April 29, 2026

Lessons from Leaders: Deb Sokol in Conversation

Lessons from Leaders: Deb Sokol in Conversation
Lessons from Leaders: Deb Sokol in Conversation
Compliance Chronicles
Lessons from Leaders: Deb Sokol in Conversation
Apple Podcasts podcast player iconSpotify podcast player iconYouTube podcast player iconiHeartRadio podcast player iconPodchaser podcast player iconAmazon Music podcast player icon
Apple Podcasts podcast player iconSpotify podcast player iconYouTube podcast player iconiHeartRadio podcast player iconPodchaser podcast player iconAmazon Music podcast player icon
Season 1

In episode nine of Compliance Chronicles, we learn from Deb Sokol the importance of embracing the gray and look at the evolving nature of compliance. Deb shares her compliance journey and lessons she's learned along the way.

If you enjoy this conversation, make sure to subscribe to Compliance Chronicles in your favorite podcast app and follow the show so you don’t miss future episodes on privacy, AI, internal audit, and real‑world compliance leadership.

Liisa Thomas: Welcome to Compliance Chronicles, where we learn from professionals shaping the world of compliance. I'm your host, Liisa Thomas, outside Privacy and Compliance counsel adjunct professor at Northwestern Law School, and a lifelong learner of organizational change. ⁓ personal journeys to hard-earned lessons, ⁓ are the Chronicles that inspire and guide. ⁓ dive in. ⁓ back to another Compliance Chronicle conversation. So I'm pleased to have with me today Deb Sokol, who's currently at Allstate, but has had a really interesting journey in the compliance space. And I knew her first at another A company. So Deb, welcome. And I will turn it over to you to talk a little bit about your current role and then we'll dive into your personal journey. I'm on a team that advises on some special tier. There's a lot of issues that come up that aren't specifically relating to personal information, but there's still data. And so we advise on those as well as other technology related and AI initiatives. We support our commercial counsel. We support our litigators. We support other lawyers across the enterprise when they have privacy or data questions or AI questions. And we also support. host of business areas on different initiatives when they have deep privacy or data questions. So let's go from what you're doing today to your personal journey. How did you get here? Maybe how you got into privacy compliance? How, what hooked you? What made you pursue this as your day-to-day job? I feel like I fell into it. And I think part of it was that I was really open to doing new things. I was just willing to raise my hand and volunteer for some additional assignments. And one of the things I volunteered for was to be a guinea pig at the law firm way, way back when to be the internet lawyer. When the internet was just starting and the law firms were really fearful of what was out there and how would it work and they needed someone to kind of explain it. It was before there were privacy laws. There were no laws. Nobody knew what to do. We had to write our first privacy statement. had to really think about what does privacy even mean? I just fell into it based on being open to something new. You've had all of these different roles and it's been constantly evolving. What are some of the challenges that you faced during those different roles? Has there been something that's been the most difficult, the biggest hurdle you were happy to overcome? I mean, I think it's twofold. I mean, some of the challenge, you know, when I switched from being in a more of a legal role into a straight compliance role. That was a challenge. mean, really, it created a whole shift in mindset of what are the controls and how do you validate controls and how do you think about things more systematically and programmatically? It's not really something I had to do as much as a lawyer. A really mature compliance program is really disciplined. You know, they really think about how things are documented. How do we, you know, they really think about the kinds of controls that are required to ⁓ mitigate the highest risk issues. How do you measure it? How do you monitor for it? Like what kind of testing protocols do you set up? And it is just very disciplined and that was not something that came naturally to me. The other challenging part is just working and we always talk about working in the gray. We're dealing with this with AI right now. There were no laws, know, it's like privacy. We're sort of making it up and there were some laws, know, there's FTC. five, know, and you sort of like do things by you sort of use analogies and try to figure out what the structures were. But you were really having to be creative. And then GDPR came along. But I was working for a company that had a smaller European footprint. So it was like, well, how much do we care about GDPR? then CCPA came about. I was like, OK, now I guess we have to deal with this. CCPA had gaps and there were vagaries. things where you had to fill in the blanks. I think from a legal perspective, it was a challenge to give very specific, actionable advice to the people who had to operationalize this stuff because over the years, it's not, it is not that clear. So let's move the conversation from challenges to lessons. So learning, growth, key lessons that you've learned and maybe looking at those two challenges, living in the gray and operationalizing in the gray. What are some things through your experience that you've learned how they've shaped your approach to dealing with privacy compliance? in the gray. I will say to the lawyers out there that I highly recommend doing rotation in a compliance organization and you know really doing that operational aspect because it gives you an appreciation for what's your end goal. You know in terms of working the gray, phone a friend. There's lots of really good lawyers out there. Sometimes you need that expert advice. Join trade organizations, find people to talk to about how you're approaching things. You need to feel comfortable with the gray. I think sometimes you really want things to be certain and it's just not going to be. And you have to sort of like switch your mindset so it doesn't make you anxious. You the value of sort of planning in advance, really sort of mapping out a program, mapping out the principles, rooting it in those sort of like basic privacy principles and then figuring out how that works. you're comfortable living in the gray, how do you manage that with colleagues that you might present them with a plan and say, we're gonna, this is, we've got a plan, we're gonna execute on the plan and dealing with reactions of sort of, I am too overwhelmed to execute on this plan. That happens all the time. And I think my approach and it has been effective is don't try to do everything all at once. And, you look at the plan and try to decide, number one, what is the highest priority? But also sometimes it's certain things have to just be done first. It may not feel like the highest priority, but it's like, okay, well, this has to get done first or else we can't do the other things. Sometimes you just need version one done and version one may be good enough and maybe version one lasts for the next 10 years, even though it was like, you know, had some... band-aids and wasn't the prettiest thing that you put together, but it complies with the law and it's okay. Other times you're like, okay, we got version one, but so that's in place so we can have the baseline and you just keep on iterating. It's not cutting corners as much as like you de-prioritize things for later that aren't as high risk that can be done later and, you know, aren't going to be as impactful when you focus on the stuff that has the biggest impact. Parting advice, and you've already given us a lot of good advice, but parting advice to share with others who are either starting out in this space or have been here for a while. Maybe they don't have that network of support that you were talking about and need a little something to keep them going. What would be some parting advice? My first piece of advice is don't be afraid to get out of your comfort zone. you're going to be uncomfortable. And that's, think that's okay. I think we all, you can acknowledge it, but if there's something you're interested in, even if you think it's a stretch, you should do it. You should do it and don't be scared to go after it if it's something that you want. The second thing is just volunteer, raise your hand, be that person in your group that ⁓ people go to because they know you're up for anything. ⁓ And that will actually grow your opportunities, not only in terms of like, the opportunities will come to you because people will know you'll be known as someone who is always, you know, willing to try something new. ⁓ But it also, every experience that you have, no matter what it is, even if it feels like something that's a little bit of a tangent. It gives you another base of knowledge, another piece of experience that you will be able to call upon for the next thing. And it'll make you more confident in whatever. My last thing, only because I just saw this clip, ⁓ this old Ted Lasso clip about being curious, like just be curious. I mean, this is an area where it's always changing. There's always something new. And just ask the follow-up question. Well, Deb, thank you so much for making the time to have this conversation. It's been phenomenal. You're welcome. This has been great. I hope you enjoyed this episode of Compliance Chronicles, where we look for guidance and inspiration from the personal journeys of compliance professionals.