Lynden Renwick – BrightKey

Indispensability is what Lynden Renwick craves.

In a world where IT capabilities are constantly in flux and rules differ considerably from country to country, figuring out how to navigate the legal waters can be a constant struggle—particularly for companies on the cutting edge.

Lynden Renwick | Senior Vice President and General Counsel | BrightKey

But where others see a multijurisdictional miasma of compliance, Renwick sees something else: another opportunity to be indispensable.

As senior vice president for BrightKey Inc., a company specializing in outsourced support services, Renwick is leading compliance efforts for some of the world’s most demanding data laws. In so doing, he’s emerged as a leading voice in the debate over how data should be protected—and who owns it.

“The way the commercial world has handled consumer data for over two decades is changing,” Renwick says. “Getting in front of that new standard—and staying in front of it for the next 5, 10, even 20 years—that’s where I want to be.”

Data with destiny

Founded in 1988, BrightKey is a certified woman-owned business whose suite of services includes inbound and outbound call centers, telemarketing, warehousing and fulfillment, mail screening, facilities management, on-site consulting services and more.

At approximately the same age as BrightKey, it might be difficult to imagine the 30-year-old Renwick being responsible for more than 200 partner contracts, managing BrightKey’s online advertising efforts—and all in addition to leading the landmark data protection work that goes to the core of the company’s business.

Asked how he manages to stay ahead while being involved in every element of BrightKey, Renwick says, “It all starts with relationships. You have to know your team in order to count on them. It’s making sure you go around in the morning and catch up with everyone, making sure you know what they’re going through, what’s going on in their lives. When you go to a meeting, it’s engaging in the 15 minutes before and 15 minutes after. That’s where relationships are built; where corporate culture lives.”

As BrightKey’s data protection officer, Renwick works to ensure compliance with the industry’s ever-evolving data protection standards. These includes Payment Card Industry Data Security Standards (PCI DSS), the EU’s General Data Protection Regulations (GDPR), as well as forthcoming U.S.-based consumer privacy laws, beginning with California’s Consumer Privacy Act (CPA).

Thanks in large part to Renwick’s leadership, BrightKey was one of the first in its industry to be compliant with these new standards—though he’s not naïve enough to believe anything’s been settled.

“Every year I looked at the expanding scope of the PCI DSS, and the longer I looked at it, the more I realized: this is just getting started! The scope of data attracting regulatory attention was getting bigger and bigger, and it was only a matter of time before a new frontier was captured.”

The new frontier has arrived in the form of personal data, but having identified that new battleground years in advance, BrightKey is already at the frontlines, ready to battle with a new wave of compliance standards.

A ‘mad dash’

As the new PCI DSS standards were unveiled, Renwick led BrightKey to be one of the first service providers to comply.

As that effort unfolded, Renwick started getting calls from colleagues around the nation, in effect becoming an industry consultant for others navigating the PCI DSS compliance process. Just a few years later, the same thing happened with the GDPR.

“There was this mad dash for everyone as they suddenly became aware of it,” he says. “Google and Facebook and these big multinational companies, they’re able to throw millions of dollars and teams around the world at compliance efforts.”

Of course, for smaller companies still subject to strict compliance standards, such efforts aren’t so easy. So Renwick set overall best practices for compliance for BrightKey and partners alike without time-costly overlap or gaps. In doing so, his goal was “to not allow BrightKey or its partners to become a case study” for data theft or misuse—a death knell for any company handling protected data.

The ancillary benefit of being ahead of the curve in data protection, he says, has been gaining the trust of BrightKey’s clients and prospects.

“My process for that? Identify the need, become the solution and follow through every single time,” Renwick says. “Do that consistently and long enough, and people will rely on you to be that solution.”

But data protection hasn’t been the only hot item on his plate.

Hot plate

Since arriving in the United States in 2014, Renwick has updated and streamlined some 200 partner agreements to reflect his company’s culture and business goals. He created a new contracting structure, replacing piecemeal engagement practices with a new master services agreement (MSA) that stands over easier-to-administer project statements. He led an effort to enhance corporate culture with a focus on coaching, particularly for millennials, stressing the importance of setting professional goals and following up at the individual, team and organizational levels.

He also built BrightKey’s online marketing and advertising campaigns from scratch.

“With the extremely diverse set of client service offerings we have—17 deep at this stage—I asked myself: how can we intentionally market each of these services without using a scattershot approach?” he says.

It took two years, but Renwick created and refined 17 different digital ad campaigns (where there were previously none) to describe BrightKey’s offerings—each with different targeting criteria.

With sales improved, BrightKey then asked Renwick to head its website modernization effort, set to culminate with a June 2020 unveiling.

“Our analytics showed us that users were overwhelmed by our service scope. They were getting lost before they ever got to the call to action,” Renwick says. “Our new website will streamline navigation, allowing our visitors to stay focused on the ‘service of need’, or ‘choose their own adventure’ and find out everything BrightKey has to offer. When we combine a fresh approach to navigation with our unique voice and brand, it makes for a website experience like you’ve never seen.”

It’s the kind of purview that most general counsels wouldn’t touch. Then again, there’s little about Renwick’s story that’s gone according to script.

Analogging on

Born in Australia, Renwick had a commercial and criminal litigation practice in western Sydney when he met at an American woman at a backyard barbecue in 2013.

Eventually, he would leave his law practice, sell his land and move to the U.S., where he learned a new legal system in a single year, earned a master’s degree from the University of Baltimore (graduating at the top of his class) and passed the bar exam. Married in 2017, the couple was expecting their first child when Renwick spoke with Vanguard in early February.

Now, five years into his tenure with BrightKey, he finds himself at a critical crossroad in the industry. As companies reach back into their archives and discover documents from the last century neither digitized nor disposable, the business opportunity for BrightKey is considerable.

“Analog data is being completely overlooked,” he says. “But there’s personally identifiable information everywhere, and one of the places where people are at risk is in hard copy records. Every business needs to manage its mail in a way that observes the laws designed for digital data, but which apply to analog data all the same.”

To that end, Renwick is helping the company roll out document digitization as a service: taking analog items, digitizing and encrypting them, and storing them in the cloud. It makes for an interesting complement to BrightKey’s existing CBRNE mail screening services.

“Everyone still gets physical mail. Everyone’s ordering online and has an Amazon package waiting on their porch when they get home,” he says. “If you’re handling 100,000 pieces of mail every year, what’s in it? What’s in your mail? What’s on your porch in an era when a single grain of fentanyl can kill you and the three people next to you? Mail comes in all shapes and sizes. That means the threats do, too.”

While Renwick has achieved quite a lot in just five years stateside, he’s just getting started.

But even with his eyes firmly fixed on the horizon, don’t get the wrong idea: He knows that protecting what’s behind him is just as important as pursuing the next frontier.

“Someone is going to be made an example. Someone is going to fall short and need to go to court to test these new data standards,” Renwick explains. “Someone will be forced to defend a negligence case because they didn’t screen their mail.”

“But it won’t be BrightKey—we’re not going anywhere.”