Episode 53: A successful career in privacy. - The Monopoly Report

Summary7 min read

Episode Summary: The Monopoly Report – Episode 53

"A Successful Career in Privacy"

Host: Alan Chapell
Guest: Doug Miller, Privacy Leader and Executive Coach
Date: October 29, 2025

OVERVIEW

This episode of The Monopoly Report dives into the evolving landscape of privacy careers, with a particular focus on building a long-term, fulfilling path in a discipline historically under-structured and frequently misunderstood. Host Alan Chapell interviews Doug Miller – a veteran privacy executive, coach, and former global leader at major digital companies – to explore how privacy professionals can navigate organizational challenges, stay relevant amid regulatory waves, and intentionally reinvent their roles. The episode’s tone is both candid and optimistic, salted with practical advice, personal anecdotes, and encouragement for privacy pros at all stages of their careers.

KEY DISCUSSION POINTS & INSIGHTS

1. The Evolution of the Privacy Profession

[03:00 - 06:40]

From Accidental to Intentional: Doug recalls that privacy was not a deliberate career path two decades ago; early professionals often "fell into" the field. Today, people are joining privacy intentionally.
Shift from Reactive to Proactive: The profession has moved from simple compliance and risk assessments ("routinization") to engaging in complex organizational change, including leadership and behavioral influence.
Impact of GDPR: Doug highlights GDPR as a watershed moment, forcing companies to build mature privacy infrastructures and collaborate across departments rather than siloing privacy to legal teams.
Data’s Complication: The increasing velocity and complexity of data flows, regulatory sophistication, and the rise of AI are rapidly reshaping privacy concerns.
Timeless Principles: Despite constant change, foundational concepts like the Fair Information Practice Principles (FIPs) remain relevant.

"I actually would argue that we're going through a turning point where privacy teams and companies are moving from being reactive on privacy issues to seeing the advantages in being proactive... Not everybody's there yet, but I do think that worm is turning a little bit."
– Doug Miller [04:48]

2. Personal Career Journeys in Privacy

[06:40 - 10:08]

Doug’s Path: Doug’s entry into privacy was rooted in organizational diplomacy and collaborative skills, more than legal expertise.
The AOL/Time Warner Culture Clash: Using historical mergers as context, Doug and Alan discuss how entrenched corporate cultures can undermine even the most logical strategies.

"The reason they picked me...was because they thought I was diplomatic and collaborative...that was the essence of what the work was going to be...It wasn't just figuring out what the law is going to require."
– Doug Miller [08:06]

3. Building Influence in Organizations

[11:17 - 14:30]

Overcoming the “Blocker” Perception: Privacy teams struggle when seen as hindrances instead of strategic partners. Success comes from aligning privacy efforts with business goals and shifting conversations from risk avoidance to cost/benefit analyses.
Making the Case for Investment: Proactive compliance not only reduces risk but streamlines business relationships and future-proofs organizations.

"The trick...is realigning your pitch for the value proposition of the privacy and compliance work to something that the organization actually values, aligning with business strategy..."
– Doug Miller [13:04]

4. The Shifting Regulatory and Enforcement Landscape

[14:30 - 18:29]

Historical Lax Enforcement: Alan points out that digital media has long benefited from sporadic enforcement, enabling minimal compliance.
Enforcement is Changing: Doug warns that regulators have grown in expertise and now coordinate efforts, making it “unwise” for companies to assume they’ll go unnoticed.

"I just don't think it's wise for companies to think that they're going to go undiscovered if they're not taking these issues seriously."
– Doug Miller [16:29]

5. Navigating Career Growth and Burnout

[21:33 - 26:04]

Career Pathways: Doug describes working with privacy professionals at various stages—from aspiring to CPOs—advising that success increasingly demands reinvention, multidisciplinary skills (technical, legal, communications), and “people skills” such as facilitation, storytelling, and alliance-building.
Mindset Matters: Effective professionals manage ambiguity, persist through setbacks, and focus on influencing organizational culture—echoing F. Scott Fitzgerald's and Ted Lasso's wisdom.
Burnout in Privacy Roles: Doug references research on types of burnout, emphasizing the importance of forward-facing curiosity and support for colleagues facing similar challenges.

"I am convinced that the profession has changed enough that what got us here won't get us there, that we almost always need to reinvent how we're doing stuff."
– Doug Miller [24:07]

6. Reinvention and Adapting to Change (Especially with AI)

[31:16 - 36:05]

Facing Technological Shifts as Opportunities: Rather than aging out, privacy pros accumulate “wisdom worker” value by developing leadership and adaptability.
The ‘And’ in Job Titles: Doug encourages professionals to see requests to take on AI, ethics, or compliance as gifts, not burdens—expanding influence and relevance.
Continuous Reinvention: The pace of change is accelerating; Doug frames personal career transformation as a journey of discovery, not a threat to identity.

"As we age, we transition into becoming wisdom workers... we are actually more valuable to the organization because of the accumulated wisdom and experience on top of continuing skills."
– Doug Miller [33:16]

7. Addressing Industry-wide Uncertainty and Futility

[38:07 - 41:18]

Market Pressures: As ad revenue consolidates among tech giants (Google, Meta, Amazon), the sense of futility in the market grows, leading some to “jump to the next sexy thing.”
Agency Amidst Futility: Doug urges listeners to focus on what they can control: personal growth, embracing new mindsets/skills, and intentionally seeking new opportunities.

"You are never trapped. If you start doing the work on yourself, building your own capacity to change...then you can be more effective in changing the organization."
– Doug Miller [39:42]

8. Takeaways for Building a Fulfilling Career

[43:08 - End]

Embrace Risk (Especially Early): Alan shares his own story of striking out solo and emphasizes that “every good thing that has happened...came as a result of taking a risk.”
Reinvention at Any Age: Doug cautions against “job hugging” and advocates for continuous development and preparation for new opportunities—even if circumstances don’t immediately allow for a leap into something new.
Transferable Skills: Privacy professionals possess diverse skills that translate to a wide array of roles—legal, nonprofit, technical, management—and should honor their journey, not view change as a repudiation of their past.

"There's nothing about reinventing yourself that should dishonor your past. It should be, in fact, respectful of where you've been and grow from there."
– Doug Miller [41:38]

NOTABLE QUOTES & MEMORABLE MOMENTS

Doug Miller on Organizational Advocacy:
"If you get out in the organization and you start thinking about what everybody else...is trying to do, it's quite likely that they're feeling some of the same frustration... There's a real opportunity to get out in the organization and start changing, helping everybody else think about how they reinvent their work too." [26:24]
Alan Chapell on Privacy as Just One Piece:
"It’s just difficult to talk about privacy without talking about antitrust and without talking about Section 230 and without now talking about copyright law." [22:12]
Doug Miller on Burnout:
"We had developed a typology of about 10 different kinds of burnout that privacy pros face because they're not all the same. You can be exhausted, that's not the same as feeling cynical, which is not the same as you're firing on all cylinders but the organization keeps frustrate you." [25:39]
Alan Chapell on Passion and Career Fulfillment:
"Find the thing within you that drives you. What is the thing within you that gets you up in the morning? And by the way, I don't want to rule out that that might not be privacy or regulatory." [40:49]

TIMESTAMPS FOR IMPORTANT SEGMENTS

03:28 – Doug on the transformation of privacy roles
07:20 – Doug’s origins in privacy at AOL
10:08 – Culture clash at AOL/Time Warner and lessons learned
11:17 – Moving privacy from “blocker” to partner
16:29 – Why enforcement is changing and organizations should take notice
23:04 – Doug’s framework for coaching privacy professionals
26:04 – Addressing burnout and the importance of mindset
32:47 – Adapting as a senior privacy pro amid AI and accelerating change
39:11 – Overcoming industry futility and embracing agency
43:08 – Encouragement to take risks and develop transferable skills

FINAL THOUGHTS & CALL TO ACTION

Both Alan and Doug advocate for self-awareness, risk-taking, and continual reinvention—reminding privacy pros that their skills are in demand both within and beyond privacy. As the regulatory and organizational landscape fluctuates, the truly successful career is one aligned with personal passion, adaptability, and an openness to new opportunities—even if that means forging new paths outside traditional privacy roles.

Doug Miller contact: dougmillerstrategies.com
Subscribe: https://monopoly.marketecture.tv

Loading summary

Transcript45 lines

[00:00]
Alan Chappelle
Foreign welcome to the Monopoly Report. The Monopoly Report is dedicated to chronicling and analyzing the impact of antitrust and other regulations on the global advertising economy. For sponsorship opportunities, please reach out to jeremyarchitecturemedia.com I'm Alan Chappelle. This week my guest is Doug Miller, Privacy Leader and Certified Executive Coach. His coaching practice, Doug Miller Strategies llc, helps privacy executives and professionals reinvent their work and careers. As a Senior Fellow at the Future of Privacy Forum, Doug runs FPF's ad practices community. Doug served as Vice President and Global Privacy Leader at AOL for many years and he led the privacy team for the combined entity of AOL and Yahoo. He served eight years chairing the Board of the Directors of the Network Advertising Initiative. Prior to becoming a full time coach, Doug was on Amazon Ads Privacy Team this is going to be a unique and hopefully a special episode. A Little Background on Me so when I founded my law practice in 2004, it was kind of lonely being a privacy person in digital media. Yeah, sure there were privacy teams at the big companies like AOL and DoubleClick and Microsoft, but the VC funded ad tech companies and most pubs and advertisers often didn't have a single privacy person in house back then. Now it turns out that the dearth of privacy pros was a bit of a market opportunity for me and helped me build out my practice. So you fast forward it to today and even though there is now budget for privacy, there really isn't always alignment on how your company's privacy or regulatory person or their team is supposed to be spending their time or or sometimes even their goals. So my sense is that there's a lot of confusion out there both in terms of finding ways to be effective at your current gig, but also in terms of forging a career path that has meaning over the long term. I get a lot of inbound requests from privacy and regulatory pros asking about career opportunities. While I'm happy to share my approach, I recognize that what works for me just might not work for others. So I wanted to have Doug on the POD so I could pick his big brain for you and also to help facilitate some thinking about long term career goals for privacy and regulatory pros. So let's get to it. Hey Doug, thanks for coming on the pod. How are you?
[02:38]
Doug Miller
I'm doing great Alan. Thanks for having me on. It's great to see you.
[02:41]
Alan Chappelle
It's great to see you as well. I think our last brief chat was in Nashville. A group of privacy folks were down there mostly listening to Music, Yes. And talking a little privacy. But truth be told, there was a lot of music to be had down there.
[02:55]
Doug Miller
A lot of music, a lot of people reinventing their careers. It's a vibrant place. It's cool to be there.
[03:01]
Alan Chappelle
So I've known you 15, maybe 20 years now, and you've spent a large part of your career working within the original walled gardens of aol. And you're clearly like an OG privacy pro and one of the initial members of the iapp. So you're a great person to ask this question, like, what are some of the biggest changes you've seen within the privacy profession in that, you know, in your 20, 25 year career?
[03:28]
Doug Miller
Just starting with a really big question there, you know, I bring the heat. Yeah, well, you know, the privacy profession didn't even exist when I was in like college or whatever, and people found their way to it. One of the other changes, one of the changes is that people are going there deliberately now. I think a lot of people would say as a first answer to this question, well, there's become a lot more compliance roles. That part of the job has gotten smaller, the routinization of things, risk assessments, that sort of thing. And that's inevitable. That's the history of the Industrial Revolution. What I think has been interesting is that over time, privacy professionals have realized that this can't just be a job that is tacked on to the organization and that is only grappling with law and policy issues that, that really to be successful, you've got to think about organizational issues, behavioral issues, all of the facets of leadership that are going to enable you to get these ideas across in the organization. So I actually would argue that we're going through a turning point where privacy teams and companies are moving from being reactive on privacy issues to seeing the advantages and in being proactive. Not everybody's there yet, but I do think that that worm is turning a little bit. You have 20 states now with laws, and it just becomes really hard to decide we're going to deal with all this stuff ad hoc. Couple of the other things that I think have happened. GDPR was, I think, a real turning point because I think a lot of the privacy work up to that point could be in the legal department or the privacy team. You're updating your privacy notices, you're doing the contracts and that sort of thing. GDPR forced you, forced companies to actually think about having a mature organization that's doing this work. And because it required a data map, a data inventory, to be able to facilitate subject access requests and deletion and all that. There's no alternative to going out in the company, building the relationships with teams that do not want to have to deal with this, do not want to have to budget for it, do not want to prioritize it, and getting them to actually do it, that's when the work is forced to change. So GDPR is I think, a real watershed. I think over time data has been combined in new ways. It used to be it was just within your organization, now it whizzes around and that compounds privacy issues. I think regulators have gotten more knowledgeable. I think there was a time when you could say, well, these regulators, the policymakers, they don't understand these problems. Well, they really do now. And you're just kidding yourself if you think that they're not keeping up. And then I think AI of course is changing it a lot. It's a big new technology, lots of new issues, lots of the same common themes. It is fascinating final point that as much change as there has been in this profession, which is just a fascinating profession that's so multidisciplinary, the fips, the Fair Information Practice Principles have been this very useful common thread all the way through and I think still have some relevance.
[06:41]
Alan Chappelle
So you bring up a whole bunch of interesting points. The first one just for me to react to is, you know, in the olden days of privacy, it's really remarkable and I hadn't considered it when I was just getting started out, but it was really remarkable how many people kind of just fell into privacy within their orgs back then. And, and some of that is just because there wasn't really a career path that got one in there. You just happened to be, you know, right place, right time and, and at least in my case there were a number of distinct career circumstances that it became a bit of a calling. How did you get in?
[07:20]
Doug Miller
Oh, I had been in government affairs doing government affairs work at a trade association that was then called the Software Publishers association and now is the Software and Information Industry Association. And about a half a dozen of my colleagues had found their way over to aol and eventually one of them called me up and said there is this new position here called General Manager of Community. And part of the job application process was figuring out what it was going to do and part of its role was to be at the nexus of they were figuring out that, oh my goodness, there are public policy issues that actually are going to be a thing we're going to have to pay attention to. And also trying to translating that into policies for how members, consumers would conduct themselves. So we developed the appropriate content and conduct policies and that sort of thing. And that gave rise to thinking about privacy. And after a big project where a cross company team put together new privacy notice, the general counsel and the head of communications came to me and said, we want somebody to be the person who thinks about privacy all the time and we want it to be you. And the reason they picked me, they said, was because they thought I was diplomatic and collaborative and that that's what was going to be needed in the face of some of the personalities involved. And I just want to note that because the idea that that was the essence of what the work was going to be, I think was way ahead of its time. That it wasn't just figuring out what the law is going to require. It was, you do have to take these ideas out into the organization and change people's behavior.
[09:00]
Alan Chappelle
Okay, just maybe a crazy aside here. Did you have a role in all of those CDs that proliferated around the world as a result of AOL?
[09:09]
Doug Miller
I did not. But there was a woman who was the head of marketing there. Her name was Jan Brandt. And I think she's a legend in the marketing profession because she conceived this strategy. And I think at one point we were some ludicrous percentage of the mail and packages that the U.S. postal Service sent around. And it's brilliant. Marketing people would collect these things. And it did drive people to actually get on the service and all of that. It was really something.
[09:36]
Alan Chappelle
So I remember I was at Jupiter Research when the biggest merger of the time happened between Time Warner and aol. And it occurred to a number of us at the time. I wasn't an analyst back then, but it just seemed like, wow, those are two very, very, very different cultures. How are those two different cultures going to fit together? I'm wondering if you have any thoughts about that, because that to me kind of hints at some of the work that you're doing today.
[10:09]
Doug Miller
I remember at the time wondering the same thing. And I don't think we were alone. Peter Drucker, the legendary management guru, is credited with saying, the culture eats strategy for breakfast. He didn't actually say it. It was somebody who was, but it doesn't matter. Cultured strategy for Ruckus. The idea is that you can have these best laid plans of mice and men and the organizational culture is quite likely to undo it unless you are harmonizing with those cultural things. What I thought was fascinating at the time about The AOL Time Warner merger is. You looked back at the history of the merger of Time and Warner Brothers. They had an issue with culture clash. So it was a little optimistic for people to think that these two cultures were going to mesh well in a larger way. And I guess they didn't.
[11:02]
Alan Chappelle
That might be an understatement.
[11:03]
Doug Miller
You know, I mean, it's an interesting side question of whether or not Jerry Levin and Steve Case were ahead of their time and the core idea, but the. They culturate that strategy for breakfast.
[11:17]
Alan Chappelle
So when you were talking about some of the changes to the privacy profession, I think you used the term they're now more proactive than reactive. Help me unpack that, because I think that's a really important point.
[11:32]
Doug Miller
Well, I think part of that is in the context of the company where you work now, a lot of privacy professionals are going to say that they often feel like they are not respected in their organization, that they are perceived as a blocker or an obstacle or a cost center as opposed to a partner in helping this business do that thing that it does. That is a mindset that I think privacy professionals struggle to change, and I hope they can. And then you got to change that mindset within the organization. To the extent that that is happening, that is contributing to organizations considering the possibility that maybe it would be a little smarter to actually accept that these changes are happening, that there is a GDPR, that there are 20 state laws, and maybe we should try and get ahead of it instead of pretending that it's not or waiting to see what other companies are doing. It is really, really hard. And this is what makes it so tough to be a privacy pro or a privacy exec, because it's way too easy for the C Suite to say, I don't see these other companies doing what they're supposed to be doing. It looks like other people are getting away with stuff, and we should be able to, too. And so we're just not going to do it. That's a dangerous, slippery slope to be on. But it has been for many years possible for them to say that. And one of the mistakes that privacy pros make is you're thinking about privacy all the time. These laws are serious. They're really are meaningful fines. And you go in and you're, you're like, oh, my God, we're going to have fines and reputational risk and all that. Well, it's not going to scare the leaders at the company because it's really important to remember they have other priorities and they're probably bigger priorities. They got to hit their quarterly numbers, they got to hit their yearly numbers, products that need to launch, and they have all kinds of other problems. So you have to remember that your issues have to be understood in this larger context. And so the trick to it, the finesse of it, is realigning your pitch for the value proposition of the privacy and compliance work to something that the organization actually values, aligning with business strategy and that sort of thing. It's a longer conversation, but that is, that is how the worm will turn. Because I really believe if you think about risk all the time in the company, the laws are all about risk and risk assessments and things like that. But you have a conversation about risk at a lot of places and they're going to say, well, you know what, we're going to accept the risk. Well, maybe you'll get away with it for a while. It's hard for privacy teams to win that debate. I think if you reposition it as a conversation about costs, it can be a much more compelling discussion because, sure, we can accept the risk. Here's what it will cost. Here are the costs if something goes wrong. Here are the costs to invest in the future. Here's the cost of swirling on this issue for a couple of years. Here's how much we save if we take it seriously going forward, that kind of thing.
[14:31]
Alan Chappelle
Well, also sort of the, the dirty little secret is that historically, particularly within the digital media space, I'm sure there's some outliers in some other industries, but within the digital media space, you know, enforcement has not been particularly robust. And so you have to have something that is egregiously bad to have a decent risk of getting caught, or this is sort of related, you have to have something that upends the current social order within the marketplace in which you operate to the point where it really pisses a bunch of people off. And then I think you've got a chance. But if you're just kind of a run of the mill, you know, data company or ad network or whatever they're calling themselves these days, you can kind of keep your head down, stay within the herd, and the chances of getting into big, big, big trouble are relatively low. And so in that environment, how does the privacy person, you know, even have a chance to try to impose their thinking onto the org?
[15:36]
Doug Miller
Yeah, I, I, I do think that analysis is right. And it's, it's just been too easy for companies to not pay attention to this stuff. And, and the enforcement hasn't been what probably a Lot of enforcers wish it could have been. A couple points. One, I do think that is changing that. If you talk to enforcers and regulators across the United States, for example, they're pretty serious about what they're doing. And even if you think, well these very small states, they only have a couple people working on these issues, they're actually participating in consortiums of other AG offices sharing ideas and information and technologies and that sort of thing. And I just don't think it's wise for companies to think that they're going to go undiscovered if they're not taking these issues seriously. And by seriously, so much of that is really just showing that you are respecting the law, doing the work, doing the updating of your privacy notices, making sure that your opt outs are functional and monitoring them correctly, updating your contracts and making sure that you're providing some means of making sure that the people you're contracting with are actually complying with the contract. The basic showing your work of having a mature privacy program is one, going to start building that discipline and muscle memory within your organization. Two, it gives you a reason as the privacy team to get out in the organization and start changing the culture around all the, all of this. And three, if God forbid, you do get an inquiry from a regulator, you will be in a much, much, much better position if you can show that you were taking this seriously and maybe there a small glitch or a misinterpretation or something like that than if it looked like you were not taking it seriously at all.
[17:24]
Alan Chappelle
Okay, so you're preaching to the choir with me. I agree with you. I do think things are changing. I'm really keen, particularly with California to see how they ramp up enforcement because to this point they've been pretty reasonable in how they've approached it. There haven't been a lot of what I would call crazy gotchas. It's been, no, look, the law says X and you've done Y and therefore we're, you know, we're going to have a conversation. It's going to be interesting to see if they continue along that path or if, you know, enforcement ratchets up and it becomes something entirely different where there's a perception that they're, they're raining lightning bolts down on the industry. But you know, don't convince me. How do you convince, I don't know. We'll use Ari Paparo because everybody knows him as the benchmark, you know, Aries running some startup of 100 people in the ad tech space. And he's going to say, look, I have a privacy person, but how much do I really need to invest in this and why?
[18:29]
Doug Miller
You and I have both been involved with the network advertising initiative for a long time and self regulation was doing some of this work for a while, but that if you adhered to this code or framework, it really gave you a good roadmap to reducing the risk somewhat, but more importantly making it easier for other organizations to work with you. There's that halo effect that non compliance is contagious. And so if you are an organization that is building your tech stack through acquisition, everybody on either side of that acquisition needs to be thinking about compliance. Otherwise you're making things harder. If you are adding vendors, if you are expanding the company through acquisition, you want to make sure that everybody is abiding by these guidelines and laws so these elements of your business become easier, safer, lower risk and ultimately more profitable. If you are actually paying attention to privacy and compliance. And I should add security on top of all of that now, is it always the top priority? No, this is the ongoing challenge of privacy professionals. And so their job is to figure out how to change this culture. We talked about culture about 10 minutes ago and this is part of what privacy professionals need to be doing now, especially privacy executives. There's the repeatable work going on, but privacy executives have to be out in the organization, changing minds, building alliances, getting people on board. You're unlikely to go to the CEO, change their mind in one epiphany and be done with it. But you can if you go to other elements of the C suite, people on their teams, people who are leading products, eventually you'll find the people who want to launch a product, who want to meet their KPIs for the year. And if they're thinking bigger about not just how to launch their product, but what the company needs moving forward, the company in the context of an industry and how we're going to compete, the damage that could be done if the product isn't implemented the right way, then you start to see these things differently. So almost always if you start seeing yourself in this larger context, you're going to want to start planning better for the future. I argue that if you're planning for compliance and the trends are pretty clear, you're going to save money in the long run. If you're doing it now, it's just like anything else. If you do a patch up job, ad hoc or post hoc, it's going to end up costing more.
[21:04]
Alan Chappelle
Well, and that's why As a society, we are investing so heavily into climate.
[21:09]
Doug Miller
Change, well, you can see what's going to happen, right? But in cities like in the Netherlands, where they have learned as part of their culture to live with the sea and to understand that it comes in, it goes out, and, and we let the water come in and we give it some place to go, and then we adapt around it, that is much, much smarter for the long term than cities that pretend this is never going to happen.
[21:33]
Alan Chappelle
Fair enough. So I. I want to shift the conversation. So to this point, we've mostly been talking about, you know, how does a privacy professional, you know, navigate their particular. Or what is the argument for, you know, we'll just say doing the right thing. But, man, I don't think a week goes by where I don't have somebody reach out to me and say, hey, I'm either just starting out in the privacy world or I'm in the middle of my career and I don't know how to navigate this. Where are the opportunities? And I would just share from my perspective. I feel like I am a really bad example because I have just sort of had such a circuitous path to get here. And then I came to the realization a year or two ago that, like, privacy is a component not only of what interests me, but that the larger regulatory stuff, it's just difficult to talk about privacy without talking about antitrust and without Talking about section 230 and without now talking about copyright law. And so for me, that sort of evolved into more of a natural, you know, there. There's so much regulatory stuff to be talking about that that's sort of been the career path for me. But what's your advice to somebody who's sort of in the middle of their career? They see that they're a layer or two below, you know, the Chief Privacy officer, depending on the size of their org, and they're trying to figure out what is it I really want to do with the. With the Next, you know, 10 or 15 years of my life?
[23:05]
Doug Miller
Alan, as you know, although I used to be a chief Privacy officer, now I'm an executive coach specializing in healthy privacy professionals and lawyers. And my clients are in broadly three categories. At the one end, there are very senior privacy professionals, executives who are, in talking about how they're going to deal with some of these cultural issues, how they deal with the C suite, how they deal with some of the office politics or whatever. There is a next tier down of people who are directors or VPs who want to get to the next level and then below that there are basically it's just people who want to be in some other privacy job, not the one that they're in or they don't have one right now. In almost all of these cases there are some broad themes and I think it's really important to think in terms of both a set of mindsets about being a privacy professional and then some of the skills that you need to have. And ultimately I am convinced that the profession has changed enough that what got us here won't get us there, that we almost always need to reinvent how we're doing stuff. So if you're say a mid level privacy professional, what are you going to do? Where are you going to grow? I think you really benefit from the multidisciplinary nature of this profession, that if you add technical skills that can help you, if you add legal skills that can help you. But the skills that I think are going to help the most are the kind of things that are going to make you more effective within the organization. Sales, public speaking, the ability to facilitate meetings, to make an effective elevator, pitch, storytelling, building relationships and a network and alliances across the organization. That's how you're going to effectuate change. And if you're trying to find another job, those are the skills that are going to help you find another job as well. So a lot of, we call, some people call them soft skills, people skills. I think it's really essential, but I also think that they need to be paired with some mindset changes. This idea that, you know, the F. Scott Fitzgerald quote of, you know, the mark of a first rate mind is the ability to hold two opposed ideas in mind at the same time and still retain the ability to function. Of course we do need to be able to do that. It's part of managing through ambiguity. A lot of people don't remember the sentence that he said after that, which is that one should, for example, be able to see that things are hopeless and yet be determined to make them otherwise. That of course it's going to feel futile, like you're banging your head against a wall. But there is in fact a way out. Last spring at the iapp, I did a panel with Jocelyn Aqua about burnout among privacy professionals. And we had developed a typology of about 10 different kinds of burnout that privacy pros face because they're not all the same. You can be exhausted. That's not the same as feeling cynical, which is not the same as you're firing on all cylinders personally. But the organization keeps Frustrate you.
[26:04]
Alan Chappelle
I've managed to turn my natural cynicism into an asset. Not everybody is going to be able to do that though.
[26:11]
Doug Miller
Not, not everybody can do that. But it's a good skill to be able to have the ability to understand that change is both necessary and something that you can actually do. Being curious and not judgmental, ensuring that you are forward facing there is. It's so easy to get caught up in litigating the past. And I think we're all going to be a little bit better off if we can start from where we are and think moving forward. But most significantly, if you get out in the organization and you start thinking about what everybody else in the organization is trying to do, it's quite likely that they're feeling some of the same frustration. And you know, the sales team is probably hitting some walls, the tech teams are probably very frustrated, the requirements are not clear or whatever. And I think there's a real opportunity to get out in the organization and start changing, helping everybody else think about how they reinvent their work too. I personally try very hard to cling to being a techno optimist, but I'm pretty sure that that hinges on also being a human optimist, that changing the way we work is going to ultimately make us more effective in our careers, give ourselves control over our careers and move of this idea that we are banging our heads against the wall in this feudal Sisyphean task and starting with ourselves, find a new way of reinventing our careers and our work and then that can start shaping the organization.
[27:48]
Alan Chappelle
Okay, so first an observation. Love the Doug Miller quoting Ted Lasso quoting Walt Whitman. So well played, my friend. Absolutely love that. I think that there is still a mindset within a large swath of the privacy profession that they think that their job is to fire up anxiety bombs up through the organization. Like, like I, I still talk to people who like think that their role is to, oh, I saw this story and I'm gonna, I'm gonna ping this before anybody else does so they can see that I'm being proactive. And it's like, man, you are wasting everybody's time with that, including your own. The important thing is like you see a press story and if you're not providing context around that, why is this important? How does it fit within the larger gestudnik of the marketplace that you are operating? And then why is it relevant to your particular org and why should they be opening your emails? And I still think that there's sort of a work Hard, but not always work smart mindset that tends to permeate. And I don't want to beat up just the privacy people. I mean, that's a, that's a broad statement. There's a lot of people who operate that way. But. But it is kind of an endemic thing in the privacy and regulatory world.
[29:05]
Doug Miller
No, it is. And I will confess that there was a time when I'm sure I made that mistake myself, of trying to evoke fear and then offer hope and an antidote. But it doesn't work because they have other priorities. There are a lot of other things that they are scared about more. What's that Stephen Covey line, that courage is not the absence of fear, it's the awareness of something more important? Well, they know what they're more important is. And you've got to figure out what the more important thing is. And that could be the prosperity of the company, which ultimately will cascade down to the privacy team. So it really is very much about not just learning about privacy and the law and what the law means or whatever, but understanding what your company is trying to do, what the different teams are trying to do, what the company faces in the larger context of the marketplace. So start to see how the C suite sees these problems. And of course it's hard to do, but it's part of our vertical growth as professionals to move past the somebody tells me what to do and I'm going to try and do a good job to I have a better idea of what we should do and I start making recommendations and then you go up from there. I have always maintained a privacy professional at almost any level in the organization is probably more effective and more mature than other employees at that level because the work is so hard and so multidisciplinary. And I love privacy professionals. So I may have a bias, but if you keep reflecting up and out, ultimately that's going to help you align with where the company can go and you'll make better recommendations. You'll start to be regarded more as a trusted partner who people want to actually listen to. And I do believe this, that there will be teams within the organization that will start to realize that their best chance of hitting their KPIs is going to be by actually listening to you so that they can be smart, avoid problems, and keep the cost down. Problem definition is a skill. Understanding what problems you might also be creating is an underemphasized skill.
[31:16]
Alan Chappelle
So I want to come at this from a slightly different perspective. So one of the things that they don't tell you in college or really anywhere is that in most professions you age out at some point. Not everybody, but if you look like, you know, at a certain age, you know, 50% of the people are, are less employable. And I, I'm, and I'm starting to look at that now as I'm sort of into the back nine of my career. So I remember, you know, late 90s, I met this new media company. There was a sense of purpose, there was a sense that we were growing something and, and, and probably a little too much schadenfreude at the, what we used to call the Direct Marketing Association. Envelope salesman types at their. Oh, well, they're not going to adapt. They don't get it. Okay, well, what's happened over the last couple of years is this, you know, artificial intelligence thing. And like, this is new, this is scary, this is highly complex. And so now I find myself, and I think I've got a number of other people who are, who are roughly in the same age bracket looking at this. And so what used to be seen as exciting and opportunity is now viewed as kind of scary. Like, how do we grapple with this? And so I guess I'm just going to ask you that flat out. Like, what are some of the, you know, the skills or the strategies that we can adopt, you know, knowing that like, maybe time isn't on our side here.
[32:48]
Doug Miller
I think the time not being on your side thing matters more if you are in certain professions where your physical skills will deteriorate, if you're a surgeon or you fly planes for a living or a professional athlete or something like that. But we are knowledge workers and as we age, we transition into becoming wisdom workers, that we are actually more valuable to the organization because of the accumulated wisdom and experience on top of continuing skills. So that's why I don't think there's a, I don't think you age out of the privacy profession. I think you're starting to accumulate more of the people skills, the leadership skills, skills that will ultimately make you more effective. So when in doubt, I always say choose what will help you grow. As far as the AI stuff, you know, last year the IAPP had this, it was like a report on organizational data governance or something like that. And there was this extraordinary slide in it where they were, it was about the ampersand in job titles that so many privacy teams were being asked to take on other duties. Privacy and compliance, privacy and ethics, privacy and AI, privacy and security. And people see that slide as kind of a Rorschach test, where some people look at it and they're like, oh, my God, I couldn't possibly take on more work with my team. We are absolutely overwhelmed. And other people see the opportunity, and I think we should see the opportunity there. If you're a Chief Privacy officer and they're saying, oh, we'd like you to take on AI or almost anything else, I think it's a gift. Is it going to be more work? Yes. And that's a drag. But it is a gift, because one, it means that now they're asking you to care about something that the organization cares about so you can change your messaging in a way that I think it'll land better. Two, it forces you to expand your network within the organization. You're working on something that the organization thinks is sexy and fun, and there'll be some growth in learning the new technologies. So all of these issues, all of these other regulatory issues, I think if you're a privacy team, welcome them because it helps you expand your influence in your network and that sort of thing. And as far as adapting to these new technologies, look, I sometimes think that I'm a bit of a curmudgeon, but my whole career I've been committed to, all right, let's take this thing for a test drive. Let's see what works and what doesn't. And I think if you're willing to experiment, if you are willing to go deeper on it, to understand the larger implications, to understand the potential downsides and keep them from happening, then we're really adding some value. This is what people did when they were learning how to use electric lights and cars and things like that, and people figure it out. And I don't think we should be afraid of these technologies if we don't understand them. There's reason to be afraid. But if you engage and start to learn and start to think about how you can use these technologies for yourself or your business. It's all part of how we think about reinventing ourselves.
[35:56]
Alan Chappelle
And that's really the. The key here is that most of us are going to need to reinvent ourselves at least once.
[36:05]
Doug Miller
I think that is exactly right. I think the cadence at which we must reinvent ourselves is happening faster. And I think that of course we do it. I like to think of reinvention as sort of a theme of my coaching practice. I'm essentially helping people prepare themselves for that. Reinvention. Transition is messy sometimes. You're not sure where you're going. But I like to use the metaphor of Lewis and Clark, that we know that there is something out there that is potentially extraordinary. We have a hunch that there might be like a Northwest Passage or something. Awesome. But we are going to go and find out. They called their mission the Core of Discovery. It's a process of discovery and adventure. And I think if we adopt that mindset for our careers, there's upside as privacy professionals and as everybody else in our companies to figure out how we deal with this world. And it's a lot of things. It's learning to reduce distraction, it's learning to figure out how to grow, to grow your people skills, to move out of your comfort zone and into some place where it's a little uncomfortable, but it's that place where you're actually growing. So reinvention is a thing that we all need to learn and do. I know you're in the process of doing it now. You've become a podcaster. You weren't a podcaster a few years ago, but now you are in a successful one. So nice work with the reinventing there.
[37:28]
Alan Chappelle
Well, thanks, thanks. It's helpful if you can find things that you are passionate about. And the one thing I will say that privacy pros and even regulatory pros have in spades is passion for the work that they're doing. But sometimes that passion needs to be re channeled or reinvented or, or maybe we'll just, you know, we'll leave it with the, the TED Lasso ism. It's really about always be curious.
[37:56]
Doug Miller
Yeah, be curious, not judgmental. And, and remember how that show ended, that it was never about him, it's about everybody else. And if you can remember that, it helps you understand the context of where you are.
[38:08]
Alan Chappelle
I've got one more set of questions and I want to just transition a little bit outside of the specific privacy and regulatory space because my audience is very into the ad, the digital media world and one of the biggest issues in the ad space. So even beyond privacy pros is sort of a growing sense of futility and maybe even powerlessness as Google and Meta and Amazon take up an ever increasing share of the revenue pie and the rest of us seem to be fighting over a smaller and smaller slice that wasn't nearly as evident years ago when the pie itself was growing at such a rapid pace. But, but that seems to have slowed a little bit. And so, you know, some people are, are just jumping to the next, you know, sexy thing, whether that's AI or, or, you know, the wild west that is currently, although soon will not be the CTV space. So assuming that you can't necessarily jump to the next vertical, you know, what should my listeners be thinking about?
[39:12]
Doug Miller
I often think of privacy professionals as having three pressures on them. One is this sort of external pressure of things that are way beyond your control that you cannot change. So you know, the big companies are going to do what they're going to do and there's not much you can do about that. And a stoic would say, well, let's not even waste our energy on that. The other pressure that I think comes up too often is the sense that even within our organizations it's pretty hard to effectuate change. And that could be true and that's what does in a lot of organizations. But I think we can only make a difference there if you think of the other pressure, which is on ourselves. And a lot of people feel like this futility has many layers and I can't move. I disagree with that. I would urge everybody to remind themselves that they are never trapped. And so if you start doing the work on yourself, building your own capacity to change, make yourself what I like to call more transformable with these mindsets and skills that we need, then you can be more effective in changing the organization. And then the organization can figure out how it can actually deal with the things that it can't change and reinvent and move around it. So you're not stuck, but the way out is almost always going to start with you. And then you can start changing the organization and help them rethink a new strategic approach.
[40:41]
Alan Chappelle
I love that as advice. I the precursor to that, and I've said this before but is find the thing within you that drives you. What is the thing within you that gets you up in the morning. And by the way, I don't want to rule out that that might not be privacy or regulatory. You know, there's. I know that we've sent. We as a private privacy community have sent a number of people off into very successful and lucrative non privacy careers. And that's okay. You're better to be doing what you love than to be stuck doing something that, that you don't.
[41:19]
Doug Miller
I think you're so right that your plan for where you want to go ultimately is going to have its origins or genesis and your own personal story. So a lot of times I think if we're talking about reinvention or transformation or whatever, it sounds scary to people because it's somehow a challeng challenge to their identity or it's going to be something that's Terribly, terribly different. There's nothing about reinventing yourself that should dishonor your past. It should be, in fact, respectful of where you've been and grow from there. It's. But, you know, you're a podcaster, but that's not completely at odds with everything else that you've done. Everything else that you've done brought you to this point. I do think you're onto something, though, that privacy professionals can do other stuff. And I do have conversations like this with clients where, if you actually think about, you know, what are the strengths and skills and behaviors that have made you successful as a privacy professional, those are going to be things that are actually potentially very effective for other kinds of careers, whether in legal. You go on to become a general counsel, you go on to run a small organization, you go and start your own business. That set of people skills that would make you an effective privacy pro or exec are going to help you do all kinds of things. I think there are technical opportunities, program management opportunities, leading small organizations, moving on to a nonprofit that you're passionate about, that feels like genuine meaning. Moving up in a legal department, moving to a big firm, and then out to a company. The privacy profession, I think, is highly generative in that it has a diversity of talents that can go and grow in a lot of different directions. So start thinking about it from the perspective of discovering and creating opportunities for yourself.
[43:09]
Alan Chappelle
Completely agree. And really take risks, particularly if you're on the front end of your career. I recognize that people, as they get into the back end of their career, it's a little bit more difficult to do that, and I want to be sensitive to that. But, holy crow, be willing to take risks. When I put out my shingle in 2004, in part it was because not a single law firm in New York City was willing to hire me. I put out maybe 200 resumes. The only one that came back was for a relatively low paying, slip and fall associate opportunity. And I thought, you know what? That's probably not for me. But. But along the way, as I was building up this practice, I turned down some really interesting and lucrative gigs because I recognized that my passion was in building this Chappelle and Associates thing. And it turned out that that was the right decision. It was certainly the right decision for me because I can't get up in the morning unless I'm feeling like I want to change something, I want to build something, I want to grow something. I don't want to end this on a filibuster on my part. So I want to give you an opportunity to build on what I just said.
[44:25]
Doug Miller
Well, I'll make two points. One, I think you're 100% right about the risk taking, especially when young. If I look back and think of regrets I have, I do wish I'd taken a couple more risks. So that's a biggie. But the idea of when you're older and you feel like I've got to put people through college, maintain the health insurance, that sort of thing. There was an article in the Washington Post this week or last week about job hugging. And of course, hugging is the wrong word if you think of a hug as a warm, affectionate embrace. But certainly job hunkering or the idea that you have to stay because you don't see anything that's an alternative. I think the point there is this. Don't just stay in it and then quiet, quit or phone it in. You can stay there and maybe it's not your favorite thing, but find ways to prepare yourself for when an opportunity does come up. Find ways to grow. Find ways to develop the mindsets and skills that would help you along. You probably have blind spots and that's why people have coaches. So talk to somebody and get some help. But you don't have to be stagnant while you're stuck.
[45:31]
Alan Chappelle
So Doug, how do people find you?
[45:33]
Doug Miller
You can find me at dougmillerstrategies.com my website is dougmillerstrategies.Com and you find me on LinkedIn. And I would love to talk to anybod privacy professional or non privacy professional, about how we can help you get where you want to go.
[45:47]
Alan Chappelle
Well, fantastic. Let's end it there. But this has been a great discussion. Doug, I really appreciate you coming on.
[45:52]
Doug Miller
Alan, it's always great to talk to you. Thanks for having me.
[45:57]
Alan Chappelle
That was a great conversation. Doug is an old friend and I enjoy goofing around with him a bit, but I think he's got wisdom and perspective that can benefit others in the privacy and regulatory world. Building on lots of what Doug discussed, I have a few thoughts for those trying to grow their careers. First, find out where your passions are, even if that means stepping away from privacy or taking a role not as a privacy professional but as a privacy advocate. I see lots of people at in house roles who should be thinking about going to EFF or some other advocacy group. Second, take some risks. There is something to the idea of failing spectacularly. And if you ain't failing, then you ain't trying hard enough. Every good thing that has happened in my life came as a result of taking a risk of putting myself out there. Third, do not ever let anyone else tell you who you are or who you can be. Very few people have the answer, and only you have your answer. I hope this has been a helpful discussion. We talk a lot about big challenges here at the Monopoly Report, but there is no bigger challenge than the search for happiness and fulfillment in your career. We have some other fantastic guests coming up on the Monopoly Report podcast soon. Please subscribe to the show atmonopoly Report pod.com or on Spotify, Apple, YouTube, or wherever you listen to your podcasts. And thanks for listening.