Back to Top
[A] Podcast
00:00
audio controls 10 10
audio controls 10 10
 
00:00

Digital Policy: Powering Operations, Innovation, and Velocity

[A] Podcast #20

backforward audio controls 10 10
backforward audio controls 10 10

Listen:

Interview With Kristina Podnar

Many think digital policy is a chore related to managing risk and regulations. But policy has a far more important role to play in developing a healthy digital and customer experience ecosystem.  Explore the role digital policy plays in accelerating content operations, encouraging innovation, and speeding up content velocity. Find out how policy may be one of the key missing ingredients that can positively contribute towards content intelligence.

hexagon

Bio

Kristina Podnar is a digital policy innovator. For over two decades, she has worked with some of the most high-profile companies to balance the risk and opportunity of conducting business in the digital age. Kristina is the Principal of NativeTrust Consulting, LLC. Her book, The Power of Digital Policy was published in March 2019.

Resources

Follow Kristina Podnar on social media:

For more resources from Kristina, check out:

Policy is not a burden. They're not handcuffs. They are a way to be free, innovative, and color within the lines using any color you want.

Transcript

Cruce

Welcome to A Smarter World. This is your host, Cruce Saunders, and I'm joined today with Kristina Podnar. She was a digital policy innovator for over two decades, she's worked with some of the most high-profile companies to balance the risk and opportunity of conducting business in the digital age. Kristina is the principal of Native Trust Consulting. Her book, The Power of Digital Policy, was published in March 2019. Welcome to the show. Kristina, thanks for joining.

 

Kristina

Thanks for having me. So much fun to be here.
 

Cruce

It is. And we get to be in person here in Washington, D.C., which is one of the homes for digital policy governance and the considerations therein, which is a big topic as new regulations are pouring into the consciousness of the digital community. And many people are starting to look at privacy, starting to look at the regulatory environment, accessibility, and other forms of interaction with global markets and their regulations as something that needs careful attention. And so you couldn't be talking about a more important topic at a more important time.

And I'm really pleased that our audience gets to benefit from the wonderful experience you've developed in this niche, which is not going to be a niche for much longer. I think it's really going to be a part of what every enterprise needs to consider when putting together a program around customer communication or any form of communication in the digital space. So first of all, let's just start with what is digital policy and why should organization leaders care? Why should the content community care?
 
Kristina
Great. Well, that's a wonderful place to start, actually. And let's talk first about, like you said, what are digital policies? So people's heads immediately go to legislation, regulation, things that are sort of legal or regulatory in nature. But the reality is that there's an entire spectrum of things that are really digital policy. And the best way to think about digital policy is really as guardrails. @kpodnar In fact, for people who either have been children, which we all have or have children, the way I explain it is almost having your backyard with a fence.
 

You tell your kids they can go out there, they can play, they can do whatever they want to. They just can't leave the confines of your backyard and that fence. It's there to keep them safe. Now, they can do lots of crazy things. They can take the broom maybe that's out there or the rake and they can pretend it's a horse. They can race worms like my child used to do. They can throw sand up in the air and pretend it's snowing.

But the reality is that they're safe in that backyard. We know they're not going to get run over by a car. We know nothing bad is going to happen to them. And when they're ready for dinner, they can come inside. And it's the same thing with policies. When you actually create policies, what you create for the organization, the enterprise for content creators or anybody else who is involved in digital is a nice, safe place where they can be creative, they can be innovative. @kpodnar
 
They can do all kinds of stuff knowing that they're not going to either put the brand at risk or break a law or go against any kind of regulation that's out there. And that's really the power of digital policy and the way that I think about it.
 

Cruce
You know, kids often get in trouble, though.
 
Kristina
They do, lots of times.
 
Cruce
And paint outside of the lines.
 
Kristina
They do. But if you actually explain to them and I have a kid, so I've kind of done this piece. If you explain why they shouldn't go beyond that fence line that we've established, what bad things can happen when you do that. And when they start to paint outside of the "lines", people tend not to do that if they understand there's a good reason for it and that it's actually keeping them safe.

Most of the time, people instead of enterprises do "bad things", not because they want to do bad things, but they don't understand either (A) what they ought to be doing or (B), they actually don't understand where the edges are. And that's what happens most of the time. That's what gets us in trouble, whether it's around privacy or if it's bad SEO or accessibility, and we all know those stories.

The reason that most sites today, for example, aren't accessible isn't because people don't believe in accessibility. But for a lot of people, they haven't had that "aha" moment to make the connections between it's not just about some crazy law in the United States or the fact that it's legally required in Israel to have an accessible website. It's the fact that all of a sudden users have a great user experience, not just if they're blind or they're deaf, but maybe they have carpal tunnel because they're getting older and they've used their mouse for too many years.
 

It's about the fact that they create good experiences that then translate into loyalty, word of mouth brand promulgation, all kinds of really good stuff. And so, most of the it's time explaining the "why" and helping people to understand that they're really enabled within the framework and understanding that really policy is not a burden. They're not handcuffs. What they are is a way to be free and innovative and color within the lines with any color you want.
 

Cruce

There's a lot of relationship, I think, with content structural standards here. We want to be able to give authors a structural model to work within. But if it's done well, that should actually be freedom enabling because the content doesn't have to be restructured every time it's put into a new application. It can just be used from its raw structural elements that have been predefined.
 

And so there's a painting, there's guidelines, there's a painting within the coloring book that's provided that's there. So it removes the do anything you want, anywhere you want. But it also creates freedom in that, too. Can you talk a little bit about that balance between flexibility for independent business contributors and the structure that we're providing as a way to help make sure that contribution works within a larger environment, larger ecosystem in a graded way? @mrcruce


Kristina
Absolutely. And so, one of the things that I love to do is actually go into enterprises where we do want to enable people to have that freedom. And what I love doing is actually creating policies in a way that they're applicable. I don't like to call them guidelines because guidelines are so optional in a way. Policies are the hard and fast that you shouldn't ever do or the things you always have to do. They really are those rules that keep you safe when you're driving down the road.
 
And so for individual contributors, what's really great is when you put those in place, not only does it allow them to actually create content with some kind of an end goal and strategy in mind that actually keeps them on the right track. It ensures they can do that faster. They actually understand what they can and can't do. And what they don't have to do is come back every time, raise their hand and say, "Mother, may I?"
 
Because we already know in advance or we ought to know in advance, what are the rules that they can't break and where can they have freedom? So I always think about this from a content perspective and think about it maybe in a global enterprise where there's a very different tone and voice depending on which market you're going after. However, there are some principles that we just hold continually across all of those markets. 
 

For example, how do we reference our company? Are we a very formal company? Are we informal? How does that resonate with our brand? And so there are some things that we always consistently apply, but then we actually look at our individualism and say, "Well, you know what? If you're in Italy, you're going to have a very friendly tone, maybe a little bit more informal. If you're in Germany, it's going to be far more formal." Right.

 
If we're in South Korea, it's going to be a very different tone in terms of respect for the culture and the elderly and the history. But if we actually have that framework and say, "These are the things we always do or don't do in terms of a company in a brand", then the rest is up to you. You can get creative, you can get innovative, you can maybe even use some slang if you're in Italy.
 
Some new words that are coming down the pike and get really creative. And what you don't have to do is go back and say, "Oh, here's my content that I'm submitting for yet another campaign. And, may I please publish this?" And here we are. You know, you submitted that for publication three weeks ago and it's finally making its way and everybody's approved it, including legal, which we know can be a pain, no offense to the legal folks out there.
 
It's really great from that perspective. It's about invigorating people and freeing them up. But you have to have that structure. What's really critical and makes this a fine balance is considering the risk– considering the opportunity and balancing those two things together. @kpodnar Because oftentimes what I see is either people are driving without a seatbelt or they're being too cautious and they're not exploiting content and digital for what it's actually worth and reaping the opportunity and the benefits.

Cruce
I think the picture you're painting there is one of velocity through definition. And that's interesting to me because I think one of the objections we hear when introducing structure is it's going to slow things down, but it actually does the opposite. It enables speed of decision, autonomy of movement & ultimately velocity of content –@mrcruce through a workflow into published environment when there's guidelines. That the guidelines are adhered to, then policy is adhered to. There's a green light all the way through.
 
Can you help our audience with examples where digital policies are creating opportunities for competitive advantages instead of being this burden that it's often saddled with to those working in digital in general?
 
Kristina
Absolutely. I have a really great use case. I worked about a year ago with a client who's in the pharma space and as you know, nicely regulated pharma. Right? That's a pain to get any content through. And what was fascinating is you always have your very special buckets of content, things like provider-related versus patient-related, etc. What you can and can't do. And so this pharma organization thought they were doing a fairly good job because they can get content published onto their website within 21 days.
 
So they felt very proud, 21 business days. We could get our content out there, which works well for a planned product campaign. But if you have a crisis, let's say the coronavirus right now coming out of China. You don't want to wait 21 days to communicate to people how to stay healthy or to practitioners around what kind of vaccines might be available to them to help treat their patients. And so what we did is we actually went into the organization, said, "Look, why is it taking 21 days?"
 
And the reason it is taking that is because there was a lack of trust and people actually didn't understand upfront what policies they had to adhere to. So what you had is a lot of people creating content on the frontend, sending it to legal, legal, pushing back on them. Then they would actually say, "OK, we've gone through legal." Then it will go through brand review, came back from brand review. OK, now we're actually through legal and brand.
 
What's next? Oh, the localization team, the imagery team. Well, no wonder it was 21 days. But what we were able to do is say, "Look, let's flip this on its head rather than saying, "mother, may I" every single time. Let's look at a model where I assume that you're smart because we hired you into this organization. You are accountable because you're smart and accountable, which is why we hired you.

Let's tell you up front the things you have to do and what you should never do. And then let's try this again." And it was really, really cool to watch, because once we got those systems and mechanisms in place, we freed up the content contributors to get their content through the process in three days. So 21 to three days is absolutely amazing. @kpodnar But what was happening is you had content creators who upfront understood what legal was looking for.
 

They knew that they could submit to legal in all the crazy different variations of here's what the content looks like on an iPad versus an iPhone versus an Android device versus a computer screen. And that was part of the submission package. Not a lot of back and forth after that. Why? Legal sees it, signs off on it. Brand sees it, signs off on it right away. And after that, you don't even have to worry about the rest of the workflow that you did before, because we've already baked in all of those requirements.
 

And it's almost like they're pre-vetted. And so for that organization in particular, they got to the point where if it is something like a coronavirus situation and a major outbreak or maybe Ebola outbreak, where you really have to have almost like an emergency communication piece. They can actually do that now within one day, where it's only the really critical folks that have to sign off. And what's interesting is the integrity of the content. It's great that we got 21 to three days.


That's fabulous. But then what we actually saw was an increase by threefold satisfaction of content contributors in terms of their happiness in content creation processes. And what we saw is that on the whole, there was actually more thoughtful content coming through. Things that were more relevant to the content strategy and to the general digital strategy. And it made more sense. So you see that that's a really good example, but there's others.

We see startups, for example, policies in the startup world, how can you even have that? Startups need to move fast. But what you actually see is good policies creating good practices around data in startups. We don't want to choke them, but we want to put enough structure so when they go out and try and raise capital, when they try and actually sell their business, investors are looking at them.

Companies are looking at them and they're saying, "You know what, I'm going to give you top dollar for your company because you are compliant with regulations. You're doing the smart thing and you already have data governance in place that allows us to exploit that data for what we want to do in the marketplace." And there's a value to be had in all of those models.

Cruce
Well, and on the flip side, there's risk in not doing it right.
 
Kristina
That's right.
 
Cruce
I mean, I think that the regulatory risk associated with not having policy in place is very significant in the millions or billions of dollars for many organizations. It's interesting you're talking about the legal review cycle. @mrcruce It's one of the areas we looked at extensively in the last year was working with the pharma to overhaul their medical legal review lifecycle. And a big part of that was technology enablement.

But I'm seeing now that the policy discussion really can be a major contributor to that. So it's not just, hey, we need what supply chain with XML handoffs from authoring to management to publishing to different reviewers because all of that it underpins velocity within enterprise content environments. But also the existence of clear and clean policy needs to envelop that kind of transformation.

Kristina
Absolutely. And if you get the right policies, not only do you have velocity, but you have velocity in the right direction. @kpodnarAnd that I think is a really important distinction because it's not just about having a well-oiled machine, it's about having a well-oiled machine that's doing the right thing.

Cruce
It's so possible to amplify bad stuff.
 
Kristina
Exactly, right. And that's what technology does a lot of times, right? It's like yeah, I can drive a faster car. But oh, sorry, you wanted to go to Ohio. We're going to Florida.

Cruce
No, that's really key. Well, one of the things we've also been struggling with in the enterprise I mean, I think in general is the organizational structure around shared artifacts, policies, semantics, all of the things that really create coherent content systems. All of them require cross-functional groups to be doing stuff together and to be collaborating at a very intimate level that hasn't really been required in previous eras.
 
And I feel like the 2020s we're going to be really doing a lot more collaboration between department silos. So what are you seeing about who in the organization today is involved in administering and managing digital policy? And what do you think that will evolve to? If you could set the perfect org structure in place, what would that look like?
 
Kristina
So today, nine out of ten times what I see is digital policies are owned out of the legal department or the regulatory compliance department, which is wonderful in the sense that they understand the laws and the regulations. But completely wrong because they don't understand digital content or digital marketing. '9/10 times I see digital policies owned by legal/regulatory compliance departments, which is wonderful in the sense that they understand the laws and the regulations. But completely wrong because they don't understand digital marketing. @kpodnar' So they're missing the opportunity while they're understanding the risk. It creates handcuffs. It also creates a lot of guidance in the form of a PDF on SharePoint that nobody wants to read.

So it's a lot of shelf-ware, and it's not really helping the organization. If I could wave a magic wand and make that all go away, what I'd really have is everybody in the organization coming together to make this work. So we're talking about probably having a digital steward who understands the entire landscape of digital policy and having them sit preferably either in legal or in marketing. @kpodnar Don't have a preference.
 
But what I want this person to understand is there's a gamut of things to think about that require us to actually balance the risk and the opportunity of digital and yes, legal and regulatory have a function. But you know what? So does brand safety. Also the brand consistency, the tone and the voice, the type of systems and the technology that we're using, all of that is the gamut of digital policy.

And so what I want somebody to understand is I'm the librarian for the organization and I'm going to ensure that we have what we need. Not a policy for everything, but those policies that we feel we need for the organization to keep us safe and sound while allowing for that velocity and that quickness and agility that we need in the marketplace.

With that in mind that steward will actually work with people who are subject matter experts, whether they're in legal, because they understand the laws, whether they're in marketing, because they understand the brand, whether they're perhaps taxonomy expert out there, because they understand the structures and the way that we actually need to use our search engines, whether it's the user experience person, whoever it is. Including, by the way, folks like procurement because they handle vendors and third parties who also need to understand these policies and work within that framework.

So all of those people coming together and playing a role in the development of digital policies and really treating policies through an entire lifecycle. So it's not just about creating shelf-ware sticking it on SharePoint. It's about implementing that into the organization. And what I mean by that is policies don't have to be a Word document. Policies can be things like guidance inside of Salesforce that tells the sales team how to deal with certain customer information or prospect information.

It can be guidance within Drupal that actually tells individuals what to do when they're entering content into the CMS. So we guide them and give them information and context where they're already working. They don't have to go off and read a manual. Why do that? Tell them and meet them where they are. So it's about having an implementation schema that brings the guidance, that brings the policies and the standards to people in context of where they're working. @kpodnar

And it actually enables them to apply those policies and standards to what they're doing. And then, of course, that also includes things like measurement, understanding on the backend how effective are we with digital policy? So it's not just enough to say like, "Oh, thou shalt dot, dot, dot." But am I, as an organization, am I, as a digital policy steward, enabling you to do the things that I say you should do or should never do?

Am I giving you the training, the knowledge, the money that's hiring a digital agency to get things right? And if not, where are we failing? Because again, most of the time people aren't looking to color outside the lines because they want to color outside of the lines and do bad things. They don't know differently or they're not enabled to do things differently.
 
So I really see policies as a support and enablement function within the organization. It can be driven from a marketing or a legal perspective, most likely. But what it needs to be is a comprehensive end to end viewpoint. And somebody who knows enough to ask the questions of like, "Wow, you know, I know we're into CCPA mode now that we've all been through the whiplashed reaction from GDPR."

I hear that Washington State has a Bill. I hear that Virginia has a Bill. Ought we to maybe take a step back and think about this holistically? Is that worthwhile? So that we apply a schema once in terms of privacy and don't have to keep going through that whiplash mode? Or is it best as an organization to take a step back and hold off because we don't know what direction we're going in?

Cruce
Oh, my gosh. This is actually really eye-opening for me, because I think of schemas in a very technical sense of system level schemas and content models that then structure the schemas inside of systems of record. And what's interesting is that by you correlating the policy schema or the what did you put? Behavioral schema?

 

That actually is the application of a pattern that is enabling scale regardless of silo and the same thing with content sets, semantics and policy. What's interesting .... let me propose something we've been working with clients on org structure. We have this concept of the content services organization.

 

We're building these in a couple of places. It reports to either a CDO, Chief Digital Officer, or a Chief Customer Officer, somebody in customer experience, but it's outside of marketing. It's outside of legal, it's sort of a independent organization that operates with a mandate to facilitate content asset flow use across an organization. Would policy make sense as a seat in that kind of org?

Kristina
It absolutely could make sense but remember that you need those two hats. You need to understand the content, the technical aspects, and you need that legal and regulatory. So I'm personally fine if you take somebody who maybe is going to be a digital native in the legal office in a few years and make them in charge of that. I'm happy if you take somebody who's in marketing, but their awareness is growing around GDPR, CCPA, accessibility, lawsuits, etc.

 

I'm happy if it's an independent function. In a way, I almost don't care where it sits as long as we have it. I think we'll have natural patterns in the future. And I'm starting to see the first generation of digital native lawyers coming in who get the fact that it's not just about the law, it's about the user experience. So maybe in like 15, 20, 30 years we'll be there. We're not there yet.

 

And I'm seeing really smart people who are sitting in marketing and they kind of get GDPR, they kind of get CCPA, but it's not their day job. And so that's really, really hard. Maybe having somebody in the CDO office is really the right mix. What I care about though, is that they have that right skillset and that right mentality rather than where they report in the organization.

 

Because it matters less where they're really plugged in as much as the value they're bringing to the organization and making sure that they're actually the advocate for balancing out those risks and opportunities.

Cruce
Is it enough to advocate? Don't they need to have some authority?
 
Kristina
So I actually don't believe that.
 
Cruce
Really?
 
Kristina

Yeah, I know, people go, "What?" This is not the policeman. And it's like, no. To me, it's not the policemen of the world. And I'll tell you why. Because I think that authority can be delegated to digital policy stewards. But I very much subscribe to Lisa Welchman's governance model, where you actually have within the governance framework folks at the very top, who are getting things like metrics fed back to them of are we doing in digital what we ought to be doing?

And so the digital policy steward is definitely accountable for things like ensuring that the policies are working or that metrics are coming out that show it's either working or not working. But I would argue that their job should not be a policeman and should not be accountability for that from the perspective of enforcement. What they ought to be doing is actually kind of flipping that on its head and being that support and enablement model.

Because it's a lot easier to get people to buy in and give them the tools that they need than it is to take a stick and run around the organization and try and beat them. And I think ultimately the buck stops with higher-ups because it's not just about "did you adopt the policies and the standards?" It's about "did I, from a leadership perspective, give you the resources necessary to actually apply those policies and standards", if that makes any sense.


Cruce
It sure does.
 
Kristina
And so, yeah, you basically don't have that authority, I think, at that steward level.
 

Cruce

So you invoked Lisa's name and I am a huge fan of Lisa's work. Lisa Welchman has a really strong book that I think everybody should read on governance. But I am wondering if you could help relate digital policy with governance and how they overlap. How do they diverge and what is the right relationship between policy and governance?
 

Kristina

Now, that's a really great question. In fact, I'm very grateful to Lisa for including me in her book on the digital policy section. So she was kind enough to invite me to collaborate and give some feedback during that process. And it's interesting to me because people don't understand that correlation. Yet there's a really strong correlation that we need to be aware of.

There's a digital governance framework which really talks about who is accountable and who is responsible for things like defining digital strategy in the organization, defining digital policy, and defining digital standards. And really the premise of her book is that we can actually manage what has been historically chaos in the organization.

You can gain velocity, but you actually have to understand who ought to be involved in that process. I very much subscribe to that model, which is why I talk about digital policy stewards and authors in that context. But what I do is actually extend that methodology in a way to include the "how do you get the policies done?" And "what is that gamut of policies that organizations ought to be thinking about?"

And so it's almost like there's a really natural flow down effect. If you define your digital governance framework, you will already be well on your way to digital policies because you understand the accountabilities, and then it's really all about developing the underlying operational aspects. @kpodnar So it really is a complementary governance operations mechanism and almost like a Venn diagram where the two meet and do a little "happy dance" hopefully and a handoff.

Cruce
And Lisa talks some about the role of committees. What's your sense about the level to which committees or cross-functional groups that reassemble around a topic should be involved in policy development? Can that be done in a committee?
 
Kristina
Or is that impossible?
 
Cruce
Right?
 
Kristina
Right. Well, you know, in some organizations, that's the only way to do it. And fortunately or unfortunately, we see this a lot more in government and certainly in non-profits where committees are a thing. And that's OK. So I think that that's fine. If that's how the organizational culture functions and that's your governance framework, that's great. Let's leverage that.

Also, think about this historically. If the organization already has a committee, for example, this happens a lot in higher Ed. You have committees that are already working on Title 9, for example, and admissions issues. Well, why not extend that to talk about policy around accessibility? It makes no sense to create yet another silo. Let's extend that committee into the policymaking function around digital.

But the mistake we make, though, is always saying that we're going to defer to committees when we don't have to. And that's where people get stuck a lot. @kpodnar And so I actually have this model that I call the five-day agile policy development model. And it's intended to be able to go into whether it's a committee or into an environment where people are facing a lawsuit, perhaps around accessibility or something. We have to really quickly triage and clean up.

And the idea is let's get policies done in five days. I've done it with committees, so I know it works. The reality, though, is that that's not necessarily the most effective long-term way of dealing with policies.

Cruce
Got it. And the other side of the house is content strategy. There's a lot of people thinking about the purpose of content as it relates to audiences, and that has a relationship to policy. And it's interesting to imagine what is digital policy, the existence of digital policy due to the role of a content strategist? And what should content strategists, content engineers and other content practitioners be aware of when it comes to policy?
 
Kristina
I think what we really see in that scenario is that you're actually elevating the role of the content strategist and even the content integrators, if you will, at that point. Because what's happening is we need to understand policies for content development and we can't do that really without a content strategist. I don't actually understand what the boundaries are of the things we should always do or never do with content without those strategists in place.

They define the audience, they tell me the tone and the voice. They tell me certain audiences in certain markets I ought to do certain things for. Whether it's, for example, taking opportunities to repurpose imagery. Let's take that as an example. I know that in the European market, I can use certain imagery. If I'm selling pajamas, I can use certain imagery within, let's say, Germany and France and Croatia.

But if it's two males, I can't do that in Russia because they actually don't condone same sex marriage in Russia. In fact, we've had some trip ups, for example, with Ikea that pointed that out. But if you have really good content strategists who understand the vision of the brand and you can actually put them together with a digital policy steward who asks the question of like, will this impact us?

We ought to be paying attention to this law in Russia. Then all of a sudden, the content strategist will say, "Huh, let's make a rule perhaps that if we're going to advertise our pajamas, we're basically going to use a same sex model couple, if you will, across all markets in Europe so that we can also adapt for Russia." Or you know what?

The brand that we stand for believes in other things and we support human rights in a different way. In which case we're going to maybe tailor for each market and it immediately starts to set the stage for globalization versus localization or any mix in between. And so that from a policy perspective, I can't tell you without content strategists, so they're part of my gold bucket, when I'm going out there creating these frameworks.

Cruce
OK. Yeah. More collaboration, which is really the overwhelming theme is, hey, we need to work together. When it comes to big regulatory challenges, I think there's a lot of "overwhelm" that's pretty easy to trigger in the minds of many. GDPR, everybody kind of wanted to hide under a rock and pretend it wasn't happening until it did. And I have been surprised at how well the market as a whole has seemed to adapt to the strictures of GDPR.

And by and large, it seems that there is commitment to the privacy rights that GDPR is attempting to impose upon publishers. Now there's domestic regulation flowing and flowing rapidly. CCPA is coming around and there is also more international standards in Brazil and other places. Can you talk a little bit about the environment? Give us a primer on some of what is currently hot on the regulatory landscape and how you think about addressing regulatory issues.
 
Kristina
Absolutely. So let's just talk about data privacy in terms of the data regulations, because there are so many others out there. But staying in that lane, I think what's interesting is there has always been, and I should say always, but for the last 15 years, there has been some form of data privacy regulation out there. The reality is that people were not just paying attention. None of us were paying attention because it was happening in far-off places. @kpodnar

 It was happening inside of China. It was happening inside of Russia. It was happening in other places that just weren't maybe at the top of our marketing bucket list. Now it's happening, like you said, GDPR in Europe. We're actually seeing Brazil coming into effect later this year in August. California came into effect in January, it won't be enforced until July 1st. A lot of folks aren't paying attention to Nevada. As I mentioned before we started recording, which went into effect actually before California.

And we also have Vermont and Maine and Connecticut, not to mention a slew of others that are just proposed. In fact, if you go to my website, you'll see the map of the world with all these dots on them where we have either data localization or data privacy laws. And usually when people see that they go, "Woah, it looks like snow fell on the globe." It's like, "Yes, because either (A), there's already something in place or (B), there's about to be something in place."

And so it's really the new norm with which we're, I think, starting to operate. And you're right, I think that there was a little bit of a panic as GDPR came into effect. There was a lot of sense of like the sky's going to fall. And here we are in 2020, the sky is still above us. Fine. Nothing bad happened. We are living in a new world order where we're seeing regulators go after either the big tech guys or after folks who have a data breach.

But I think what we're seeing underneath all of the headlines are really small marketers and larger publishing houses that are being smart. And they're adapting, like you said, to this new kind of reality. But what I see them doing, at least the really smart ones, is saying, "Look, there are commonalities to all of these data regulations out there. Let's not worry about this crazy whiplash and adjusting from GDPR to CCPA to LGDP to ECPA into whatever next acronym we're going to select."

Let's actually focus on the fact that all of these regulations have fundamental principles in place. I've boiled them down to eight. And people go, "What? GDPR has 99 articles." I can actually map for you right now if you call me the 99 articles to eight fundamental areas of practice. @kpodnar And so rather than worrying about all of these little ticks and ties and making it more complicated than it needs to be.

Let's look at all of the regulations and say, "What are they really focused on?" And those are these eight areas, if you will. They're things like children's privacy, online privacy, consent and notification, data breach, etc. And if you adopt those principles, then the reality is that, again, you created that fence in the backyard, you created the freedom for people to do things within that framework.

And we no longer have to stop everything we're doing every time there's a new regulation, rethink the process, rethink compliance, because we're always about 90% there with these principles that we have in place. And I think that's sort of an innovative way of looking at it. And I'm seeing more enterprises go that way because they can't afford not to.

Cruce
We've been having conversations on personalization quite a bit, and that's an area that requires customer data in order to really work. And we know that there's a lot of architectural challenges with being able to either use or not use data based on customer preference. And then also to be able to export data on demand when customer wants the data that they own.
 
But overall, the general principle that a customer, any consumer owns their data, we as individuals own our data and businesses are just kind of leasing permission for parts of our data profile. That mindset is a shift from the early days of get as much data and use it in any crazy way you possibly want to. And aggregate as much of it as possible in order to sort of win the day. And that's a big fundamental change.
 
Kristina
And it's a scary one. It's a very scary one, because all of a sudden you're telling me that I can't collect as much data as I used to. Well, what does that mean? Because I used to be able to tell my boss that I was collecting all this data, or I could profile so many users and I had all this stuff. What am I saying now? That I'm only able to profile certain subsets of that user population? What's going on?
 
And so I think it's scary. In addition to a huge shift, I think it's a scary shift for many. But I think what's interesting there is the ability to turn it around and say, "Now I have more meaningful relationships, more meaningful profiles, more meaningful data and more meaningful relationships. And I actually have users that are willing to trust me with our data." And I can actually do even more with that data @kpodnar in order to actually make their lives easier.
 
Wow. Now that's powerful because those are the people that are going to buy from us. And so to me, I no longer need 1,000 people out there that I'm just sort of spraying and praying. I can have 100 people that I know are going to buy into my message. And those are the people that are valuable in targeting only those 100 versus 1,000 who may or may not respond to what I'm saying. But again, it's a really big mind shift for everybody. It's definitely different from what we've been doing.
 
It also means in a lot of instances, giving up a lot of these IT systems that we had and building a lot of these data lakes or using analytics in a very different way. So maybe the analytics that we're collecting are more sort of anonymized and we're looking for patterns that we're going to use in different ways to approach those 100 prospects or customers who we KNOW will respond to us. @kpodnar Rather than assuming that just massively kind of propagating content out there to the whole audience is what the value proposition is.

Cruce
So in addition to hiring data scientists, we now need to hire policy scientists.
 
Kristina
Or grow a policy individual inside of your house because you probably already have somebody like that there.
 
Cruce
Yeah and that's a good point. If there's not a person to advocate for policy, it's too easy to let it be a side-line that somebody in legal deals with on an annual basis or something like that. But it actually needs to be more of an organic part of ongoing operations.
 
Kristina
That's really boring actually living your life in that crazy paradigm that we used to have from 2003 where legal drove the train and it's all legalese. And that's just a really bad way of working. And it's 2020, we all deserve to be happy at work and we all deserve to be enabled and supported in the work that we do. And I think that that requires us having this mind shift in terms of what policy is and what it can do for the organization and for us as workers.
 
Cruce
 And those advocates are really empowering the enterprise and empowering the customer and creating a really different relationship with regards to the interaction with content and customer experience, as a result of their work. @mrcruce So it's certainly not a boring job. It seems to me actually like a constantly changing, very interesting landscape that policy is.
 
Kristina
I'm seeing more and more people take on that role in the organization. They're really change agents. And the ones that I'm seeing take this on are not only having really exciting jobs, but really meaningful ones from a pure career perspective. So thinking about the changes that they're actually driving in the organization and how vital that role is becoming to the business. That's really cool, not just on an individual day to day basis, but a trajectory for a career going forward.
 
Cruce
You've written this really impressive book called The Power of Digital Policy, A Practical Guide to Minimizing Risk and Maximizing Opportunity for Your Organization. Would you let our listeners know a little bit more about that book and what opportunities do you see being overlooked that led you to write it?
 
Kristina
Absolutely. So, this project, probably like all books, took longer than I thought. What I was really trying to do is share my methodology. So it's very much a how to book. It's actually intended to solve an actual problem in the organization. And it actually provides the methodology that I use with my clients to define who are the digital policy stewards, who are the digital policy authors in the organization, what type of roles and job responsibilities ought they to have. @kpodnar
 
In fact, I included job descriptions in case anybody needs those. And I've included things like how do you run a meeting? What kind of agenda do you need? If you're going to develop policies, what are the things you should consider doing right away if you need to? Versus what are the longer-term things to do? What are the questions you ought to be asking?
 
And again, keeping that end to end digital process in mind and treating organizations as being at different parts in their journey, because we have some organizations that are just starting out with policy. They might be in a completely chaotic state. They have a lot of shelf-ware, as I like to call it. They need to actually get a move on on policy.
 
And then you have at the other extreme these gold standards. And by the way, nobody has it out there perfectly yet. But they are what I call the gold standard, because they've really matured over time. They're doing things the right way. And the book is intended to help them as well understand where there are gaps because there are gaps.
 
And so it's everybody kind of in between, whether you're a starter kind of a beginner, whether you're an intermediate company in terms of policy or an expert. The book is written to help you understand what you should tackle first, how to tackle it and then how to make this actionable and relevant within the organization, including the change management tips.

Cruce
Do you have an example of a company that might be doing this particularly well or have a visible or more transparent way of understanding policy the public can see?
 
Kristina
Absolutely. In fact, I had, I think, pointed out in an earlier conversation with you, Mars. And so they just went publicly actually with what they're doing around digital policy. And it's wonderful to see they've actually committed as part of their brand values, as part of their strategy, who they're actually targeting in terms of their content. And they've said that they will not target children under the age of 12.
 
It's actually under the age of 13 for digital content specifically. So they're distinguishing in that omni channel context, if you will, what's digital versus what they actually might be seeing on TV or the street, etc. But anyway, they've said this is what we want to do in terms of protecting children and their privacy and who we're actually marketing to. Here's what we're doing in terms of hitting our goals for brand awareness.
 
And here's what we're trying to do in terms of privacy. And what they've done is defined what their minimum compliance levels are, and they've been very transparent around how well they're doing to hit those milestones. So their latest report actually shows that not only are they hitting all of the goals that they have, but they're starting to exceed them. And they're very transparent, highly recommend looking at them from a digital policy perspective. It's a wonderful use case.
 
Cruce
Do you happen to know the URL? Where should we look for that?
 
Kristina
I think that if we just give people a sense, and I'll probably tweet out about this later today. But if they just go off and head over to the mars.com website.
 
Cruce
We'll put it on the podcast.

Kristina
We'll put it on the podcast as well. But if they head out there, it's very easy. I think it's one of the only digital policy topics out on mars.com right now. But you start to see folks definitely defining that in the marketing and content space. And it's a great use case to look at.
 
Cruce
Very cool. In design, in UX, there's style guides and design systems that are being published publicly and it's great to be able to see how different organizations are managing that. That openness is great. I'm glad Mars is doing it. I would encourage others to come forward with the way that their internal policy is expressed and share it, because that, I think, helps to catalyze the whole ecosystem that enterprise works within. So partners and vendors and others can easily understand.
 
Kristina
I'm a huge believer. Like you're actually singing my tune here. I am a big, big believer in that. And in fact, I published a lot of the content out of my book around what kind of policies you might need, depending on what kind of a business you are, where you sit in the organization. I published that freely because I do believe in the fact that we need to set a standard.
 
And the only way to do that is knowledge sharing and collaboration. And so if you go out to my site, you can understand not only what those policies are in the universe of digital policy, but even take a quiz and figure out where are you in your journey. What is the room for improvement? Where ought you to focus? Who should you be working with? That's all out there and happy to give it away.
 
Cruce
That is a perfect segue. Where can our listeners learn more about your work? What is the website? And where should they go from here now that they've been inspired by this conversation to learn more about digital policy?
 
Kristina
So definitely head over to thepowerofdigitalpolicy.com as you might expect the URL to be. So thepowerofdigitalpolicy.com contains a lot of information on digital policies. Like I said, you can actually take a quiz, assess yourself, see where you are in the journey. You can understand what are the immediate steps you should take in terms of developing policies.
 
There's lots of information out there, including some of the job descriptions that I've published, how-tos, support, use cases, innovative ways of introducing policy into your organization, things like creating a chatbot to deliver policy versus creating shelf-ware on SharePoint. And so lots of really interesting things out there, including that scary map of the privacy laws around the world. So lots of things to consider.
 
Cruce
And those eight themes you mentioned are those up there, too?
 
Kristina
They are. There's eight themes and you can easily grab them. But off the top of my head and I always tend to forget one. So holding myself accountable here, if I do forget them, so we've got accountability in children's online privacy, content and processing, notification, data rights, privacy by design, data breach notification, data localization, and my favorite, contracting and procurement. Because remember, everybody forgets their vendors.
 
Cruce
Wonderful. This has been such a far-reaching and delightful, surprisingly delightful conversation about digital policy. Thank you, Kristina, for joining us.
 
Kristina
Thanks for having me. It's always fun to talk about digital policies, but you made it even more so.
 
Cruce
Awesome. See you later.

Highlighted Quotes