Best Practices
How Privacy Engineers Deliver ROI
privacymatters
PrivadoHQ
At Bridge Privacy Summit 2025, Nishant Bhajaria moderated a panel discussion with privacy engineering experts who shared real-world strategies for defining privacy ROI, selecting high-impact projects, and bridging the gap between privacy and engineering teams.
The panel featured:
- Luke Oglesbee – Senior Software Engineer, Remitly
- Alon Levy – Engineering Manager, Uber
- Saima Fancy – Senior Privacy Specialist, Ontario Health
- Nishant Bhajaria – Data Privacy Author and Executive
How Do Privacy Engineers Define ROI?
Unlike traditional engineering roles, privacy engineers don’t always have clear success metrics like shipping a feature or driving revenue. Instead, their impact is measured in risk reduction, efficiency improvements, and trust-building.
Privacy ROI Goes Beyond Compliance
Luke Oglesbee highlighted that one of privacy engineering’s biggest contributions is reducing fear and uncertainty around how data is handled:
“One thing that comes to mind is providing peace of mind internally. There’s a lot of fear and trepidation around how data is handled and where it is. Being able to qualify that and provide abilities to make better risk-based decisions is a big part of our role.”
Cost Optimization Through Privacy Engineering
Saima Fancy emphasized that data minimization directly leads to cost savings:
“When you practice data minimization within your cloud infrastructure, one of the natural outcomes is cost savings. If we can identify redundant or duplicated data, the natural ROI is data deletion and retention, which saves storage costs. Not to mention, you’re also enhancing security by minimizing exposure.”
Sentiment and Adoption as ROI Metrics
Beyond risk reduction and cost savings, Alon Levy pointed out the importance of measuring how privacy initiatives are received within an organization:
“In a larger company, the sentiment towards privacy initiatives is critical. If you want them to be successful, you need to make sure you're an enabler and a good partner for engineering and product teams.”
How Do Privacy Engineers Choose the Right Projects?
Privacy engineers must balance business needs, regulatory requirements, and technical feasibility. Choosing the right projects ensures compliance without slowing innovation.
Align Privacy Goals with Business Priorities
Saima Fancy stressed that privacy teams must start with internal governance before tackling external regulations:
“One of the biggest things driving businesses today is making sure that trust is front and foremost. If you can cause product teams across the company to comply with internal policies and standards, then and only then can you be compliant with external regulatory requirements like GDPR and CCPA.”
Prioritizing Business Enablement
Luke Oglesbee shared his approach to project selection:
“We look at what moves the needle on customer experience and builds trust in the brand. We also focus on reducing unnecessary data storage to lower risk. Finally, privacy engineering should enable the business to build faster and with more assurance.”
Balancing Friction with ROI
Alon Levy emphasized that privacy teams must be strategic about when to introduce friction:
“You can only create massive friction a handful of times before you start losing trust from core engineering partners. You have to pick and choose where the privacy ROI justifies the disruption.”
How Privacy Engineers Work with Other Teams
Privacy engineering sits at the intersection of legal, compliance, engineering, and product teams. Effective collaboration ensures privacy is seen as an enabler rather than a blocker.
Privacy Engineers Must Get Involved Early
Saima Fancy explained why privacy teams need to be part of early-stage product discussions:
“The worst-case scenario is when a product team is ready to launch something, and you have to tell them it’s not compliant. That is very inefficient and breaks down relationships. Privacy should be integrated from the start.”
Bridging the Gap Between Legal and Engineering
Luke Oglesbee shared a strategy for working with engineers:
“Teams take data ownership seriously, especially in security. They want guidance on privacy so come with both a requirement and a paved path to meet it.”
Alon Levy reinforced that privacy teams need to offer practical, scalable solutions:
“We need to provide privacy solutions that reduce compliance burden and help teams move faster.”
Scaling Privacy Engineering Against Changing Risks
Privacy regulations and business needs are constantly evolving. How do privacy engineers ensure their frameworks remain effective?
Build for Flexibility
Alon Levy recommended structuring privacy programs to adapt over time:
“Focus on creating the right building blocks so that you don’t have to make trade-offs between business enablement and backend governance later.”
Use Automation to Stay Ahead
Privacy teams can’t scale manually. Luke Oglesbee highlighted how automation reduces friction:
“We try to take a platform approach, providing solutions that engineers can onboard to easily, instead of adding manual compliance burdens.”
Privacy Engineers Must Lead Technical Strategy
Saima Fancy stressed that privacy teams should be involved before decisions are made:
“It needs to be preempted. Do those PIA, DPA, and tech privacy reviews ahead of time not after the purchase is done and the tool is deployed in your infrastructure.”
Defining Privacy Engineering as a Business Function
Privacy engineering roles vary across companies. Some focus on data security, others on compliance automation, and some act as internal consultants.
Privacy Engineering is a Cross-Disciplinary Role
Saima Fancy suggested placing privacy engineering under data and AI governance:
“Privacy engineering isn’t just about security or compliance. It’s about governance. Protecting data, ensuring legal compliance, and enabling business operations.”
Training the Next Generation of Privacy Engineers
The Carnegie Mellon Privacy Engineering Program was highlighted as a great example of cross-disciplinary training:
“They bring together faculty from law, engineering, political science, and philosophy to teach students how to handle data protection from multiple perspectives.”
Curious to learn how privacy engineering is being defined across organizations?
Check out our Introduction to Privacy Engineering a comprehensive guide that covers everything from key responsibilities to the latest frameworks. This is the perfect starting point for understanding the strategic role of privacy engineers.
Privacy Engineers Must Define Their Own ROI
The panel wrapped up with a key takeaway: Privacy engineers must take ownership of proving their value.
Nishant Bhajaria closed the discussion with an important reminder:
“Own your privacy ROI. If you don’t define it, someone else will and it may not reflect the full impact of what you do.”
🔗 Watch the full discussion
🎧 Listen to the Podcast
