She Said Privacy/He Said Security

Jamal Ahmed is a Global Privacy Consultant at Kazient Privacy Experts and has been dubbed the "King of Data Protection" by the BBC. He is a passionate advocate for privacy rights and is the acclaimed author of the international #1 bestselling book The Easy Peasy Guide to the GDPR. He has transformed the complex world of data compliance into an accessible subject for everyone. In this episode… Privacy affects all fields of technology and business, but specializing in the subject can be particularly difficult. Privacy experts work tirelessly every day to not only help their clients, but stay current with new information. While some knowledge is essential for most jobs, more depth is required to be a master. This barrier to entry has kept some from pursuing a career in privacy. Additionally, many current professionals can feel overwhelmed by the ever-growing scale of the subject. So how can you dive deeper into privacy and progress in the field? In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Jamal Ahmed, a privacy expert and consultant, to discover the best tips to enhance your privacy practice. The three discuss common misconceptions, understanding the current privacy landscape, essential skills for the field, and building a supportive community. Lastly, they unveil the quintessential trait needed to excel in privacy.

Chris Voss is the CEO and Founder of The Black Swan Group, an organization that teaches strategies found in hostage negotiations and applies them to the business world. He is also the best-selling author of the book Never Split the Difference: Negotiating As If Your Life Depended On It. Prior to 2008, Chris was the Lead Negotiator for the FBI International Kidnapping Response as well as the FBI's hostage negotiation representative for the National Security Council's Hostage Working Group. During his career, he also represented the U.S. government as an expert in kidnapping at two international conferences sponsored by the G8. In this episode… Negotiation is a specialized yet universally useful skill. Even mundane conversations are filled with requests, persuasion, and deliberation. The basics are learned intuitively, but for more serious circumstances, more is required. Hostage situations are the most dire instance of negotiation. Experts are equipped to handle these scenarios with care and precision, pulling from thorough training and prior experience. In our digital world ransomware is also a hostage situation only your IT network is the hostage!! These advanced principles are incredibly useful for emergencies and day-to-day life alike. Now you can learn directly from a real-world ransomware example of how high-level negotiation works in practice. In this episode of She Said Privacy/He Said Security, Justin and Jodi Daniels are joined by Chris Voss, the CEO and Founder of The Black Swan Group, to share the concepts of high-stakes negotiations. They walk step-by-step through Justin's ransomware negotiation for a hostage IT network and how he applied Chris' principles to great success. They also discuss how to handle timelines, good questions for negotiations, and the best negotiation tip for privacy and security professionals.

Karen McGee is the Chief Privacy Officer at Levi Strauss & Co., overseeing its privacy program and upholding the company's principles. She specializes in translating intricate legal frameworks into manageable and legible systems. Karen's preceding career includes Managing Privacy Counsel at Intel, CPO at LifeLock and General Counsel at ID Analytics. She was honored with the In-House Legal Adviser of the Year Award at the Women in Law Awards by Lawyer Monthly. In this episode… Company values can be taken for granted, but they hold the potential for so much more. When followed and honored correctly, corporate values can define a business. It can bring respect, trust, and even success by maintaining internal and external consistency. Few corporate sectors are as strongly influenced by company values as privacy and security. There is a long history of brands breaking consumer trust and suffering the consequences. It's a complex topic, requiring agile changes and rigorous supervision. It can be illuminating to look toward companies that have paved the way and set a good example. In this episode of She Said Privacy/He Said Security, Justin and Jodi Daniels are joined by Karen McGee, the Chief Privacy Officer of Levi Strauss & Co., to discuss how Levi's corporate values apply to its privacy program. They go over AI use cases, new SEC rules on cybersecurity, privacy policy, and how to develop a quality program. They also talk about Karen's career journey and her advice for other practitioners.

Mike Hintze is a recognized expert in privacy and data protection with more than 20 years of experience in the field. He is a Member Partner at Hintze Law, a boutique firm that specializes in privacy and cybersecurity. Previously, Mike was the Chief Privacy Counsel at Microsoft, developing his expertise in data protection and privacy policy for over 18 years. He shares his knowledge as an Affiliate Instructor of Law at the University of Washington School of Law and a Senior Fellow of The Future of Privacy Forum. In this episode… Health data remains a pressing issue in the legal space, especially with the rapid advancement of cloud technology. Physical location is becoming less and less relevant as more data is stored away from the patients. Since Washington hosts such massive servers, they have found themselves in the sights of legislative action. The Washington My Health, My Data Act seeks to protect consumers both in the state and those whose data is collected there. Due to the scope of the Act, businesses and legal professionals are still working to understand the resulting nuances. How does this affect businesses and healthcare facilities? Which consents and requirements will be required? Most importantly, how does this tangibly help consumer privacy? In this episode of She Said Privacy/He Said Security Podcast, Justin and Jodi Daniels sit down with Mike Hintze to break down the Washington My Health, My Data Act. They define consumer health data, how it is designed to be protected, and the ramifications for institutions. They also walk through the most vital tips and advice to navigate the new legal parameters.

Andrew Kingman is the President of Mariner Strategies, a premier law firm where he specializes in privacy technology and cybersecurity issues in all 50 states at the legislative and Attorney General levels. As a public policy advocate with experience in compliance, Andrew brings a unique and substantive perspective to discussions on how to best increase consumer privacy protections while maintaining operational workability and cybersecurity protections for businesses. He is a nationally recognized thought leader in the field — in 2020, Andrew was one of 25 attorneys named to Massachusetts Lawyers Weekly Up & Coming Lawyers list. In this episode… The bustling year of 2023 saw the introduction, passage, and signing of various laws — many of which vary from US state to state. What were some of the year's most significant regulations? Beyond the passage of privacy bills in seven red states, the passage of Washington state's My Health, My Data Act was the most astonishing event for privacy lawyer Andrew Kingman. This act is the nation's first privacy-focused law safeguarding personal health data not already covered by HIPAA. Because of this, Andrew warns that companies doing business with Washington state establishments should consider additional data compliance requirements, security measures, and consumer consent and rights. Since robust security measures are required to protect health and data, companies should be aware of the security standards and protocols outlined in the legislation and implement measures to prevent unauthorized access or breaches — all while respecting individual rights and ensuring transparent practices in obtaining and managing such consent. In today's episode of the She Said Privacy/He Said Security Podcast, Justin and Jodi Daniels welcome Andrew Kingman to discuss integral changes in US State privacy law taking place in 2024. Andrew gives insight into the My Health, My Data Act, state legislature criteria for prioritizing certain bills, and why he's a proponent of companies implementing data protection assessments.

Robert Bateman is a freelance writer who creates privacy and data protection content for blogs, emails, articles, websites, reports, and white papers. He's been an industry advocate since 2017 and has interviewed leading figures in the privacy field, including Max Schrems and Johnny Ryan. As a thought leader, Robert is a sought-after speaker and panelist for online and in-person privacy conferences, events, and webinars. Because of his thirst for knowledge and passion for privacy, Robert began providing training and consultancy work in 2023. In this episode… The United States and the United Kingdom have different approaches to privacy and data protection. The US has a patchwork of state privacy laws, while the UK has one unified national data protection law. So how can US companies comply with UK data protection laws when transferring data to the UK? Data privacy and protection thought leader Robert Bateman explains that one of the main challenges is understanding the different requirements of US state privacy laws and UK data protection laws. For example, some US states mandate that companies obtain consent from people before collecting their personal information. In contrast, the UK data protection law does not require consent for all types of data collection. To mitigate the risk of fines and other penalties, US companies should examine their data collection and processing procedures to comply with both US state privacy and UK data protection laws. Companies should also seek the counsel of an experienced data privacy attorney to assist them in understanding their obligations and developing a compliance plan. Join Justin and Jodi Daniels in this episode of the She Said Privacy/He Said Security Podcast as privacy and data protection content creator Robert Bateman joins the show. Robert explains the challenges UK data privacy professionals face, the difficulties US companies encounter in understanding UK data transfer rules, and why ICO regulators should adhere to cookie compliance.

Sharon Bauer is a Lawyer and the Founder of Bamboo Data Consulting, a team of privacy consultants specializing in privacy, security, data strategy, and cutting-edge technology ethics work. As a consultant, she provides privacy solutions for various entities including retail, fintech, health, and education. Sharon is an expert in designing creative privacy programs solving hidden challenges for startups and international corporations. In addition to acting as a virtual chief privacy officer, IT World Canada named Sharon one of the Top 20 Women in Cybersecurity in 2022. In this episode… Quebec Law 25 is Quebec's privacy legislation, which applies to businesses or businesses collecting Quebec data. As a relatively new law, many companies need to know its governance framework. What are the critical concepts of Law 25, and how does it apply to company compliance? Privacy lawyer and consultant Sharon Bauer explains that companies should understand Law 25's key components: governance, privacy officer, transfer impact assessment, transparency, and employment. However, this privacy legislation does not apply to B2B businesses. Regarding privacy officers, Quebecian CEOs must either appoint a PO or hold themselves accountable for compliance with Law 25. Additionally, companies must adhere to the transfer impact assessment or privacy impact assessment when data is transferred outside of Quebec, when acquiring personal information, or when overhauling electronic service delivery systems involving destroying personal information. Sharon warns that companies that fail to comply with Quebec's Law 25 are subject to a $25 million fine. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Sharon Bauer, Founder of Bamboo Data Consulting, to examine Quebec's Law 25. Sharon reflects on her career background, discusses the intersection of Law 25 and the GDPR, and Canada's basis for Personal Information Protection and Electronics Data Act (PIPEDA).

Noga Rosenthal is the Chief Privacy Officer and General Counsel at Ampersand, a data-driven TV advertising sales technology company. Noga possesses extensive expertise in developing and implementing comprehensive privacy programs and oversees the company's privacy and legal initiatives. Before Ampersand, she served as Chief Privacy Officer at Epsilon, overseeing the company's worldwide privacy, compliance, and regulatory activities. She also worked as General Counsel and Vice President for Compliance and Policy for the Network Advertising Initiative, where she managed the NAI's compliance program and ensured that member companies upheld the promise of self-regulation for interest-based advertising. Noga is a member of the Women Leading Privacy Advisory Board of the International Association of Privacy Professionals and the IAB Federal Privacy Working Group. In this episode… The emergence of the adtech ecosystem has created a data-as-a-commodity paradigm that has given rise to privacy laws and regulations restricting targeted advertising and cookie usage. To integrate evolving technology tools with adtech privacy laws, what are some strategies to employ? Noga Rosenthal, an expert in adtech privacy law, asserts that alliances should be formed within the adtech industry. When teams learn from and communicate with each other, it helps to create transparency about data collection. Therefore, it becomes instinct to share information, obtain consumer consent or opt-outs, and collaborate with the Interactive Advertising Bureau and National Advertising Initiative. Another helpful source is the use of data clean rooms — a secure environment that enables organizations to merge data from multiple sources in order to analyze and share data while controlling how, where, and when it is used. Join Justin and Jodi Daniels on today's episode of the She Said Privacy/He Said Security Podcast, where they welcome Noga Rosenthal, Chief Privacy Officer and General Counsel at Ampersand to discuss adtech privacy laws. Noga shares strategies for integrating adtech privacy laws with evolving technology tools, explains the significance of data clean rooms, and advises how companies can manage privacy risks concerning AI technologies.

Taylor Hersom is the Founder and CEO of Eden Data, a cybersecurity firm focusing on the next generation of businesses primed to build security and privacy into their DNA. A self-described cybersecurity compliance nerd, he's passionate about building world-class cybersecurity programs for startups and beyond. Taylor began his career advising Fortune 500 companies on compliance and security at Deloitte before moving on to Renaissance Systems Inc. at RSI, where he was one of the youngest CISOs in the industry. There, he developed an entire security program from the ground up. He's also a sought-after thought leader who speaks at multiple global organizations, writes blog content on cybersecurity, and serves as a CompTIA Cybersecurity Advisory Council board member. In this episode… Data protection is essential for all companies, including protecting intellectual property and customer data. Once a data breach has occurred, criminals use information like credit card numbers, patents, and trade secrets to engage in multitudes of cyber crimes. What should companies be aware of to protect their data? Due to limited resources and budgets, small businesses and startups are more susceptible to data breaches. This is why many small companies rely on AI technologies to support automated business processes, data analysis insights, and customer engagement. Cybersecurity expert Taylor Hersom explains that AI reliance exposes them to dangers like phishing attacks, deep fake accounts, and AI-powered ransomware. SIM swapping and nation-state cyberattacks, particularly those sponsored by Russia and China, are other threats that put companies at risk of ransomware. Taylor proposes that startups can make a significant impact on security — reducing their breach risk — by allying with legal and security teams. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Taylor Hersom, Founder and CEO of Eden Data, to the show. Taylor discusses the common mistakes companies make concerning data protection, various cyber threats, and why companies should be weary of GRC platforms.

Jennifer Mitchell is a Partner and the Head of Privacy Governance and Technology Transactions at Baker Hostetler, a law firm specializing in digital risk advisory and cybersecurity, blockchain and digital assets, financial services, and more. Jennifer's law career spans over 15 years with legal, compliance, and operations expertise. At Baker Hostetler, Jennifer provides business solutions to uphold evolving US state privacy laws in compliance with the General Data Protection Regulation, HIPAA, and California Consumer Privacy Act. In this episode… The amended California Consumer Privacy Act defines employees as consumers. So what does that mean for employee privacy rights? The CCPA affects employee rights by requiring employers to implement security measures to protect employees' personal information. These measures include implementing data security policies and procedures, conducting regular security audits, and training employees on data security best practices. Privacy lawyer Jennifer Mitchell explains that CCPA gives workers the right to request their employers disclose the personal information employers have collected about them. This gives employees the freedom to either opt out of selling their data or have their information deleted from their employer's records. Additionally, CCPA prohibits companies from discriminating against employees who request their rights. Join Jodi and Justin Daniels in today's episode of the She Said Privacy/He Said Security Podcast, where they welcome Jennifer Mitchell, Partner at Baker Hostetler, to discuss employee privacy under the California Consumer Privacy Act. Jennifer discusses the difference between "right to know" and "right to delete," opportunities for employee privacy rights to build relationships between companies and employees, and how company employee monitoring may potentially violate employee privacy rights.

Olivia Rose is the Founder of Rose CISO Group, which offers virtual chief information security officer services, including assessments, boardroom and leadership communications, and event presentations. She has over 22 years of experience in the industry and has served as the CISO for Amplitude, Mailchimp, and QloudSecure. Before founding Rose CISO Group, Olivia sat on the board of directors at Cyversity, a nonprofit dedicated to increasing diversity in cybersecurity. Olivia has also shared her knowledge and expertise as a faculty member and advisor at IANS, a leading security insights and support provider. In this episode… A chief information security officer is vital to protecting an organization from cyber threats. However, the role has become a watered-down casual term — many people wear the title, but need more training and qualifications. Veteran security professional Olivia Rose asserts that in-house CISOs are expensive resources. Instead, organizations can benefit from outsourcing virtual CISOs, as they are cost-effective, offer an objective viewpoint, and provide higher expertise. In addition to experience and certifications, Olivia maintains that security experts can stay current on trends and jargon by using online educational platforms like Coursera and YouTube. Olivia also recommends taking an introduction to marketing, as it helps them effectively convey messages. In this episode of the She Said Privacy/He Said Security, Jodi and Justin Daniels interview Olivia Rose, Founder of Rose CISO Group, about the role of a virtual chief information security officer. Olivia discusses burnout in the security profession, the qualifications and responsibilities of a vCISO, and who benefits from CISO services.

Brian Haugli is the Co-founder and CEO of SideChannel, a cybersecurity company that provides cyber risk assessment and ensures cybersecurity compliance for mid-sized organizations. He is a 20-year industry veteran who's led programs for the Department of Defense, the Pentagon, the Intelligence Community, and Fortune 500 companies. With expertise in NIST guidance, threat intelligence implementations, and strategic organization initiatives, Brian is a sought-after speaker and the host of the #CISOlife podcast and YouTube channel. Brian also co-authored Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework, an analysis of cybersecurity risk planning and management principles. In this episode… Public and private companies should prepare to meet SEC regulations with the new cybersecurity rules set to take effect in December. However, with cybersecurity assessment costs starting at six figures, how can small and mid-sized companies maintain compliance? Organizations that lack the resources of larger corporations can reduce costs by securing an information security consultant. These consultancies develop customized compliance programs to identify specific cybersecurity risks and recommend cost-effective strategies. For companies that adopt this type of service, cybersecurity expert Brian Haugli suggests retaining a CISO for at least 80 hours per month. During this time, a CISO should be able to formulate risk management solutions including acceptance, mitigation, and transfer. In this episode of the She Said Privacy/He Said Security, Jodi and Justin Daniels interview Brian Haugli, CEO of SideChannel, for an in-depth conversation about cybersecurity. Brian discusses the inspiration behind SideChannel and its mission, how mid-size companies can afford to retain a CISO, and procedures for navigating ransomware demands.

Al Raymond is the Privacy Compliance Officer at ZoomInfo Technologies, a powerful research and lead-generation tool used for sales, marketing, and talent acquisition. In his role, Al leads the assurance team, ensuring ZoomInfo maintains compliance with regulations, rules, and laws. He is a privacy compliance and data governance professional and 20-year veteran in customer data privacy, information security, regulatory compliance, and risk management. Al's experience and skills have benefited prominent companies such as PHP Corporation, ARAMARK, TD Bank, Deloitte Touche, and JPMorgan Chase. In this episode… Marketers and sales teams utilize third-party data to acquire customers and scale their businesses. How can privacy teams appease marketing teams while complying with privacy laws? Seasoned privacy professional Al Raymond recommends open communication with all parties when purchasing data from third-party data providers. He suggests conferring with privacy counsel, privacy and compliance teams, and the sales team to discuss their obligations to the public. When buying data, marketers must send privacy notices to those targeted. Upon receipt of the notice, third parties can remove individuals from the database. The notice also reveals full transparency, informing people where their data goes, who owns it, and the purpose of the collection. Al also explains that marketers must properly use Article Six of the General Data Protection Regulation. Article Six outlines six legal bases for processing personal data: consent, contract, legal obligation, vital interests, public task, and legitimate interests. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Al Raymond, Privacy Compliance Officer at ZoomInfo Technologies, to discuss B2B privacy programs and third-party risk management. Al explains privacy laws and data protection in B2B marketing, the challenges in building and maintaining a privacy program, and privacy policies and contracts for data usage.

Aaron Weller is the Leader of the Global Privacy Engineering Center of Excellence at HP, an international IT company developing personal computers, printers, and 3D printing solutions. Aaron provides technical leadership for privacy engineering, enablement, and experience for HP's global operations. As a seasoned privacy and information security veteran, Aaron has offered his knowledge and experience as a department head for various companies, including PwC and Blueprint. He is also a Co-founder of both Concise Consulting and Ethos Privacy, a consulting firm offering privacy strategies. Aaron is a sought-after thought leader who's presented at national and international conferences and universities. He's also been quoted in mainstream publications, including The Wall Street Journal and Forbes. In this episode… Privacy engineering is an emerging field of engineering. What is the role of this profession, and how can companies benefit from their expertise? Seasoned information security professional Aaron Walker explains the categories of privacy engineering include user experience, design infrastructure, software development, and privacy-enhancing technologies. PETs are tools and techniques that help companies and individuals control and protect their personal information — they can be used to encrypt data, anonymize individuals, and control access to information. Privacy engineers have various responsibilities, such as implementing systems that provide acceptable levels of privacy. Aaron advises that smaller organizations can integrate privacy engineers by educating existing engineers to build their system development lifecycle process. In this episode of the She Said Privacy/He Said Security with Jodi and Justin Daniels, Aaron Weller, Leader of the Global Privacy Engineering Center of Excellence at HP, expounds on privacy engineering, PETs, and information security. Aaron discusses the integration of AI and privacy engineering, how companies can implement privacy-enhancing technologies, and offers advice to aspiring engineers.

Keith Novak is the Co-founder and CISO at Intentional Cybersecurity, an advisory firm supporting clients with cyber risk needs using penetration testing, control validation, and cyber due diligence. Keith drives the company's growth and success by delivering high-value cybersecurity advisory assessments. A seasoned veteran in the industry, he's worked with clients in all sectors and verticals. Before founding Intentional Cybersecurity, Keith led the global cyber risk advisory and strategy practice for Kroll, a leading cyber risk management and incident response firm. Keith is one of the few cyber professionals with experience in technical operations and business strategy, adding value to any cybersecurity team. In this episode… The SEC requires companies that have experienced drastic fiscal changes to submit a Form 8-K. With the number of data breaches in recent events, we will likely see more 8-K filings. How can organizations be more proactive about protecting their data? Cybersecurity expert Keith Novak explains humans are still fallible regardless of how flawless their security program might be. Therefore, it's imperative to train helpdesk personnel to be steadfast in confirming identities. Keith suggests significant improvements to the multifactor authentication process, such as asking for passphrases or employee IDs. He also shares that private companies do not fall under SEC, NYDFS, and NEIC requirements and are not obligated to report breaches. However, boards do encourage cybersecurity services, including risk assessments. Individuals can practice risk assessments, as well, by adopting a healthy dose of skepticism. Don't shy away from asking why your social security card or driver's license is needed. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Keith Novak, Co-founder and CISO at Intentional Cybersecurity, discusses how privacy and security relate to cybersecurity. Keith explains the significance of data transparency, how individuals and companies can protect themselves from data breaches, and suggests multifactor authentication (MFA) process improvements.

Pedro Pavón is the Global Director of Monetization, Privacy, and Fairness at Meta, the tech company behind Facebook, Instagram, WhatsApp and Threads. In addition to providing legal counsel and advocating for data privacy, data protection, fairness, and algorithmic transparency, Pedro leads a team of lawyers and policy professionals. Beyond his responsibilities at Meta, Pedro teaches privacy and information security law at the Georgia State University College of Law. Pedro is a thought leader and writer on privacy and data security issues related to AI, Metaverse, digital advertising, blockchain, and IoT. In this episode… In December 2022, Meta (formerly Facebook) settled a $725 million lawsuit alleging that the company gave third parties access to users' private data without permission. Meta is now attempting to become a data privacy leader, so what safeguards have they implemented? Privacy professional Pedro Pavón explains Meta is making tremendous efforts to improve data protection and user transparency. Besides empowering the legal team with the authority to negate atrocious ideas with the potential to harm users, Meta now equips individuals with more control and transparency regarding their data. Meta is also launching new technology, such as the AI chatbot. To shield data, the security team enables security by design protection and transparent communication on how AI systems use people's data. Data privacy transparency is crucial because it helps build trust between consumers and businesses. It lets customers understand how their data is collected, used, and shared. This enables them to make informed decisions about their privacy and security. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Pedro Pavón, Global Director of Monetization, Privacy, and Fairness at Meta, discusses how the company is improving data privacy. Pedro shares the role privacy and data protection play in the new Meta AI chatbot, why privacy should be more transparent, and ways AI can improve privacy.

Nia Castelly is the Co-founder and Legal Lead at Checks, a Google-backed privacy platform that uses AI to simplify privacy compliance for developers. Before Checks, Nia spent nearly five years as a legal advisor for Google Play's Developer Console, Policy, and Operations teams. Nia is an entrepreneur and supporter of early-stage startups, serving as an Angel Investor at the Black Angel Group and as a Limited Partner at How Women Invest. In this episode… In the early 2000s, Apple trademarked the phrase "there's an app for that!" Fast forward to today — the public demands applications because it simplifies areas of our lives. With that demand, developers often rush to launch but must adhere to complicated privacy regulations. How can developers create delightful apps while remaining compliant? Most mobile engineers use software developer kits, a third-party code. If developers do not adequately edit the codes, it can cause unintentional consequences, such as data collection and sharing. Seasoned lawyer Nia Castelly, co-founder of privacy platform Checks, explains there is a three-step procedure known as a triangle to analyze such issues. Once detected, mobile app companies can make requirements to be compliant. Product developers also leverage AI to translate privacy policies, helping simplify compliance complexities. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Nia Castelly, Co-founder and Legal Lead at Checks, discusses data privacy compliance within mobile app development. Nia explains how cultural differences affect privacy across the globe, demystifying compliance complexities, and procedures for governing AI within product development.

Roderic Deichler is the Co-founder and Chief Security Officer at AfterDark, a boutique blockchain security company delivering white glove services, such as smart contract advising, pentesting, and security advising. Roderic founded the company to fill the security gap in Web3. Before AfterDark, he led pentesting at Mandiant and smart contract audits at Coinbase and OpenZeppelin. Roderic discovered his enthusiasm for cybersecurity while studying computer science at UC Santa Barbara and competing in Capture the Flag competitions and hackathons. In this episode… Web3 is an extension of cryptocurrency and innovatively uses blockchain. Since a blockchain stores many tokens in a digital wallet, how can cybersecurity professionals fill security gaps on Web3? Risks that threaten Web3 include smart contracts, phishing, scams, and hacks targeting a user's crypto wallet. According to Roderic Deichler, a veteran cybersecurity professional, there are multiple best practices to mitigate security risks, including applying security strategically, security audits, and multifactor authentication. Security architects use various thought processes when applying security, usually embracing security-by-design principles. Since developers conduct several project tests before and after releasing new code, companies should consider employing internal security teams or consulting security auditors to reveal potential bugs. Social hacking has become a prevalent method for tricking users into revealing their confidential information. To diminish this risk, Roderic suggests using multifactor authentication (MFA), a multi-step process requiring more instruction plus a password. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Roderic Deichler, Co-founder and Chief Security Officer of AfterDark, about cybersecurity risks. Roderic explains security risks in smart contracts, phishing risks in Bitcoin and other digital wallet assets, and AI's impact on cybersecurity.

Mark Webber is the US Managing Partner of Fieldfisher, a London-based international law firm with offices in Europe, the US, and China. An English lawyer living in the Silicon Valley, Mark oversees the firm's US operations. As a recognized leader in privacy law with extensive experience working with the world's leading technology companies, Mark is known for finding innovative solutions to complex legal challenges. At Fieldfisher, Mark has been instrumental in establishing, nurturing, and expanding the firm's presence, operations, and services in the US. In this episode… Lawyers endorse the Data Privacy Framework as a valuable tool to mitigate cybersecurity risks. However, many experts argue that protecting businesses from other privacy risks — such as those posed by AI — is not enough. The draft of the European Union AI Act has sparked debate among privacy professionals, with some advocating for a prohibition on the unrestricted use of AI technologies such as biometrics in real time. Mark Webber, a seasoned lawyer with expertise in technology and privacy, disagrees with this approach. He cautions against AI's high-risk threats to transport, infrastructure, and decision-making. To mitigate these risks, Mark suggests that companies conduct an AI impact assessment, such as the one developed by the National Institute of Standards and Technology, before implementing generative AI systems. He also warns that, given the ever-evolving nature of AI, any governing policies will only be effective with proper education and training. In this episode of the She Said Privacy/He Said Security Podcast, Mark Webber, US Managing Partner at Fieldfisher, joins Jodi and Justin Daniels to discuss the US-EU Data Privacy Framework and AI. Mark explains how the framework will impact businesses, the European Union AI Act, the intersection of AI regulation with GDPR, and why organizations should consider implementing AI assessment frameworks.

Riley Hughes is the Co-founder and CEO of Trinsic, a reusable identity infrastructure provider. Riley educates and trains businesses on the benefits of using Trinsic to improve the identity verification processes within their products, improving privacy and the user experience. As a pioneer in the decentralized identity community, Riley has spearheaded privacy-preserving technologies, such as identity wallets and verifiable credentials eligible to the masses. Before Trinsic, he honed his skills in the decentralized identity space as the second employee at the Sovrin Foundation — an international nonprofit that was established to administer the Governance Framework at the Sovrin Network. In this episode… It is a common experience to verify one's identity online only to have the website fail to accept the provided identification. Additionally, many people are uncomfortable sharing their driver's license and other forms of ID, as it contains personal information. With so many technological advances, why is proving one's identity such an antiquated process? These are the burning questions Riley Hughes had while working for the Sovrin Foundation, a Governance Framework administrator, so he was inspired to develop decentralized identity products such as digital wallets and verifiable credentials. Digital wallets are convenient and secure methods to store payment information on mobile devices, including bank information and debit and credit cards. Like digital wallets, verifiable credentials digitally store information found on physical documents such as driver's licenses, passports, birth certificates, employee IDs, and educational certificates and can be cryptographically verified. These self-sovereign methods give individuals complete autonomy over their data and allow them to control how it's shared. Join Jodi and Justin Daniels in today's episode of the She Said Privacy/He Said Security Podcast, as they welcome Riley Hughes, Co-founder and CEO of Trinsic, to discuss decentralized identity. Riley expounds on self-sovereign identity, how decentralized identity enhances privacy, and how AI impacts the reusable identity infrastructure.

Tim Lupinacci is the Chairman and CEO at Baker Donelson, one of the largest US law firms — composed of 650 attorneys and public policy advisors — representing over 30 practice areas. Under his tutelage, Tim led the firm through organizational reconstruction, growth, and the COVID-19 pandemic. He chaired the Financial Services Department and the Women's Pathways to Leadership Committee and was a Diversity & Inclusion Committee board member. A self-professed "leadership junkie," Tim continuously elevates his leadership skills through studying, reading, and learning from his failures. His passion for leadership inspired him to launch Everybody Leads, a nonprofit dedicated to empowering individuals in underserved communities with essential leadership skills and confidence. In this episode… Cybercriminals target law firms because they store valuable and sensitive information. In a security breach, ransomware could lock down the office's files for an extended period, making it impossible to perform routine operations. So, how can law firms protect themselves from cyberattacks? Regardless of a firm's size, all law offices are vulnerable. Tim Lupinacci, a chief leader at one of the most prominent legal firms in the US, advises implementing a strategic cybersecurity plan. Hiring a full-time CISO and security team could spearhead the program and strictly focus on managing cyber risks. Preventive measures like phishing simulations can prevent their colleagues from falling victim to cyberattacks. If a cohort fails the designated tests, they must attend additional training to protect themselves and the office's devices. Tim advises that the best protection is to be vigilant, have mitigation plans, inform staff members of the latest cyber threats, and educate them on "cybersecurity hygiene." On today's She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Tim Lupinacci, Chairman and CEO at Baker Donelson, about Baker Donelson's strategic cybersecurity planning, the importance of forging relationships between the C-suite and the firm's security team, and his personal experience with being hacked.

Julian Llorente Perdigones is the Director of Data Privacy at Tealium, a customer data platform company with offices in the US, Germany, Singapore, UK, Japan, the Netherlands, France, and Austria. Julian is an experienced data scientist and expert in data privacy. In his role, he analyzes technical challenges while assessing privacy concerns. Before Tealium, he was a Data Scientist at zeroG, a Germany-based company committed to making data work for air travel. He also worked at Lufthansa in the digital analytics and online sales department. Julian holds a MS in Big Data & Business Analytics from SRH University in Heidelberg, Germany. He also holds a BS in International Business Information Systems from the University of Applied Sciences in Frankfurt. In this episode… A customer data plan can be a valuable tool for businesses. It allows businesses to collect and analyze customer data from multiple sources. However, it's important to be aware of the data privacy implications. Data scientist and CDP professional Julian Llorente Perdigones explains businesses must ensure they have consent from customers to collect and use their data, and they must also take steps to protect customer data from unauthorized access or disclosure. At Tealium, their mission is to establish customer trust in data. According to Julian, companies can establish customer trust using CDP by reducing risk using siloed data, propagating privacy preferences, and enabling operational efficiency. Businesses can be transparent by giving customers control over their data and personalizing the customer experience. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Julian Llorente Perdigones, Director of Data Privacy at Tealium, about data privacy and CDP. Julian explains customer data plans, how companies can use CDPs while adhering to privacy laws, and the common mistakes companies make when working with CDPs.

Michelle Dennedy is the CEO of PrivacyCode, a privacy engineering SaaS platform that translates complex privacy policies for developers. She is also the Co-founder and a Partner at Privatus Consulting, a company that assists clients with privacy engineering and governance, WickedPrivacy leadership solutions, and ESG metrics. Michelle works closely with families, executives, and innovators at all levels and with businesses and organizations at all stages to support the combination of privacy policies, practices, and tools. She has held many leadership roles in data strategy and privacy at Sun Microsystems, McAfee, Intel, and Cisco in addition to various startup companies. Additionally, Michelle wrote and published two books on privacy engineering. She is a graduate of the Fordham University School of Law, where she earned her JD. In this episode… AI privacy is a complex and ever-evolving topic. As AI systems become more sophisticated, it's essential to ensure technology is used in a way that respects the privacy of individuals. Michelle Dennedy, a seasoned privacy expert, recommends building smart privacy programs. These programs help organizations identify and mitigate privacy risks and comply with regulations. Companies and organizations can create a curriculum by developing policies and procedures, implementing technical controls, training employees on privacy issues, and conducting privacy risk assessments and regular audits. Join Jodi and Justin Daniels in today's episode of the She Said Privacy/He Said Security Podcast, where they again interview Michelle Dennedy, CEO of PrivacyCode and Co-founder and Partner at Privatus Consulting, about the surge in privacy tech stack. Michelle addresses privacy and security risks companies face in regard to AI, the current state of tech regulations, and how PrivacyCode advises companies on privacy programs.

Eduardo Ortiz is the Manager of Data Privacy and Information Governance at Carnival Cruise Line, an international cruise line that offers packages to popular destinations like The Bahamas, Caribbean, Alaska, and Mexico. He is passionate about privacy and leads vital data privacy and protection programs. Before joining Carnival, Eduardo worked as a Senior Analyst of Data Privacy and Integrated Records and Information Management at CenterPoint Energy, where he gained five years of experience in data privacy and records and information management. In this episode… Cruising is a delightful way to see the world without the hassles of air travel. However, there are potential risks to be aware of, such as protecting your personal data. So, how do cruise lines ensure the security and privacy of their customers' data? Cruise ships offer a variety of entertainment options that require the exchange of personal information. Eduardo Ortiz, a data privacy expert, explains that parameters adhering to US, state, and global privacy laws are in place to combat identity theft. Additionally, global standards and company procedures and processes are continuously updated to align with global laws. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Eduardo Ortiz, Manager of Data Privacy and Information Governance at Carnival Cruise Line, to discuss regulations and compliance in the cruise line industry. Eduardo discusses how to organize a global security team, the steps cruise ships take to manage customers' data information, and tips for protecting your personal information when traveling.

Officer David Gomez is a Police Officer for the Boise County Sheriff's Office in Idaho City, Idaho and a School Resource Officer at Idaho City High School. He has a background in electronics engineering, which he integrates in schools to educate parents on the dangers of social media. Officer Gomez also educates parents on how predators attempt to contact and entice kids into meeting or sending compromising photos. In this episode… In the early days of social networking, when notable platforms such as MySpace and Facebook were introduced, it was a tool for reconnecting friends and family. As these platforms and other social media outlets exploded in popularity, they also became a forum for predators to prey upon children Though parents can utilize the security controls on their kids' phones, Officer David Gomez, a school resource officer, warns parents to use more precautions. As a resource officer, he's been able to build relationships with students and monitor their careless social media behaviors. To educate parents on navigating the temptations teenagers face, he created a Facebook page that now garners nearly 200,000 followers. On his platform, Officer Gomez recommends topics of conversation, alternative phone options, and methods for reducing childrens' screen time. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Officer David Gomez, Idaho City School Resource Officer, to discuss the dangers social media poses for children. Officer Gomez shares tips on how parents can monitor their children's social media accounts, the importance of instilling family values, and giving your children the tools to protect themselves from potential predators.

Jason Sarfati is the Chief Privacy Officer and VP of Legal at Gravy Analytics, a location intelligence company providing real-world consumer intelligence to help organizations overcome today's biggest challenges. Before joining Gravy Analytics, he was a Privacy Associate at Arent Fox and the Director of Privacy & Data Ethics at Treliant, a consulting firm serving financial institutions. Jason earned his JD from George Mason University and holds a Certified Information Privacy Professional certification with a US concentration, making him an expert in the data privacy laws that govern US private sectors. He's a member of the International Association of Privacy Professionals, a thought leader on trending privacy issues, and a frequent contributor to legal publications. In this episode… Geographic information, or location data, is intelligence about the geographical whereabouts of a device, such as a smartphone. Companies like Gravy Analytics use mobile location data to gain insight into individuals' movement patterns to understand market trends and consumer behaviors. The issue with this type of tracking is that sensitive materials like health data become vulnerable. There's also the risk of unsolicited advertising, physical assaults, and other various attacks. So, how do companies like Gravy Analytics use data for the betterment of society without further harming society? Jason Sarfati, head of privacy at Gravy Analytics, explains how they integrate privacy controls into their products. While the company strives to provide accurate sources of usable and trusted data, privacy is at the forefront during development. With its privacy-enhancing technology, the privacy team can identify the collection of location data at sensitive places. Once detected, it's deleted from all systems. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Jason Sarfati, Chief Privacy Officer and VP of Legal at Gravy Analytics, to discuss location data privacy. Jason talks about Gravy Analytics and the services the company offers, how privacy considerations are included during product development, using location data to identify individuals, and privacy and security best practices for parents of teenagers.

Rohan Massey is a Partner at Ropes & Gray, a global law firm operating in the US, Asia, and Europe providing counsel in labor and employment issues, tax and benefits, and creditors' rights. Rohan advises on complex global data and security compliance programs covering asset management and financial services, life sciences and clinical trials, and marketing. He's an expert on the intersection of the extraterritorial scope of national data protection laws and data transfer issues for global organizations. In this episode… Cross-border data transfer is the exchange of electronic personal information across international borders. The European Union governs these transactions through a protection law known as the General Data Protection Regulation. Many large corporations operate in multiple countries, so acceptable contract agreements between partnering companies must be heavily enforced using a data privacy framework. Data and cybersecurity experts like Rohan Massey work to implement and educate organizations about data privacy frameworks. These tools provide immediate support when concerns such as data breaches pose a threat to data privacy. DPFs are designed to adjust as events unfold. In regard to compliance, decision-making, and communication, corporations should consider adopting a data privacy framework. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Rohan Massey, Partner at Ropes & Gray, for an in-depth conversation about the data privacy framework in relation to cross-border transfers. Rohan explains how the data privacy framework affects international corporations, the treatment of HR data versus "regular" data under DPF, and when companies should consider using standard contractual clauses.

Dan Frechtling is the CEO of Boltive, a digital security and privacy developer creating technology for compliance. He's been a trailblazer in the B2B and SaaS industries for nearly 25 years. Before joining Boltive, Dan was the President of G2 Web Services, a provider of merchant risk intelligence, where he developed cybersecurity solutions to detect damaging activity such as transaction laundering. Dan has held several executive leadership roles at Hibu, Mattel, Stamps.com, and McKinsey, a global management consulting firm offering solutions for organizations in the government and private sectors. He earned his MBA from Harvard University. In this episode… With the emergence of e-commerce retailers, digital advertising is constantly evolving. Once shoppers purchase items, brands monitor online shoppers' behaviors through a collection of digital footprints. The result is targeted ads — products of behavior-based advertising. These ads are marketing strategies for companies to funnel sales and earn hefty profits. Unfortunately, these intrusive methods can lead to privacy issues, putting user data at risk for theft. Privacy expert Dan Frechtling warns it's not enough for consumers to clear cookies, delete apps and browser extensions, or toggle on and off to ensure data protection. Digital security and privacy firms such as Boltive want to protect consumers from malware risks. Boltive provides online tools such as Ad Lightning and privacy guards to identify, block, and replace harmful ads. These tools can also detect data-sharing apps to avoid noncompliance. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Dan Frechtling, CEO of Boltive, to discuss data leakage and programmatic advertising. Dan explains privacy challenges in online marketing, Boltive's secret shopper safeguard strategies, and offers consumers tips for protecting their online data.

Ed Britan is the VP and Head of Global Privacy at Salesforce, a cloud-based software company focused on helping businesses connect to its customers, allowing for a larger prospects database, deal closings, and quality service. Ed moved to Salesforce after exiting his role as Microsoft's Senior Director and Policy Counsel for Privacy and AI, covering global privacy and AI legal and policy issues. He is an attorney with a Ph.D. in Law from the New York University School of Law. Before working for Microsoft, Ed served as an Adjunct Professor of Law at the Seattle University School of Law. In this episode… When working with cloud software, users expect reliable data so they're able to understand their customers' needs, build relationships, and sell more products. In technology, trust is integral for driving and retaining business. As a customer relationship management company, the Salesforce product and privacy teams aim to provide privacy and protective data software. Ed Britan, a global privacy and security professional, leads Salesforce's global privacy department. He and his team are attuned to their customers' concerns, which is why the organization integrated the privacy and product teams. By combining teams, the company can provide customers with better results — and that result is customers gaining value from their collected data. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Ed Britan, VP and Head of Global Privacy at Salesforce, to discuss data software privacy and security. Ed explains how privacy plays a role in the design of Salesforce's products, the impact of AI while collecting data, and how soon we can expect the US to implement state and federal privacy AI regulations.

Jim Dempsey is the Senior Policy Advisor to the Stanford Program on Geopolitics, Technology, and Governance. Additionally, he's a lecturer at the UC Berkeley School of Law, where he teaches cybersecurity law in the LL.M. program. Before joining the UC Berkeley staff, he was the Executive Director of the Berkeley Center of Law & Technology. Jim previously served as a part-time member of the US Privacy and Civil Liberties Oversight Board — an independent agency within the federal government charged with advising senior policymakers and overseeing the nation's counterterrorism programs. Jim is the author of Cybersecurity Law Fundamentals, a summation of cybersecurity law for practitioners in the field. His other publications include "Cybersecurity Information Sharing Governance Structures: An Ecosystem of Diversity, Trust, and Tradeoffs" and "The Path to ECPA Reform and the Implications of United States v. Jones." He also pens articles on cybersecurity for Lawfare, a non-partisan, nonprofit publication dedicated to national security issues. In this episode… With the emergence of innovative technologies, cybersecurity continues to be a topic of discussion. And as the constant evolution of AI further transforms our lives both personally and professionally, the products and services we rely on are at risk of becoming fundamentally insecure. Jim Dempsey, a cybersecurity expert, explains that many users with ill intent are on a mission to steal our information and disrupt AI technology. A particular intentional attack to be wary of is prompt injection attacks disguised as programming instructions. This occurs when a hacker hijacks a language model's output, allowing the hacker to get the model to say anything they want. There are, however, privacy and security best-practices companies can adopt as a means of prevention. In this episode of the She Said Privacy, He Said Security Podcast, Jodi and Justin Daniels welcome Jim Dempsey, the Senior Policy Advisor to the Stanford Program on Geopolitics, Technology, and Governance, to discuss the risks of AI deployment. Jim explains why Open AI is suddenly a tech phenomenon, AI's potential risks without US regulation, advice for privacy and security best practices, and more.

Dr. Emre Kazim is the Co-CEO and Co-founder of Holistic AI, an AI governance, risk, and compliance (GRC) start-up focusing on software for auditing and risk management of AI systems. His PhD in philosophy and undergrad in science cleared a path for his role as a Research Fellow at the University College London's computer science department. Dr. Kazim explains that curiosity, exploration, and experimentation helped him enter the AI space. In this episode… Artificial Intelligence is a tool that has already revolutionized many aspects of our lives. As AI systems become more sophisticated, ethical implications become an increased concern. So how can we, as developers and users, ensure the systems are used safely, ethically, and responsibly? Dr. Emre Kazim explains how implementing policies and procedures, also known as AI governance, is one solution to protect AI integrity. AI governance includes addressing privacy, safety, and bias. While some organizations have created their own internal policies, others have adopted frameworks developed by governments or industry groups. When drafting AI governance policies, some general policies to consider are transparency, accountability, fairness, and explainability — meaning AI systems should aim to be explainable, so users can understand how it works. Listen to the She Said Privacy/He Said Security Podcast as Jodi and Justin Daniels welcome Dr. Emre Kazim, Co-CEO and Co-founder of Holistic AI, to discuss AI governance and AI responsibility. Dr. Kazim explains the meaning of AI governance and why companies need it, the challenges organizations face using AI, his best privacy and security practices, and more.

Donna Gallaher is the President and CEO of New Oceans Enterprises. New Oceans Enterprises is a Cyber, IT, and Operational Risk Management Advisory Service that facilitates collaboration among your company's business units to develop policies and operational risk mitigation strategies appropriate for your risk tolerance. Donna was recently recognized as one of the top 12 vCISO Influencers to watch and inducted into EC Council's 2023 C|CISO Hall of Fame. Donna currently serves on the Board of Advisors for the FAIR Institute and is President of the Atlanta FAIR Chapter. She is one of the founding members of vCISO Catalyst, a professional association for vCISOs. She holds CISSP, CCISO, CIPP/E, CIPM and ITIL, and Open FAIR certifications and is designated a Fellow of Information Privacy by IAPP. She is a graduate of Auburn University with a Bachelor of Science in Electrical Engineering. In this episode… In this age of technology, it's wise for companies to have some sort of cybersecurity expert on staff to protect the organization's data from theft and damage. But what happens if you're a startup or small company and unable to afford a full-time expert? Or perhaps you're a larger corporation with cyber technology in need of updating? Whatever your company's needs are, you may want to enlist the services of someone like Donna Gallaher, a securities strategist who owns a securities advisory firm that contracts out services. Firms like Donna's can provide a list of options to protect your company's data, intellectual property, and assets. Tune in to this informative episode of the She Said Privacy/He Said Security Podcast as Jodi and Justin Daniels welcome Donna Gallaher, President and CEO of New Oceans Enterprises, to discuss the role of a CISO. Donna explains the services a CISO offers, why smaller companies are prime targets for hackers, and how to prevent cybersecurity threats.

Silicon Valley-based entrepreneur Tom Kemp is the Managing Director of Kemp Au Ventures, an angel investment firm where he and his business partner invest their personal funds into seed and early-stage companies. As an angel investor, he has funded over 15 tech startups. Prior to becoming an investor, Tom was the Founder and CEO of Centrify, a leading cybersecurity cloud provider. As a result of his nearly 15 years in privacy, Tom devotes his time as a policy advisor for Californians for Consumer Privacy. His first book, Containing Big Tech: How to Protect Our Civil Rights, Economy, and Democracy, a definitive book on Big Tech, will be available for purchase in August. In this episode… In April, the California Delete Act was introduced in the California State Senate, a measure seeking to give state residents the right to have their personal information deleted from websites and apps. While some people believe it necessary to protect privacy, others believe the legislation could be a burden for businesses. The California Delete Act risks creating a mass exodus for California companies — it could also jeopardize future investments in new products and services to collect personal information. With the ever-increasing collection of personal information by businesses, it's safe to say more needs to be done to protect individuals' privacy. So, is the California Delete Act too harsh or a step in the right direction? In this eye-opening episode of She Said Privacy/He Said Security Podcast, our hosts break down the California Delete Act with guest Tom Kemp, the Managing Director of Kemp Au Ventures. Together, these three privacy advisors inform us about everything we need to know about Senate Bill 362, the challenges of enforcing privacy laws, tips for reducing geolocation trackers, and more. This is one episode you don't want to miss, so get comfortable and tune in now!

Robin Andruss is the Chief Privacy Officer at Skyflow, a privacy data vault dedicated to isolating, protecting, and governing sensitive data. Robin has 20 years of experience as a protection leader in the privacy, risk, audit, finance, strategy, and compliance space. She is a sought-after speaker on privacy, technology, and leadership. Additionally, Robin is a privacy tech advisor and sits on the Advisory Board of emerging tech startup Evident ID and is part of the Privacy Engineering group advisement team for Data Protocol. In this episode… With the combination of personal electronic devices, swift Wi-Fi and 5G, we can purchase medicine, airline tickets, and check our payslips online. As convenient as technology is, it can also be a curse, considering our personal data is at risk anytime we make online transactions. So, what can we do better to safeguard our private information? Like all technology, improvements in privacy are ever-evolving. But it's important to understand the types of privacy risks that exist to understand how to protect our data. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Robin Andruss, the Chief Privacy Officer at Skyflow, to discuss the current challenges privacy faces. Robin, along with Jodi and Justin, discusses AI in the privacy space, building scalable privacy programs, and the overlapping of privacy and security in data breaches.

Don India is the CEO of RadarFirst, a company that helps businesses and their clients leverage emerging technologies. He has a strong and successful background as a sales executive and operator, with over 20 years of experience in delivering value to clients through cloud-based and on-premise solutions. Don has transformed organizations' business strategies at a global scale, specializing in C-suite relationships, sales management, and direct sales. He is well-known for his boundless energy, unwavering passion, and exceptional coaching abilities. Don is also deeply curious and knowledgeable about artificial intelligence, cloud, and disruptive technologies. In this episode… If you're a leader in a regulated industry, you know how challenging it is to keep up with the ever-changing regulatory compliance landscape. You need to scale your compliance program to meet the demands of new regulations, standards, customers, and products. You also need to make proactive decisions that align your compliance activities with your security objectives and business operations. To scale compliance effectively, organizations need to align their compliance activities with their security goals and business operations. They need to be prepared for the worst-case scenario — a data breach that could expose their sensitive data and damage their reputation. In this episode of She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels talk to Don India, the CEO of RadarFirst, a software solution that helps organizations automate their incident response and compliance processes. Don shares his insights on how to scale your compliance culture, how to leverage technology to optimize your time and resources, and how RadarFirst can act as a lifeboat in case of a breach incident.

Jodi Daniels is the Founder and CEO of Red Clover Advisors, a boutique data privacy consultancy and one of the few certified Women's Business Enterprises focused solely on privacy. Since its launch, Red Clover Advisors has helped hundreds of companies create privacy programs, achieve GDPR, CCPA, and US privacy law compliance, and establish a secure online data strategy their customers can count on. Jodi is a Certified Informational Privacy Professional (CIPP/US) with over 20 years of experience helping a range of businesses — from solopreneurs to multinational companies — in privacy, marketing, strategy, and finance roles. She has worked with numerous companies throughout her corporate career, including Deloitte, The Home Depot, Cox Enterprises, Bank of America, and many more. Jodi is also a national keynote speaker, a member of the Forbes Business Council, and co-host of the She Said Privacy/He Said Security podcast. Justin Daniels is a cybersecurity subject matter expert and business attorney who helps his clients implement strategies to better manage and recover from data breaches. As outsourced general counsel for Baker Donelson, Justin advises executives on how to successfully navigate cyber business and legal concerns related to operations, M&A, incident response, and more. In 2017, Justin founded and led the inaugural Atlanta Cyber Week, where multiple organizations held events that attracted more than 1,000 attendees. Justin is also a TEDx and keynote speaker and co-host of the She Said Privacy/He Said Security podcast with his wife, Jodi. In this episode… Artificial intelligence is transforming our world in many ways, raising ethical questions about its impact on human rights, privacy, fairness, and accountability. How can we ensure that AI respects our values and principles and does not harm or discriminate against anyone? AI can be a remarkable tool that can enhance our lives in various domains. However, it also requires responsible and ethical use. Companies that create and deploy AI systems must adopt policies that guarantee that these systems are reliable, transparent, fair, and secure. In this episode of She Said Privacy/He Said Security Podcast, join Jodi and Justin Daniels as they discuss the key aspects of AI systems. They reveal the essential AI policies companies need to implement to address data collection and use, transparency and accountability, and fairness and unbiasedness.

Andrew Hopkins is the President of PrivacyChain, a data security platform that encrypts each data record with a unique key, making it useless for hackers. Andrew believes that data security should start from the data itself and not from the perimeter. With his team of innovators at PrivacyChain, he is challenging the status quo and creating a safer online environment. In this episode… Data security and privacy are becoming more challenging in the digital age, especially with the rise of AI and data security threats. How can you protect your data from cybercriminals and AI-associated privacy breaches? How can you manage your data at a granular level without compromising its quality and usability? PrivacyChain offers a modern data security and privacy solution. It can prevent breaches, leaks, and tampering by ensuring that only authorized users can access and edit the data. PrivacyChain can also protect data from AI-generated threats by verifying its source and authenticity. Through distributed data management, you can store your data in centralized locations. In today's episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Andrew Hopkins, the Founder of PrivacyChain, to talk about data encryption, control, and management. Andrew shares his insights on data security, privacy, AI, and how PrivacyChain can help safeguard your data.

Krista Hollingsworth is the Chief Revenue Officer at Consilien, a managed services security solutions provider helping organizations protect their data from cyber attackers. In her role, she creates a security awareness culture through an integrated approach to cybersecurity awareness training for employees. Krista is also the CEO of Boutique Marketing Group, a digital marketing company providing mid-size B2B businesses with content, strategy, and lead-generating sales funnels. In this episode… Traditionally, organizations have relied on cyber insurance to protect against attacks. But as marketing and technology have become more elaborate, ransomware has intensified, leading to a 79% increase in cyber premiums. How can you develop a calculated security approach that addresses compliance and risks? As Krista Hollingsworth observes, cybercriminals are skilled marketers, with 82% of attacks involving human elements. Additionally, Krista predicts that the emergence of AI chatbots will lead to sophisticated voice phishing attacks, so businesses should implement two-factor authentication and other verification systems for maximum protection. Managed security service providers such as Consilien help businesses create and manage cybersecurity programs. In today's episode of She Said Privacy/He Said Security, Jodi and Justin Daniels invite CRO of Consilien, Krista Hollingsworth, to speak about the role of managed security services providers in developing cyber programs. Krista shares how the cyber sales cycle has evolved since the rise of ransomware, how AI could lead to voice phishing attacks, and advice for strengthening your passwords.

Jules Polonetsky is the CEO of the Future of Privacy Forum, a nonprofit organization advancing principled data practices to support emerging technologies. FPF is supported by more than 180 leading companies and foundations. Jules has led the development of numerous codes of conduct and best practices and assisted in drafting data protection legislation. He is an IAPP Westin Emeritus Fellow, the 2023 recipient of the IAPP leadership award, and the Co-editor of The Cambridge Handbook of Consumer Privacy. With 30 years of experience in consumer protection, Jules has served as Chief Privacy Officer at AOL and DoubleClick, a consumer affairs commissioner for New York City, and an elected New York State Legislator. In this episode… The emergence of ChatGPT and other AI chatbots has added another layer to the convoluted privacy landscape, further solidifying the need for comprehensive regulations. So what should corporations and lawmakers consider when protecting consumer and public privacy? Companies often have a superficial understanding of customer data, lacking consideration for the nuances and categories of each set. But ChatGPT has introduced additional bias, which can lead to legal consequences. Privacy law advocate Jules Polonetsky says that to ensure AI remains compliant, organizations must apply data protection laws to public data sets. The Future of Privacy Forum offers a collaborative space to create and enforce policies and resolve pressing issues in the space. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome CEO of the Future of Privacy Forum Jules Polonetsky to discuss AI's privacy ramifications. Jules explains how to incorporate AI into global data protection laws, privacy's nuances and industry developments, and how to protect privacy when using AI chatbots.

Gary Kibel is a Partner at Davis+Gilbert LLP, a law firm serving various industries and sectors including real estate, financial services, hospitality, and technology. In his role, he counsels clients on new media and advertising law, privacy and data security, and information technology. As a Certified Information Privacy Professional (CIPP), Gary advises providers of information technology services and customers for products and services regarding complex technology and intellectual property issues. Before Davis+Gilbert, he was an Information Systems Analyst at Merrill Lynch. In this episode… With ad tech rapidly advancing and the US passing contradictory privacy laws in various states, compliance is not a universal approach. Instead, conformity requires companies to have a keen understanding of ad tech and data exchanges within the industry. So how can you develop an approach that encompasses ad tech's multifaceted components? As a privacy law council on digital media, Gary Kibel understands the challenges businesses face managing differing standards, information-sharing, opt-outs, and targeted advertising. He states that by evaluating data types, you can determine which requirements apply to each use case. When implementing compliance features on websites, corporations often deploy cookie banners as a primary solution. But this requires thorough consideration for disclosure requirements, opt-outs, and performance and must be integrated with additional approaches. In today's episode of She Said Privacy/He Said Security, Davis+Gilbert's Partner, Gary Kibel, joins Jodi and Justin Daniels for a discussion on advertising technology privacy laws. Gary shares key takeaways from his IAPP Global Privacy Summit presentation, how to comply with conflicting US privacy laws, and how businesses should consider cross-contextual opt-outs.

Jodi Daniels is the Founder and CEO of Red Clover Advisors, a boutique data privacy consultancy and one of the few certified Women's Business Enterprises focused solely on privacy. Since its launch, Red Clover Advisors has helped hundreds of companies create privacy programs, achieve GDPR, CCPA, and US privacy law compliance, and establish a secure online data strategy that their customers can count on. Jodi is a Certified Informational Privacy Professional (CIPP/US) with over 20 years of experience helping businesses — from solopreneurs to multinational companies — in privacy, marketing, strategy, and finance roles. She has worked with numerous companies throughout her corporate career, including Deloitte, The Home Depot, Cox Enterprises, Bank of America, and many more. Jodi is also a national keynote speaker, a member of the Forbes Business Council, and the co-host of the She Said Privacy/He Said Security podcast. Justin Daniels is a cybersecurity subject matter expert and business attorney who helps his clients implement strategies to better manage and recover from data breaches. As outsourced general counsel for Baker Donelson, Justin advises executives on how to successfully navigate cyber business and legal concerns related to operations, M&A, incident response, and more. In 2017, Justin founded and led the inaugural Atlanta Cyber Week, where multiple organizations held events that attracted more than 1,000 attendees. Justin is also a TEDx and keynote speaker and the co-host of the She Said Privacy/He Said Security podcast with his wife, Jodi. In this episode… ChatGPT is an international sensation, with businesses utilizing it for content creation, debugging, translation, and writing code. But this AI tool is still unregulated, raising privacy and security concerns regarding data input. Since ChatGPT is easily accessible to the public, what should you consider before implementing it, and how can you mitigate the associated risks? When adopting ChatGPT for your company, Certified Privacy Professional Jodi Daniels says you should evaluate the tool by conducting due diligence on potential use cases. For instance, a marketing department may want to acquire consumer insights involving personal information. Developing a policy to assess data types and functions, train and educate employees about risks, and regulate information sharing eliminates bias and privacy infringements. On this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels share their thoughts on ChatGPT's privacy and security implications. Together, they address the current and future state of AI ethics, the importance of ChatGPT regulations in the absence of federal privacy law, and how businesses can protect sensitive data when employing ChatGPT.

`Amy Chipperson serves as General Counsel for Axtria, a global provider of cloud software and data analytics to the life sciences industry. In her role, she manages a team of attorneys in the US and Mexico who are responsible for drafting and negotiating various complex IT outsourcing agreements, including Cloud and SaaS. Amy is also responsible for mergers and acquisitions, maintaining corporate compliance, and implementing GDPR regulations. In this episode… The privacy and security landscape is intricate and layered, with companies often managing multiple priorities simultaneously, including consumer trust and national and global regulations. How can you craft a program that addresses each aspect while remaining informed? General counsel Amy Chipperson affirms that companies should adopt a holistic approach to privacy and security to develop a program that satisfies various needs, goals, and requirements. Given that privacy laws are volatile, you must pivot effectively to maintain compliance. Amy urges being proactive and conducting extensive research into evolving regulations to adapt your strategies accordingly. Axtria's General Counsel Amy Chipperson joins Jodi and Justin Daniels on this episode of She Said Privacy/He Said Security to discuss how businesses can develop privacy and security programs in a changing environment. Amy also talks about privacy and security's effects on data analytics, maintaining compliance amid fluid regulations, and how a common-sense approach to privacy guarantees customer trust.

Arlo Gilbert is the Founding CEO of Osano, a leading data privacy platform that simplifies compliance by helping organizations build, manage, and scale their privacy programs. As a high-growth technology leader, he has over 25 years of experience building new SaaS startups and positioning them in industries, including telecommunications and digital health. Arlo has bootstrapped a tech startup from $0 to $50 million in annual recurring revenue and invented and patented voice commerce In this episode… Historically, businesses lacked an adequate understanding of the exigency of privacy programs. But with multiple states passing nuanced laws, privacy by design is more crucial than ever. So how can you develop a reliable privacy program to remain compliant? Arlo Gilbert maintains that the foundational component of any privacy program is cookie policies. Businesses can leverage privacy SaaS platforms to build programs from scratch — starting with cookies and progressing to rights management, vendor and risk assessments, and disclosure, security, and consent associated with compliance. Osano allows problem-solving entrepreneurs to find innovative solutions to data sharing. Tune in to this episode of She Said Privacy/He Said Security as Jodi and Justin Daniels sit down with Arlo Gilbert, Founding CEO of Osano, to discuss how SaaS platforms can help companies build compliant privacy programs. Arlo also talks about how AI is advancing privacy SaaS platforms, the types of organizations developing privacy programs, and how Osano helps companies manage privacy.

Al Saikali is a Partner at Shook, Hardy & Bacon, LLP, where he founded and serves as chair of the law firm's privacy and data security practice. In his role, he directs breach response efforts, represents companies in litigation, and counsels organizations on the various laws governing sensitive information. Under Al's leadership, Legal 500 has named Shook, Hardy & Bacon a Top Cyber Law Firm. He has also been ranked by Chambers USA as a national leader in privacy and data security law for four consecutive years. In this episode… As advertising technology evolves, many websites are embedded with pixels that gather and transmit user information to third parties. Yet the emergence of a private right of action has elicited class action lawsuits regarding wiretapping and information sharing. So how can you avoid such lawsuits and reduce risks? According to Al Saikali, class action lawsuits often transpire due to a lack of communication between internal departments and external stakeholders. There's a significant knowledge barrier between marketing, IT, and law, so transparent education is crucial in identifying privacy breaches. When you understand how this technology functions, you can implement privacy controls to limit information sharing. Al also suggests placing pop-up disclosures and consent notices on your website and acquiring cyber insurance to protect against risks. Shook, Hardy & Bacon's Partner Al Saikali joins Jodi and Justin Daniels on this episode of She Said Privacy/He Said Security to discuss the emergence of class action lawsuits for website pixels. Al also explains the evolution and current state of Florida's privacy laws, the common types of privacy litigation cases, and how to mitigate risks associated with class action lawsuits.

Mike Gustafson is the President of Search Discovery, a data transformation company that helps organizations transform by executing data strategies to achieve desired business outcomes. As a leader and senior executive, he has experience leading professional services and technology teams. Mike has also created and implemented solutions for multiple industries including nonprofits, consumer products, and financial services. Before Search Discovery, he held various partner roles at Rosetta. In this episode… In the era of digital marketing and advertising, data privacy is a growing concern, and companies must recognize the implications of data collection to comply with emerging regulations. But a data privacy compliance survey of 300 businesses reveals that in some industries, approximately 93% of these companies lack restrictions around data collection. So how can you safeguard consumer data? According to data analytics expert Mike Gustafson, many organizations lack an adequate understanding of the data they've gathered. Acknowledging privacy regulations requires developing a proactive data collection strategy that addresses objectives for usage, variety, and management. Businesses should only gather relevant information to personalize and streamline the customer experience, so holistic privacy programs involving the entire organization are essential. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Mike Gustafson, President of Search Discovery, about transforming how corporations collect and utilize consumer data. Mike shares why companies should consider end-to-end data transformation, the challenges of data privacy compliance, and how companies respond to Google Analytics regulations.

Caitlin Fennessy is the VP and Chief Knowledge Officer at the International Association of Privacy Professionals, the largest privacy association in the world facilitating conversations, debates, and collaboration among key industry leaders and organizations. In her role, she leads the research team in developing content that helps privacy professionals understand the operational impacts of global data protection-related developments. Caitlin is a recognized privacy expert serving as an inaugural member of the UK International Data Transfers on the German Marshall Global Task Force to promote trusted data sharing. In this episode… With the US taking a fragmented approach to privacy laws, individual states are passing various regulations, and the likelihood of the ADPPA being passed seems unlikely. Meanwhile, data is becoming increasingly complex, and new technologies are emerging daily. So how are companies maintaining compliance in this evolving landscape, and what can you observe from their efforts? According to Caitlin Fennessy, most companies recognize the elevated risks in the privacy landscape, and her organization's governance survey reports a 12% increase in the size of privacy teams. AI poses one of the most significant risks in this space, so more than 50% of businesses have integrated AI governance guidelines with robust privacy programs. Caitlin says that the current regulatory ecosystem impacts these companies' decisions significantly and that you should remain vigilant when sharing sensitive data and compare each state's laws to stay abreast of new developments. VP and Chief Knowledge Officer at IAPP, Caitlin Fennessy, joins Jodi and Justin Daniels for this episode of She Said Privacy/He Said Security to talk about how privacy risks inform federal privacy legislation. Caitlin also explains the key takeaways from privacy violation fines, how privacy has evolved, and current industry trends.

Cat Coode is the Founder of Binary Tattoo, a data and privacy consultancy. With a certification in data privacy law and two decades of experience in mobile development and software architecture, she helps individuals and corporations better understand cybersecurity and data privacy. Cat specializes in global privacy regulation compliance and delivering privacy education seminars. She is a member of the Canadian Standards Council for GDPR and in 2021, was named one of Canada's Top 20 Women in Cybersecurity. In this episode… Most professionals and corporations are familiar with GDPR and CCPA, but Canada's data privacy law differs in that individuals are permitted to access and amend personal information from companies. This right has exposed various data privacy breaches from large organizations like Tim Hortons and Home Depot. So what can companies learn from these mistakes? Data privacy infringements occur when businesses mislead their customers about how they're utilizing personal information for various services. Regardless of where you're located, Cat Coode says to avoid disclosing sensitive data to third parties. Instead, it's crucial to maintain transparency regarding data collection and usage so consumers can take control of their information. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels host data privacy strategist and Founder of Binary Tattoo, Cat Coode, to chat about Canadian data privacy laws. Cat also shares the implications of Home Depot's data collection and sharing methods, the three best practices for vendor due diligence, and how Canada's data privacy laws compare to other regulations.

Phil Rubin is the Founder and Principal of Grey Space Matters, a consulting firm that works with companies ranging from early-stage and emerging growth to global brand leaders across various industries and sectors. He is a customer-focused strategic growth leader with more than 30 years of experience driving growth for global brands. Recognized as an industry thought leader, Phil is a keynote speaker for events across North America, Asia, and Europe. He has been quoted in The Wall Street Journal, Forbes, and numerous other trade publications. Before GSM, Phil led Global Insights and Strategic Partnerships for Bond, a loyalty and customer marketing firm. In this episode… Airlines and other brands utilize loyalty programs to generate customer insights and enhance experiences. For instance, Delta Airlines has partnered with American Express and Lyft to offer frequent flier miles and discounted transportation — but this raises concerns regarding data collection. So how are brands collecting customer data, and how can you take precautions to protect privacy? According to Phil Rubin, brands collect two types of data: zero-party data that customers share willingly with the company and first-party data, which brands collect and own directly from their customers. When leveraging loyalty programs, brands should remain transparent about data collection methods to avoid costly privacy breaches. Customers join loyalty programs to receive value and benefits, so it's crucial to provide useful services and establish trust to increase consent. In today's episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Phil Rubin, Founder and Principal of Grey Space Matters, to discuss data-sharing in loyalty programs. Phil explains integrated loyalty experiences, the common forms of data collected for loyalty programs, and how privacy laws impact these programs.

Larry Slusser is the Senior Director of Professional Services at SecurityScorecard, the global leader in cybersecurity ratings. In his role, he assists clients in both active and reactive cybersecurity through services including global digital forensics, incident response, and ransomware mitigation. As a retired Air Force officer, Larry partnered with technical engineers, investigators, and business and external stakeholders to sustain focus and achieve milestones. Before SecurityScorecard, he held several leadership positions at Fortune 500 companies. In this episode… As ransomware attacks grow increasingly elaborate, companies need to develop sound incident response measures to protect their data. Yet less than 10% of incident response plans are prepared to combat these attacks, and in the event of a threat, 80% of businesses pay the ransom. So how can you optimize your response strategies to ensure maximum preparation? Larry Slusser advises developing and executing tabletop exercises to simulate an actual attack. But this exercise is ineffective without proper data analysis, so it's crucial to locate and safeguard your most valuable data. Optimal awareness and preparation require you to become educated on incident detection and response and invest in antivirus security tools. In today's episode of She Said Privacy/He Said Security, Jodi and Justin Daniels host Larry Slusser, Senior Director of Professional Services at SecurityScorecard, to discuss cyber attacks and incident response measures. Larry talks about the types of ransomware, the importance of tabletop exercises, and how companies respond to ransomware attacks.

Chris Bullock is the Founder, CEO, and Managing Member of Cyber Investigations and Intelligence Agency (CI2A), a company that provides world-class cybersecurity and cybercrime solution services. He is also an award-winning chief information security officer and a decorated law enforcement veteran. As a leader and program builder, Chris has built and managed several successful cybersecurity programs at large and small organizations across many business verticals and governments. He holds multiple certifications including Certified Information Systems Security Professional (CISSP) and Certified Cybercrime Examiner (CCCE). Chris frequently speaks at major security conferences and writes articles on cybersecurity, and in 2012, he was voted "85th Top Ranking CISO in the US." In this episode… Open-source intelligence has provided public access to personal information on the internet, allowing hackers to compromise anyone's digital profile. With technology becoming increasingly pervasive in our daily lives, what steps can you take to reduce your digital footprint? According to Chris Bullock, attackers can steal data from your personal devices to be exchanged on the dark web. Most users aren't aware that seemingly mundane settings on these devices can collect and release your data. To prevent unwanted attacks, Chris recommends disabling location services, photo, and microphone access for all apps and deactivating the auto-join feature for Wi-Fi and Hotspots. In today's episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Chris Bullock, Founder, CEO, and Managing Member of CI2A, to discuss tips for protecting your digital profile. Chris also explains open-source intelligence, the impact of privacy laws on data security, and how security attacks against high-profile individuals have evolved.