On this week’s episode of Minimum Viable Podcast, I had the pleasure of sitting down with Joe Toscano, founder of DataGrade and author of "Automating Humanity." Joe's journey into the world of data privacy is pretty wild - it all started during his time as a consultant for Google, where he saw firsthand just how much potential there was for abuse and how little ethical oversight there was around data usage. That experience lit a fire under him to become a vocal advocate for digital privacy. He's since advised the US attorneys general on antitrust cases against big tech, helped shape privacy laws across multiple states, and even got featured as an expert in the Netflix documentary "The Social Dilemma."
Our conversation took a deep dive into the complex landscape of data privacy and the unique challenges startups face in balancing innovation with responsible data practices. We grappled with some big questions: How do we protect individual privacy while still reaping the benefits of data-driven innovation? What does it really mean for a startup to prioritize privacy, and how can they make it a core part of their culture? How can companies build trust with their users in an era of increasing skepticism? Joe's insights offer a roadmap for navigating these tricky issues. Whether you're a founder just starting out or a seasoned entrepreneur, this episode is full of practical wisdom and thought-provoking ideas that will challenge how you think about data privacy.
Catch the full episode with Joe Toscano here:
In the meantime, here are some of my favorite snippets from Joe:
This quote, in particular, really stuck with me from my conversation with Joe. He did a great job emphasizing the gravity of the privacy debate:
"Privacy for me is so much greater [than people realize]. It's about national security. It's about democracy. It's the freedom to think at the end of the day. If we have everything surveilled, and we know we are being surveilled, we do change our behavior."
This really puts things into perspective, doesn't it? It's not just about being annoyed by a few targeted ads. We're talking about the very foundation of our democracy and our ability to think freely. It's a powerful wake-up call for anyone who's been brushing off privacy concerns.
Listen up if you're a startup founder looking for practical ways to reduce privacy risks. Joe's got some great advice:
"The easiest, most immediately implementable thing that founders can do is consider ways to mitigate risk through what is called data minimization. Only have what you need for as long as you need it for the purposes you need it for. If you don't have it, it doesn't cause problems."
I hadn’t heard much about data minimization until my talk with Joe. The idea of only collecting the data you absolutely need and not holding onto it longer than necessary is amazing, actionable advice for founders. It's a simple step you can take right now to significantly reduce your risk exposure. Sometimes, the most effective solutions are the simplest ones.
One of the key mindset shifts Joe advocates for is viewing privacy as an ongoing process, not a one-time compliance task:
"It's not a solid state; it's a dynamic thing, and you have to be checking up on it constantly. You have to have some kind of odometer to it, and that's what we hope DataGrade can be. It's more of an odometer to the system to tell you when you need to check in than it is a solid state."
For startups, navigating privacy is a journey, you can't just set it and forget it. It requires continuous monitoring and adjustment. That's where tools like DataGrade come in - they're like an "odometer" that lets you know when it's time for a check-up. Embracing this mindset is crucial for long-term success.
Implementing privacy practices can get tricky, especially when it comes to figuring out what actually counts as personally identifiable information. As Joe explains:
"What needs to be explored, and what we're defining, is actually: what is personally identifiable information? And it's not just one data point. Because maybe in isolation, the data point is not PII, but in combination with others, it is. So you really have PII data sets as much or more than you have PII data points."
It's not always clear-cut. A single piece of data on its own might not identify someone, but when you combine it with other pieces, it can. As a startup, you need to think in terms of "PII data sets," not just individual data elements. Recognizing this nuance is key to implementing effective data practices.
Even with the best intentions, companies are going to screw up sometimes when it comes to privacy. But as Joe points out, what really matters is how you handle those mistakes:
"What I say is you're not a bad business if you make a mistake. I think that's what everybody thinks about [Big Tech firms like] Facebook, Google. They're bad people. They're bad businesses. Well, I would agree at this point in history, that there is some mal-intent behind some of it or malpractices at the very least. But if you asked me six or seven years ago, my opinion would have been different. Because if you look at the history of business, every large-scale business has created some problem at one point or another. It's how you respond that makes you good or bad."
No company is perfect. What separates the good from the bad is whether you own up to your missteps and make real changes in response. As a startup, you're going to face challenges as you grow. The key is to focus on how you'll handle issues when they inevitably arise. It's about being transparent, accountable, and committed to doing better. That's what builds trust in the long run.