AdTech Confidential: Mastering Vendor Due Diligence and Privacy with Richy Glassberg

Intro  0:01  

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels  0:21  

Hi, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional providing practical privacy advice to overwhelmed companies.

Justin Daniels  0:36  

Hello, I am Justin Daniels. I am a shareholder and corporate m&a and tech transaction lawyer at the law firm Baker Donelson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cybersecurity risks. And when needed, I lead the legal cyber data breach response for good.

Jodi Daniels  1:02  

And this episode is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, ecommerce, professional services, and digital media. And short we use data privacy to transform the way companies do business. Together. We’re creating a future where there’s greater trust between companies and consumers. To learn more and to check out our best selling book Data Reimagined: Building Trust One Byte at a Time, visit redcloveradvisors.com. Well, we are going to have some fun today.

Justin Daniels  1:39  

You’re very energized. Why don’t you tell people about your recent smoothie drink?

Jodi Daniels  1:44  

Right before our podcast recording, I made some smoothies that were really cold. And so all bundled up in a blanket, but it gave me the boost of energy I needed. You can stop laughing now. Okay, let’s get started. We have Richy Glassberg, who does not know what kind of fun he’s in for. He is the Cofounder and CEO of SafeGuard Privacy, a company established in 2019 to help businesses manage privacy compliance with effectiveness and efficiency. A 25 year plus digital media veteran. He has led seven startups and held executive roles at renowned brands and agencies such as cnn.com and MTVN and Turner Broadcasting. Welcome to the show, Richy.

Richy Glassberg  2:31  

Hello, welcome. Hello, both you, Jodi and Justin. I’m sorry that I didn’t have a smoothie. I’m still recovering from the first night of Passover last night and too much can filter fish. So I just had a salad for lunch so that I would not die today. Well, it’s a good choice.

Jodi Daniels  2:48  

I thought yesterday, today it was really cold.

Justin Daniels  2:51  

Maybe you don’t want to put your blanket back on.

Jodi Daniels  2:55  

No, I’m good. Okay, well, we still want to talk about that.

Justin Daniels  2:59  

So Richy, given that colorful introduction that Jodi provided us, can you tell us a little bit more about your career journey?

Richy Glassberg  3:14

So I’m, look, I’m one of the very few people that’s been a publisher had a network had Ad Tech had an agency had I started as a kid at MTV did all the live shows and got into business, went to Turner Broadcasting early years of cable and why its formative was I was there when cable was fighting broadcast. And there was a ton of research around wide cable versus broadcast with all kinds of technical stuff in the reach and frequency, blah, blah, blah. And when I went to Turner about halfway through, I was lucky enough to get caught in a conference room with Ted with five other people. And we were asked to start cnn.com You’d have to understand it was 1995. There was Prodigy, there was CompuServe, AOL had just started sending out those discs to everybody’s mailbox. And you know, a lot of people you know, who were in big media companies like me, who were in this Vanguard that my peers said, Oh, you’re thrown away your career, you know, Harry Montreux in Atlanta, Scott Wolf, fool myself, Jimmy Mark Bernstein. And you know, Ted was tough. We all had to do a separate job. So we did this on the side. We launched cnn.com on August 31 1995. Then we started, you know, we started building it around the world, I was lucky enough to run it around the world for four years and run all the sales and revenue. And in that time, about 30 people got together at Halsey minor at CNET’s. Office. Then, we realized we needed an industry trade organization. So about 30 people, 35 people, the history is kind of cool. About eight of us got together as a steering committee and we founded in 1996, the Internet Advertising Bureau, I was lucky enough to serve as the vice chairman and originally Virgie, who is running espn.com and starway for the first six years, and it was important because we set a lot of the original standards in the industry, we set the original eight standard banner size As we set the actual spending because people didn’t believe that digital was a thing, the T’s and C’s, and a lot of cool stuff. I started the first premium ad network called phase two media with great timing in 1999, filed to go public in February of 2000. And the world turned in March of 2000. kept it alive for a while. Then I ran a couple of businesses for News Corp startups insider News Corp, then back to the the entrepreneur side with a company in San Francisco and then some very famous VCs foundry and chipper Fisher Gotham brought me in as the, you know, the CFO for a very famous CEO and the first mobile ad tech creative company, which we pivoted to be the first mobile ad server for all the holding companies, we ended up selling it to WPP, and I was the smallest subsidiary CEO of Martin Sorella, WPP, for a couple years, came out of that. And in 2018, I saw GDPR. And my personal feeling was that GDPR was a reaction to 15 years of programmatic advertising, we forgot the consumer. And my thesis was these laws were going to proliferate, and we were gonna get a ton of them. And when I looked at the IEP Factbook, in 2018, there was approximately 150 companies, not one of those companies was led by somebody from ad tech, not one. And I’m like, that’s not going to work. It’s not going to work at all. The ad tech ecosystem is so convoluted and so complex. And the relationships are so circular. I decided to start this company. And what we are is we built the TurboTax, a privacy compliance, I’m not a consultant, we love red clover. We’re not a law firm. We work with law firms and advisors. And we really built the TurboTax of privacy compliance as just a management platform for people. And that’s really where I came from that background in cable and digital, the industry background trying to fix stuff for the industry. And then ad tech. And that’s really my journey. The one other thing I’ll add is the thing I’m most proud of in my entire career. When I left cnn.com, which was run around the world, and I started Phase Two Media. One of my older sisters got sick with breast cancer, and she thankfully recovered. But a very famous woman named Dr. Marisa Weiss, who wrote the book Living Beyond Breast Cancer in Philly, had helped out my mom, my sister in our family. And after my sister got through it, Dr. Weiss said, Hey, you’re the internet expert, I wrote this book. And I have this idea for a website for women. And it was a terrible name. And you know, overnight tonight, and I helped her buy the name breastcancer.org. I served on the board for 22 years. And breast cancer.org is the number one site for women in the world informational site for women worldwide breast cancer, who served 23 million women last year. It’s the leading informational site for women’s breast cancer, it’s got information, peer reviewed on every possibility of breast cancer. And I think that’s the thing that I’m most proud of is that 23 million women around the world every year get this incredible help for free, which is what the promise of the internet was, and they have no idea who I am. So that’s my background.

Jodi Daniels  8:20  

I love that Richy, I had no idea. And I’m really glad that you added that. So thank you. And you also shared how at a really pivotal time, the double King at a pivotal time that you all banded together to create an industry organization — the IAB. And so let’s fast forward because right now your crystal ball of many different privacy laws has come to fruition and Safeguard and the IAB have partnered together in something at a also a really important time as it’s very complex, especially in the tech ecosystem to try and manage all the compliance requirements. So can you share the origin of the IAB digital? Oh my gosh, I cannot speak diligence platform. And SafeGuard Privacy is all the stuff we just keep in it’s all good. 

Richy Glassberg  9:20  

So in July last year, all the credit goes to Michael Hahn. So Michael Hahn is the GC of both the IB and the Ivy Tech Lab and I have not been involved with the IB and since 2001 because it became professional we hired a CEO, Greg Greg Stuart and then Randall Rothenberg and it’s now huge but it was volunteer the first six years. So Michael Hahn is the GC of the IBM tech lab. He does tremendous stuff in this industry. You know, there’s the LS pa which became the MSPA. There’s all this work that the IB does and Michael had been talking to to regulators, and he talks to them all the time. And last July around there Michael realized the risk that is inherent in all these laws. And I’m not a lawyer. But if you go back to GDPR, there’s this obligation. More specifically, there is the issue under CPRA, both in the law and the regs, that there’s an obligation to do a due diligence above and beyond your contractual relationship, which is the way stuff used to happen with all your counterparties in the past. And Justin, you can correct me if I do this wrong, you know, your reps and warranties protected you. But now the California regulators have said, you have to do this due diligence, or you lose the presumption of innocence. And that’s a big deal. So Michael pulled together was called the PRT committees. And the PRT committee was looking at diligence. And there’s two types. There’s legal diligence and technical diligence. And Michael, in the first call was talking to all these companies. And they said, Well, should we write it ourselves? So we built this company in 2019, is when we launched it. We built the vendor compliance through 2020, with Bank of America and with some others, and a bunch of the IRB members were already on the platform. And we had reimagined compliance. My co-founder, Wayne Mattis, my most famous privacy lawyer, lasted for two years. And he founded two huge privacy practices. And then he was the managing director of UBS. He was the senior lawyer in compliance for UBS globally and got them GDPR compliant. And what we built was a compliance platform. So a lot of people were using us. And in that first meeting, you know, the IB said, Should we write our own questionnaire? People said, well, let’s, why don’t you look at SafeGuard Privacy, because it’s standardized. And one of the things that came back from every company in the industry is that the biggest problem is everybody’s writing their own questionnaires. And those questionnaires become stale, they become repetitive, and they don’t cover the law they are for if you’re an automotive, you wrote it for you, if you’re a farmer, you wrote it for you. I’m not picking on anybody, but you know, industry specific stuff. And the publishers, the IAB members and the ad tech companies, were being inundated. A big publisher could get 50 RFI in a month. And a major platform could get to thousands. And then we’re all different, and they’re all on paper, or they were a spreadsheet or they’re a PDF, and it was impeding the industry from moving forward. So the IB was hearing that from the members and from the regulators. So then there was a whole nother eight months of subcommittees looking at everything in the marketplace. Did anybody else do this? Who was doing it? I mean, and our vendor compliance looks a little bit like GRC. But GRC is mostly InfoSec. And a lot of the GRC platforms are a mile wide and an inch deep and they don’t cover privacy. We’re now in a situation where it’s doubtful we’re gonna get a national law, I highly doubt it. And we’ve got what 1617 states, Nebraska, Maryland, we get another 20 this year, right? So we’re in a situation where we got to standardize things to do it. So long story interminable started Jody and Justin, the committee’s and it was 50 companies and 10 law firms went through any available thing out there and they all came back and said, Look, Safeguard privacy, the only agnostic company, I don’t sell any tools, right? I don’t have a cmp consent string. So I, everybody uses different tools. I’m the only person that’s agnostic out there. We’re the only company that covers every single law links them together. And we’re the only company that built something that’s auditable. And in the regs, they wrote the words it has to have audit, and you’d have to exercise your audit rights. So the IAB realized that we fit their pieces and they asked us would we create the IAB diligence platform in the IAB diligence platform is three things. It’s our state law assessment. It’s our automated standardized vendor compliance. And importantly, the thing I couldn’t do, and that is adding the questions of business questions. So outside the law, if you’re an advertiser, and you put your data into a major DSP, and you don’t win that auction, the question you want to ask is, Hey, did my first party data come out of your device graph because I didn’t win that. And those are the types of questions so those three things that three legged stool, state by state assessments that are all linkable, to make it easier to do the ability to ask vertical questions, and advertiser to a DSP and SSP to a DSP and advertiser to a publisher. And let’s say, you know, questions for a data company or location, and then the standardized vendor compliance. So it came together over since July of last year, it was announced January at the IB meeting. It was Jodi and Justin 50-60 companies and 10 law firms. It was a huge, very rigorous process. And I know this is your next question. This is for IRB members and non IRB members, Michael Hahn and David Kona, the IB did a great thing. This was built to help the industry. This wasn’t built just to help the IB. Because this was built to help ad agencies, clients, vendors, all different types of vendors. And it was really built to help the industry because if we can’t solve this problem, this legal liability is massive for everybody involved.