Andy Roth, Privacy, Cybersecurity, AI, Fintech and Crypto: Captains Of Industry

Andy Roth is a pioneering privacy lawyer who has built and scaled privacy programs at American Express and Intuit, co-founded successful fintech company Lithic (formerly Privacy.com), and served as partner at major law firms including Cooley and Dentons. He brings a unique perspective combining deep privacy expertise with entrepreneurial experience in fintech and crypto.

Introduction

Q: You've had an interesting journey through privacy, fintech, and crypto. How did you get started in privacy law?

My path to privacy started during my time at Weil Gotshal, where I was part of the Trade Practices and Regulatory Law Group. This gave me broad exposure across technology-related issues. The real turning point came when I joined American Express in 2004 as Senior Counsel supporting the Chief Privacy Officer. I found privacy fascinating because it sat at the intersection of law, technology, and business strategy.

Two years later, I became AmEx's Chief Privacy Officer during a critical time when privacy was becoming increasingly important to financial services. We built a comprehensive global privacy program that helped AmEx earn "#1 Most Trusted Company for Privacy" recognition from Ponemon Institute for five consecutive years.

Q: Lithic has become a major player in the card issuance space. What inspired you to co-found Privacy.com (now Lithic)?

Around 2014, I saw an opportunity to bring Bitcoin-like privacy features to traditional payment rails. The vision was to give consumers more control over their financial data while working within existing banking infrastructure. We recruited an amazing team, secured the Privacy.com domain, built key partnerships with card networks and banks, and launched at Money2020.

The company has evolved significantly since then - now called Lithic, it's grown beyond the consumer privacy focus to become a leading card issuance API platform valued at $800M. It's been incredible to see how the initial vision of privacy-centric payments has expanded into a comprehensive platform empowering businesses to build innovative card programs.

Privacy Management Best Practices

Q: You've built privacy programs at major companies like American Express and Intuit. What are the key elements for success?

Three critical elements:

First, privacy needs to be viewed as a business enabler, not just a compliance function. At AmEx, we used Six Sigma methodology to quantify the program's positive business impact. At Intuit, we focused on accelerating innovation while protecting customer trust.

Second, you need strong governance integrated into existing risk management frameworks. This means clear accountability, regular reporting to the board, and partnerships across functions like technology, security, and business units.

Third, the program must be scalable and sustainable. At both companies, we leveraged existing talent and resources while building standardized processes that could grow with the business. Technology and automation are crucial - you can't scale a privacy program through manual efforts alone.

Q: As AI adoption accelerates, what unique privacy challenges should organizations be thinking about?

I spent significant time on AI governance at Intuit, where we initiated a multi-stakeholder approach bringing together the CTO, CDO, CCO and others to build a framework for responsible AI development. The key is balancing innovation with appropriate controls.

Companies need to think beyond traditional privacy principles when it comes to AI. Issues like algorithmic fairness, model explainability, and preventing unintended bias are critical. We looked at frameworks from adjacent areas like FCRA decisioning to inform our approach.

It's also important to explore privacy-enhancing technologies like differential privacy, synthetic data, and homomorphic encryption. These can help optimize data assets while enhancing customer trust.

Team Management & Career Development

Q: Having managed teams across different organizations, what do you look for when hiring privacy professionals?

Beyond technical privacy expertise, I look for three qualities:

First, business acumen - the ability to understand commercial objectives and find creative solutions that enable innovation while managing risk.

Second, learning agility - privacy is constantly evolving with new technologies and regulations. We need people who can adapt quickly and bring fresh perspectives.

Third, communication skills - privacy professionals must influence across functions and translate complex concepts for different audiences, from engineers to executives.

Q: Any advice for those looking to build a career in privacy law?

Get hands-on experience with technology and business operations. The most effective privacy lawyers I've worked with deeply understand how systems work and how businesses make money. Whether through side projects, startup experience, or intentionally seeking out technical matters, practical knowledge is invaluable.

Also, don't be afraid to take calculated risks. My career has benefited from moves that weren't obvious at the time - leaving AmEx to build a privacy practice at Dentons, co-founding a startup, joining early-stage companies. These experiences provided unique perspectives that made me more effective in subsequent roles.

Looking Ahead

Q: What emerging privacy trends should we be watching?

The convergence of privacy, crypto, and decentralized systems is fascinating. We're seeing new models for data ownership and control that could fundamentally change how privacy works. Privacy-preserving computation and zero-knowledge proofs could enable new services while better protecting personal data.

I'm also watching the evolution of privacy-centric business models. Companies like Apple have shown privacy can be a competitive differentiator. As privacy technology matures, we'll see more businesses built around protecting and empowering consumers' data rights.