Security Expert Interview Series: Marie de Fréminville
The following is an interview we recently had with Marie de Fréminville who holds the position of Data Privacy and Governance Expert based in Switzerland. Marie has solid experience in Finance (CFO, Head of controlling) and Governance (Head of Airbus Group subsidiary governance department), holding executive management positions in international companies and family-owned companies, as well as non-executive positions in Airbus Group subsidiaries, and aeronautic venture funds. Continue reading the full interview below to learn more about the major challenges for our privacy today and what we, as individuals, can do about it.
1. Firstly, thank you for taking part in this campaign. Can you give us an introduction about yourself, Marie? How did you venture into data protection and governance world?
I have a financial background: I have worked as a financial director in several fields of activity: construction and real estate, publishing, aeronautics, and defense. In any business, data must be processed and protected. In the financial field, in particular: accounting is a way of organizing data, that dates back to antiquity, and which really became standardized in the 20th century. Controlling allows you to analyze data by type of expense and type of activity, and compare them against the business plan and budget, and make forecasts.
The protection of financial data is obviously essential because it is confidential, but also to prevent fraud. To ensure their protection, procedures must be put in place, and the application of these procedures must be monitored.
In addition, I worked for 15 years in aeronautics and defense, I was sensitized very early on to cybersecurity issues, and having been a non-executive director of an ICT services company of a large industrial group (Airbus Group), the implementation of secure communication tools across the group allowed me to understand many technical and organizational issues.
Beyond the financial performance of a company, a good corporate governance is fundamental for the company. Therefore, after having acted as a CFO, I moved to Corporate Governance, and was involved in the functioning of the board of directors, its skills, the training of its members, its relations with shareholders and managers. I am particularly interested in new challenges for board members: regulations, such as GDPR / LPD, digital strategy, data governance and cybersecurity, as well as social and environmental responsibility (digital has impacts on the environment, positive or negative!).
Collecting, analyzing and protecting data this is nothing new! What is new is the amount of data: the size and number of available data sets has grown rapidly as data is collected by devices such as mobile devices, Internet of things, software, websites… Big Data, Techniques for analyzing data, Big data technologies, and Visualization are creating a new paradigm in which the value of data is growing quickly in many sectors, allowing the emergence of Artificial Intelligence.
2. How many years have you been dealing with data protection and what has been the most important thing you learned through your job in 2020?
I have been dealing with data protection for thirty years: from my first job, I have been concerned with collecting, protecting and safeguarding data. At the time, not everything was digitized! But whatever the format of a data (digitized or not), the protection of data is important in a company.
Each time I led an ICT project, setting up a reporting tool, legal and financial database, the questions were similar whatever the project: data protection was discussed and treated: what data is collected, who updates it, who has access to this data, whether certain data is confidential, who decides on access authorizations, where it is stored, how it is documented (data quality), who is authorized to extract the data, and to transfer it, what restitution of the data, what tools to meet the needs?`
3. What characteristics do you have that make you successful at data governance?
Data governance requires a good analytical mind, and understanding the organization of the company well: its businesses, its functions, its stakeholders (shareholders, customers, suppliers, partners, directors, etc.), who needs what information.
Over time, my experience has shown me that the main things to look out for today are:
– excess data (it is important to define the needs, and not to flood all the players with data).
– data quality: updating in real-time is essential but requires a lot of resources. No need to have a lot of data, if it is obsolete or false: it is, therefore, necessary to define the useful data and ensure their quality (who updates, how and when)
– classification: what information is confidential, who has access, how is it protected and stored?
4. What is the biggest challenge you have ever faced in a data governance implementation?
The biggest challenge I faced was organizational: in companies, each business manages its own data, and redundancies are common: the same data is managed by several entities of the group, and of course, there are differences due to varying definitions or methodologies. When you want to set up common databases, there are power wars, a lack of confidence in the quality of the data provided by another entity, or another person. It takes a lot of energy to bring the players together and to align them, although that is in the best interests of the company.
The other challenge concerns the dispersion of data: what data is collected and by whom, who processes the data, for what purposes? When it comes to the protection of personal and sensitive data, the first effort to be made is to know the situation, and it is sometimes a lot of work for the company, necessary to comply with the GDPR and LPD. The merit of these regulations is forcing companies to set up data governance.
5. What do you see as the main challenges for our privacy today and what can we as individuals do about it?
The main challenge is awareness of the business models of application editors, the performance of operating systems, sales websites, social networks or communication operators. When an app is free, it’s because the publisher can access and use your data.
A sales website also collects data from Internet users (personal data, behavioral and preference data, etc.) and can be sold to third parties, in particular advertising companies.
The problem is the lack of transparency, and most users (including some advanced users) are unaware of these methods.
In addition, users are not sufficiently trained on the threats and the security measures to put in place to prevent their data from being exposed, stolen, or copied. Training users in a company is also essential to protect the information assets of the company.
6. How do you stay up to date with industry news and updates regarding data protection and privacy?
Articles, publications, conferences such as FIC (International Cybersecurity Forum) SCSD (Swiss Cyber Security Days) and TrustValley, as well as training sessions are essential to staying up to date. Meeting suppliers and service providers is also very useful, to get information about innovation and new solutions.
7. Finally, if you could give your 25-year-old self just one piece of career advice, what would it be?
Never stop learning and trying to understand. Don’t be afraid of technology; technology is only a part of the problem and a part of the solution. Humans are the other part of the problem and of the solution.
Never forget the importance of organization, processes, the effectiveness of the whole ecosystem, awareness of the risks, ethics and training!
Click here to learn more about the Swiss Cyber Institute’s approach towards improving the digital safety and security of society and economy through education and weekly blog posts. Do you think you are a good fit to participate in our Security Expert Interview Series? Reach out to us for more information.