Having forged a career path from a law firm to marketing to information governance and now privacy, not many legal professionals can say they’ve seen as many implementations of AI as AI Visionary Brett Tarr—senior privacy counsel at Collibra, and formerly chief legal counsel at Caesars Entertainment.
The legal sector has a reputation of being slow to embrace new technologies, but you stand out as an early explorer of AI. How and why did you take an interest in AI?
I’ve been working to solve complex data problems in my professional life since around 2002. During this time, the growth in the volume, sources, and complexity of data has required new strategies and new tools to manage legal responses. I started my career in litigation and was around for the dawn of electronic discovery, so I saw how technology enabled quicker, more efficient review of large data sets even when that technology was just an electronic review platform.
It just made sense that as more and more data emerged, we should be open to new technologies and new workflows to keep pace. I took an interest in AI around the time that my then-employer was involved in a multibillion-dollar bankruptcy and lienholder litigation. The demand to identify, collect, review, and analyze a decade of information, including over 40 million emails, was overwhelming; I knew there had to be a better approach.
I was introduced to AI in the form of Text IQ, which offered the promise of quicker, cheaper, and more accurate analysis of data. My team tested the AI against a data set that had already been collected, reviewed, and produced and found that the AI was not only faster, but also identified a significant number of privileged documents that had been missed by traditional human review. As they say, the proof is in the pudding. Once we had established proof of concept in a static environment, we began looking for all the different ways we could leverage AI to manage various types of data uses.
What were your interests early on and what drew you to the practice of law?
As far back as I can remember, I have always been interested in technology and business operations, having seen my father start and build numerous companies from the ground up. I also saw the delays and costs associated with bringing in attorneys to review contracts and other legal documents. I thought if I went to law school, I could fill that role and remove the bottleneck in business processes.
By the time I got to high school, I wanted desperately to be a sports and entertainment lawyer—I thought I could join my love of sports (basketball in particular), business, and legal reasoning into a career as in-house counsel for an NBA team. While my path to the sports world was not realized, my original desire to merge business, technology, and law has remained constant and allowed me to develop expertise in multiple areas of legal technology using my law degree and a master’s in business administration.
You’ve worked in a wide array of functions over the course of your career: marketing, legal, information governance, and now privacy. What has helped you make these bold career transitions?
I have always felt like a bit of an outlier, having both a deep creative side as well as a logical, process-driven orientation. While the various iterations of my career may seem unconnected, to me they follow a logical progression.
Once I left law firm life and the rigors of large-scale litigation behind, I built marketing programs for an e-discovery provider, which forced me to learn the business from the ground up. I came to understand both the workflows and the data lifecycle from a technical and strategic perspective and applied my legal experience in the litigation process to frame business programs. As those programs grew, the focus shifted from responding to legal and regulatory issues to preparing for them ahead of crises.
At this time, the left-most side of the Electronic Discovery Reference Model (EDRM) was labeled Information Management, as a proactive way to prepare for the earliest stages of e-discovery. In 2007, my colleague Jim Burns and I had the opportunity to lead the Information Management node of the EDRM working group and pushed to rename it as Information Governance. This was around the same time that the field of knowledge management was taking off as a formal business discipline and the name was evolving towards data governance. It just made sense that understanding the sources, locations, and uses of information would help enable the e-discovery process, so I began focusing heavily on the discipline of information governance. Right place, right time I suppose.
Either way, the link between raw data, governed data, and the process of identifying, collecting, reviewing, analyzing, and strategizing around data all blended together in my mind, and I started seeing a broader recognition of the value of governing enterprise information.
By the time I joined Caesars Entertainment, from the first day of my initial interviews, I knew that I wouldn’t just be working on building an e-discovery function—I would need to take a deep dive into building out an information governance function. Privacy is not only a logical extension of governing information, but it also specifically called out as a discipline within information governance. Essentially, privacy is a highly specific application of information governance to support controls around how organizations use and safeguard the information they collect about customers, clients, and employees. So, to me, it has been a somewhat linear progression of related fields that has led me to where I am today as in-house counsel building privacy and information governance programs.
Privacy has become a boardroom imperative in recent years; in this changing landscape, where regulatory burdens are increasing and enterprise data is expanding in volume, what are the privacy challenges that companies face? To what extent can AI help meet them?
There are many business challenges arising from the current privacy landscape, both internal and external. Internally, companies have continued to remain siloed in a way that makes it difficult for one team to know what other teams are doing, including when they are collecting and using the same data for different purposes or capturing multiple copies of the same data. As more and more data is collected or generated, the obfuscation of data usage across teams makes it very difficult to develop a unified strategy for data protection or even to ensure that privacy teams have visibility into the uses and controls around data.
Externally, the biggest challenge remains the fragmented and disparate privacy regulations within the US and internationally. Recent decisions in the European Court of Justice invalidated the Privacy Shield framework that enabled transfers between EU nations and the United States. Also, the growing network of US states’ privacy and data protection laws set up different standards for residents of different states; companies are still unsure whether they should take a unified approach to privacy or maintain different operational processes based on jurisdiction. Then you have to consider the introduction of complex data privacy regulations in China and Brazil, which further muddy the waters. Organizations are caught balancing risk between responding to regulations in place today versus anticipating what may come in the next year or more.
With the continued growth in AI technology, there are some interesting opportunities to address each of these problems. With the right controls in place, AI may help locate and aggregate duplicative data, merge common files, and provide visibility into data stores and usage that might evade a traditional manual interrogation. From a regulatory perspective, AI offers the ability to review multiple regulatory schemes, identify common elements, and help organizations build a stable foundation for privacy programs that can flex and grow as new regulations come online. At a certain point, there are just too much data and too many use cases to manage manually. Just as AI has been deployed to collect intelligence about contracts management and spend management, privacy is another opportunity to leverage machine learning to build sustainable and scalable solutions.
With the continued growth in AI technology, there are some interesting opportunities to address each of these problems. With the right controls in place, AI may help locate and aggregate duplicative data, merge common files, and provide visibility into data stores and usage that might evade a traditional manual interrogation.
Which person (living or deceased) do you most admire?
The person I most admire was my third-grade elementary school teacher, Evelyn Mitchell. Where most others saw an unfocused, rambunctious seven-year-old, she saw potential in me and helped harness that energy and direct it in positive ways. This traditional British schoolmarm patiently helped me focus, harness my intellectual curiosity, and build successful habits that would last a lifetime. I owe so much of my success to her.
What do you do when you are not working? How do you decompress?
When I am not working I split my time between creative and physical endeavors. I spend a lot of time taking my 18-month-old Cavalier King Charles Spaniel on long walks, working out, and stretching each morning. Creatively, my primary outlets are travel, photography, and cooking. I get great satisfaction in framing landscape scenes and animals, and my apartment is decorated entirely with photographs I’ve taken in travels to 22 countries and 5 continents. I also love experimenting with flavors while cooking and especially baking, with healthy ingredients. I recently developed a recipe for a zero-sugar strawberry rhubarb pound cake.
You’ve had an illustrious career; what do you consider your most meaningful wins in the course of your career, and why?
I’ve been lucky to work for some incredible organizations and amazing people. It’s hard to pick one thing that stands out in my professional career, but in terms of scope, I think going from companies in the $20 million to $200 million revenue range to a $7 billion company and managing the discovery response to a $23 billion bankruptcy case with five separate lienholder lawsuits stands out.
The initial collection of data represented over 40 terabytes of information, and we were able to partner with a litigation support organization to introduce advanced, technology-enabled workflows that generated over $300 million in cost savings. This complex legal matter largely encapsulates my approach to work: collaboration, creativity, building robust business processes, utilizing technology to work smarter, and developing efficient workflows. As a two-man team in a company of over 80,000 people, it was both nerve-wracking and very satisfying to prepare discovery for some of the most tenured judges out there (including Judge Shira Scheindlin, who authored one of the earliest pieces of jurisprudence on e-discovery) and get a proverbial pat on the back.
Of course, I’d gladly trade any kudos in the working world for the greeting I get from my dog every time I come home.