Saira Nayak is certainly not new to the privacy industry. While her background is in IT and antitrust, she had plenty of on-the-job privacy training before she was even certified as a privacy professional, working at companies like Microsoft and TRUSTe developing products that complied with the rules.

Truly, her resume ain't too shabby. But it's her most recent role that has people forwarding each other the news. That's because Nayak's new gig marks the first known case in the wild (let us know if you've spotted another) of a CPO at an attribution analytics firm, and at one that's growing rapidly at that. Founded five years ago, TUNE's got about 200 employees now and has been deemed the fastest-growing company in Washington state.

TUNE Chief Privacy Officer Saira Nayak

There, Nayak reports directly to the CEO and covers five to six privacy areas, including online advertising and cross-border transfers—the company has offices in Europe and Israel.

An "unbiased attribution and analytics company," TUNE connects the ad network and the advertiser to allow full-cycle tracking on how a user engages with any given app. It feeds advertisers' and app developers' data on which users are downloading the app from which networks or platforms, and after taking which steps. It also allows advertisers to evaluate which networks are the most effective for selling their ads and calculate effectively their true cost per download.

"We're unbiased," she explained over the phone from her office in Seattle. "We don't really have a stake on either side, and both sides trust us because we're providing that information to them."

It may seem like that's pretty privacy-invasive stuff. But hiring a CPO at the company wasn't for show, Nayak said. TUNE wants to be a privacy leader. And sure, it's a little daunting to be the first (and the only) CPO at the company. But more than that, she said, it's exciting, and for two reasons: TUNE's culture, and its hands-off approach to the data it collects.

"The culture here is really formed around this idea that we create technology, but our clients use it," she said.

While TUNE owns the technology, that's all it owns.

"We disclaim ownership of any data, the data is the clients'. We aren't going to take it and monetize it," she said. "The client, the advertiser, will have its own agreements with the ad networks, and we sit on top of that arrangement and provide the attribution. We are telling them, 'This user installed your app or took this many steps.'"

Nayak speaks with the eloquence and confidence of  an experienced lawyer, but comes across as very laid back. Can she keep that tone with TUNErs who might resent having someone around to tell them "no" now?

Well, she's not yelling into a loudspeaker to get her point across or begging engineers to consider her  concerns, she said. She's been at the company for little more than a month, but already, she said, she's been very included in product development from the jump, and she's been working closely with project teams and engineers on both privacy and data security.

"Management really believes that privacy is a differentiator," she said. "Even though we're not consumer-facing, we see an opportunity by nature of where we sit in the ecosystem, and we really want to differentiate ourselves from the other players."

And she's certainly got the expertise to help the company differentiate.

After working on some high profile cases as an IT and antitrust lawyer, she was hired at Microsoft to work with product teams on how to incorporate antitrust requirements after its landmark settlement with the government in the early 2000s.

When she left Microsoft in 2009, she saw an opportunity, given her background in competition and business, to start a consultancy. In 2011, her primary client was TRUSTe, and later that year she officially joined the company's roster as its director of policy. In particular, Nayak worked with the company's product team to develop an audit product for EU cookie compliance.

"The cookie was the Y2K of privacy compliance," she recalls. The development of a cookie consent mechanism and the audit were a way to tell regulators, "We've taken your Directive and incorporated it into a product," she said. She laughed, recalling the time TRUSTe's marketing team actually made little cookies, the edible kind, and took them to the European Commission.

Before she left for TUNE, she worked on seeing a certification for data processors come to fruition, as well.

"It will be interesting to see how that emerges, with the European standard, which is very unsettled," she said, adding she's looking forward to continuing that work in her new role.

Next up for Nayak is developing the technical implementation of a COPPA flag that would allow websites, legally responsible for the third-party ads they host, to alert third-party ad networks that the site targets children and so the subsequent rules must be followed.

Her advice for privacy pros?

"You definitely have to understand the technology or be willing to say, 'I don't know what that means, can you explain it?' It can be difficult for lawyers to do because they are supposed to be the expert, but technology is changing all the time," she said.

Luckily, engineers, product people and privacy professionals are folks interested in finding solutions, she said. 

"And that's where you find common ground."