Announcing Our 2024 Data Privacy Heroes

Nearly one hundred nominations later, we’re ready to announce this year’s Data Privacy Heroes. We opened nominations for the Data Privacy Hero Awards to everyone to ensure our selections reflected the future of privacy our community believes in, and you answered. Thank you to everyone who took the time to recognize their own heroes within and beyond their organizations: you made our decision joyfully difficult.

The Data Privacy Heroes advocate for consumer trust and transform how organizations manage data privacy. Together, our Data Privacy Heroes set a new standard for data privacy. 

Without further ado, let’s introduce our 2024 cohort.

The Visionary: Gauri Manglik, GoFundMe

The Visionary guides their organization to coordinate across teams and ensure a best-in-class data privacy experience. Gauri Manglik, Deputy General Counsel of AI, Privacy, and Product at GoFundMe, has developed a privacy-first strategy that she expertly sets into motion through close collaboration across legal, product, engineering, security, and HR functions. 

Manglik and her team work closely with every department to set internal policy, fine-tune customer communications, build privacy into product features, effectively anticipate and minimize potential security risks, deliver internal privacy training, and much more. There is not a single department at GoFundMe that doesn’t partner with Manglik on setting a new standard for privacy in some way.

How does she handle such a large scope of work? Unique from fellow nominees, we were impressed with Manglik’s product-driven mindset. As Manglik wrote, “Implementing a comprehensive privacy by design framework with the Product and Engineering teams proactively ensures that privacy is embedded in the organization’s operations and decision-making processes.” Manglik maintains a privacy program roadmap that sets clear and measurable goals she can report on to executive leadership to ensure privacy remains a  priority at the highest levels of the organization. 

While Gauri Manglik’s leadership stood out as exceptional, she had tough competition. We would be remiss not to recognize the following semifinalists who each work towards a unique and powerful vision for their organizations:

• Mirena Taskova, Chief Privacy Officer, Aura: We were impressed with Taskova’s ability to tie privacy objectives to Aura’s core brand, fostering a culture of “safety for all.” At Aura, user trust is understood as essential to long-term brand success against competitors, motivating the organization at large to support privacy efforts.
• Scott Lyon, Chief Privacy Officer, SHEIN: Lyon’s vision for privacy is multinational, taking the challenges of international privacy law head-on. Complex problems require complex solutions, and Lyon has championed technical solutions to simplify and standardize privacy work across SHEIN. 

The Innovator: Eric Lovell & Sean Kellogg, Dexcom

The Innovator empowers their organization to minimize risk and strengthen customer trust by pioneering and implementing new technical solutions. Eric Lovell and Sean Kellogg at Dexcom have achieved exactly that. As a large medical industry supplier, compliance for Dexcom is complex, with additional layers of regulation on the sensitive health data they must process, an immense volume of subject requests to keep up with, and intricate internal systems.

We were impressed that as privacy counsel, Lovell and Kellogg built an impactful relationship with Dexcom’s engineering teams and successfully delivered a unique technical solution to their challenge. Dexcom leverages DataGrail’s complete privacy solution while also taking advantage of DataGrail’s API for their necessarily custom work. Dexcom created a robot that receives data subject requests through DataGrail, performs expansive additional data discovery through internal systems to exhaustively surface sensitive data as needed, format the data in a clear format, and ensure the integrity of the data against several regulatory requirements. On average, Lovell and Kellogg’s tool saves an additional 800-1200 hours of human involvement per month on top of the time they already save taking advantage of DataGrail’s integration network, which allows their privacy team to be able to remain flexible in a complex regulatory environment.

For privacy counsel seeking to build similarly rewarding relationships with internal technical teams, Kellogg and Lovell give this advice: “Create a privacy-centric culture, incentivize good practices, lead by example, provide resources, and make it relevant.” 

Innovation comes in different forms across different industries, and it was challenging for our team to choose just one winner for this award. Here are a few of the semifinalists that nearly took the prize:

• Keerthana Ann Jacob, Product Manager, Salesforce: Like Dexcom, Salesforce has built a unique solution with DataGrail’s API, in this case allowing them to automate deletion from more internal systems and expedite some data subject requests’ processing to as low as just 2 minutes. Jacob strategically prioritizes automation projects like this one in order to alleviate any initial hesitations teams may have and foster organization-wide privacy compliance.
• Gareth Kitchen, Privacy Manager, FanDuel: Kitchen leverages DataGrail solutions including Request Manager and Risk Monitor. Where he inspires is his transformative approach to cross-functional buy-in. Every choice Kitchen makes in his DataGrail implementation is designed to create a relevant, cleaner, easier way for colleagues to engage with privacy requirements. As a result, Kitchen is seen as a trusted and highly collaborated partner across FanDuel.
• James Rogalski, Director, Strategy & Operations, Definitive Healthcare: As his nominator described, Rogalski is “a tireless advocate [and] has worked to make data privacy a competitive edge for Definitive Healthcare.” His innovation comes in his focus on scalable and repeatable privacy practices using trusted tools and setting direct and realistic expectations. 

The Champion: Kirsten Daru, NETGEAR

The Champion inspires organizations beyond their own to protect the human right to privacy. When our team read the nomination for Kirsten Daru, General Counsel & Chief Privacy Officer at NETGEAR, we were struck by her reach and impact. While Daru modestly expresses gratitude for the many mentees she has taken up since beginning her work in privacy, her impact extends far beyond those already excited about privacy. 

Daru provided testimony before the Senate Committee on the Judiciary Subcommittee on Competition Policy, Antitrust, and Consumer Rights in 2021 while acting as the Chief Privacy Officer and General Counsel at Tile, inc. In this testimony, Daru helped legislators understand how companies leverage a wealth of consumer data to disadvantage their competitors in allegedly fair marketplaces, and the privacy implications of these corporate strategies.

Daru emphasizes what she calls “the commercial value of doing the right thing.” Daru expertly tells the story of how protecting consumer privacy creates trust and builds customers for life, allowing her to grow buy-in for long-lasting initiatives such as cross-functional privacy risk councils. Her approach, which she shares openly in writing and speaking engagements with practical, tangible tips, has been adopted by many other privacy practitioners and she’s applying those principles in her current role as GC and Chief Privacy Officer at NETGEAR, supporting the company’s strong commitment to privacy and security. She even offered this hands-on guidance at this year’s DataGrail Summit.  

While considering nominations for Champion we read many phenomenal entries from practitioners with strong impact on local and national educational institutions. Each of these speakers is having a profound impact on the profession, but one stood out as an incredibly unique voice in the world of privacy, we knew we needed to call attention to his work:

• Matt Hillary, Chief Information Security Officer, Drata: Hillary understands that trust is foundational to Drata’s relationship with customers. Not only has he championed privacy initiatives internally from his vantage point as a security leader within Drata, but he has also brought his vision to security leaders at other organizations as well. Hillary urges security leaders to implement privacy by design, noting not only the benefit of data minimization to incident response, but also that it is the most practical path towards meeting user needs in the 21st century. 

Questions about the Data Privacy Hero Awards?

Nominations for the Data Privacy Hero Awards were accepted both internally and externally. Nominees did not need to be DataGrail users to be considered for an award. Visionary and Innovator award submissions were anonymized and evaluated using a standardized rubric for each award. Champion award submissions, given the external requirements of the award criteria, were not anonymized, but utilized a standard rubric. Award winners were eligible to receive prizes up to $600 in value. Any further inquiries about award selection and process can be directed to [email protected] 

Look for information about the next Data Privacy Hero Awards in summer of 2025. Until then, be sure to share a note of appreciation with your own heroes.