How LinkedIn Creates A Culture Of Security

Kalinda Raina, head of global privacy for LinkedIn.
Kalinda Raina, head of global privacy for LinkedIn.

Kalinda Raina, head of global privacy for LinkedIn, says the company understands that when it comes to securing the data of its members, “everyone in the company has a role to play.”

That’s one way the social network has created a culture of security. Raina is chiefly responsible for overseeing compliance with data privacy laws and regulations, establishing privacy standards and policies, regulatory outreach and implementing the company’s compliance framework for privacy.

She will be speaking at the Cyber Risk Forum, on March 4th, 2019 in San Francisco. Raina will be on the panel, “The Future of Data Protection: Adapting to the Privacy Imperative” with Ruby Zefo, Uber’s chief privacy officer. We spoke to Raina about how she works with LinkedIn’s executive team to create alignment if a cyber incident were to occur, why it’s important for boards and CEOs to take ownership of cybersecurity and more.

How does LinkedIn adapt the constantly changing privacy guidelines and how to protect people’s personal data?

At LinkedIn, our top value is “member’s first.” It guides what we build, how we treat data, and how we operate as a company. And it isn’t just on a badge or a slide. Every day, “members first”—those two words— are used to guide our actions and decisions.

This value has existed since our inception and has consistently led us to seek to do the right thing when it comes to our members’ privacy.  That means not only complying with laws but following our own company values and ethos.

Developing open lines of communication across the board has been one of our biggest assets when it comes to adapting to changing privacy guidelines. For example, we’ve established a fantastic cross functional team of key stakeholders across our security, legal and data organizations. We are able to easily communicate the legal changes that filter across the company and specifically into the engineering organization. We recognize that everyone in the company has a role to play and we work hard to disseminate trainings and learnings across the organization to ensure everyone has the information they need to make decisions that are privacy beneficial.

How do you work with LinkedIn’s executive team to build a strong working relationship so there is alignment if an incident were to occur?

As a company we’re always keeping an eye out about the latest industry incidents and how this could affect our members. Our legal and security teams have an ongoing relationship with the executive team and reach out when policy changes occur or an issue arises. With our “member’s first” approach, our executive team is interested in not only learning specifics affecting the privacy and security of our members, but is curious about shifts in the industry. We are a vision-driven company, so it’s important to our executives that they understand these topics from a LinkedIn member and industry perspective.

Learn more about this event by clicking the image above.

Why is it important for company’s leadership – not just the folks in security and IT – to own cybersecurity – rather than delegate?

Data is ubiquitous in the work that most companies are doing today. We are no longer in a place where the conversations around security and privacy are relevant to a limited number of specific teams. Member safety is a top priority for the company, and it’s something all teams are thinking and talking about.

We function as a sophisticated company that is thinking about and working with all orgs – from sales to engineering – about how we think about and treat the safety and security of our members.  For example, our leadership team realizes the importance of the entire company being educated in this space. Because of this, we have their full support in the creation and continuation of internal programs such as the Security Champions Program as well as the Privacy Champions Program. These are two examples of programs where we take people from around the company and educate them about how to think about data privacy.

These Champions are meant to serve as a first point of contact on their respective teams across the company for early education and questions that may arise. We are educating folks to understand that this is not just the law but to understand the nuances of these laws and how we can work internally to ensure we are acting with our members best interest in mind. We have created a culture of security that is approachable here at LinkedIn instead of bogging our employees down with legal jargon or scare tactics.