About me
Hi, I’m Carey Lening. I’m always puzzling over the complexities in life — be they systems, people, or organizations. I gravitate towards hard problems that don’t have easy answers, particularly those of the legal, tech, and policy persuasions.
I’ve had 20 years of experience writing and advising on data protection, privacy & technology law, information security, and related disciplines. Over that time, I’ve gotten really good at identifying societal and organizational pain points, recognizing that problems rarely have a one-size-fits-all solution, and explaining complex topics in simple and plain terms.
I’m currently working as a freelance data protection, legal & policy consultant for companies around the world. I also write a (mostly weekly) blog on data protection, fast-moving technology trends, and the implications of legal and policy decisions made in response. It’s pretty wonky stuff, but I do try to make it accessible and interesting. Most recently, I worked as an external data protection officer and advisory consultant for a small firm in Ireland.
My cross-functional background means I’m equally at ease discussing legal nuances with lawyers and regulators, hashing out technical details with engineers and information security professionals, and presenting high-level overviews to the C-Suite. I also think I’m funny, so that helps.
What I do
In short? I help make complicated things easy to understand. I cut through bullshit, and make everything a bit less confusing.
Data Protection & Tech Advisory
The world is changing fast and so are the rules of engagement. Privacy and data protection, information security & compliance with the legal rules and regulations that concern them are no longer “nice to haves”, but must-haves. I can help. Whether it’s understanding the laws and all their complexity, building up a data protection and security program, assessing risk, or building in meaningful privacy by design, I can help you do it in a sensible, practical, and realistic way.
Writing & Speaking
I write and present a lot about the intersections between technology, law, policy, and the unintended consequences that occur when people move fast and break things. I've written for GRC World Forums, Techdirt, and speak regularly about this stuff. I write most regularly on LinkedIn and Substack.