From India to Manulife, Young navigates complex data protection challenges globally
Danielle Young, VP and chief counsel, global privacy and cybersecurity at Manulife, says her legal career didn’t take off until she left Canada for India. “After I was called to the bar, I actually went to work for a non-governmental organization in Rajasthan, Jaipur,” she tells Lexpert. “I was there for one year – it was an internship – and after I finished, I came back to Canada and looked for work at non-profits to no avail. I had student loans to pay and started work at an insurance defence and international trade law boutique. I was a litigator for ten years. And then, in 2015, I joined Manulife as a litigator.”
Transitioning to Manulife’s privacy and cybersecurity wing
In her current role, Young has carved out a niche in the financial services giant's privacy and cybersecurity wing. After continuing in the litigation wing, she soon moved to the institutional insurance group benefits advisory legal team, where she spent nearly five years. “I mainly focused on the areas of anti-fraud, human rights, privacy, and complex claims,” says Young. “And having been a litigator for ten years, working on disability and life claims really was my comfort zone.” In 2021, Danielle was promoted to a new role of privacy counsel supporting the Canada privacy office. And then last year, in 2023, she was moved into another newly created role – chief counsel, global privacy and cybersecurity. “My mandate went from focusing on our Canadian operations to a global role. I lead a team – a tiny but mighty team – of lawyers across Manulife’s global footprint that focus on privacy and cyber security matters from a legal perspective.”
Leading Manulife's global privacy efforts
In her current global role, Young and her team provide legal advice and support to the privacy centers of excellence in Canada, the US and Asia. She’s also the lead lawyer supporting any global complex privacy or cybersecurity incident – no mean feat for a company with over 40,000 employees and 116,000 agents, serving over 34 million customers. “We also provide support to other teams such as Global Information Risk Management, our Chief Information Security Officer’s team and Enterprise Technology teams when appropriate,” Young tells Lexpert. “We operate as a center of expertise for the different business unit legal teams and segment legal teams on privacy and cyber matters. So, if they're dealing with a particularly complex privacy issue or cybersecurity issue, they can reach out to our team for support. Where a lawyer might have historically gone to external counsel, they’ll now come to our team first.”
Building partnerships and collaborations
And if it sounds like a lot of work, it is. Young and her team collaborate with various partners from different business units and functional teams to make it work so well. They are building a regional privacy and cybersecurity forum with lawyers across the company. “The idea is to support the lawyers learning about privacy and cybersecurity who work in different areas,” she explains. “We collaborate and discuss issues and challenges. It helps to ensure legal teams approach things consistently across the enterprise. It's also a great opportunity to learn about other business areas and get to know colleagues better.”
Navigating global cybersecurity challenges
With her finger always on the legal pulse, Young says that, of late, the increasingly complex patchwork of cybersecurity regulations globally, third-party risk management, and AI are all at the top of her mind. “We tend to work on anything that’s cyber or privacy adjacent,” she says. “And so, AI has been a huge focus for our team this year. I don't know that organizations had lawyers who were specifically designated, tasked or experienced, even in that space, prior to two years ago. When you look around the organization, which team does it make sense to support those issues? Because data is an issue with AI – and privacy is a big component a lot of the initial work landed with our team, and we were interested in picking it up.”
The importance of relationships in cybersecurity
When navigating cybersecurity matters, Young takes a pragmatic approach. Something that begins with fostering meaningful relationships across the company to thrive through any challenges. “As a lawyer working in cybersecurity, I think it's really important to build relationships. Our team partners really closely with the cybersecurity operations, incident managers and cyber threat intelligence teams. – there are actually a few people on those teams who are my best friends at work, and we talk to each other every day. Everything I have learned about cybersecurity, I learned from them – I don’t have a technology background, but I have a willingness to learn, and I’d like to think they have learned some things from me as well along the way.”
Strategic collaboration across business units
Young thrives in her Manulife career because of her commitment to building relationships and working together across different business factions.
“We partner really closely because any advice that we give, without the support from the security team, it's far less strong. Whereas if it's a security team and legal united in a recommended approach, it’s a stronger opinion and guidance to provide to the client.”
Part of her success, she says, has hinged on being a strategic partner – identifying issues and getting to the crux of it together. “Part of my success is spending time on building relationships and building trust with business colleagues – if they identify an issue to me, it doesn't turn into a finger-pointing exercise,” she says. “There’s no ‘who did this? What went wrong? Why was this done this way?’ You want it to be an open conversation so that colleagues feel more comfortable raising issues and have confidence we’ll work through it as a team. Where there's comfort in being able to identify an issue, I think it's better for the organization. It's better for employee engagement, and ultimately, it's better for our customers.”
