Google’s former head of legal for emerging markets, Karima Noren went on to co-found the data protection platform Privacy Compliance Hub. She tells the Brief about a career that has included working for the world’s most exciting company at its most exciting time, and why she now believes in the paramount importance of privacy.

The path from private practice to in-house counsel is well-trodden. That from private practice to senior in-house counsel at one of the world’s biggest businesses, to entrepreneur, is a little more overgrown.

It is, however, the route taken by Karima Noren, co-founder of Privacy Compliance Hub, and former head of legal for emerging markets at Google. And it is one she seems to be enjoying very much.

Noren’s career began conventionally, studying English and French law at King’s College London, then joining the City firm Ashurst in 1998, where she qualified and rose to the position of associate.

However, she says, she “didn’t really see the path to partnership” and had her eyes opened to the possibilities offered by an in-house career while on secondment to Virgin.net.

In-house ups and downs

Inspired by her period on secondment she made the leap and, in 2001, took an in-house role at the US-headquartered software company Peregrine Systems. This proved to be a bracing experience when, in 2002, the business filed for Chapter 11 bankruptcy protection.

“That was quite frightening,” Noren recalls. “It was quite early on in my career and I had left behind a beautiful golden career path at Ashurst.”

Her next step was to take another in-house role at Cable & Wireless, during which time she noticed an advertisement (ironically, in print) in The Lawyer magazine for a position at Google.

She applied and, in 2004, became Google’s second in-house lawyer in Europe. The first, who recruited her and went on to become her business partner and co-founder, was Google’s then head of legal for Europe, Nigel Jones.

The greatest job in the world

Few would have imagined in 2004 what the then search engine of choice for those in the know would go on to become during the eight years she spent there.

She says, “When I started at Google there were about 50 of us in an office in Soho and it was the greatest job in the world, it was wonderful. I had moved from organisations where you maybe shared an office with one other person to open-plan spaces where everyone was wearing casual clothes, there was very little hierarchy, a lot of openness, and lots of things to make the office fun.

“And there were wonderful trips, we got to go to the US a lot and there were lots of off-sites. The atmosphere was very fun and conducive to being empowered and getting things done, and if you made a mistake you had the support of managers and everybody around you.”

Scaling up

Over time, of course, the business grew massively, and each in-house lawyer’s role became more specialised. The stratospheric rise of Google also had a consequence with which those whose careers have been spent lower down the corporate food chain may find it hard to sympathise.

“I’m a builder, and I like it when things are new and unpredictable,” Noren says. “And at Google, towards the end of my time there, even though we had a lot of work, because we were Google we had a lot of negotiations that were relatively easy with the other side.”

To put it plainly, she was able to dictate terms, and started to get bored. Around the same time she was also helping her husband, with the legal elements of starting up a new business he was establishing for himself.

“I got to see what it was like again to be the small person who no-one knows, and I thought, ‘This is what I like.’”

In 2012 she took the plunge and established her own legal business to work with scale-up companies. In 2014 she was joined by her erstwhile Google colleague Nigel Jones, and together with a few other lawyers, they founded The Legal Pod, a consultancy business focused on the technology sector.

Taking ownership

The idea for the Privacy Compliance Hub developed while Noren and Jones were working with clients in the years before GDPR came into force in 2018.

Noren explains, “Our clients were using us to grow their business, they were constantly asking us to do commercial deals, and every time they got into trouble with privacy they would call us in a panic and say ‘help me out’.

“We'd go back to the client and say, ‘Privacy isn't just something you do in the aftermath, it's a journey, it’s something you've got to take control of and have ownership over, and only if you take ownership of it will you not get into trouble.’

“But the clients were busy doing other things. So we decided that our fixing of the issue in the aftermath was very bad lawyering, and we thought we could do this better.

“So the platform we built was one we as lawyers wanted to have to achieve real, continuous, easy, effective privacy compliance.”

The Privacy Compliance Hub is, according to the company, a simple platform containing a comprehensive data protection compliance programme. It includes an easy-to-follow route map, training, templates, records and reporting. It shows you how to get privacy sorted, and gives you everything you need and enables you to show you've done it, all in one place.

It is a platform that not only provides the tools required to comply with privacy regulations but also, Noren says, “actually tells you how to get the job done”. This, she says, is a key difference between it and other platforms that have been developed by US-based technologists rather than lawyers – in Noren and Jones’s case, supported by a range of expert contractors.

She continues, “We’re not bombastic and we don't promote the illusion that privacy is going to be ultra-easy to achieve and we make it clear that you can't just do a plug in and you’re going to succeed. We are being honest by saying that to achieve real privacy compliance you need to bring the people in your organisation who are actually touching the information together, and it is those people that need to understand privacy so that they can protect that information.”

Route map to compliance

The Privacy Compliance Hub process is, Noren explains, based around a “route map” of step-by-step activities that enable users to understand the data that they have, what they are doing with it and how to keep it safe. The platform’s target market is organisations with between ten and 1,000 employees, most of which are growing quickly and dealing with exponentially expanding volumes of data.

Privacy Compliance Hub was initially built around the principles of GDPR, “because it is the strictest privacy regime in the world”. This means, Noren says, “In reality our platform enables an organisation in the UK and in Europe to be compliant more or less globally, if you get what we ask you to do and how we ask you to do it in our platform.”

A lot of tension out there

Looking to the future, Noren says, “The sky’s the limit for the Privacy Compliance Hub. Another thing that makes Nigel and I different from others is that we deeply believe there is a privacy problem and that there is a lot of tension out there.

“On one hand we fundamentally believe in innovation, and you can see how many things people are innovating in, whether it’s medicine and using people's genome or your detailed biometrics in order to give you more targeted medicine. Of course, that makes sense, but the flip side of it is if you lose that data, or that data ends up in the wrong hands, individuals can be harmed.

“It’s the same as, for example, when you look at education. All of our children are starting to put an awful lot of their data online, and it’s so obvious to me that five years from now you could have a recruiter who isn’t just satisfied to look at a CV but goes and digs and finds ten years of track records of an individual’s performance in various tests online and draws a conclusion from this – and I think this is actually really dangerous.

“We really believe that if clients follow our route map and do as we tell them, they are very likely to build organisations that have privacy at their core, that are going to continue to innovate and keep people’s personal information safe. So, our ambition is to keep putting the message out there and reach as many organisations as possible.”

Visit

• The Privacy Compliance Hub

• Connect with Karima Noren via LinkedIn