.svg)
Summary
Key Insights
1. Privacy Leadership Is About Judgment, Not Checklists
Aaron emphasizes that most privacy challenges do not come with definitive legal answers.
Laws provide boundaries, but within those boundaries companies must make value judgments about fairness, expectations, and impact.
GCs add the most value when they help teams reason through these choices instead of defaulting to rigid rules.
2. Privacy Programs Succeed When Legal Is Involved Early
Late-stage legal review often forces teams into defensive decisions.
Aaron explains that early legal involvement allows privacy considerations to shape product design, data collection, and user experience from the start.
This proactive approach reduces friction and leads to better long-term outcomes.
3. Escalation and Accountability Matter More Than Perfect Answers
Strong privacy programs define who decides, when issues escalate, and how decisions are documented.
Aaron notes that regulators and boards focus heavily on whether organizations had processes to identify and manage risk.
Clear accountability protects both the business and legal leadership.
4. Consistency Builds Trust Internally and Externally
Inconsistent data practices erode trust faster than aggressive but predictable ones.
Aaron highlights the importance of setting clear internal principles and applying them consistently across teams and products.
This consistency simplifies decision-making and strengthens credibility with users and regulators.
5. Privacy Is a Business Enabler When Framed Correctly
Rather than slowing innovation, thoughtful privacy governance can accelerate decision-making.
Aaron argues that clear guardrails allow teams to move faster with confidence.
GCs help unlock this speed by clarifying risk tolerance and acceptable use standards.
6. Regulators Evaluate Process, Not Perfection
Regulatory scrutiny often centers on how decisions were made rather than whether outcomes were flawless.
Aaron stresses the importance of documenting risk assessments, alternatives considered, and mitigation steps.
This evidence of good-faith governance is critical after incidents or investigations.
7. Closing Insight:
Privacy leadership is no longer about memorizing rules — it’s about exercising sound judgment at scale.
Aaron Gregory’s perspective reinforces why GCs are central to building durable, trusted privacy programs.
In this podcast, we cover
0:00 Introduction
1:25 Forging a career in highly regulated legal areas
7:29 Advice to law students considering a JD-MBA
10:14 Teaching yourself to become comfortable with uncertainty
15:31 Leaving Remitly right before it went public to found a start-up
19:03 Unpacking Upwardli
22:49 Bringing your business to a start-up accelerator
27:30 Fundraising for your start-up
33:53 Making an effective pitch
36:55 Growing into the CEO role
46:05 Building Upwardli in Milwaukee, Wisconsin
50:40 Bonus questions
53:24 Book recommendations
.svg){kind=small}
.svg)
.svg)
.avif)
.avif)
