fund. Every month, over 19,000 campaigns are launched and over 10 million people globally visit Indiegogo to help fund the campaigns. Just as Indiegogo empowers entrepreneurs to bring their ideas to life, they also empower their users with control over their data.
We caught up with Frankie for an interview on the challenges of modern data privacy and how to lead cross-functional efforts that put users in control of their data.
Why is data privacy important to Indiegogo?
We respect our users all throughout their journey with Indiegogo. We ensure regulatory compliance on data privacy laws. But, compliance is just the start for us. We’re a technology company that is founded on empowering the individual. As a part of that mission, we believe our customers should be able to control their data. And it’s clear that data privacy is only going to get more visible and even more important for our consumers.
We believe data privacy is critical for us, and really for all businesses to act on.
How did Indiegogo’s data privacy process work before partnering with Transcend?
It was a very manual process. Our customer service agents would read through user tickets, flag if it was related to privacy, and send it to us on the legal team. We’d vet the user for authentication purposes and then do a manual internal review to make sure we weren’t required to keep the data for any reason. If we were all set there, we’d pass the request on to our teams and ask them to update data deletion in a spreadsheet.
Each of our teams was required to participate—across sales, marketing, engineering, and operations. They all had to manually delete the data from the tools that they use–Sailthru, Salesforce, etc. We’d then double-check that it was all deleted. Once all of that was complete we’d update the user. The whole process would take a couple of weeks, and it was not easy.
Why did you decide to partner with Transcend and what questions came up for you during the process?
We didn’t want to sign up with any old privacy vendor. We needed to partner with someone who could give our users a modern and secure data privacy experience. Other privacy vendors told us they could locate the data with data mapping technology or upgrade the process flow with workflow technology, but that didn’t work for us. We already know where the data lives. We also don’t need a marginally better workflow. We wanted a real technology solution that gives our users access to their data rights in seconds.
During the onboarding process, we asked ourselves a number of key questions, including: How streamlined is this solution? Does this fully automate our needs and that of our users? Does this meet and exceed our requirements on security and legal compliance? Is engineering on board with the solution and is it an easy lift for them to integrate? The answer for all of that was a ‘yes’ with Transcend.
How do you suggest companies think about cross-functional data privacy?
From my perspective, it’s rewarding to work with our full Indiegogo team on data privacy. Each team is very focused on their part of the user experience so we find it is best to address each team’s concerns in privacy individually and then combine those efforts into a holistic process. Where I sit, I like to get involved early in the process with our cross-functional teams. Clearly, on the legal side, my job is risk mitigation (such as curbing fines), but I think there’s also huge value in building user trust with better data privacy.
Whether it is engineering or marketing or legal, we’re all trying to build for better user experience, and privacy is a huge part of that in today’s world.
What do you see in the future for data privacy?
Well, for starters, I would love legal consistency throughout multiple jurisdictions on future data privacy regulations. Barring that, hopefully, as more data privacy laws come out we’ll see similarities and a regulatory coalescence behind what works and doesn’t work. For consumers, I definitely think more people will exercise their data rights. We’ve already certainly seen an uptick in user requests for data privacy over the past few quarters. I think that’s an industry trend that started with California’s data privacy law (CCPA) and is accelerating as people spend more and more time at home and online. Thankfully, I also believe partnering with Transcend will free me up to put aside the quarterbacking of a manual data privacy process and get back to focusing on the core of my work.