Shifting left in privacy policy

August 22, 2022

Ready, Set, Shift Left


written by Chris Handman, Co-Founder & COO

Here’s the hard truth: The best time to start a privacy program is the first day you started collecting data. And the next best time is now. 

That’s because the longer you delay getting strategic about your data uses, the more privacy and technical debt you accumulate, and the harder it becomes to dig out. So establishing a strategic plan for your data is not only the right thing to do, it’s also a long-term cost-savings for the business.

This scenario might sound familiar: Your business strategy largely relies on processing or controlling data. You’re chin-deep in sales and product meetings, and no one’s paused to consider privacy compliance obligations, so data’s collected all over the place without much forethought. That’s a problem because if you don’t know where your data lives, you can’t appreciate — let alone mitigate — its risks. As you continue to accrue more and more in your data trove, mapping it becomes inscrutable. Suddenly, you realize you’ll need to go back to each data piece collected, study the notice you served the user to collect it, and ensure you can defend any subsequent uses. 

That, or delete the data.

You’re now facing weeks or months of detective work to salvage what you’ve attained.

Learn how to roll out pre-deployment privacy

Those data bricks get heavy, and they fall hard

If you find yourself staring sky-high at a pile of technical debt and sighing, you’ve got a worse problem on your hands: It means you’ve also neglected to create a culture of privacy. Habits, good or bad, calcify pretty quickly. Establishing privacy as compulsory – particularly among your partners in product and engineering – prevents poor data habits from becoming the default. If you succeed, you’ll face fewer and far-less-impassioned battles over strategic changes you’ll inevitably need to make later.

Privacy laws wait for no one

As if it isn’t already hard enough to craft a modern, scalable privacy program, legislators and regulators around the globe keep fashioning new rules to follow. In the U.S., several states have passed privacy laws mandating privacy by design. And more recently, lawmakers introduced a federal bill, circulating within the halls of Congress as we speak, explicitly calling for privacy by design. That’s to say nothing of the GDPR, LGPD, etc.

Here’s the thing: These laws are trending toward being more prescriptive. With all these laws coming at you fast and furiously, you may feel like you need to lurch from one regulatory regime to another. But if you develop a program that prioritizes privacy first principles — be transparent about what you’re doing with data, give users choices about how you use it – and gain buy-in from product from the very beginning, you no longer have to operate in a reactive frenzy. It’s the only scaleable way to operate.

The future is now

That’s where this Shift Left movement started. Privacy has fundamentally upended the way consumers think about their rights and their data. But modern product deployment strategy is still living in yesterday’s truths. Getting your privacy program right doesn’t mean you’re going to see Tim Cook when you look in the mirror next week, though one can hope, but it puts you on the right side of history. It means you recognize what resonates with consumers and what they’ll in fact demand in the not-too-distant future.

Starting your Shift Left program, which partners product and privacy from a product’s germination, you’re going to capitalize on those wins while your competitors wonder which class they missed.

It’s time to move. Let’s go.

About the author:

Chris Handman, Co-Founder & COO

Chris Handman

Co-Founder & COO


Before co-founding TerraTrue, Chris was the first General Counsel at Snap, where he built the company’s legal, compliance, public policy, and law-enforcement teams. During his time there, Chris developed a transformative privacy program that coupled rigorous review with tools and systems that were nimble enough not to restrain the relentless pace of execution. Chris is a Homeland Security Project fellow at Harvard’s Belfer Center for Science and International Affairs. And he’s constructed two crossword puzzles that have been published in the New York Times (one of which was featured on the Colbert Report). He graduated from Yale Law School.