Leaders League: Since 2014, you have been the Vice-President of Legal and Corporate Affairs for Microsoft's Brazilian operation, the second largest technology company globally. What are the primary challenges and advantages of leading the legal department at Microsoft Brazil today?

Alessandra Del Debbio: The main advantage is being able to lead a team of very senior and highly prepared individuals in a company the size of Microsoft. Besides having a high level of credibility and a powerful brand, Microsoft's mission is one I strongly believe in, and its values are closely aligned with my own. Our mission is to empower every person and every organization to achieve more.

It may be a cliché, but Microsoft is a company that values business integrity. Therefore, for someone leading legal and corporate affairs, there is a tranquility to working in a company that makes this the foundation of everything it does.

There are challenges when working in a major multinational, the relationship between the parent company and its subsidiaries, the many internal policies and procedures. We are also in a country with its fair share of political and economic challenges. But these factors spur us on to be more creative, resilient, and solution-oriented. So, ultimately, even the disadvantages end up becoming opportunities to explore.

You have worked in the Brazilian technology sector since 1998, notably as Nokia's legal director. From the legal perspective, what are the most significant transformations to have taken place in the technology and telecommunications sectors in this time?

The technology and telecommunications markets, where I earned my stripes before I joined Microsoft,  have endured significant regulation.

1988 saw the arrival of consumer legislation. Today, privacy, data protection and security, are the significant driving forces for me.

However, we faced many issues, like the legislation for the adequate disposal of solid waste, the Civil Rights Framework for the internet in 2015, which provided a scenario of rules and guidelines, a more transparent framework for businesses operating as internet providers or that somehow make use of this technology and telecommunications sector.

We are currently experiencing accelerated digitalization of the economy, talking a lot about a digital economy, a fourth industrial revolution, its implications for regulation and legal protection, and a national digital government strategy. We are starting to delve more deeply into artificial intelligence legislation and discussing the legal ramifications of the IoT, a regulated carbon market, and the new bidding law that was recently approved. In short, technology is advancing, and we must somehow build an environment capable of receiving and regulating all of it.

Though perhaps taking place at a slower pace than elsewhere, the law in Brazil is responding to the increased adoption of technology. I hope this continues to be the case going forward and that the country continues to adopt regulations, especially on innovative technologies such as AI, with a principle-based approach that does not hinder innovation, i.e., without restrictive rules blocking technological development. So far, we have succeeded in finding the right balance between innovation and protection.

When the General Law of Data Protection (LGPD) came into effect, Brazilian companies embarked on a full-scale race to adapt to the new rules for data collection, storage, and use. What were the challenges and opportunities created by LGPD for Microsoft's business model?

Being a global company, we monitor it closely and suggest that authorities be concerned about data protection. We soon realized that Data is the most precious type of wealth in the world today and as such deserves unique treatment.

This trend started in Europe with the GPDR, and the LGPD was very similar to, let us say, the legislation we already knew in Europe. It allowed us to move forward in our privacy and data security journey.

This philosophy has always been part of Microsoft's DNA. Our product development follows privacy by design, meaning that the concept is inserted in the actual conception of the company's products. Therefore, our journey was a little more intuitive, and when we looked at all our experience with third-party data handling that we now store, we have this solid and defined idea that it is not Microsoft's data but the customers'.

Hence, in the past few years, our level of investment in security was around $5 billion and we made this considerable investment because we believe that no one will use a service they cannot trust. Hence we seek to ensure that this data is protected, that our systems are as secure as possible, and that the customer experience is one of reliability.

Around here we have a motto: Microsoft runs on trust. And we can only run on trust if we trust in our products and our customers trust in us.

Furthermore, to help our clients comply with LGPD, a process which involves data classification, storage location and encryption, we provide a tool within our products that we call Compliance Manager. It is a feature that helps make the client’s journey to complying with the law more intuitive and easier. They can identify the data collected, how to store the data and check if they have already met the legal requirements. And we join our clients in this journey.

Much has been said about cybersecurity, especially since Brazil is one of the main targets for cyberattacks in the world, and businesses of all sizes have experienced hacker attacks in the last few years. How can legal departments in companies' help ward off cyberattacks?

This is something we are all concerned about. Today, we know that the human role remains essential. As nefarious as the hackers may be, many attacks only succeed because of the vulnerability of the users’ systems.

For legal departments or any other, my best advice is to become very familiar with the tools you are using and especially take the time to educate each user individually about the platforms they use, how to spot suspicious activity, and prevent phishing, etc. Even basic measures like not clicking on suspicious links, not sharing information with third parties, not sharing credentials, using two-step authentication, can make a big difference We must not let our guard down when using our computers and mobile phones.

Because regardless of how well we invest in security, educating the user is very important. Today, 80% of system violations occur due to human negligence. Through education we can minimize the mistakes that increase the vulnerability of our systems.

The technology sector is still male dominated, especially in leadership positions. However, at Microsoft Brazil, this is no longer the case, with 40% of management positions occupied by women. How did Microsoft Brazil achieve this?

The technology world is still a predominantly a male domain. Doing nothing and waiting for change to naturally happen was not an option.

When there are primarily white, heterosexual men in leadership positions, they naturally hire or promote more of the same types of people. To address this unconscious bias, we must intentionally seek to hire women, black people, and people with other sexual orientations, in order to achieve diversity.

Microsoft’s approach to diversity goes beyond the above, however, to include social class, nationality, culture, and personality. It is a much broader concept, one that has contributed to ensuring a competitive differential and generating this innovation. Studies have shown that the more significant this diversity is, the better a company's results - in numbers, performance, and employee engagement – are.

We succeeded in doing this because we started to be pro-active. We have not yet reached the desired level of diversity  within the organization. This said, in the end, we always hire the best candidate, the one who best meets the requirements for the position, but we always give equal opportunities and seek to have at least one woman as a finalist for any top job. Thanks to this push, we were able to achieve the 40% number you mentioned.

My team is hugely diverse in terms of gender, sexual orientation, social background, and geographic origin.

Microsoft Brazil is widely recognized for its inclusion and diversity programs, like the Microsoft Mais Brasil and Conecta+. Can you tell me more about these programs and how important this initiative is for Microsoft Brazil?

In Brazil, Microsoft built this plan and reinforced this commitment during the very delicate moment that was the onset of the pandemic, mainly providing this view that the investment in the country will be continuous. We have expanded our investment in data centers, resulting in more jobs and helping us to serve our clients better. We are firmly focused on education, and with Microsoft Mais Brasil, we have consistently and regularly invested in training and retraining people looking for jobs.

One of the critical projects with Microsoft Mais Brasil, begun some time ago, was to offer the Ministry of Economy, and now the Ministry of Labor, a platform for training people in digital skills, from the simplest to the most elaborate, that would also reflect the existing vacancies. We created an algorithm, an artificial intelligence solution that matches the unemployed with current job opportunities and suggests which courses they should take to better "match" the skills needed to do these jobs.

Today we have over 25 million people in our database seeking opportunities. We have an extensive range of courses and many vacancies. The skill and qualification issue is also significant because we know there is a lack of skilled labor in the Brazilian digital market today. We have a very substantial gap. So, we are committed to solving this.

Furthermore, we are also greatly concerned about sustainability and ESG issues. We have these social, educational, and qualification initiatives, as I mentioned. Also, we have entrepreneurship initiatives, like our WE (Women Entrepreneurship) fund, dedicated to supporting companies founded or co-founded by women; we also know how difficult it is for women to secure investment; only about 2% of women achieve this. As mentioned, our ESG practice has everything to do with the governance and compliance issues that Microsoft values so much and has a lot to watch for.

We are currently also working on the most urgent issue, the climate emergency, and as part of the Mais Brasil plan, we have developed some solutions. One of them has already been announced: a partnership between Microsoft, Fundo Vale, and Imazon to create an algorithm capable of capturing a series of information by cross-referencing satellite images of regions in the Amazon rain forest that are most at risk of deforestation, using a heat map. We have also made this solution available to the Brazilian authorities to help prevent deforestation in the Amazon.

Concerning Conecta+, Microsoft aims to offer the best platforms, courses, knowledge trails, and mentors to transform this qualification into employability. The key goal of Conecta+ is to increase the chances of a job-seeker being hired. Joining forces with our partners, we seek to create an environment that provides greater employability for Brazilian citizens.

By: Ana Luisa Ferrari