Melanie is the Director of Privacy, Data & AI Governance at ctrl:cyber and was one of the driving forces behind elevenM (now part of ctrl:cyber). With decades of experience working in privacy, Mel is a heavy hitter in the world of data risk.

Melanie can be found advising clients, working on the business, supporting the team, engaging on issues and advocacy, and on many other tasks, big and small.

In this edition of Ctrl In Focus, she shares her perspective on the work, how she came to be working in this field, and some thoughts on how data risk disciplines work together. Read her Q&A below.

 

Q. Tell us about your role at ctrl:cyber. What does your day-to-day look like?     

A. Every day is different and that’s the best part of this job. I spend my time working with clients, navigating changes in the tech and policy environment that will impact them and working on the business. I love the creativity and strategy that comes with working with brand, with HR, with the Digital Trust team and with Management to get the best outcomes for clients, team members, and stakeholders, while pursuing rights and interests that impact humanity.  

 

Q. What first got you interested in privacy?    

A. After a couple of roles in advertising and intellectual property law, I began to pick out the things I loved and the things I wanted to run from. I realised that I liked the business world, enjoyed aspects of law and marketing, but wanted to get closer to consumer protection and technology and I wanted to solve problems and be able to think more creatively than pure law allowed. Privacy operations and policy ticked those boxes, was founded in ethics and human rights and had a welcoming culture that meant on a basic level I enjoyed going to work each day.

 

Q. What’s one misconception about privacy management that you see often? 

A. This is not so much a misconception – but a disconnect that we sometimes see is that people often don’t think about organisational decisions with the same lens as they would apply to how they think about their own privacy. At the end of the day, everyone is a consumer, and the organisations that best understand that in the way they manage their privacy program are the ones that inspire trust with their own customers.

 

Q. What’s one early sign that an organisation’s approach to privacy isn’t working as it should? 

A. When processes and accountabilities for protecting and governing customer data are not clear, privacy is not working. This might be reflected in people not knowing processes or how to escalate issues, it might be policies and procedures that contradict each other, or even something as simple as not being able to definitively answer questions about how the organisation handles information because there isn’t confidence behind the answer.

 

Q. How do cybersecurity and privacy actually work together in practice?

A. An easy explanation is that cyber security protects the perimeter, making sure that data is not lost or compromised, whereas privacy frameworks govern what happens inside the organisation, protecting people by making sure that information is not being misused or disclosed without authorisation. Whilst many of our clients recognise the value of a combined response to data breaches, many are yet to recognise that the epicentre of these disciplines is data governance. Privacy and cyber should invest in proactive data minimisation, tidying up retention, access controls and data quality and they would see a reduction in risk immediately.

 

Q. What can we catch you doing outside of work?

A. I’m really into cooking at the moment and am working on mastery without recipes. You’ll also often find me doing very long hikes and dragging/encouraging people along with me. I also love 90s hip hop and R&B.

 

Melanie’s influence can be seen throughout the Privacy, Data Risk and AI Governance team – a team that she has built over time, bringing together deep expertise with a consistent commitment to collaboration.

Read more Ctrl In Focus Q&A’s here ↗