What if you could build a more effective privacy program by bridging the gap between legal requirements and technical implementation? In this episode of Privacy in Practice, we sit down with Peter Jaffe, VP & Sr. Associate General Counsel for Privacy, Technology, Facilities & Operations at National Geographic Society.
Together, we:
- Explore Peter's unique journey into privacy law
- Examine the critical intersection of technical knowledge and privacy law
- Discuss essential technical concepts for privacy professionals
- Delve into effective strategies for building privacy programs
- Consider the role of privacy professionals as translators between stakeholders
- Explore practical approaches to privacy training
- Share valuable insights on managing global privacy compliance
- And so much more!
With over a decade of experience spanning both private practice and in-house roles, Peter brings a unique blend of technical acumen and legal expertise to privacy law, having evolved from his early career in financial services litigation to becoming a respected voice in privacy and data protection. His approach combines rigorous technical understanding with human-centered privacy principles, making him particularly effective at bridging the gap between legal requirements and practical implementation. Peter's experience in building privacy programs, managing data breaches, and navigating complex regulatory landscapes, coupled with his ability to translate technical concepts for diverse stakeholders, provides valuable insights for privacy professionals at all levels. His emphasis on understanding both the technical architecture and human elements of privacy makes him an especially relevant voice for organizations working to build sustainable privacy programs.
Episode Highlights:
[05:27] Technical Foundation for Privacy Professionals
Peter emphasizes that privacy professionals need a basic understanding of technical concepts to be effective advisors. He recommends learning fundamentals of object-oriented programming, database structures, and access controls - even if informally through self-study. This technical knowledge helps professionals spot nuances that impact transparency requirements and data-handling practices. For privacy leaders developing their skills, starting with introductory programming concepts and database fundamentals provides a crucial foundation for understanding modern privacy challenges. Most importantly, this technical literacy enables better communication with IT teams and more practical implementation guidance.
[11:36] Strategic Approach to Delivering Difficult Privacy News
When delivering challenging privacy-related messages, Peter advocates for a methodical, analytical approach rather than emotional reactions. He recommends first identifying applicable laws and requirements, then systematically exploring options for compliance, and finally presenting a clear risk analysis across liability, litigation, and reputational dimensions. This structured approach helps maintain professional relationships while ensuring stakeholders understand the full context of privacy decisions. Privacy professionals can use this framework to transform potentially confrontational situations into collaborative problem-solving opportunities. The method also helps build credibility and trust with business partners who may be skeptical of privacy requirements.
[18:40] Building Effective Privacy Programs: The "Why" Before "How"
Peter stresses the importance of establishing the foundational "why" of privacy programs before diving into implementation. Privacy leaders should help organizations understand both risk factors (regulatory, litigation, reputation) and positive motivators (customer trust, contractual obligations). This foundation requires a deep understanding of organizational culture, risk tolerance, and stakeholder expectations. The approach should align with existing governance structures rather than imposing a one-size-fits-all solution. Most critically, success depends on finding internal allies with relevant technical skills who can help discover and manage privacy requirements effectively.
[30:35] Targeted Privacy Training Strategy
Rather than attempting to cover all privacy principles broadly, Peter recommends separating training content based on audience needs. For general staff, focus on helping them recognize personal information and understand when to ask for help rather than technical compliance details. This targeted approach improves retention and practical application of privacy concepts. Training should be customized to reflect the organization's specific context and use cases rather than relying solely on generic materials. The key measure of success is whether employees know how to identify privacy issues and engage appropriate resources when needed.
Episode Resources:

Connect with us at [email protected]
This podcast is brought to you by VeraSafe.