According to a survey by the IAPP, data privacy is becoming increasingly prioritised by global organisations, with nearly half of privacy professionals stating that they reached full or nearly full compliance with GDPR in 2020. This is a good sign of momentum, but also underscores the fact that many organisations are still struggling to operationalise data privacy requirements in Europe and beyond. This fact is one of many reasons behind the growing demand for data privacy expertise across FTI Technology’s global client base. We recently discussed these issues with Amber Gosney, a new Senior Director within the firm’s Information Governance, Privacy & Security team in EMEA.
Amber, you’ve re-joined FTI Consulting after several years with other firms. Can you talk about your background and your current role?
My background is a bit eclectic. I’m very interested in the arts and began my career at a museum, with a focus on Roman art. I had the opportunity to go on a dig in Italy while a student and but ended up helping to install visual art and film at the Dallas Museum of Art. When I later decided to pursue a law degree at Tulane, I took many of the people and project management skills I had learned in the art industry with me.
I entered the consulting industry after law school and eventually had a secondment to London as a Director within FTI Technology’s e-discovery practice. This is where I was first exposed to data issues and international data transfers. That work really piqued my interest in data protection, so when I had an opportunity to stay in the U.K. permanently and become one of the founding members of the privacy practice at another firm, I had to pursue it. I spent about five years working with clients in that role.
Coming back to FTI Technology was an easy decision for several reasons. The Technology segment has grown rapidly, particularly in the data privacy arena, which is very exciting. I’ve also always loved the company culture here. I’m really enjoying being a part of it again and rekindling connections with former colleagues.
What do you find most interesting and challenging about the current data privacy climate?
There are two key elements. One is that there has never been a time when public health data has been actively discussed like it is today. The pandemic has really shone a spotlight on the blurred lines between individual privacy and public health information. These issues are naturally creating a lot of unprecedented considerations for companies that are storing this type of data for their employees, customers, and partners.
The second interesting factor is that data protection is a rapidly changing field, with new regulations coming into play in nearly every major jurisdiction around the world. And in regions such as California and Brazil, organisations are often facing multiple regulations where there were none before. The logistics of addressing multiple regulatory frameworks efficiently, across borders, creates a lot of headaches.
What’s your perspective on how GDPR and other data privacy compliance overlaps with e-discovery?
The over-arching trend is that we’re seeing an increasing move toward data localisation. This helps reduce some of the data privacy risk that may arise during an e-discovery matter. Still, multinational litigation often requires the transfer of data across borders, and that’s become very difficult to navigate in light of various regulatory calls to action. It’s important for counsel to view the entire e-discovery process through a data privacy lens and consider involving a data privacy expert in the matter at the outset. This will help ensure processes are documented. For example, conducting a data privacy impact assessment (DPIA) to evaluate and address all the risks before data is moved between jurisdictions. There will always be a delicate balance between cost and caution but taking privacy issues into consideration from the start will help mitigate issues and support sound decision making.
How does your background as a bar qualified attorney effect the way you approach client projects?
My approach is less about being an attorney than it is about my experiences in law school. I was at Tulane when Hurricane Katrina hit. I was working through a demanding, highly regimented program, while also living in the middle of an unfolding national disaster. There’s no way to walk away from an experience like that unchanged. So much was lost during that disaster because the worst-case scenarios had not been accounted for ahead of time. What I learned is that even the best action plans fall short if they aren’t addressing the most critical problems. We’ve seen this unfold again in many ways through the pandemic.
I believe it’s important to take a data-driven approach and look back with the critical eye of experience at what has gone wrong to improve processes. That’s the thinking I bring to my clients’ data protection challenges.
What’s something you’d like to share about your life outside of work?
Even though I left my art career behind, I still have an artistic itch to scratch. There’s definitely an artistic strain in my family—we have somewhat of a tradition of all being artists on the side of our day jobs. My sister is a shoe designer, and my grandmother was a celebrated painter in her community. I paint and love interior decorating, so through those activities I can keep art as a big part of my life.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.