Fresh Perspectives in Western Union’s Legal Department

Company has handful of newcomers in prominent positions

Western Union has some new faces in its legal department. General Counsel Caroline Tsai joined in December 2017, and in a little over a year has made an impression on the people who have come since. She’s pointed to as an inspiring mentor, and understands how Western Union has to adapt in the privacy and security realm.

Esther Lim, now the director of privacy in the office of general counsel, came to the company last August from WilmerHale. She very much enjoyed private practice and her career change wasn’t driven by a desire to leave the firm so much as her recognizing the opportunity at Western Union may not have come around again. 

“I had no plans to leave, until I met Caroline Tsai,” Lim said. She called Tsai an “inspiring leader” who’s willing to mentor younger lawyers, and Western Union’s wide reach internationally appealed to Lim. “Even though I didn’t feel like I was ready to leave Wilmer, this was an opportunity that I didn’t think would come back when I was ready.”

Lim said Tsai has an eye for shoring up privacy issues and making sure Western Union is ready for that rapidly changing environment around privacy. 

Bill Min, a Western Union deputy general counsel who also serves as its chief privacy and data governance officer, is another newcomer to the company’s legal department in Denver. Min joined Western Union in April after being recruited by Tsai.

Data privacy is “an area of the law that literally changes every single day,” Min said. He describes his role as “helping to facilitate the company’s ability to utilize [its] information assets, and in a way that meets the expectations of customers and regulators.”

“She just wanted to ensure we had the right team in place, and that really inspired me, because that’s exactly what you want to hear when you’re being recruited.”

Min came to Western Union to help steer its data privacy strategy and “reshape the privacy organization so it would better align with the current environment” of new technology and shifting regulations. That has included updating Western Union’s existing documentation and policies for compliance with the European Union’s General Data Protection Regulation, or GDPR. That sweeping data privacy regulation, which applies to Western Union and other global companies, went into effect the month after Min joined the company.

But regulatory obligations like the GDPR are “opportunities” for a company to revisit data privacy policies in a broader sense — not just to get compliant with a particular set of rules, Min said. Western Union rolled out a new internal data governance policy last year that takes into account not only the GDPR’s requirements for data access and transparency, but also other regulations and statutes.

For example, being transparent with customers regarding how the company uses and processes their data is a common principle underlying data privacy regulations both in the U.S. and abroad. “Why should something like that differ whether it’s in Europe or in the states?” Min said. Even if the data transparency requirements are more lax in certain U.S. jurisdictions than in Europe, it’s more efficient for a global company to use a consistent standard across those jurisdictions, he added.

The newcomers to Western Union’s legal department have a host of experiences to prepare them for their current roles. Lim has a colorful background in privacy and security. Before Western Union and her private practice stint, she strategized privacy and security for Google’s gSuite. She also spent time at a nonprofit doing program management and policy analysis to help protect the digital privacy and security of human rights activists in places the U.S. considers oppressive of free speech. But as a California native, she eventually wanted to come back out west.

Min spent 16 years with Starwood Hotels and Resorts Worldwide, carrying the titles of senior vice president, legal, as well as chief data and privacy officer before leaving the company in 2016. Starwood announced in November that it experienced a data breach that exposed millions of Marriott customers’ encrypted payment card numbers and unencrypted passport numbers, with unauthorized access to the Starwood network dating back to 2014. Min declined to comment when asked about his role at Starwood in connection with the recently discovered breach.

Just prior to joining Western Union, Min had a similar position at Live Nation Entertainment. He said he’s had to be open-minded in his approach toward helping to craft data privacy policies for each organization. Data governance policies are tailor-made for each business, he said. “What may have worked at another company may not work here.”

Min experienced the learning curve of switching over to the financial services industry, which carries with it a whole host of additional legal requirements that he would now need to consider. As for learning about Western Union’s business itself, he focused on meeting people in various positions in the company and building relationships with them, trying to get a sense of their different priorities and objectives. All of those priorities, from the marketing department to the IT department, have to be considered when running a Fortune 500 company’s data privacy program.

“You can’t do a role like this in a vacuum,” Min said.

Min also focuses on attracting and developing legal talent for Western Union, which he said values having a variety of perspectives and expertise from different industries. Besides Denver, Western Union’s full-time privacy counsel work out of New Jersey and New York as well as Dublin, Ireland; London, England; Quezon City, Philipines; Sydney, Australia; Vienna, Austria; and Vilnius, Lithuania, among other locations.

Another key trait he looks for is “agility.” The in-house data privacy attorney for Western Union tends to be “someone who is very creative, resourceful and willing to take on new challenges,” Min said.

“Every department is made up of people,” Lim said. “I think that’s so important, and I think Caroline really understands that. Bringing in new GCs always brings in an outside perspective, and I think getting a fresh view on how Western Union does business has helped [the company] understand itself better.” 

—Julia Cardi; Doug Chartier

Previous articleBusiness Acumen Comes Standard
Next articleCourt Opinions- Jan 28, 2019


Please enter your comment!
Please enter your name here