Interview with Amdocs' DPO Dr. Avishay Klein
From implementing up-to-date privacy practices across the organization to handling a high number of data subject requests, a DPO has to overcome many challenges to succeed.
Dr. Avishay Klein, Data Protection Officer at Amdocs, was recently named one of the top DPOs to follow in 2022 by the tech and privacy community. Dr. Klein is a Lecturer of Law and Technology at academic institutions and frequently speaks on privacy regulations and building privacy programs at scale.
Before we begin, what roles have you fulfilled before becoming a Data Protection Officer?
I have been dealing with privacy and data protection since 2009. The first building block was finalizing my Ph.D. thesis at Bar Ilan University in the area of cyber law and data protection. Since I wanted to translate my knowledge to actual practice, I joined Hertzog Fox Neeman as an associate in the technology and regulation department.
After several years I was happy to join Amdocs as a privacy compliance counsel, bringing the company to the GDPR era. After two years, I assumed the role of Amdocs Global DPO. In addition, I am also an adjunct professor lecturing on privacy, cyber, and technology in The College of Management for several years.
As a lecturer and an influencer in the privacy field, what is the most important insight people don't understand about data privacy in 2022?
Great question. It’s important to realize that, for the most part, compliance with data privacy requirements is not “all or nothing.” <hl>It’s about defining and implementing correct processes to allow relevant stakeholders to “think privacy” and mitigate risks in all relevant streams<hl> (vendor management, IT controls, data transfers, and more).
Furthermore, how you handle and manage personal data is somewhat like having a diet- it’s about changing the way you think and handle yourself daily.
That’s fascinating. Can you please share some practical advice on getting stakeholders to "think privacy"?
It’s about educating stakeholders to ask the correct questions with respect to the relevant activity. For example, do I need to collect or share all this personal data in order to complete the task at hand? Did I check if I am allowed to use such data for the relevant purpose? Did I check with IT and Security that data is being secured and managed adequately? And so on. <hl>By asking the correct and intuitive questions, “thinking privacy” becomes easy<hl>.
What do you look forward to most about going to work every day? What gets you excited?
New technologies and challenges (COVID-19, remember?) are evolving rapidly, so trying to put in place correct controls in line with privacy and data protection principles becomes a very interesting challenge which I like. Another thing I love about my job is working with people from different units, cultures, and territories- India, USA, EU, Philippines, and more- privacy is definitely becoming a global language.
In terms of privacy, what is Amdocs' greatest strength?
<hl>The amazing people at Amdocs, specifically my colleagues in the legal privacy team and other team members from IT, HR, Security, etc., are Amdocs’ greatest strength<hl>.
It’s also important that Amdocs’ higher management takes a very active role in privacy and data protection. All Amdocs’ units have a designated Privacy Trustee to ensure privacy is being managed properly within the unit’s processing activities. This is a true statement of the level of maturity and accountability in this area.
You mentioned that many of your colleagues at Amdocs are involved with privacy, including those in IT, HR, and Security. How do you collaborate on these projects?
We built internal tools and processes together with the amazing partners you have mentioned. <hl>In addition, we are using 3rd party services to allow us to better manage our records, documentation, etc.<hl>
You’re also a member of the Israel Tech Policy Institute. Could you tell us about it? What are the organization's goals, and how does it affect the privacy world positively?
Israel Tech Policy Institute (ITPI), led by Limor Shmerling Magazanik, provides a platform for research and policy discourse across a range of stakeholders, including industry, academia, government, and civil society. It aims to create an open channel for policy debates about ethical, regulatory, and societal implications of emerging, cutting-edge technologies. As part of my role at the ITPI, I am a Member of the Advisory Board and try to bring value to the community from my practical experience in the areas of privacy and data protection.
As we discuss policy and government, let's look at regulation. What don't regulators understand about the business side when it comes to regulating data privacy laws?
I think that most (not all) regulators understand the business side well. However, the main issue which needs to be resolved ASAP is the data transfer limitations. It’s not practical to limit (and even deny) the option to transfer data outside the EU to third countries like the USA. <hl>We live in a global world, and companies should be able to transfer data freely to other territories if there are reasonable contractual obligations in place.<hl>
Let's end with a personal note. Do you regularly delete digital accounts or apps that you are not using anymore?
Sure. It’s important to try to live up to your own principles :)
Read more about our Top DPOs 2022 project here.