E15-In conversation with Sarah Harriott: Cybersecurity and Corporate Governance in Local Government

Show Notes

📝Show notes:

Does diversity in cybersecurity and corporate governance matter? 

In this episode Michala Liavaag invites Sarah Harriott to speak candidly about the reality of working as a black woman in law and corporate governance, the challenges of getting on boards and as always - they discuss her journey to becoming a cyber savvy leader from the corporate governance perspective. 

Sarah Harriott is an experienced solicitor with a background in litigation. She now specialises in Corporate Governance and provides support to Information Governance at Coventry City Council. 

Sarah's LinkedIn: https://www.linkedin.com/in/sarah-harriott-5103b4223/

👉 Cited in this episode: 

The Law Society's Race for inclusion report: https://www.lawsociety.org.uk/en/topics/research/race-for-inclusion-the-experiences-of-black-asian-and-minority-ethnic-solicitors

Action for Trustee Racial Diversity: https://atrd.group/

Getting on board charity: https://www.gettingonboard.org/

Book The 7 Habits of Highly Effective People, by Stephen Covey Quietly Visible- Book and podcast by Carol Stewart: https://bit.ly/Cybility2QuietlyVisible

BBC sounds

-----

⭐Found this useful? Please rate and review, as it helps reaching more people 

👍You can also subscribe and share on social media

💬 Contribute to future episodes with your cyber security concerns and questions

📃Transcription 

🤝Connect with Michala and Cybility Savvy:

✅ LinkedIn ✅ Twitter ✅ Youtube ✅ Instagram 

 

---

✍🏾Written and produced by Michala Liavaag

🎦Co-produced and edited by Ana Garner video

🎵Music by CFO Garner

-----

⭐Found this useful? Please rate and review, as it helps reaching more people

👍You can also subscribe and share on social media

💬 Contribute to future episodes with your cyber security concerns and questions

🤝Connect with Michala and Cybility Savvy:

✅ LinkedIn ✅ Twitter ✅ Youtube ✅ Instagram

---

✍🏾Written and produced by Michala Liavaag

🎦Co-produced and edited by Ana Garner video

🎵Music by CFO Garner

Chapters

• 0:00: Intro
• 1:08: About Sarah Harriott
• 1:34: Journey into law
• 2:20: Diversity in law
• 4:09: Diversity in local government
• 11:10: Racism and microaggressions
• 14:10: NED and Trustee Diversity in boards
• 16:30: nformation Governance and Data Protection in local government
• 18:52: Cybersecurity and schools
• 19:56: Schools and governors
• 22:04: Councillors and use of council IT
• 23:44: Training, Education and Awareness
• 25:07: Data protection impact assessments (DPIAs)
• 26:16: Supplier due diligence
• 31:23: Assurance and the board
• 32:02: It's all about risk
• 35:18: Future of Corporate governance
• 37:12: Sarah's recommendations
• 39:39: What drives you?
• 40:29: A final word for leaders

Transcript

Welcome to Cybility Savvy, the show that demystifies cyber security for not-for-profit boards and leaders.

Hello I’m your host Michala Liavaag and today we're going to talk with Sarah Harriott about their journey to becoming a cyber savvy leader in corporate governance we'll discuss the ins and outs of corporate governance information governance and cyber security in local government 

hi Sarah thank you so much for joining us today 

hi Michala thank you for having me 

I’m really looking forward to this    conversation as we look at your journey as a career in corporate governance and the relationship between that and the cyber security Sarah is a solicitor of 11-year qualification with a background in litigation and she now specializes in both information governance and corporate governance at Coventry city council she is going to share with us her journey to becoming a cyber leader in corporate governance Sarah for those in our audience who haven't met you before would you like to tell us a little bit more about yourself 

hi nice to meet you Michala nice to see you again as the intro said I’m a corporate governance solicitor with 11 years qualification experience I’ve been at Coventry city council for just over five years now and during that time I’ve started to specialize in information governance and corporate governance and yeah really just enjoying getting to know how the local authority works and getting more into the corporate governance side of things 

Obviously you've been in the game for a while in terms of the legal side did you always thought once you're going to law do you want to talk a bit about your journey there 

I’ve always been very studious got good grades at school but I didn't really know what to do with that and at first I think I had aspirations to be a doctor but then I think it was when I was making my choices university-wise that's when I settled on law and I decided to do my llb I did the legal practice courses it was known then afterwards really got into the practical side of being a solicitor decided I wanted to do that and then pursued it from there found a training contract at a small firm a bit later on started working in local government at another local authority and five years I’ve been at Coventry city council now really enjoyed it yeah

I’m conscious that in my field of cyber security and here is a black one and perhaps one of the minority do you sort of have any experience about yourself with law at all or 

It hit me more when I was doing my applications at university or it was brought to my attention shall I say that it was more challenging for women of colour black women to get into the industry full stop I think when you're making that choice between whether you're going to go down the barrister solicitor path I was made aware that as a barrister you will be self-employed there's not many people in the profession it's going to be hard and it did influence my decision at the time but I think in retrospect I have made the right decision and I think it's true most recently during covid lockdown that period of reflection that I’ve had chance to really think about that the law society did it's called the race for inclusion published a report in December 2020 and that's when it hit me the lack of diversity in the profession and I was sort of at a loss because it was not long after the pandemic has started the movement in America regarding George Floyd everything had happened when the figures came out of that paper so at the moment 17% of people in the profession identify as people of colour and of those about 2 or 3% identify as black so I think it really hit me then there's something here what I felt so helpless what can I do because that was quite an emotional webinar there were people sharing their stories there's the lack of uplift in the profession maybe once you hit a certain place in your career you don't reach partner level there's a lack of diversity at partner level all those sorts of things so it was very hard hitting for me and it's made me reflect a lot on myself my personal journey luckily at Coventry city council we are quite diverse we've got that because we're quite a diverse city we've got that diversity within ourselves as a city council what is happening at Coventry is it's be they they're fully aware of it they've fully got commitment to diversity and inclusion but it's not seeped through to the top so similar to the law profession people at senior level it's been addressed there and the organization have made a commitment to address it within the organization as part of that they've also recently put on a talent program for called ignite run by Jenny Garrett MBA fantastic program that myself and 14 others have been on and it's just been really insightful reflecting now is it's amazing we've just learned the importance of bringing yourself to work authenticity identity personal branding things like that and networking as people of colour we tend to shy away from those things I know I can't speak for everyone but I know I certainly have and it's just bringing your full self to work bringing yourself to the game and realizing this is a career you've got to take every opportunity so I’m just really grateful to have that opportunity have that time to reflect and yeah just I’ve just come out such a more confident person and I think as a result of that I also want to uplift others at the council and also in the legal profession and yeah help them see that they can be whatever they want to be yeah

Wow thank you very much for saying that the shocking statistic that you gave yeah how few black women there are and also the fact that you consciously didn't take a career that potentially interested you because of the lack of opportunity you know sort of think to myself how many times that replicated throughout this country you also mentioned in that about the pandemic causing that self-reflection and particularly after George Floyd with black lives matter I know you've got children and just wondering sort of did that reflection people feed in with that as well thinking about intervention uplifting others so is that kind of related to that sometimes in the future 

Yeah absolutely I’ve got two girls a two-year-old the nearly seven-year-old I think at that point where I felt so helpless it makes you think about them and their future and the sort of things that they're going to hear during the pandemic there were a lot of stories on the telly there was a wave of awareness just one of those stories that stood out for me was in particular there was a vet black female vet and she was saying I’m only one of 1.7% in my industry and that shocked me in hindsight I can I can see now that that is just the reality and I called my oldest daughter over and I said look here's an inspirational woman she was sharing her story about the racism sexism she faces on a daily basis as a rural vet and I said Corey don't let anything hold you back I left it at that I think that was not that sort of August then obviously I listened to the report the law society report in the December the 9th so I rechecked the date now it was just the day that my life changed because I realized I’m in the same position as that vet I haven't got the figures for females but of that two percent it's going to be a certain number of female my backgrounds Afro-Caribbean if you break that down that two percent figure down even further I’m exactly in the same boat as that vet so it just really woke me up and made me think wow I need to do something here I need to be even if it's a small part just a small part of that change so when the course was offered to us I thought I’ve got nothing to lose here I need to think about myself and what I bring to the world and what I bring to Coventry and my work really yeah s

So it's really great to hear that you know Coventry creating a programme for minorities to become leaders and certainly one of the things that I’ve found is dealing with imposter syndrome like all the time even now that's a feeling of being found out you know like never good enough and I know that something that is common in women in general particularly in my field but also as a minority group we maybe have that kind of added level on top and one of the reasons actually that I do this cast is because I promised myself that actually I needed to become more visible as a black woman to show people on cyber security that you can do this so it really resonates with me about what you're saying there and then it sounded like you're saying as well that it's really sort of boosted your confidence 

yeah I can totally relate to the imposter syndrome that was addressed within the course it's so hard because you're doing these things daily but you're always questioning yourself and it's really important to reflect on the successes as well as the mistakes but you learn from the mistakes and you're just growing all the time and the course gave me the ability to see my worth see what I’m bringing to the table see my potential what I can bring to the table and it's just amazing in that respect that energy permeated into the home my oldest daughter she came to me the other week with an application form and she was a bit shy about it but she said oh mommy I’ve got an application form to be a peer well-being champion at school and I’m just so proud of her she's just been my cheerleader through that throughout this journey even coming here today giving me tips telling me what to say and I it was really nice being able to help her realize her what she's got what's special about herself we talked about what's special about her what she can bring to the role and I said even if you don't get it even doing this application is just a massive step and showing your teachers what you're made of and she's stated I want to be a science teacher I think this role will be great to help me develop that experience in the future I care about my other pupils in my class and I want to be able to be a champion cheerleader for them if there's anything wrong someone that they can turn to someone that they can trust and so who can signpost them in the right direction if there's anything I can't help with and I was just so proud of her and just being able to see those seeds grow in her I think yeah has buoyed me even further 

yeah sorry I’m just like thinking try not to get emotional myself that is so so lovely um to hear really is  hat just that sort of change and how a small what organizations maybe sort of don't see as such they probably know it's significant and they know they need to do it but I perhaps wonder if organizations don't quite realize just what an impact that can have on educate individuals families and then society at large going forward you mentioned there about you know about George Floyd black lives matter and I also found that period quite triggering and you know it's all surface memories that I’ve forgotten about and things around sort of microaggressions did you find that same experience for yourself 

Yeah definitely it just really caused me to think about my childhood I actually journaled a lot of the things that I had been holding inside just as a just as an outlet to deal with them really example you know as a child other children can be quite cruel about appearance about my hair being different and I found going into the workplace quite challenging applying for interviews even attending interviews there was a situation where I joined the Afro-Caribbean society at university as it was known then and I’d put this on my cv not thinking anything of it but I think one particular interview where I was asked if I had a chip on my shoulder I just had to check because you're part of this society that's what was said to me it just really really dragged me down and made me take that element out of my cv social media wasn't around at the time or wasn't as big at the time I should say when I was applying for roles and I think as a result of removing that from my cv applying to law firms I would say probably got more interviews as a result even in one interview that I went to afterwards someone said to me you can't tell who you are from your name as if that's a compliment it's just those sort of things had to deal with and I think I’ve buried them essentially and it's not until now that I’ve really had time to reflect on them but speaking to another colleague manager she's really supportive she says Sarah those things that you've been through have ultimately made you stronger and make you the person that you are today that was just such a just such an important thing for me to hear I’ve been through those things but I’m now at a point where being my authentic self I realized I’m valuable worthy etc and it's time to move forward and there's just people are just using their platforms now I can see it on social media there's just such a change from when I was in my early days entering into the profession it's just it's just heart-warming that there's just so much more awareness around the topic whereas I feel like I’ve had to hold it in shrink into spaces over the years it's just so amazing that we can we can all be who we need to be who we want to be in all sorts of fields now is just great and in terms of my daughters bringing them up I can't stop them from hearing things that are going to hurt them in life but I can give them the tools to just deal with it better than best than I did have them call out these things lean on the allies if they want to we just didn't have that terminology and I’m just so grateful that we have it now we can talk about it now 

I mean even the fact that we're talking about it now on this podcast is a positive thing again because it's authentic yeah here we are I’m just thinking about the leadership you talked about there's that low percentage of professionals who are black Caribbean ethnic heritage in law partner level and thinking again about our audience here boards are typically again still quite white I know that you're also an aspiring trustee it's quite difficult to again go through that process I’m really pleased the organizations like the action for trustee racial diversity who are sort of creating that safe space for us to you know have those conversations and sort of things again there's microaggressions that you might come across on a board I think it's really great that as you say you know we're getting the tools it's opening up the conversation now but we do still have quite a way to go and um I know that getting on board as charity doing some great work they have a bursary scheme to help aspiring    black Asian minority ethnic groups into becoming trustees but it is still quite a challenge it's just so great the work that's being done as you say I’m an aspiring trustee it's just I’ve heard about trusteeship volunteering before needs to be more women more diversity in that field but I suppose the lack of confidence in me the old Sarah in me just said well that's not for me but never think that something's not for you it's that's why I want to put my hat in the ring now I want as part of my pledge to be more visible I am applying for volunteering work in that sort of field and by doing that it'll help me to give something back but I’ll also get something back from it in terms of it'll enhance my skills it'll match nicely with the corporate governance work that I’m doing and help me to become perform as the best person in work 

With your corporate governance hat you have an awful lot of value to offer the organization all I keep seeing most frequently are posts for either the chair of the board yeah or the the finance lead very rarely do I see anything for sort of cyber security I think I’ve been like one in the past year but we're both on our journeys 

and    definitely yeah yeah yeah 

anyway let's    just remind ourselves about corporate government governance because I know that's what our audience are here to listen to but I do think it's important that we you know talk about sort of diversity challenges as well because again as professional that's something we deal with in terms of you mentioned information governance as being one of the areas that sort of done quite a bit in well first of all for the audience who aren't familiar with information governance just explain a little bit about you know what that is and then tell us a little bit about your role within it 

Data protection essentially council we are major processes of data we deal with a lot of data the city council's got social services there are adult social services they're probably the highest risk areas but obviously we've got other services that we run council tax refuse everything so we store a lot of data we process a lot of data we send a lot of letters to people still we undertake a lot of projects do a lot of consultations in the city with involving people's data so it's about managing that framework we've got an amazing information governance department really lucky to have that because I know not a lot not every council's got that and then if they need any illegal specialist legal advice they'll come to me say it's particularly unusual project might be law enforcement processing involved might be something slightly unusual to the council I’m always more than happy to step in and provide legal advice on that main questions are usually what is our role are we controller or processor of that data then controller do we make all the decisions or processor are we acting on those instructions and just ensuring that are we collecting the minimum things like that we just have to go through with the service areas because they've got their specialty they're all very specialized in their services but then they'll need the expertise of us just to ensure that they're handling that data properly that they're dealing with 

yeah thanks then so again that's just something I think a lot of    don't probably realize the depth and breadth of information that councils have  and have to deal with and protect thinking from a cybersecurity perspective for a moment what would you say was your particular aha moment in realizing in your career oh my goodness you know cyber security is something we really need to be thinking about and dealing with as well 

We've got an amazing ICT department who deal with our cyber security there just one want to let everyone know that but obviously with my job we had to work closely with them I’d always appreciated it and even taken it for granted but I think it was during the pandemic when a lot of school started being attacked that was a bit of an aha moment for me it just made me realize no one's safe we've all got to just protect the data that we've got we've got a DPO for school service as well so I advise from afar with that and I try to keep my hand in and understand what's going on with the school so it's just informing the schools and making impressing upon them the importance of cyber security really 

That's an interesting point around school because they don't have the budget of you know big companies to do this stuff a lot might be sharing a data protection officer what role do you think the governors of the school have to play in this space 

I think it's really important that they are aware they do the training as well just keep themselves up to date because I suppose they are a step away dealing with the strategic aspects of the school but this is just so important and breach reports that they have oversight of them as well and they'll be able to keep on top of common breaches at the school even if they're small they start to add up and they can show a picture overall of what's going on in the school and as a lot of them are going to be emailed to the wrong places that's the most common breach we deal with unauthorized photographs being uploaded it's really important that they see how that relates to cyber security information being leaked giving a picture to undesirables who might want to attack the system the threat is definitely out there 

You would say then it's part of the responsibility for all governors to be thinking about that 

Yeah yeah yeah okay definitely aware of it yeah 

What do you think about the idea of having one individual who knows a bit more than the others and you know still particularly specializing and sort of helping call those things out because thinking you know it's because of wide and deep areas of information governance and cyber security that if it's not kind of the way you're sort of thinking on a regular basis I’m just thinking that must be quite a challenge for governors 

Definitely a challenge and I think even if that can't be achieved on the governing board it should be an agenda definitely 

okay 

in terms of looking at those breaches or even if there's been no breaches saying that's not necessarily a good thing just being able to assess those and have an awareness of it yeah I’m all for having a specialist or someone who takes more of an interest in the governor's board because a lack of breaches can be a sign that maybe there's under reporting they're not being reported properly and just even keeping a check on that yeah yeah absolutely 

Okay and then coming back to local government and again yeah I used to work in local government years ago and one of the challenges we always faced was around skill level in IT for our elected members but also I suppose that political thing of I’m an elected counsellor I don't need to use your system I’m outside of all that as it were at the time and I don't know if it would have changed actually they used to have to register a data controller in their own rights with the ICO do you want to just tell me a bit about your experience of that and how that sort of changed over the years and where it is now 

The GDPR has been really helpful in that respect because there was a lot of work put into this when the law changed in 2018 and I think for the most part is taken really seriously here by the councillors I can totally understand that attitude that might have happened in the past but luckily at Coventry city council it is taken really seriously they will do the mandatory training they're all registered and we oversee that ensure that they're all registered and it is taken really seriously they use our IT equipment to do their work send their email so we've got a good handle on that thank you to the counsellors for just taking it so seriously and also I think because it's part of an annual report at one of the audit and procurement committee it's constantly on the agenda it's at the back of their minds that the training takes place every year they're expected to do it and obviously there's that change over encounters but we ensure that new councillors who come on is part of the mandatory training and it's labelled as Manchester training so it's taken a lot more seriously 

What do you think about the mandatory training you know once a year versus ongoing awareness and helping embed it in the way people think is that something that just thinking about some of the incidents that you probably need to deal with across the organization that if it's not embedded as people thinking and recognizing you just alluded there to under reporting what do you think as corporate governance you can sort of do around that 

Well we've got our internet we've got our awareness sessions we've done a lot of one-on-one training certainly at the start of GDPR 2018 there was a lot of one-on-one sessions done to try and embed the enhanced values of the GDPR into the organization in terms of awareness ongoing awareness we have the intranet we have an open door policy that if there's any breaches it's just a reportable long and short of it you have to report it that's been embedded in the organization and I think that hard work that was done oh well I suppose it's nearly four years ago now it is trying to maintain that obviously it's a challenge on an ongoing basis but I think we've done a lot of the groundwork behind that with the new law coming into fruition and I think we've got a good basis to say yeah it is part of the organization and just going wider than that DPIAs they're encouraged for new projects so everyone knows where they are on the SharePoint site at the start of a process you do a DPIA or at least a screening if you're not sure you can take it to our information governance department and they'll give you a steering as to whether you need to do a full one and then help you complete a full one DPIAs they’re data protection impact assessments and there was privacy impact assessment in the data protection act 1998 but it's as if it's been enhanced in the UK GDPR so it's there's a lot more questions there's a template document on the ICO that we tweak for our organization but there's a lot of questions in there and I’d say it's akin to a risk assessment that you do in health and safety but in terms of the data protection why are you undertaking this project what processing are you going to do what are you hoping to achieve is there even another way that you could be doing it without processing so much data or any data at all we answer all those sort of questions look at the outcome see whether there's anything that could be modified if there's any high risks whether they could be lowered whether the project should go ahead at all and yeah they're very much part of our organization's culture 

As local government you obviously have statutory footing to process people's information but some of the projects especially now thinking about you know the emerging technology the internet of things and all the wonderful ways of trying to improve services how do you and your sort of elected members balance the need to innovate with the stuff around the corporate governance and you know you mentioned health and safety there but also like fraud etc so it is fundamentally about risk how do you kind of help balance that and manage that 

I think it's ensuring that we do the due diligence if we're working with an outside organization ensure that they're operating at the same level of others in terms of cyber security and data protection and get those assurances before we enter into any sort of data sharing with them making sure that DPIAs where we're dealing with another organization is in a data sharing relationship that we get a data sharing agreement to underpin the processing and underpin the sharing it's all covered in writing and ensuring that there's all that good governance there 

What about organizations that don't have in-house counsel like you do 

Well there's a lot of advice on the ICO website I turn to it all the time it's brilliant for me it's a challenge but it's doable but the important thing is to if you haven't got it internally and you need the help just get the help get it externally it's worth investing in the long term if you're especially if you're going to work with council because we've got reputational issues we can't be seen to be dealing with another entity that doesn't take data seriously it's definitely worth investing the time in and being able to bring that assurance to us because projects over a certain ties they have to go through ICT as well and they get a separate questionnaire in terms of security and what systems that they're using so we're very much of the opinion that it is our biggest asset our people's data and we've got to look at it from the position that we are working for the city for the enhancement of the city everything we do is for the citizens of Coventry in in one way or another whether it's laid out in statute or whether we've got the powers to do it deriving from statute that's why we take it so seriously and why we want to see the seriousness in the you know organizations that we deal with 

One of the interesting things I saw on LinkedIn yesterday was around charity picking up quite a lot of the work for local government because you know budgets have been squeezed thinking about the sort of due diligence piece that you mentioned one of the challenges I always found was when you're dealing with like the really big companies who are just like these are our T and C’s that's it and also the other phrase that I got all the time was no one else have ever asked this before everyone else is fine with it is that something that you've heard a lot yourself 

I’ve heard it with the educational technology vendors in schools actually we've had the odds oh no one's asked us to do this before when we say well under article 28 if you're acting as a processor there should be written terms to define the roles and give you our instructions it could be similar for charities to not be defensive is probably a good start and to take it as a learning point because I’ve amended those sort of contracts and given it to the edtech vendor but then they've got something out of me that they didn't have before they've got a service for free really so I think it's that mutual appreciation that if someone's coming along and quoting something out of GDPR off the ICO website you have to do certain things in respect of data protection if we as a local authority are asking for that it's not necessarily a bad thing and then you can take it away incorporate into your the way you work 

Yeah you just reminded me of something when I was working in a charity I remember one call in particular I had some people from fundraising in a room with me and we had a third party provider on the phone and we're going through some security things and after the call one of them said to me thank you Michala I have learned so much from listening to you talking with them about this and the fact that the third party was taking the thing on board they said we're actually lifting up the base for the entire sector who uses that provider not just helping us that is actually what you're doing isn't it yeah with these providers you're giving them something that expertise and they can use that going forward where people do have in-house that's a bit much expert it's really useful but I do wonder if with a due diligence if people don't have that in-house that can be quite challenging I think do you think that leaders of councils charities whatever the organization have a role to play around the due diligence piece and holding organizations to account around that 

Yeah definitely the attitude comes from the top down I think taking it seriously and not seeing it as a blocker to getting a project done but rather an enhancement to getting your work done it's just another way of putting it protecting yourself at this stage ensuring that it's by design and default as the GDPR says it just saves a lot of challenges at a later stage if anything does go wrong especially if you're handling sensitive data 

It all comes down to risk fundamentally my role is just risk management just from the lens of cyber security and information security over the years then I’ve certainly noticed that increasing you know cyber security information security risk moving up the agenda certainly you know something that from this world economic report you see it's right up there alongside coronavirus right now with pandemic again and the increase right now with Russia invading Ukraine as well we've got that increased heightened cyber threat is that something that you've also seen rapidly local government 

Yeah absolutely I think there's been a historic feeling maybe that local authorities we're not a target we haven't got anything interesting to give but now there's been a massive turnaround it's taken really seriously we have a wealth of information we about the city about its residents or services that we do and that is valuable information and it's really important to us that we protect it and I think it's important to the citizens in terms of trust that they know that we're protecting all the data that we hold because it is so valuable definitely 

The things that I’m hearing there are you know as we protect we've got lots of information and  just to pick up as well on that we're not a target that's so common and actually the very first episode of Cybility Savvy was who would hack us so if you're listening and you've not heard that episode you might go back and have a listen often how many times do you call somewhere and they say nope we can't do that data protection do you think perhaps organizations are being a bit risk adverse when actually so much has changed with technology that we perhaps need to be a bit more risk-taking what's your thoughts around that 

Yeah absolutely it's not good enough just to say data protection prevents us from doing it what we're on a mission to do is to understand the why and when we say data protection prevents us talk about it more in terms of we haven't got a lawful basis to process because etc or we can't give you this because of this exemption that exemption I think it's just realizing that when you say data protection prevents us everything is grounded in that act or the GDPR so it's using the correct terminology it's not just saying data protection prevents us from doing it it's saying more being smarter about it and saying we haven't got a lawful basis to process because and really getting that grounding and understanding as to why or what we can process disclose share or why we can't rather than just having that blanket GDPR says no approach and then that's the role of information governance and myself to embed that understanding in the organization 

That's really good to hear because I think quite a lot in our field certainly historically there's been this perception of security says no and certainly it's something that as an industry we're trying to be more pragmatic in looking at well how can we enable you to do that in a way that's secure and so I guess what you're saying is how can we enable you to do that lawfully 

Absolutely yeah yeah yeah 

It's good to hear you know that corporate governance compliance-based and security-based professional we are looking to help the organizations we work for do you feel like the sort of corporate governance has really shifted recently as well what does that look like apparently going into the future

I suppose there's been quite a few high-profile challenges at other councils up and down the country and we're keeping a close eye on that because although it may not be an issue for us at our front door now you can't say it's never going to happen to you issues around governance relationships between councillors and officers and we've always been very involved in that and very aware of that but it’s keeping on board with these reports and other issues that are happening around the country because it's as if there's been a tidal wave recently and we just want to be very careful with how we operate in Coventry just because something is working and it's going well that doesn't mean we can take our eye off the ball we still want to encourage that relationship the way councillors and officers interact we're still very much embedded in that and invested in that so that's part of my role keeping on top of that also the day-to-day work with the constitution authority delegation and what I want to do is try and be more of a visible face of that make it an instrument that everyone can find accessible or if they need help they can come to me with that and help everyone understand that it's part of the way we work it's in a worldly document but it's got all our powers and delegations in there 

The thing you've made me sort of think about with that is how fundamental the practices that contribute to good corporate governance the organizational culture is really such a part of it and again that tone from the top is so important so one of the things I like to ask is a question around you know three things one of them was around your most recommended book and why 

Got to be the seven habits of effective people that was recommended to me by my sponsor Andy Williams been a massive inspiration to me helped me strategically yeah it was just really mind opening what do you want people to say about you at your funeral start with the end in mind and now I’ve listened to that that book I can see it in the habits of a lot of leaders that I’m around basically what do you want people to say about you when you're not in the room really have a think about that how you present yourself your brand your you your everything also the one about taking a break don't just get your head down be hard-working like you've got to get your head up think about where you're going what you want from life yeah that's just absolutely resonated with me definitely 

Yeah excellent you also picked a couple of podcasts 

One that I’ve got into recently because my connection is Carol Stewart she was one of the coaches of my course amazing woman the way I interacted with her was in our support and challenge group so small group work you bring a challenge that you might be facing in the workplace but rather than people just give you advice they give you questions to help you think for yourself as to how you can navigate that challenge so she was just really effective in leading that and drawing out the best dinners and really making us think about the situations I really struggle with that reflecting but it was great to just have that opportunity to reflect and I thank you so much for enabling me to do that and yeah she's got a podcast which goes live every week on LinkedIn she's got a book 

It's called quietly visible if anyone wants to look that up I’ve actually been on that myself as a guest she's got lots of inspirational women speaking about different challenges and men for that matter I also think she do great work 

Yeah second podcast I’d say is BBC sounds in general but I love all the shows on radio 4 they've got audio books on there and just a lot of mini documentaries about things that you never think about it's just really interesting to think about other things outside your normal day-to-day and as well as that there's law in action helps you just keep a fence in the legal field just find that really interesting 

Excellent thank you for that so  what's one question that you wish I’d asked you that I haven't 

Maybe what drives you 

Okay good luck and what drives you 

What drives me this is one of the things that I suppose I’ve never thought about until recently I think it's a combination of things daughters making a difference particularly now I feel like I’ve got a lot in me and I’ve made that realisation and I think that's just such a motivation just to see where I can go now with it I’m from Coventry originally parents came over from Jamaica in the 60s they've never left the city they're very much grounded in the city and so am It's just that thought of being able to give something back and for the next generation yeah yeah really excited to see what the future holds in terms of that 

Great question thank you I’ll be adding that one to our future episodes what would be your advice for that board member for that executive in terms of you're thinking about the risks around information 

Don't fear it if you don't know something don't be afraid to ask no question is a stupid question I think especially if you're in a role of leadership to help embed it in the organization to encourage people to ask questions if you don't know something because things are changing all the time in technology just be aware of the threats like even your podcast here relating it to the Ukraine just you never know what's going to happen in the world obviously the pandemic is happening now the scope's always just changing and just to be aware of that is just so important I’d say to someone at board level even if it's not your day-to-day helping to promote it and not seeing it as a hindrance but seeing it as something that enhances your organization is just so important I think 

That's a great message to leave  to our listeners thank you so much so where can they find you online if they'd like to follow up with you at all 

I’m on LinkedIn mostly that is my social media go to so yeah if you search for my name I am there

Yeah excellent we'll put it in the show notes great well that's lovely thank you so much for your time today really enjoyed speaking with you Sarah 

Thank you for having me so much Michala