Helping ACS Turn Privacy Compliance into Business Strategy
How Agility Lab supported American Cancer Society — one of the largest nonprofits in the U.S. — in embedding privacy governance into its operational fabric and changing the culture around consent management.
The Situation
American Cancer Society is one of the largest nonprofits in the country — millions of constituents, hundreds of digital touchpoints, and teams across fundraising, marketing, technology, and product all handling sensitive and health-related data every day. At that scale, privacy governance isn't a background function. It's a strategic imperative.
ACS came to this work from a position of strength: in-house privacy counsel already in place, OneTrust onboarded, and a Digital Product team that had connected a set of dots that most organizations miss. They understood that the infrastructure investments required to meet privacy standards — consent management, data minimization, identity resolution — don't exist separately from business performance. They create signal loss, require operational change, and directly affect marketing effectiveness and fundraising capacity. Managed well, they're a competitive advantage. Left unmanaged, they erode the revenue and insight the mission depends on.
The Digital Product team didn't see privacy as a legal problem to hand off. They saw it as a product and business problem to solve — and they were right.
The Challenge
At the start of our engagement, what ACS didn't yet have was a clear operational picture of what responsible privacy management should actually look like across a complex, multi-function organization and a roadmap to get there.
That's where our work began. Agility Lab built a privacy management roadmap that wasn't a summary of problems the team had already identified. It instead was a tool that surfaced what the organization needed to do, in what order, and why — while accounting for the downstream effects on marketing performance, fundraising infrastructure, and cross-team operations that the Digital Product team had rightly flagged as impossible to ignore.
Agility Lab's role throughout has been to bring strategic recommendations forward, build the operational infrastructure to execute against them, and coordinate across product, legal, IT, paid media, and direct response teams — while staying firmly in a consulting lane that complements, rather than competes with, ACS's internal legal expertise.
Agility Lab's Approach
Our work with ACS spans multiple dimensions of the organization's privacy posture, and has evolved over time as the engagement has deepened.
We built the executive communication infrastructure, developing the frameworks and materials that allow ACS leadership to understand and make decisions about privacy risk without getting lost in technical complexity. This work has been foundational to building organizational alignment around privacy as a strategic priority, not just a compliance function.
We led the implementation strategy and ongoing management of ACS's consent management technology across its many web domains, including quarterly reporting analysis that tracks consent rates, monitors technical performance, and identifies issues before they become compliance exposures.
One of the more operationally complex pieces of work was building the business case for — and then developing the end-to-end operational approach to — a pixel and tag audit capability. This involved scoping the right toolset, building the logic for what to review and how, establishing coordination processes across the teams responsible for tag governance, defining remediation protocols, and creating the audit trail that gives ACS ongoing accountability and visibility into what's running on their digital properties. This isn't a one-time project. It's an operational infrastructure that runs continuously.
We also own and manage ACS's privacy roadmap, which is a living document that tracks where the organization is, where it needs to go, and what specific activities will get it there across functional areas and timelines.
What This Work Has Produced
- Executive-ready privacy risk communications that allow leadership to make informed, strategic decisions about privacy posture
- A fully implemented and actively managed consent management platform, with quarterly reporting to track performance and flag issues
- End-to-end infrastructure for a pixel and tag audit program — from tool selection and review logic to remediation protocols and audit trail management
- A managed, multi-year privacy roadmap that coordinates work across digital, legal, technology, and fundraising teams
- Cross-team coordination and change management that has shifted how ACS teams think about privacy as part of their day-to-day work
Privacy work at this scale isn't about getting to compliance. It's about building the infrastructure that keeps you there — and the culture that makes people want to.
Client Testimonial
"Working with Elyse has been a delight. She is strategic, positive, and energetic. Her value goes far beyond the insights that she provides, as she also helps shift the culture. She has been invaluable to us as we seek to become more audience focused, working seamlessly across teams to drive change."
— Jay Jump, SVP, Digital Product, American Cancer Society
What This Means for Your OrganizationÂ
Large, complex organizations have privacy governance needs that go beyond what a one-time audit or a compliance review can address. The real work is building systems for decision-making, for monitoring, for accountability, for culture change that function reliably at scale and evolve as the landscape changes.
Agility Lab works as an embedded strategic partner for organizations that need that kind of sustained, systemic support.Â
STAY AGILEÂ NEWSLETTER
Stay sharp on privacy without the overwhelm.
Strategic guidance, legislative updates, and analysis of Big Tech changes for nonprofit leaders who need to stay ahead.
