Rhina Grullon, MSJ, CHPC, CIPP/US, is the Senior Privacy Manager at Kenvue and a 2020 graduate of Seton Hall University School of Law's Master of Jurisprudence program. In this interview, Rhina shares her career journey, insights on privacy management, and the evolving landscape of compliance in today's digital age.
Can you share your career journey from your early roles in compliance to becoming a Senior Privacy Manager at Kenvue? What key experiences or milestones shaped your path?
I started my career in healthcare shortly after getting my Bachelor of Science. During my early career years, I held several positions where I was able to gain knowledge from the different areas I supported and develop a basic understanding of them. After doing marketing for several years, I moved into compliance, which was a very different role. However, having the marketing experience helped me in investigating cases related to sales.
Eventually, I moved up in the compliance space and became interested in privacy after being the HIPAA SME for over four years. I decided to pursue my Certified Information Privacy Professional certification. Something just told me that privacy was just getting started. I’m glad I listened to my gut! It led me straight to Seton Hall.
How did your Master of Science in Jurisprudence from Seton Hall Law and your Bachelor of Science in Education and Psychology from The City College of New York prepare you for a career in privacy and compliance?
My prior degrees gave me the ability to develop partnerships with stakeholders, as well as prepared me to train my business partners and educate them on the latest trends. Being able to articulate complex matters is no easy feat.
What motivated you to transition into privacy management, and how did your previous experience in compliance roles influence this decision?
My role in healthcare influenced me to involve myself in privacy management. One of the reasons I worked in healthcare was that I could help people. Helping people was always a prerequisite for whatever career path I took. And although I was not helping people directly in my privacy role, I knew that what I was doing was helping to protect the rights of the broader community.
What are the biggest challenges you’ve faced as a Senior Privacy Manager, and how have you overcome them?
In a world where information is obtained easily— for example, as easy as creating a social media profile—it can be challenging to explain data protection. Privacy is a human right and should be treated as such; however, when marketing needs data for targeted advertising, it can be quite a challenge to explain the dos and don’ts. You don’t want to be seen as a blocker but rather as a partner. The best you can do is educate and advise.
Given your extensive experience in healthcare compliance, how do you stay updated with the ever-evolving regulatory landscape, and how do you ensure your organization remains compliant?
There are many resources, such as legal articles, data protection sites, trade associations, news, and government affairs. It is also important to maintain a network of other privacy professionals to stay in the know.
You’ve worked in both healthcare and consumer goods sectors. How do the privacy and compliance challenges differ between these industries, and what skills are transferable across them?
Healthcare privacy is governed by the federal HIPAA law, while consumer goods have their own state and partial federal laws. The challenges differ in terms of fines, audience, and government oversight. The healthcare space is highly regulated, given the sensitivity of the information provided and collected from patients. Consumer goods use data as part of their business strategy but also to provide certain services to consumers. Nonetheless, both require partnering with stakeholders, training, providing privacy policies, and ensuring the consumer/patient comes first.
Where I work now, while it is mainly a consumer goods company, their mission is to realize the extraordinary power of everyday care.
How do you align privacy and compliance initiatives with the broader business strategy at Kenvue? Can you share an example where compliance significantly impacted business decisions?
Compliance can be seen as the external police, in a way, as it is our job to enforce the law and ensure we are doing business compliantly. However, there are times when the business may not see eye to eye, and that’s when we try to align and understand their goals. For example, while implementing some of the new state privacy laws, we realized there would be an impact on how we collected user information through our tracking technologies. We weighed our options and made the decision to take a risk-based approach so that we could closely align with the business while scaling back as needed.
With the rise of digital health and technology, how has your role as a Senior Privacy Manager evolved, and what emerging trends are you focusing on?
This is a great area of focus. AI, for example, has been quite challenging, as not everyone understands the impact it can have when not used as intended. My role requires a basic or intermediate level of understanding of emerging technologies, as it is important to apply privacy by design when implementing new tech. Privacy should be at the forefront—at the table, rather than an afterthought.
Trends we are tracking relate to AI, biometrics, consumer health information, children’s data, and tracking technologies.
What advice would you give to someone aspiring to enter the field of privacy and compliance, especially those with a legal or educational background similar to yours?
Privacy is an interesting space where a legal background can be a stepping stone, but it also requires analytical thinking, an operational mentality, and partnering with your business partners. It is not learned in a day, so staying up to date with trends, joining privacy associations, and following the regulations closely definitely provides an advantage.
Looking ahead, how do you see your career evolving in the next few years? Are there any specific goals or projects you’re particularly excited about in your current role or beyond?
Interest in privacy roles is increasingly growing. Consumers are learning more and more every day that data is money, therefore, valuing their own information. They want to be in control of what they share and what is collected about them. It excites me to see people take control of their privacy and how regulators and lawmakers are seeing the impact it can have on our youth if they don’t learn early on what it means to ‘be left alone.’
One of the things I am excited about is creating a privacy space where my business partners can come to ask questions, have candid conversations, learn what happens behind the scenes of a privacy implementation, and be able to educate them on what can often be a complex yet challenging and exciting part of our company.
Privacy is everywhere; it is in everything that we do!
