K Royal on being the 2024 Legal Luminary

Global Chief Privacy Officer &

Deputy General Counsel

Crawford & Company

"I am so passionate about privacy that it is infectious. I see no problem as too big or gnarly and no job too small."

ABOUT K Royal

Authentic. Passionate. Vibrant.

@heartofprivacy @thats_so_k



K Royal, PhD is an attorney and global compliance professional with 25 years of experience in the legal and health-related fields. K is a bright voice in the tech world, especially global data protection, privacy, and cyber law. She has advised numerous start-up companies long with some of the top names on the Fortune Global 500 list. She is a featured tech columnist for the Association of Corporate Counsel, a frequent speaker at industry conferences, and co-host of the top-ranked Serious Privacy podcast. K has also served on the board of directors of numerous non-profit companies spanning Texas, California, and Arizona.



She is certified through the IAPP as a Fellow of Information Privacy (FIP), Privacy Management (CIPM), and US and EU Privacy Law (CIPP/US, CIPP/E). She obtained her law degree at the Sandra Day O'Connor College of Law at Arizona State University and her PhD in public affairs from the University of Texas at Dallas. She is currently the Global Chief Privacy Officer and Deputy General Counsel at Crawford & Company.



Ask

K Royal

Can you briefly describe your role in ensuring data privacy and its impact on your organization or community?



People often ask how I made the jump from being a registered nurse to attorney "aren't they totally different?" To me, no, they are not. Privacy is a helping field. I protect the company, but I do so by protecting the people whose data we hold. My biggest impact would center around that - I am so passionate about privacy that it is infectious. I see no problem as too big or gnarly and no job too small.

Share a key aspect of your approach when building privacy programs and how it aligns with organizational objectives.

A key aspect of my approach is approaching using strength and enthusiasm. All too often, the privacy office (elsewhere) will push out training on an apologetic note. There is no apology - it is a congratulations. Congrats! We just gave you the tools to make sure our company stays in business by not violating the law or contracts. My organizational objectives feed into the privacy office objectives because we are there to help our business thrive. We are ambitious, pragmatic, and empowering.



How do you measure and prioritize data privacy risks, and what strategies have you found effective?



Data privacy risks and how they are managed are largely dependent on the organization, industry, and risk appetite. The first strategy, therefore, is to identify the risks and risk appetite, priorities, and objectives. Then you have to be relevant, visible, and supportive. One cannot mitigate risks so tightly that the business fails and one cannot mitigate them so loosely that the regulators have a party at your expense.



Reflect on a notable challenge in your data privacy work and the specific steps you took to overcome it.



One that really comes to mind are incident response plans and how they typically do not account for privacy - just security. I worked really hard over weeks to build a blended plan for a client, then they hired their first official security person who tore it apart to rebuild it strictly from the security side. I begged and bargained to no avail... until they had a potential incident on the privacy side and their plan did not accommodate that consideration. Unfortunately, it was not that I took specific steps at that time, but the circumstances worked in our favor. Since then, I am blunt up front about the struggle and controversy - and now that I am in-house and not a consultant helping so many companies, I make sure I have some ownership rights.

Looking back at 2023, share any predictions you had for Data Privacy. How did they unfold, and did they influence your approach?



My predictions for 2023 were pretty weak - I anticipated more states would pass privacy laws and that we would get used to a new normal with hybrid working environments. Seriously, I was a little afraid of 2023 and came into warning people to treat it like a wild animal, approach it carefully with no expectations... and 2023 was a little wild through the year. I changed jobs in 2023 and tried to not take the year for granted.



If you could have any fictional character as your best friend, who would it be and why?



Eve Dallas from the JD Robb series. She is smart, blunt, and kicks butt. She is also married to the richest man in the world so there might be some cool things offered to do for fun together plus access to his strategy for investments. She's a lieutenant in the NY police department. And she has a fat cat she rescued in book one.