I Once Designed with Your Data—Now I Help Protect It
Written by Leslie Bradshaw, VP of Research & Growth at Pyxos
In the early 2000s, I was proud to be a part of the first wave of social media "Web 2.0" technologists. We blogged, we tweeted, we linked-back, we un-conferenced. And as the former co-founder, President, and COO of JESS3 (2006–2012), I was proud to be a part of a team who created beautiful infographics, motion graphics, and interactive experiences. We both helped create the waves, as well as learned how to ride them.
With the acceptance acceptance of each platform's Terms of Service, end users (aka data subjects aka humans) gave our team the permission we needed to tap Really Simple Syndication (RSS) feeds from Del.icio.us and Application Programming Interfaces (APIs) from Facebook, Twitter, and Foursquare to display the personal data of millions of people in the form of interactive visuals.
As with any marketing spend—where our budgets usually came from—there was a desire to be relevant and do something 'of the times' that would attract younger audiences and media attention alike. Being able to drive earned media, engagement, and followers meant their investment in whatever we did together had ripple effects and lasting effects.
While I often miss the magic those world-class team members and I created in those long days and hard years (you know who you are), I don't think I could approach the work with the same enthusiasm and fervor knowing what I know now about personal data privacy and protection.
Samsung’s booth at SXSW 2012, built by APIs, your data, beautiful UI, a ton of Torchy’s tacos, and sheer force of will (shout out to the team who made this happen).
It's not that we violated any Terms of Use—it's more that I and many others thought by investing in these social platforms and amplifying social conversations, we would somehow "democratize" and "connect" the world in a way that would benefit humanity. Years later, we all know how those idealistic visions have been turning out.
On a related note: remember when we eagerly volunteered our location for badges? I couldn't imagine posting these details publicly in 2025, could you?!
If you're into reflective deep dives, I've written a longer piece over on Medium that includes more history, more photos, and more real talk. Check it out: Oh the social web we wove.
And if you are looking for a more concise "So What" and "Now What", I've distilled it down to a handful of bullet points below.
So What?
I no longer consider myself a techno-optimist when it comes to social media’s role in our daily lives;
I am more likely to be sharing life offline than on; and
I want to minimize how much I give-and-take from platforms who have made people’s data the product.
Now What?
Knowing what I know now about personal data privacy through my work at Pyxos with teammates Varun Arora, Joliet (JoJo) Liu, James Beriker, and Jonathan Kass and our amazing collaborators like Laura Palmariello CIPP/E, Anurag Sushant, and Bilal Ghafoor CIPP/E CIPM I am approaching these platforms and responsibilities with a heightened level of legal and ethical integrity.
For those who are feeling ready to do the same, a few key changes that I recommend every marketer, researcher, and sales professional take:
1. Collect only what you need -and- make sure you explain why.
Shift from “nice to have” to “necessary to serve,” and always give users a clear choice to opt in (which is a big shift from giving them a chance to ‘opt out’ << I still recommend giving this option, too).
2. Read the Terms of Service closely when you run ad campaigns.
You may be more accountable than you think… especially if you’re exporting or combining datasets, or using third-party enrichment tools, or storing personally identifiable information (PII) in the cloud or locally. Know before you go!
3. Map your data flows, even if your legal team hasn’t asked you to.
Understanding how data moves across your tech stack—such as through Hubspot, Clay, Miro, Email, Airtable, and Slack—as well as and where you transfer the data to tell a story in a report or presentation—such as into slides, documents, and spreadsheets—is foundational to minimizing risk and respecting the rights of all "data subjects" (i.e. every human whose data you are managing, including employees!).
4. Ask your vendors the tough questions.
Who owns the data? Who has access? Is the data encrypted at rest and in transit? What’s your process for preventing, detecting, and reporting breaches? (to list just a few starter questions for these conversations).
5. You win trust through consistent, user-first actions.
I’ve come to appreciate that personal data privacy isn’t just about compliance with regulations like GDPR, CCPA, and the various Personal Data Protection Laws (PDPLs) like KSA's PDPL—it’s about aligning your actions (what and how do you collect data? what do you do with it? how secure is it in all of these places?) with your values (your website might say customer-first, employee-centric... but does your data privacy strategy and company culture back this up?).
Customers, employees, competitors, regulators, and the next generation are watching.
How do you want to show up?
What's Next?
I am on the data privacy journey in form and function with the amazing team at Pyxos; with our wise collaborators; and with our forward-thinking clients. My team and I look forward to sharing more insights, reflections, and best practices along the way.
I also have a few related things in the works for folks in the fields of research, marketing, and sales. More to come over on the Pyxos LinkedIn page!
Use of AI: I disclose when I use any form of AI in my writing. For this piece, I wrote everything up until the "Now What" section, then I asked ChatGPT to look at my longer essay from Medium and suggest ways to distill a few key points for a business audience, which I then brought back into my voice. I also noodled a bit on the headline with ChatGPT. You can read my full disclosures & ethics on my personal website here.
