Meet ZoomInfo’s Chief Compliance Officer: Q&A with Simon McDougall

Tech policy expert Simon McDougall has joined ZoomInfo as our new chief compliance officer, overseeing our privacy and compliance functions.

In this role, Simon will advance one of our core missions: providing transparency about how we collect and use professional contact data, while upholding individuals’ rights to privacy. He’ll also advise us on best practices for how we and our customers can remain at the forefront of data privacy, building trust in how data is used, and supporting compliance with the General Data Protection Regulation (GDPR) in Europe, and the evolving range of privacy regulations around the world.

Prior to joining us, Simon was deputy commissioner for the Information Commissioner’s Office (ICO), the U.K.’s independent authority that upholds information rights and promotes data privacy for individuals and transparency by public entities. At the ICO, he established new technology and innovation policy, directed work in areas such as artificial intelligence, adtech, and competition, and led ICO’s response to data usage in the U.K. during the COVID-19 pandemic. 

We caught up with Simon to learn more about his first month on the job, his perspectives on trends in privacy and compliance, and more.

Q: Why did you join ZoomInfo?

A: I was really struck by ZoomInfo’s core belief that you can be a privacy-first organization and use that as a competitive differentiator. Too many organizations see privacy as a zero-sum game, meaning that any commercial growth has to be at the expense of individual information rights. I saw that ZoomInfo’s success in the business-to-business (B2B) sales and marketing space has been accompanied by a pragmatic focus on good privacy practices, and I wanted to be a part of that.

Q: What are your first impressions? 

A: Well, I’m only into my fourth week, and there’s still a huge amount to learn. But I’ve been struck by the really positive culture here. There’s an understanding from people in the engineering, product, and sales functions that we have to “walk the walk” and not just “talk the talk.” This makes conversations about data usage much easier.

I’ve already seen how this translates into good practices. For instance, the way we engage with people in our database, providing them with notice of our policies, supporting ways for them to opt out, at a speed and scale that I haven’t seen elsewhere. That’s really important to how we work.

Q: Why are data privacy and compliance priorities for ZoomInfo? 

A: Sadly, trust is in short supply in the data economy. Sometimes this is because firms indulge in poor practices and sometimes it’s because they don’t know how to explain what they do. This means ZoomInfo has to work twice as hard to demonstrate its commitment to data privacy and compliance. Customers are rightly skeptical of all players in this field and, frankly, we need to show why we are different. 

Several key differentiators include our self-service privacy center that individuals can access on demand. We’re a registered data broker in the rigorous states of Vermont and California. We’ve also launched the industry’s first Business Contact Preference Registry (BCPR), a global database of individual opt-out requests that we process and make available to other B2B data providers. By supplying the entire B2B data industry with a ready-made list of opt-outs, the BCPR offers businesses a convenient way to prioritize privacy compliance. 

Q: What are ZoomInfo’s privacy-related goals for 2022?

A: I’m still the new guy around here, but one thing I’ve observed is that we receive lots of questions about how we handle data from different stakeholders, such as people in our database, customers, regulators, and the press. We all care about the same stuff, such as transparency, user autonomy, and security. We need to take the good, responsible practices that we have at ZoomInfo and find better ways to share that with others.

At the same time, there is always more we can do. As we expand internationally and broaden our range of services, we want to help our customers understand and comply with the rules and regulations they encounter. Very often, this means making our services as configurable as possible while also making sure that we’re clear about our own practices and how they make us a trustworthy partner.

Q: What were some of the most common avoidable mistakes you witnessed in your role on the regulatory side?

A: There was often a disconnect between the folks involved in supporting compliance – lawyers, compliance officers, and risk managers – and those who were involved in sales and marketing. At worst, this ended up being a cat-and-mouse game of what the revenue-generating teams could squeeze past the compliance functions. That’s a really unhealthy situation that creates compliance risks for the company and drains the energy and innovation from everybody involved. 

It’s an obvious thing to say, but culture is critically important at ZoomInfo. Without the right culture, every initiative around policies, risk management, and compliance will fail.

Q: What are some future privacy trends in the market? Where do you see the evolution of business data going for sales and marketing? 

A: We’re going to see more and more regulation. Around the world and in the U.S., mainly at the state level, there are new privacy laws that are fresh on the books or in the works. It’s really hard for anybody to keep up. Between the letter of the law and all the regulatory guidance, it’s just a huge amount of reading for anybody.

But the good news is that the underlying principles for most of the privacy rules are the same. So it’s possible for organizations to recruit good privacy professionals, join the right industry groups, and start to build global data processing models that provide meaningful information rights to individuals. This is a big change from where we were only a few years ago, when there were just a few experts and fewer models considered good practice.

In terms of sales and marketing, we’re moving beyond the time where many players in the data industry were trying to acquire as much information as possible – regardless of its origin, quality, or level of intrusion. We’re entering a more mature phase where companies are reconciling how they find the right buyers for goods and services—without trampling over both user expectations and privacy regulations. 

ZoomInfo is in a good place here, both historically and going forward. In the end, we’re all trying to match buyers and sellers, but we don’t need to be creepy, nasty, or illegal in doing that.