In 1890, Samuel Warren and Louis Brandeis published an article called “The Right to Privacy” in the Harvard Law Review. They weren't responding to a court ruling or a piece of legislation. They were responding to the gossip pages
Boston's newspapers had started printing details of private social events (weddings, dinner parties, the comings and goings of wealthy families) because instantaneous photography and new printing technology had made it cheap and easy to do so. The law had nothing to say about it. There was no remedy. The information was true, it had been observed in semi-public settings, and publishing it was legal
Warren and Brandeis thought that was wrong. Not just impolite, legally wrong. They argued that individuals had a right that the law hadn't yet named: the right, as they put it, to be left alone. Technology had outrun the rules, and someone needed to write new ones. Nearly every privacy framework that exists today traces its intellectual lineage back to this article
Technology keeps outrunning the rules. We need to build frameworks that make trust possible. At Mercury, we know that earning customer trust starts with respecting their privacy
This role is responsible for making sure our privacy program is operational, credible, and embedded in how we build. You'll translate legal and regulatory requirements into systems, processes, and habits that actually work at the pace Mercury moves. And you'll be the person who helps every team (product, engineering, data, marketing) understand what privacy means for their work, without slowing them down
As part of the journey, we would expect you to: Develop and update comprehensive privacy procedures and controls Stay abreast of privacy laws and regulations to ensure organizational compliance Evaluate and manage privacy risks associated with third-party vendors Manage data subject rights processes — DSARs, deletion requests, opt-outs — ensuring timely, accurate, and scalable responses Develop training, documentation, and awareness programs that make privacy intuitive for non-specialists across the company Some things that might make you successful in a role like this: 7+ years of experience in legal, compliance, or a related field, with expertise in privacy and data protection Deep understanding of privacy laws and regulations Experience building or significantly improving privacy infrastructure (data inventories, PIA frameworks, and vendor review processes) from the ground up Strong project management instincts: you can run multiple workstreams without dropping threads, and you know how to get cross-functional buy-in without formal authority Clear, direct communication: your ability to explain privacy implications to engineers, executives, and customers in plain language Cool and collected in