Kate Helin was a fresh college graduate implementing a new HR system for the Department of Defense when she learned the nuance of data protection in business.
A consultant on the project, Kate’s role was to work with various stakeholders and software engineers to ensure the right people had access to the right information. Her goal was to strike a delicate balance between limiting use of personally identifiable information and allowing enough information to be shared so folks could do their jobs every day.
That early career experience made Kate a student of the emerging body of law around data privacy and security. It prompted her accelerated timeline through the Wake Forest University School of Law, earning her juris doctorate in two-and-a-half years. It helped focus her law practice on preventing and assisting clients through data security breaches.
And when the opportunity arose to shepherd Pendo through GDPR compliance, she hopped on it. Kate joined Pendo as its first data protection officer in March 2018, earning one of the most sought-after titles in business today.
There could eventually be 75,000 “Kates” around the world based on predictions from the International Association for Privacy Professionals leading up to GDPR regulations. But the role is still somewhat obscure—only about 2,000 data protection officer jobs are listed on Indeed.com.
The new role was not just significant for Kate. For Pendo, it represented a commitment from our executives and investors to make data protection a differentiator for our product. And to fulfill that promise, we knew we couldn’t simply carve out time from the busy schedules of our CTO or CFO. Nor could we ask those executives to re-prioritize the core aspects of their jobs.
Pendo needed someone to wake up each day carrying the torch of compliance. Our customers (and their customers) deserved that level of focus too. (In some countries, this is considered a best practice.)
Kate was excited to apply her studies back in a business context. “You see the rewards of your labor a little bit faster than in private practice or politics,” she says. The most interesting parts of her consulting work were the processes she put in place to manage both technology and people. Compliance to data protection laws requires that as well.
As Kate explains it: “There are some privacy and security problems that technology can solve and others that have to be solved by business processes, training and implementation with boots on the ground. At some point, people are engaging with the system.”
The DPO role at Pendo is as much about educating the team and getting buy-in across the organization as it is about putting policies and procedures in place. Kate describes herself as a counselor and advocate—her goal is get everyone thinking proactively about data security.
She’s thankful that was already the case at Pendo when she joined the company. “There was a cultural understanding that this is really important and we need to be prepared,” Kate says.
Kate now manages the cross-functional task force that began months before her arrival. She led our efforts to change privacy policies, contract language and cookie policies to comply with GDPR standards and she’s overseeing the ongoing commitment to provide enterprise-grade security to our customers.
Kate is exceptionally good at simplifying the new policies so anyone can understand. Her two main points:
- Do what we say we’re going to do. Tell customers how we’re going to use their data, and only use it for that purpose.
- Do what is reasonable. Because we are accountable for any data that customers share with us, we must treat it with, at least, reasonable security measures. To Pendo, that means carefully considering the data we have and protecting and managing it appropriately.
To keep up on the latest GDPR and security news, Kate wakes up each day to data privacy alerts from several national media sources and updates from the Association of Corporate Counsel’s national and local data protection security groups on important milestones in court or law.
That real-time nature of this emerging practice of law is what keeps Kate so excited about her work.
“It’s not like medical malpractice, which people have been doing for 40-50 years and know everything there is to know,” she says. “Data security law is changing ridiculously fast, and as someone with a tech background, I saw that I could make a difference quickly.”
Kate is making an impact at Pendo in other ways, too. She’s applying her undergraduate major in gender and sexuality studies as a member of the company’s diversity and inclusion initiative. She recently represented Pendo at a statewide workplace diversity and inclusion conference, sitting on a panel with top executives from Cisco, Lenovo and Fidelity Investments. The theme was “Creating a Sense of Belonging in Your Organization,” and Kate’s comments echoed her beliefs on both diversity and data initiatives.
“Whether it’s D&I or a security initiative, people won’t do something they don’t feel is valuable,” she says. “You have to help frame things in a way that people see the value in doing them, and do them inherently.”