Interview with Information Privacy Graduate, Steven Sone

By Matthew McGrath

In 2020, many Canadians decided to take their career in a new direction. Among them was Steven Sone, who discovered a new passion during this time—information privacy.

He started learning about information privacy during his previous job but decided to delve deeper into the field during the pandemic. After doing some research, Steven enrolled in the York University School of Continuing Studies’ Certificate in Information Privacy, graduating from the program in April 2021.

After completing the program, Steven was able to find a full-time opportunity as a data protection specialist at an investment company. Now a part of the privacy industry, he spoke with us to discuss his career journey, and how he became so passionate about information privacy.  

Could you just tell us about your current role and what you do there?

I’m a data protection specialist at a Canadian financial institution. I deal with privacy-related issues that come up when we develop new technology or anything that has to do with the collection of personal information of investors, employees, and/or financial advisors.

We ensure that we have the proper consent to collect that information. We look at where the data goes, who has access to it, and how it is protected from a cybersecurity point of view. 

And then we look at our adherence to various privacy laws, whether it be Canadian, European, or various American ones like California for example. 

 What led you to pursue information privacy as a Career? 

It’s a funny story. When I got into privacy, I was working as a business analyst, and one day one of the directors came up to me and said: “Hey Steve, we need you to fill out these privacy impact assessments.” And I’m like, “What the heck is a privacy impact assessment?” 

So I fill it out and submit it. Later, someone who is a data protection specialist at this company comes back and they’re telling me, “Oh, you didn’t answer these questions properly. It’s missing all this information.” And I’m just thinking: “I just need their approval to move forward with development. These guys are slowing me down!”

The second time I had to do one of these PIAs, something just clicked, and I realized that, “hey, wait a minute, these people are asking me these questions to protect the information of our clients.”

After I left that job, I started becoming interested in privacy protection. I wanted to find a program to educate myself, and I chose the York University program. I enrolled, and, in a way, it changed my life. I became very passionate about a topic that I didn’t know I was so passionate about. 

What was your favourite part of the program?

We had an amazing group of learners, and the highlight was working with them on group projects. At the end of a module, we would all get together on Zoom and everyone did their presentations and made a day of it. And it was really fun seeing how your classmates think and hearing different perspectives on various privacy issues. It was engaging and thought-provoking.

You mentioned privacy impact assessments (PIAs). Are these things you learned about in this program? How did the assignments and lessons prepare you for your current role?

I don’t think there’s any way that I could do my current job without the knowledge that I gained from this program.

This program goes into so much detail—it is so thorough. And the instructors are brilliant. So I think that the amount of knowledge I’ve gained from this course set me up, and separated me from other people when I was interviewing for jobs. 

When I interviewed for my current position my breadth of knowledge blew the interviewers’ socks off. I had to do a presentation as part of my job interview, and this program also prepared me for that. 

Everything that employers are looking for, you are going to learn in this program and probably better than anywhere else.

Could you talk more about your experience with your instructors?

Our two instructors were Peter Kosmala and Cristina Onosé, and both of them are highly respected and well-known in the field of privacy. If we ever needed one-on-one time with them, all you had to do was email them and they would respond right away. And if needed, they would set up a quick Zoom call with you, taking time out of their day to help you, and engage with you. Their insight is just unbelievable.

I finished the certificate in April 2021, and I still engage with my instructors. I’ve reached out to discuss complex privacy topics and concepts and continue to get quick responses from them.

It’s not like: “you’ve finished the program, now see you later.” They’ve been there to help us after the program completion. 

Keeping up these relationships after graduation was good for job networking because you have peers that may work in the industry too.

For anybody thinking about this program, what advice would you give them?

If you’re thinking about taking this program, and you have any interest in privacy at all, I one thousand percent recommended it. If you are in a position at work where you are required to educate yourself on privacy, there’s no better program to take.

Thanks for chatting with us, Steven! The Certificate in Information Privacy offers experiential learning in an accelerated format that allows you to graduate in just six months. Our industry-expert instructors analyze real-world privacy breaches and use practical, privacy-enabling tools and methods to help you acquire a holistic understanding of the organizational value of privacy and data protection.

Learn more about the Certificate in Information Privacy.