Welcome to the What’s Next! Podcast. I’ve met so many brilliant people as I traveled the globe and have had some fascinating conversations that I’ve wished had been recorded so I could share them with you - this podcast was a way for me to recreate those moments and let you in on some fantastic insights. My current conversations center around one objective: what's next for companies and individuals as they look to innovate and grow. I hope these conversations inspire you as much as they have ...
…
continue reading
Player FM - Internet Radio Done Right
Checked 4d ago
Added five years ago
Content provided by Jodi and Justin Daniels and Justin Daniels. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jodi and Justin Daniels and Justin Daniels or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to She Said Privacy/He Said Security
Call them changemakers. Call them rule breakers. We call them Redefiners. And in this provocative podcast, we explore how daring leaders from across industries and around the globe are redefining their organizations—and themselves—to create extraordinary impact in today’s rapidly changing world. In each episode, Russell Reynolds Associates Leadership Advisor Hoda Tahoun and former CEO Clarke Murphy host engaging, purposeful conversations with leaders in and out of the business world who shar ...
…
continue reading
Rachel Cooke is your guide to leadership and communication, helping you craft a workplace environment you can feel good about. She’ll share tips to help you balance your work and personal life, effectively invest your time, and be mindful about where you’re devoting your energy. Let Rachel help you navigate your path to success—however you define it.
…
continue reading
A top podcast for healthcare leaders, with over one million downloads, Radio Advisory is your weekly download on how to untangle the industry's most pressing challenges to help leaders like you make the best business decisions for your organization. From unpacking major trends in care delivery—like site-of-care shifts and the rise of high-cost drugs—to demystifying stakeholder dynamics, to shining a spotlight on priorities that may get overlooked, we're here to help. Our hosts and seasoned r ...
…
continue reading
Wharton faculty and industry leaders discuss their latest research, books, and relevant business topics. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Business tips for startups by proven entrepreneurs
…
continue reading
Hear the stories, learn the proven methods, and accelerate your growth and future through entrepreneurship. Welcome to The Foundr Podcast with Nathan Chan. About the show: For over a decade, The Foundr Podcast with Nathan Chan has been a leading entrepreneurship podcast for open-book conversations with, by, and for founders. Whether you're starting, building, or dreaming about your business, The Foundr Podcast is where you can access experienced founders who've been in your shoes to learn th ...
…
continue reading
T
The Influence Factor by The Influencer Marketing Factory
1
The Influence Factor by The Influencer Marketing Factory
The Influencer Marketing Factory
37k
130
Alessandro Bogliari, CEO and Co-Founder of The Influencer Marketing Factory, a global influencer marketing agency, talks with great guests about influencer marketing, social media, the creator economy, social commerce and much more.
…
continue reading
Custom Manufacturing Industry podcast is an entrepreneurship and motivational podcast on all platforms, hosted by Aaron Clippinger. Being CEO of multiple companies including the signage industry and the software industry, Aaron has over 20 years of consulting and business management. His software has grown internationally and with over a billion dollars annually going through the software. Using his Accounting degree, Aaron will be talking about his organizational ways to get things done. Hi ...
…
continue reading
Some Goodness is hosted by Richard Ellis, a seasoned sales leader passionate about inviting top business minds to share their wisdom. Each episode is only 15-20 minutes, perfect for your commute or workout.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Podcasts Worth a Listen
SPONSORED
<
<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/series-3594218">The Innovators & Investors Podcast</a></span>
The Innovators & Investors Podcast: Connecting the Startup Ecosystem. We are on a mission to bridge the gap between founders, investors, and industry leaders across the early-stage ecosystem. By bringing together visionaries from cutting-edge startups, venture capitalists, family offices, angel investors, accelerators, and studios, we offer a platform for sharing invaluable insights, market trends, and first-hand experiences. Whether you’re an entrepreneur navigating the challenges of building a business or an investor seeking opportunities in emerging technologies, our podcast provides a front-row seat to the dynamic world of innovation and investment. Tune in to gain a comprehensive understanding of the startup landscape, stay ahead of the curve, and benefit from the collective wisdom of those shaping the future. Think you'd be a great guest on the show? Apply at https://finstratmgmt.com/innovators-investors-podcast/
Operationalizing Privacy Across Teams, Tools, and Tech
Manage episode 488248565 series 2806859
Content provided by Jodi and Justin Daniels and Justin Daniels. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jodi and Justin Daniels and Justin Daniels or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Sarah Stalnecker is the Global Privacy Director at New Balance Athletics, Inc., where she leads the integration of privacy principles across the organization, driving awareness and compliance through education, streamlined processes, and technology solutions.
In this episode…Operationalizing privacy programs starts with translating legal requirements into actions that work across teams. This means aligning privacy with existing tools and workflows while meeting evolving privacy regulations and adapting to new technologies. Today’s consumers also demand both personalization and privacy, and building trust means fulfilling these expectations without crossing the line. So, how can companies build a privacy program that meets regulatory requirements, integrates into daily operations, and earns consumer trust?
Embedding privacy into business operations involves more than just meeting regulatory requirements. It requires cultural change, leadership buy-in, and teamwork. Rather than forcing company teams to adapt to new privacy processes, organizations need to embed privacy requirements into existing workflows and systems that departments already use. Leading with consumer expectations instead of legal mandates helps shift mindsets and encourages collaborative dialogue about responsible data use. Documenting AI use cases and establishing an AI governance program also helps assess risks without reactive scrambling. Teams should also leverage privacy technology to scale processes and streamline compliance to ensure privacy becomes an embedded, organization-wide function rather than a siloed concern.
In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Sarah Stalnecker, Global Privacy Director at New Balance Athletics, about operationalizing privacy programs. Sarah shares how her team approaches data collection, embeds privacy into existing workflows, and uses consumer expectations to drive internal engagement. She also highlights the importance of documenting AI use cases and establishing AI governance to assess risk. Sarah provides tips on selecting and evaluating privacy technology and how to measure privacy program success beyond traditional metrics.
229 episodes
Share
Manage episode 488248565 series 2806859
Content provided by Jodi and Justin Daniels and Justin Daniels. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Jodi and Justin Daniels and Justin Daniels or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Sarah Stalnecker is the Global Privacy Director at New Balance Athletics, Inc., where she leads the integration of privacy principles across the organization, driving awareness and compliance through education, streamlined processes, and technology solutions.
In this episode…Operationalizing privacy programs starts with translating legal requirements into actions that work across teams. This means aligning privacy with existing tools and workflows while meeting evolving privacy regulations and adapting to new technologies. Today’s consumers also demand both personalization and privacy, and building trust means fulfilling these expectations without crossing the line. So, how can companies build a privacy program that meets regulatory requirements, integrates into daily operations, and earns consumer trust?
Embedding privacy into business operations involves more than just meeting regulatory requirements. It requires cultural change, leadership buy-in, and teamwork. Rather than forcing company teams to adapt to new privacy processes, organizations need to embed privacy requirements into existing workflows and systems that departments already use. Leading with consumer expectations instead of legal mandates helps shift mindsets and encourages collaborative dialogue about responsible data use. Documenting AI use cases and establishing an AI governance program also helps assess risks without reactive scrambling. Teams should also leverage privacy technology to scale processes and streamline compliance to ensure privacy becomes an embedded, organization-wide function rather than a siloed concern.
In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Sarah Stalnecker, Global Privacy Director at New Balance Athletics, about operationalizing privacy programs. Sarah shares how her team approaches data collection, embeds privacy into existing workflows, and uses consumer expectations to drive internal engagement. She also highlights the importance of documenting AI use cases and establishing AI governance to assess risk. Sarah provides tips on selecting and evaluating privacy technology and how to measure privacy program success beyond traditional metrics.
229 episodes
All episodes
×
S
She Said Privacy/He Said Security
1 Real AI Risks No One Wants To Talk About And What Companies Can Do About Them 36:50
36:50 
Play Later 
Play Later 
Lists 
Like 
Liked36:50
Play Later Play Later Lists Like LikedAnne Bradley is the Chief Customer Officer at Luminos. Anne helps in-house legal, tech, and data science teams use the Luminos platform to manage the automated AI risk, compliance, and approval processes, statistical testing, and legal documentation. Anne also serves on the Board of Directors of the Future of Privacy Forum, a nonprofit that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. In this episode… AI is being integrated into everyday business functions, from diagnosing cancer to translating conversations and powering customer service chatbots and autonomous vehicles. While these tools deliver value, they also bring privacy, security, and ethical risks. As organizations dive into adopting AI tools, they often do so before performing risk assessments, establishing governance, and implementing privacy and security guardrails. Without safeguards and internal processes in place, companies may not fully understand how the tools function, what data they collect, or the risk they carry. So, how can companies efficiently assess and manage AI risk as they rush to deploy new tools? Managing AI risk requires governance and the ability to test AI tools before deploying them. That’s why companies like Luminos provide a platform to help companies manage and automate the AI risk compliance approval processes, model testing, and legal documentation. This platform allows teams to check for toxicity, hallucinations, and AI bias even when an organization uses high-risk tools like customer-facing chatbots. Embedding practical controls, like pre-deployment testing and assessing vendor risk early, can also help organizations implement AI tools safely and ethically. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Anne Bradley, Chief Customer Officer at Luminos, about how companies can assess and mitigate AI risk. Anne explains the impact of deepfakes on public trust and the need for a regulatory framework to reduce harm. She shares why AI governance, AI use-case risk assessments, and statistical tools are essential for helping companies monitor outputs, reduce unintended consequences, and make informed decisions about high-risk AI deployments. Anne also highlights why it’s important for legal and compliance teams to understand business objectives driving an AI tool request before evaluating its risk.…
S
She Said Privacy/He Said Security
1 Privacy in the Loop: Why Human Training Is AI’s Greatest Weakness and Strength 28:22
28:22 Play Later Play Later Lists Like Liked28:22
Play Later Play Later Lists Like LikedNick Oldham is the Chief Operations Officer, USIS, and Global Chief Risk, Privacy and Compliance Officer at Equifax Inc. A forward-thinking legal and operations executive, Nick has a proven track record of driving large-scale transformations by integrating legal expertise with strategic operational leadership. He oversees all enterprise-wide second-line functions, leading initiatives to embed AI, enable data-driven decision-making, and deliver innovative, compliant solutions across a $1.9B business unit. His focus is on building efficient, scalable systems that align with both compliance standards and long-term strategic goals. In this episode… Many companies are rushing to adopt AI tools without adequately training their workforce on how to use them responsibly. As AI becomes embedded in daily business operations, the biggest risk isn’t the technology itself, but the lack of human understanding around how AI works and what it can do. When teams struggle to understand the differences between machine learning and generative AI, it creates risks and makes it harder to establish appropriate privacy and security guardrails. Human training is AI's greatest weakness and strength, and closing that gap involves rethinking how companies educate and train employees at every level. The responsible use of AI depends on human judgment. Companies need to embed privacy education, critical thinking, and AI risk awareness into training programs from the start. Employees should be taught how to ask questions, evaluate model behavior, and recognize when personal information is being misused. AI literacy should also extend beyond the workplace. Introducing it in high school or even earlier helps prepare future professionals to navigate complex AI tools and make thoughtful, responsible decisions. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Nick Oldham, Chief Operations Officer, USIS, and Global Chief Risk, Privacy and Compliance Officer at Equifax, about the role of human training in AI literacy. Nick breaks down the components of AI literacy, explains why everyone needs a foundational understanding, and emphasizes the importance of prioritizing privacy awareness when using AI tools. He also highlights ways to embed privacy and security into AI governance programs and provides actionable steps organizations can take to strengthen AI literacy across teams.…
S
She Said Privacy/He Said Security
1 Where Strategy Meets Reality in AI Governance 29:22
29:22 Play Later Play Later Lists Like Liked29:22
Play Later Play Later Lists Like LikedAndrew Clearwater is a Partner at Dentons’ Privacy and Cybersecurity Team and a recognized authority in privacy and AI governance. Formerly a founding leader at OneTrust, he oversaw privacy and AI initiatives, contributed to key data protection standards, and holds over 20 patents. Andrew advises businesses on responsible tech implementation, helping navigate global regulations in AI, data privacy, and cybersecurity. A frequent speaker, he offers insight into emerging compliance challenges and ethical technology use. In this episode… Many companies are diving into AI without first putting governance in place. They often move forward without defined goals, leadership, or alignment across privacy, security, and legal teams. This leads to confusion about how AI is being used, what risks it creates, and how to manage those risks. Without coordination and structure, programs lose momentum, transactions are delayed, and expectations become harder to meet. So how can companies build a responsible AI governance program? Building effective AI governance programs starts with knowing what’s in use, why it’s in use, what data AI tools and systems collect, the risk it creates, and how to manage it. Standards like ISO 42001 and the NIST AI Risk Management Framework help companies guide this process. ISO 42001 offers the benefit of certification and supports cross-functional consistency, while NIST may be better suited for organizations already using it in related areas. Both frameworks help companies define the scope of AI use cases, understand the risks, and inform policies before jumping into controls. Conducting data inventories and utilizing existing risk management processes are also essential in identifying shadow AI introduced by employees or third-party vendors. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Andrew Clearwater, Partner at Dentons, about how companies can build responsible AI governance programs. Andrew explains how standards and legal frameworks support consistent AI governance implementation and how to encourage alignment between privacy, security, legal, and ethics teams. He also outlines the importance of monitoring shadow AI across third-party vendors and practical steps companies can take to effectively structure their AI governance programs.…
S
She Said Privacy/He Said Security
1 Endpoints-on-Wheels: Protecting Company and Employee Data in Cars 39:04
39:04 Play Later Play Later Lists Like Liked39:04
Play Later Play Later Lists Like LikedMerry Marwig is the VP Global Communications & Advocacy at Privacy4Cars. Merry is a pro-consumer, pro-business privacy advocate who is optimistic about what data privacy rights mean for everyday people — and for the companies they do business with. At Privacy4Cars, she helps protect drivers’ and passengers’ personal data while creating business opportunities for automotive companies. In this episode… Modern cars are like computers on wheels, collecting and storing data just like smartphones or laptops. Unlike those devices, however, vehicle data is often left unencrypted and persists long after a car is sold, rented, or reassigned. This is especially problematic for businesses that use corporate cars, rental vehicles, fleet vehicles, or personal vehicles for work purposes. Sensitive information such as contact lists, text messages, navigation history, and even security credentials can remain stored in vehicles long after they change hands, posing significant privacy, security, and even physical safety risks. To take control of sensitive data, companies need to establish data deletion policies for all vehicles used in a business context. This includes requiring rental agencies and fleet management providers to delete stored data and offer certificates of deletion when cars are returned or decommissioned. Companies should also require automotive providers to provide VIN-specific data disclosures so drivers understand what data the vehicle collects and how it's used and shared. Additionally, companies need to consider how privacy regulations like GDPR and CCPA apply to vehicle data collection and use it to inform their internal policies and third-party contracts. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Merry Marwig, VP Global Communications & Advocacy at Privacy4Cars, about the privacy and security risks of data collected and stored in vehicles. Merry explains how cars used for work, whether rental, fleet, or personal, retain unencrypted personal and company data that can be exploited when vehicles change ownership or are decommissioned. She shares real-world case studies involving sensitive information left behind in cars, including banking credentials, contact lists, and patient health records. Merry also outlines how data deletion policies and VIN-specific disclosures, required through contracts with automotive providers, help companies reduce privacy and security risks.…
S
She Said Privacy/He Said Security
1 Agentic AI for Software Security: Eliminate More Vulnerabilities, Triage Less 29:17
29:17 Play Later Play Later Lists Like Liked29:17
Play Later Play Later Lists Like LikedIan Riopel is the CEO and Co-founder of Root, applying agentic AI to fix vulnerabilities instantly. A US Army veteran and former Counterintelligence Agent, he’s held roles at Cisco, CloudLock, and Rapid7. Ian brings military-grade security expertise to software supply chains. John Amaral is the CTO and Co-founder of Root. Previously, he scaled Cisco Cloud Security to $500M in revenue and led CloudLock to a $300M acquisition. With five exits behind him, John specializes in building cybersecurity startups with strong technical vision. In this episode… Patching software vulnerabilities remains one of the biggest security challenges for many organizations. Security teams are often stretched thin as they try to keep up with vulnerabilities that can quickly be exploited. Open-source components and containerized deployments add even more complexity, especially when updates risk breaking production systems. As compliance requirements tighten and the volume of vulnerabilities grows, how can businesses eliminate software security risks without sacrificing productivity? Companies like Root are transforming how organizations approach software vulnerability remediation by applying agentic AI to streamline their approach. Rather than relying on engineers to triage and prioritize thousands of issues, Root’s AI-driven platform scans container images, applies safe patches where available, and generates custom patches for outdated components that lack official fixes. Root's AI automation resolves approximately 95% or more vulnerabilities without breaking production systems, allowing organizations to meet compliance requirements while developers stay focused on building and delivering software. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Ian Riopel and John Amaral, Co-founders of Root, about how AI streamlines software vulnerability detection. Together, they explain how Root’s agentic AI platform uses specialized agents to automate patching while maintaining software stability. John and Ian also discuss how regulations and compliance pressures are driving the need for faster remediation, and how Root differs from threat detection solutions. They also explain how AI can reduce security workloads without replacing human expertise.…
S
She Said Privacy/He Said Security
1 Operationalizing Privacy Across Teams, Tools, and Tech 27:47
27:47 Play Later Play Later Lists Like Liked27:47
Play Later Play Later Lists Like LikedSarah Stalnecker is the Global Privacy Director at New Balance Athletics, Inc., where she leads the integration of privacy principles across the organization, driving awareness and compliance through education, streamlined processes, and technology solutions. In this episode… Operationalizing privacy programs starts with translating legal requirements into actions that work across teams. This means aligning privacy with existing tools and workflows while meeting evolving privacy regulations and adapting to new technologies. Today’s consumers also demand both personalization and privacy, and building trust means fulfilling these expectations without crossing the line. So, how can companies build a privacy program that meets regulatory requirements, integrates into daily operations, and earns consumer trust? Embedding privacy into business operations involves more than just meeting regulatory requirements. It requires cultural change, leadership buy-in, and teamwork. Rather than forcing company teams to adapt to new privacy processes, organizations need to embed privacy requirements into existing workflows and systems that departments already use. Leading with consumer expectations instead of legal mandates helps shift mindsets and encourages collaborative dialogue about responsible data use. Documenting AI use cases and establishing an AI governance program also helps assess risks without reactive scrambling. Teams should also leverage privacy technology to scale processes and streamline compliance to ensure privacy becomes an embedded, organization-wide function rather than a siloed concern. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Sarah Stalnecker, Global Privacy Director at New Balance Athletics, about operationalizing privacy programs. Sarah shares how her team approaches data collection, embeds privacy into existing workflows, and uses consumer expectations to drive internal engagement. She also highlights the importance of documenting AI use cases and establishing AI governance to assess risk. Sarah provides tips on selecting and evaluating privacy technology and how to measure privacy program success beyond traditional metrics.…
S
She Said Privacy/He Said Security
1 Outsmarting Threats: How AI is Changing the Cyber Game 21:32
21:32 Play Later Play Later Lists Like Liked21:32
Play Later Play Later Lists Like LikedBrett Ewing is the Founder and CEO of AXE.AI, a cutting-edge cybersecurity SaaS start-up, and the Chief Information Security Officer at 3DCloud. He has built a career in offensive cybersecurity, focusing on driving exponential improvement. Brett progressed from a Junior Penetration Tester to Chief Operating Officer at Strong Crypto, a provider of cybersecurity solutions. He brings over 15 years of experience in information technology, with the past six years focused on penetration testing, incident response, advanced persistent threat simulation, and business development. He holds degrees in secure systems administration and cybersecurity, and is currently completing a Masters in cybersecurity with a focus area in AI/ML security at the SANS Technology Institute. Brett also holds more than a dozen certifications in IT, coding, and security from the SANS Institute, CompTIA, AWS, and other industry vendors. In this episode… Penetration testing plays a vital role in cybersecurity, but the traditional manual process is often slow and resource-heavy. Traditional testing cycles can take weeks, creating gaps that leave organizations vulnerable to fast-moving threats. With growing interest in more efficient approaches, organizations are exploring new AI tools to automate tasks like tool configuration, project management, and data analysis. How can cybersecurity teams use AI to test environments faster without increasing risk? AXE.AI offers an AI-powered platform that supports ethical hackers and red teamers by automating key components of the penetration testing process. The platform reduces overhead by configuring tools, analyzing output, and building task lists during live engagements. This allows teams to complete high-quality tests in days instead of weeks. AXE.AI’s approach supports complex environments, improves data visibility for testers, and scales efficiently across enterprise networks. The company emphasizes a human-centered approach and advocates for workforce education and training as a foundation for secure AI adoption. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Brett Ewing, Founder and CEO of AXE.AI, about leveraging AI for offensive cybersecurity. Brett explains how AXE.AI’s platform enhances penetration testing and improves speed and coverage for large-scale networks. He also shares how AI is changing both attack and defense strategies, highlighting the risks posed by large language models (LLMs) and deepfakes, and explains why investing in continuous workforce training remains the most important cyber defense for companies today.…
S
She Said Privacy/He Said Security
1 Privacy Reform Is Coming to Australia: What Businesses Need To Know 32:01
32:01 Play Later Play Later Lists Like Liked32:01
Play Later Play Later Lists Like LikedJames Patto is the Partner of Helios Salinger. He is a leading voice in Australia’s tech law landscape, trusted by business and government on privacy, cybersecurity, and AI issues. With over a decade of experience as a digital lawyer, he helps organizations turn regulation into opportunity — bridging law, innovation, and strategy to build trust and thrive in a digital world. In this episode… Australian privacy law stands at a critical juncture as organizations potentially face the country's most significant regulatory transformation yet. While the current principles-based Australian Privacy Act has been the foundation for over a decade, it contains notable gaps, like limited individual rights and broad exemptions for small businesses, employee data, and political parties. 84% of Australians want more control over how their personal information is collected and used, and with recent enforcement changes introducing civil penalties and on-the-spot fines, regulators now have stronger tools to hold organizations accountable. As lawmakers consider the next phase of reforms, how can businesses prepare for new compliance requirements while navigating an uncertain implementation timeline? Businesses can adapt to evolving privacy regulations and position themselves for success by strengthening their current privacy practices, including focusing on privacy notice quality, direct marketing opt-out procedures, and data breach response notice accuracy. Conducting a privacy maturity assessment and implementing streamlined, risk-based privacy impact assessments can help identify gaps and prepare for new compliance obligations. It’s also critical for organizations to understand the data they collect, where it resides, how it’s used, shared, or sold by building a comprehensive data inventory. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels talk with James Patto, Partner at Helios Salinger, about the current state and future of Australia’s privacy law. James discusses the major shifts in Australia’s privacy landscape and the broader implications for businesses. He shares how Australia’s strong small business sector influences privacy policymaking and how the Privacy Review Report's 89 proposals might reshape Australia's regulatory framework. James also explores the differences between Australia’s privacy law and the GDPR, the timeline for proposed reforms, and what companies should do now to prepare.…
S
She Said Privacy/He Said Security
1 Terms, Tech & Trust: A Privacy Deep Dive With Harvey AI 30:13
30:13 Play Later Play Later Lists Like Liked30:13
Play Later Play Later Lists Like LikedAnita Gorney is the Head of Privacy and AI Legal at Harvey. Harvey is an AI tool for legal professionals and professional service providers. Before Harvey, she was Privacy Counsel at Stripe. Anita studied law in Sydney and began her career there before moving to London and then New York. In this episode… Legal professionals often spend time on manual tasks that are repetitive and difficult to scale. Emerging AI platforms, like Harvey AI, are addressing this challenge by offering tools that help lawyers handle tasks such as legal research and contract review more efficiently. As legal professionals adopt AI to streamline their work, they are placing greater focus on data confidentiality and the secure handling of client information. Harvey AI addresses these concerns through its strict privacy and security controls, customer-controlled retention and deletion settings, and a commitment to not train on customer data. Harvey AI provides a purpose-built platform tailored for legal professionals. The company’s suite of tools — Assistant, Vault, and Workflow — automates repetitive legal work like summarizing documents, performing contract reviews, and managing due diligence processes. Harvey AI emphasizes privacy and security through features like zero data retention, encrypted processing, and workspace isolation, ensuring customer data remains confidential and is never used for model training. With a transparent, customer-first approach, Harvey AI empowers legal teams to work more efficiently without compromising trust or user data. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels speak with Anita Gorney, Head of Privacy and AI Legal at Harvey AI, about how legal professionals use specialized artificial intelligence to streamline their work. Anita explains how Harvey AI's platform helps with tasks like contract analysis and due diligence, while addressing privacy and security concerns through measures like customizable data retention periods and workspace isolation. She also discusses the importance of privacy by design in AI tools, conducting privacy impact assessments, and implementing user-controlled privacy settings.…
S
She Said Privacy/He Said Security
1 Silent Threats Lurking in Your Child’s Devices and How To Avoid Them 31:09
31:09 Play Later Play Later Lists Like Liked31:09
Play Later Play Later Lists Like LikedBen Halpert is a cybersecurity leader, educator, and advocate dedicated to empowering digital citizens. As a Fractional CISO, author, and the founder of Savvy Cyber Kids, he advances cyber safety and ethics. A sought-after speaker, Ben shares insights globally, shaping secure digital futures at work, school, and home. In this episode… Many parents mistakenly believe that technology companies have built-in safety controls that keep children safe online. In reality, these protections are often inadequate and misleading. From AI chatbots posing as friends to online predators targeting children through gaming platforms and social media, young users, whose brains are still developing, struggle to distinguish the differences between real human interactions and programmed responses. How can parents and caregivers proactively safeguard their children’s digital experiences while fostering healthy tech habits? Addressing these risks starts with parental oversight and consistent, age-appropriate education and guidance. Devices should be removed from kids’ bedrooms at night to prevent unsupervised use and reduce exposure to online threats. Parents should actively monitor every app, game, and online interaction, ensuring children only engage with people they know in real life. Families should also establish device-free times, like during meals, to encourage face-to-face communication and teach healthy social habits. Savvy Cyber Kids supports these efforts by providing age-appropriate educational resources, including children’s picture books, classroom activities, and digital parenting guides that help families navigate online safety. By focusing on direct education for young children and providing tools for parents and schools, the organization instills foundational privacy and cybersecurity awareness from an early age. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Ben Halpert, Founder of Savvy Cyber Kids, back to the podcast to discuss the growing digital threats facing kids’ today. Ben explains how AI chatbots are being treated as real friends, how social media messaging misleads parents, and why depending on tech companies for protection is risky. He also shares how predators use games and platforms to target kids, and how parental involvement and early education can help build safer digital habits. He shares steps parents can take to monitor and guide their children’s tech use at home, and explains how Savvy Cyber Kids helps by educating young children in schools and providing families with tools to teach online safety.…
S
She Said Privacy/He Said Security
1 Improving Cyber Readiness: Lessons from Real-World Investigations 22:13
22:13 Play Later Play Later Lists Like Liked22:13
Play Later Play Later Lists Like LikedTodd Renner is a seasoned cybersecurity professional with over 25 years of experience leading global cyber investigations, incident response efforts, and digital asset recovery operations. He advises clients on a wide range of cybersecurity and data privacy matters, combining deep technical knowledge with a strategic understanding of risk, compliance, and regulatory frameworks. With a distinguished background at the Federal Bureau of Investigation (FBI) and National Security Agency (NSA), Mr. Renner has contributed to national security, international cyber collaboration, and has played a key role in mentoring the next generation of cybersecurity professionals. In this episode… The rising complexity of cyber threats continues to test how businesses prepare, respond, and recover. Sophisticated threat actors are exploiting these vulnerabilities of private companies and leveraging AI tools to accelerate their attacks. Despite these dangers, many organizations hesitate to involve law enforcement when a cyber event occurs. This hesitation often stems from misconceptions about what law enforcement involvement entails, including fears of losing control over their systems or exposing sensitive company information. As a result, companies may prioritize quickly restoring operations over pursuing retribution from the attackers, leaving critical security gaps unaddressed. Collaborating with law enforcement doesn’t mean forfeiting control or exposing confidential data unnecessarily. Investigations often reveal repeated issues, including mobile device compromises, missing multifactor authentication, and failing to improve cybersecurity measures after a breach. To be better prepared, companies need to develop and practice incident response plans, ensure leadership remains involved, and build security programs that evolve beyond incident response. And, as threat actors actively use AI to accelerate data aggregation and create convincing deepfakes, companies need to start thinking about how to better detect these threats. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Todd Renner, Senior Managing Director at FTI Consulting, about how organizations are responding to modern cyber threats and where many still fall short. Todd shares why companies hesitate to engage law enforcement, how threat actors are using AI for faster targeting and impersonation, and why many businesses fail to strengthen their cybersecurity programs after a breach. He also discusses why deepfakes are eroding trust and raising new challenges for companies, and he provides practical tips for keeping both organizations and families safe from evolving threats.…
S
She Said Privacy/He Said Security
1 Top Takeaways From IAPP GPS 2025 and Atlanta AI Week 19:07
19:07 Play Later Play Later Lists Like Liked19:07
Play Later Play Later Lists Like LikedJodi Daniels is the Founder and CEO of Red Clover Advisors, a privacy consultancy, that integrates data privacy strategy and compliance into a flexible, scalable approach that simplifies complex privacy challenges. A Certified Information Privacy Professional, Jodi brings over 27 years of experience in privacy, marketing, strategy, and finance across diverse sectors, working and supporting startups to Fortune 500 companies. Jodi Daniels is a national keynote speaker, and she has also been featured in CNBC, The Economist, WSJ, Forbes, Inc., and many more publications. Jodi holds a MBA and BBA from Emory University’s Goizueta Business School. Read her full bio . Justin Daniels is a corporate attorney who advises domestic and international companies on business growth, M&A, and technology transactions, with over $2 billion in closed deals. He helps clients navigate complex issues involving data privacy, cybersecurity, and emerging technologies like AI, autonomous vehicles, blockchain, and fintech. Justin partners with C-suites and boards to manage cybersecurity as a strategic enterprise risk and leads breach response efforts across industries such as healthcare, logistics, and manufacturing. A frequent keynote speaker and media contributor, Justin has presented at top events including the RSA Conference, covering topics like cybersecurity in M&A, AI risk, and the intersection of privacy and innovation. Together, Jodi and Justin host the top ranked She Said Privacy / He Said Security Podcast and are authors of WSJ best-selling book, Data Reimagined: Building Trust One Byte at a Time. In this episode… From a major privacy summit to a regional AI event, experts across sectors are emphasizing that regulatory scrutiny is intensifying while AI capabilities and risks are accelerating. State privacy regulators are coordinating enforcement efforts, actively monitoring how companies handle privacy rights requests and whether cookie consent platforms work as they should. At the same time, AI tools are advancing rapidly with limited regulatory oversight, raising serious ethical and societal concerns. What practical lessons can businesses take from IAPP’s 2025 Global Privacy Summit and Atlanta’s AI Week to strengthen compliance, reduce risk, and prepare for what’s ahead? At the 2025 IAPP Global Privacy Summit, a major theme emerged: state privacy regulators are collaborating on enforcement more closely than ever before. When it comes to honoring privacy rights, this collaboration spans early inquiry stages through active enforcement, making it critical for businesses to establish, regularly test, and monitor their privacy rights processes. It also means that companies need to audit cookie consent platforms regularly, ensure compliance with universal opt-out signals like the Global Privacy Control, and align privacy notices with actual practices. Regulatory enforcement advisories and FAQs should be treated as essential readings to stay current on regulators' priorities. Likewise at the inaugural Atlanta AI Week, national security and ethical concerns came into sharper focus. Despite promises of localized data storage, some social media platforms and apps continue to raise alarms over foreign governments’ potential access to personal data. While experts encourage experimentation and practical application of AI tools, they are also urging businesses to remain vigilant to threats such as deepfakes, AI-driven misinformation, and the broader societal implications of unchecked AI development. In this episode of She Said Privacy/He Said Security , Jodi Daniels, Founder and CEO of Red Clover Advisors, and Justin Daniels, Shareholder and Corporate Attorney at Baker Donelson, share their top takeaways from the IAPP Global Privacy Summit 2025 and the inaugural Atlanta AI Week. Jodi highlights practical steps for improving privacy rights request handling, the importance of regularly testing cookie consent management platforms, and ensuring published privacy notices reflect actual practices. Justin discusses the ethical challenges surrounding AI's rapid growth, the national security risks tied to social media platforms, and the dangers posed by deepfake technology. Together, Jodi and Justin emphasize the importance of continuous education, collaboration, and proactive action to prepare businesses for the future of privacy and AI.…
S
She Said Privacy/He Said Security
1 From Principle to Practice: What Privacy Pros Need to Succeed 34:03
34:03 Play Later Play Later Lists Like Liked34:03
Play Later Play Later Lists Like LikedPeter Kosmala is a course developer and instructor at York University in Canada and leads its Information Privacy Program. Peter is a former marketer, technologist, lobbyist, and association leader and a current consultant, educator, and international speaker. He served the IAPP as Vice President and led the launch of the CIPP certification in the early 2000s. In this episode… As data privacy continues to evolve, privacy professionals need to stay sharp by reinforcing their foundational knowledge and refining their practical skills. It’s no longer enough to just understand and comply with regulatory requirements. Today’s privacy work also demands cultural awareness, ethical judgment, and the ability to apply privacy principles to real-world settings. How can privacy professionals expand their expertise and remain effective in an ever-changing environment? Privacy professionals can’t rely on legal knowledge alone to stay ahead. Privacy frameworks like the Fair Information Practice Principles (FIPPs), OECD Guidelines, and others offer principles that help privacy pros navigate shifting global privacy laws and emerging technologies. Privacy pros should also deepen their cultural literacy, recognizing the societal and political drivers behind laws like GDPR to align privacy practices with public expectations. Hands-on operational experience is just as important. Conducting privacy impact assessments (PIAs), responding to data subject access requests (DSARs), and developing clear communications are just a few ways privacy pros can turn knowledge into practical applications. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels talk with Peter Kosmala, Course Developer and Instructor at York University, about how privacy professionals can future-proof their skills. Peter discusses the value of foundational privacy frameworks, the tension between personalization and privacy, the limits of law-based compliance, and the growing need for ethical data use. He also explains the importance of privacy certifications, hands-on learning, and principled thinking to build programs that work in the real world.…
S
She Said Privacy/He Said Security
1 Making Privacy Tech Work: Why Process is the Game-Changer 23:02
23:02 Play Later Play Later Lists Like Liked23:02
Play Later Play Later Lists Like LikedAmanda Moore is a seasoned leader with extensive experience in privacy strategy, technology, and operations. She currently serves as the Senior Director of Privacy at DIRECTV, where she oversees the company’s privacy program with respect to technology and operations. Prior to her role at DIRECTV, she held pivotal positions at CVS Health and AT&T leading technical and business teams. Her career started in information technology but shifted to privacy before the onset of CCPA. Amanda holds the CIPM certifications and is a OneTrust Fellow of Privacy Technology. In this episode… Many organizations invest in privacy technology expecting it to deliver instant compliance, only to find that it fails to integrate with existing tools or processes. Adoption often lags when internal teams see privacy as a barrier or when tools are implemented without clearly defined goals. Choosing privacy technology before businesses understand the specific problem they’re meant to solve leads to confusion, inefficiency, and low adoption. One of the most effective ways to boost technology adoption is to start with a clear understanding of business processes and goals before introducing new privacy tech. Successful privacy programs start by mapping business processes and making small, non-disruptive backend adjustments that minimize disruption. Additionally, building internal awareness through roadshows, clear communication, and simplified privacy impact assessments helps shift perceptions and encourages teams to view privacy as a business enabler. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Amanda Moore, Senior Director of Privacy at DIRECTV, about integrating privacy technology into business operations. Amanda highlights how strong internal relationships help position privacy as a business enabler, why reframing communication to various business executives enhances support for privacy initiatives, and how measuring privacy program maturity with the use of technology provides more insight than surface-level metrics. She also discusses methods to increase adoption through internal awareness campaigns and simplified assessments, and the long-term value of reputation-building within organizations.…
S
She Said Privacy/He Said Security
Brian Mullin is the CEO and Co-founder of Karlsgate. He is also a creator of Karlsgate Identity Exchange, a groundbreaking solution for zero-trust remote data matching and integration. Brian has over 30 years of experience in data privacy and security with leadership roles at companies across the data-driven marketing ecosystem. In this episode… Data is often viewed as binary and categorized as either public or private with the assumption that private data is secure and tightly protected. Companies often rely on firewalls, contracts, and policies to secure data, yet these measures don’t guarantee control once data is shared across multiple platforms and with third-party vendors. Every time data changes hands, the risk of exposure, misuse, or compliance failure increases. So, how can organizations securely share data while minimizing risks and protecting individual identities? To address this challenge, companies can treat sensitive information as a “protected data” category where data is only shared under specific, controlled, and technology-enforced conditions. Rather than trusting third-party data clean rooms to match and analyze data sets, businesses can use Karlsgate’s peer-to-peer privacy-enhancing technology to prevent identity exposure altogether. This allows companies to reduce risk while eliminating the need for persistent IDs like cookies to ensure data set matching occurs without revealing personal information. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels talk with Brian Mullin, CEO and Co-founder of Karlsgate, about how companies can rethink data sharing with privacy-first tools. Brian discusses the dangers of persistent identifiers and why protected pipelines offer a more scalable and secure solution than traditional data clean rooms. Brian also shares how Karlsgate enables secure data set matching between organizations while eliminating the need to hand over control and explains how organizations can adopt these technologies quickly without adding friction to existing workflows.…
S
She Said Privacy/He Said Security
1 How AI Is Revolutionizing Contract Reviews for Legal Teams 33:00
33:00 Play Later Play Later Lists Like Liked33:00
Play Later Play Later Lists Like LikedFarah Gasmi is the Co-founder and CPO of Dioptra, the accurate and customizable AI agent that drafts playbooks and consistently redlines contracts in Microsoft Word. Dioptra is trusted by some of the most innovative teams, like Y Combinator and Wilson Sonsini. She has over 10 years of experience building AI products in healthcare, insurance, and tech for companies like Spotify. Farah is also an adjunct professor at Columbia Business School in NYC. She teaches a Product Management course with a focus on AI and data products. Laurie Ehrlich is the Chief Legal Officer at Dioptra, a cutting-edge legal tech startup revolutionizing contract redlining and playbook generation with AI. With a background leading legal operations and commercial contracting at Datadog and Cognizant, Laurie has deep expertise in scaling legal functions to drive business impact. She began her career in intellectual property law at top firms and holds a JD from NYU School of Law and a BS from Cornell. Passionate about innovation and diversity in tech, Laurie has also been a champion for women in leadership throughout her career. In this episode… Contract review can be time-consuming and complex, especially when working with third-party agreements that use unfamiliar language and formats. Legal teams often rely on manual review processes that make it challenging to maintain consistency across contracts, contributing to inefficiencies and increased costs. That’s why businesses need an effective solution that reduces the burden of contract analysis while supporting legal and strategic decision-making. Dioptra, a legal tech startup, helps solve these challenges by leveraging AI to automate first-pass contract reviews, redline contracts, and generate playbooks. The AI agent analyzes past agreements to identify patterns, standard language, and key risk areas, allowing teams to streamline the review process. It supports a range of use cases — from NDAs to real estate deals — while improving consistency and reducing review time. Dioptra also enhances post-execution analysis by enabling companies to assess past agreements for compliance and risk exposure. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Farah Gasmi, Co-founder and Chief Product Officer at Dioptra, and Laurie Ehrlich, the Chief Legal Officer at Dioptra, about how AI is used to streamline contract reviews. Together, they discuss how Dioptra accelerates contract reviews, supports security and privacy through strict data controls, and enables organizations to build smarter, more consistent contract processes — without removing the need for expert human judgment. Farah and Laurie also delve into the importance of AI-driven consistency in contract negotiation, vendor security evaluations, and how companies can safeguard sensitive data when using AI tools.…
S
She Said Privacy/He Said Security
1 Inside Cybersecurity: How Hackers Think and How To Stop Them 34:34
34:34 Play Later Play Later Lists Like Liked34:34
Play Later Play Later Lists Like LikedDavid Kennedy is the Founder and CEO of TrustedSec and Co-founder at Binary Defense. He is considered an industry leader in cybersecurity. As the former Chief Security Officer of Diebold, David has led global cybersecurity teams, testified before Congress, and continues to shape cybersecurity policy. He co-authored the Penetration Testing Execution Standard and is renowned in offensive security. A Marine with intelligence experience, he prioritizes family, fitness, and co-hosts the Hacking Your Health Podcast. He built a DeLorean time machine inspired by Back to the Future. David's life mission is to help others and to make the world a safer place in cybersecurity, which drives him every single day. In this episode… Cybersecurity threats are evolving at an alarming rate, and businesses face an uphill battle in protecting their data and systems. Ransomware attacks, supply chain vulnerabilities, and sophisticated social engineering tactics put organizations at constant risk. At the same time, companies face mounting pressure to protect customer data amid the growing influence of AI-driven misinformation, concerns surrounding platforms like TikTok, and other evolving cyber threats. How can businesses defend themselves proactively? Building a strong cybersecurity program requires leadership, governance, and proactive risk management, not just technology. Many organizations struggle with detecting breaches in real time, making rapid threat detection and response essential. TrustedSec and Binary Defense are helping companies address these challenges by providing expert-led security consulting, penetration testing, and real-time threat monitoring. As cyber threats become more advanced, collaboration between security and privacy teams is essential to building a comprehensive defense strategy. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with David Kennedy, Founder and CEO of TrustedSec and Co-founder at Binary Defense, about evolving cybersecurity threats and how businesses can improve their security posture. David talks about the intersection of cybersecurity and privacy, the role of governance in building cybersecurity resilience and protecting data, how AI is shaping cyber threats, and the implications of cyber warfare. He also shares his experience testifying before Congress, explaining why lawmakers struggle to grasp cybersecurity issues. David provides advice on how companies can improve their threat detection and response capabilities and why social media presents a growing risk.…
S
She Said Privacy/He Said Security
1 Solving Privacy and Security Challenges in Healthcare Data Collaboration 32:09
32:09 Play Later Play Later Lists Like Liked32:09
Play Later Play Later Lists Like LikedJason Brenner is the RVP of Healthcare & Lifesciences at LiveRamp and has been working in the advertising and ad tech industries for over 20 years. He is leading efforts on building data connectivity solutions for the healthcare and life sciences industries. Prior to LiveRamp, Jason has held leadership positions at Placed, Verve, PayPal, Time Inc., The New York Times , and Condé Nast. In this episode… Companies in industries like healthcare and life sciences are leveraging data collaboration to collect valuable insights to drive innovation and improve customer experiences. However, for many organizations, balancing data collaboration with privacy, security, and regulatory compliance obligations remains a significant challenge. With consumer trust at stake, and the risks of improper data handling, how can companies balance innovation with responsible data use? Data collaboration in healthcare presents both opportunities and challenges. Companies need to adopt privacy-by-design principles and engage legal and privacy teams early in the process. By implementing techniques such as data tokenization and de-identification, businesses can extract valuable insights while minimizing privacy and security risks. That's why companies like LiveRamp are making this process easier with a platform that transforms personally identifiable information into non-reversible tokens, allowing organizations to use data responsibly while minimizing privacy and security risks. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Jason Brenner, RVP of Healthcare and Life Sciences at LiveRamp, about the critical role of privacy and security in data collaboration. Jason shares insights on how organizations are navigating a complex and fragmented regulatory landscape, the importance of adopting privacy-by-design principles, and engaging legal and privacy teams early in the process. He also shares how businesses can minimize data retention risks, the role of de-identification and tokenization in protecting sensitive information, and the importance of building customer trust through responsible data practices.…
S
She Said Privacy/He Said Security
1 ISACA 2025 State of Privacy Survey Findings 34:47
34:47 Play Later Play Later Lists Like Liked34:47
Play Later Play Later Lists Like LikedNiel Harper is a Certified Director and ISACA Board Vice Chair. He is also the Chief Information Security Officer and Data Protection Officer at Doodle. Niel is based in Germany. He has more than 20 years of experience in IT risk management, cybersecurity, privacy, Internet governance and policy, and digital transformation. Safia Kazi is the Privacy Professional Practices Principal at ISACA. She has worked at ISACA for just over a decade, initially working on ISACA’s periodicals and now serving as the Privacy Professional Practices Principal. She is based in Chicago. In 2021, she was a recipient of the AM&P Network’s Emerging Leader award, which recognizes innovative association publishing professionals under the age of 35. In this episode… ISACA’s State of Privacy 2025 survey reveals that privacy professionals are facing significant hurdles, including staffing shortages, budget cuts, and increasing demands for technical privacy expertise. Many organizations are shifting privacy responsibilities to legal and security teams, without additional resources or training. At the same time, AI adoption is increasing, introducing new complexities and risks. With privacy budgets under strain and teams expected to do more with less, how can businesses sustain effective privacy programs while navigating new challenges? According to ISACA’s State of Privacy 2025 survey, one of the most pressing concerns for privacy teams is the growing demand for technical privacy expertise. Privacy by design also remains a challenge, with limited resources making it difficult for teams to embed privacy into product development from the outset. AI also plays a growing role in privacy operations, helping automate processes while raising concerns about data security, bias, and third-party risks. Despite these findings from ISACA’s survey, businesses can make privacy sustainable by fostering a culture of privacy awareness from the top down, ensuring leadership understands the value of privacy beyond compliance. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Niel Harper, Certified Director and Board Vice Chair at ISACA and CISO and DPO at Doodle, and Safia Kazi, Privacy Professional Practices Principal at ISACA, about the findings from ISACA’s State of Privacy 2025 survey. Safia explains how privacy professionals can adapt to changes by continuously learning and staying informed on emerging risks, while Niel highlights the need for board-level privacy advocacy. They also explore how organizations are adapting to staffing shortages and budget constraints, the impact of AI on privacy operations, and how organizations can effectively navigate emerging risks.…
S
She Said Privacy/He Said Security
Stephen Bolinger, Chief Privacy Officer at Informa, has a career that spans three continents and more than two decades, with the last seventeen years devoted to privacy and data protection matters across a range of industries, including tech, medical devices, and financial services. Stephen produced a fascinating film called Privacy People. In this episode… As technology evolves and cultural perspectives shift, so does the debate over privacy. With each new tech innovation, from smartphones to AI, companies are collecting more personal information than ever, leading some to claim that privacy is dead. Meanwhile, businesses are navigating a fragmented regulatory landscape, particularly in the United States, where varying laws create compliance challenges. These growing concerns raise the question: is privacy dead, or is it just evolving? Cultural perspectives on privacy differ significantly, influencing how laws are structured in regions like the U.S., Europe, and Australia. While some nations treat privacy as a human right, others see it as a consumer protection issue. To address these concerns, companies need to integrate privacy into their overall data governance strategies, ensuring responsible data collection and AI oversight. As privacy expectations shift, businesses need to adapt, recognizing that privacy is not disappearing — it is being redefined, reinforcing the need for dedicated privacy professionals. In this episode of the She Said Privacy/He Said Security podcast, Jodi and Justin Daniels chat with Stephen Bolinger, Chief Privacy Officer at Informa, about the evolving role of privacy professionals and how cultural differences influence data protection expectations worldwide. Stephen discusses the challenges of navigating privacy laws across different countries, the increasing importance of data and AI governance, and why privacy professionals need to expand their expertise beyond compliance to address broader ethical implications and technological advancements. Stephen also highlights his latest project, a documentary film entitled Privacy People, which sheds light on the complexities of data privacy.…
S
She Said Privacy/He Said Security
1 Proactive Approaches to Cyber Risk Management 32:46
32:46 Play Later Play Later Lists Like Liked32:46
Play Later Play Later Lists Like LikedDave Sampson is the Vice President of Cyber Risk & Strategy at Thrive. In his role, he heads Thrive’s Consulting Practice, where he and his team of experts join forces with clients to deliver strategic guidance on a range of topics, including cybersecurity, IT operations, Cloud, Microsoft 365, compliance, disaster recovery planning, and more. Over the course of his extensive career, Dave has taken up various influential positions in the industry. He served as a Senior Consulting Technical Solution Manager at IBM, was Executive Vice President and Chief Technology Officer at Itrica, founded and served as CEO of Cloud Provider USA, and held the position of Chief Technology Officer at ColoSpace. Dave holds an MBA from Northeastern University and a BS in Communication and Media Studies from Emerson College. He is a former elected official in his hometown of Sandwich, MA. In this episode… As the cyber threat landscape becomes more unpredictable, organizations often struggle with implementing and managing different security tools and ensuring systems communicate effectively to keep up with threats. Organizations can no longer afford to take a reactive approach. Without a clear strategy and proper proactive security measures, organizations face operational disruptions, increased vulnerability to attacks, and challenges in responding to security incidents. So, how can companies take a smarter, more proactive approach to cyber risk management? A proactive cybersecurity strategy isn’t just about having the right tools — it’s about integrating these tools effectively and ensuring visibility across systems to detect risk and prepare for worst-case scenarios. Companies like Thrive are making this process more efficient with their security platform that combines industry leading security tools, real-time monitoring, and AI-driven automation into a cohesive, managed solution that helps companies optimize operations and mitigate cyber risks. Yet, beyond the technology, companies also need to establish a disaster recovery plan, maintain transparency with third-party vendors, and perform privacy and security risk assessments to further enhance security and privacy measures and incident preparedness. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels talk with Dave Sampson, VP of Cyber Risk & Strategy at Thrive, about the critical components of cyber risk management. Dave discusses the challenges of integrating security solutions, the lessons learned from the CrowdStrike incident, and how AI is both a threat and an advantage in cybersecurity. He shares insights on cybersecurity best practices and discusses the growing need for outsourcing cybersecurity expertise, the role of third-party risk management, and the importance of disaster recovery planning. Dave also offers practical tips for strengthening both personal and enterprise security, emphasizing the need for vigilance, adaptability, and a proactive security mindset.…
S
She Said Privacy/He Said Security
1 The Leadership Edge: Why Coaching Matters for Privacy Pros 31:46
31:46 Play Later Play Later Lists Like Liked31:46
Play Later Play Later Lists Like LikedDoug Miller is an Executive Coach at Doug Miller Strategies, a consultancy for privacy and compliance executives, professionals, and teams. Having been a Global Privacy Leader at AOL and Yahoo, he's faced the challenges of overburdened privacy teams firsthand. In this episode… Privacy professionals face unique challenges in their roles, often working across teams to implement privacy initiatives that might not always be a top priority for the broader organization. Many privacy professionals struggle with persuading stakeholders, managing heavy workloads, and effectively communicating risk across their organizations. This uphill battle requires confidence, strong leadership skills, and persuasive communication to effectively integrate privacy into business operations. How can privacy professionals develop these skills while building privacy programs and addressing burnout and career growth? Executive coaching is a powerful tool for privacy professionals looking to improve their leadership skills and ability to influence decision-making. Mastering prioritization, cross-functional collaboration, and articulating the value of privacy programs are essential for long-term success in privacy roles. Practical strategies such as improving time management, refining persuasion techniques, and addressing burnout can help privacy professionals navigate their responsibilities more effectively. By focusing on behavioral shifts and mindset adjustments, privacy leaders can strengthen their influence, drive organizational change, and create sustainable privacy programs. Whether working solo or as part of a privacy team, patience, adaptability, and proactive engagement are critical for success. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels talk with Doug Miller, Executive Coach at Doug Miller Strategies, about how coaching can help privacy professionals refine their leadership skills to navigate challenges and lead their teams. Doug shares insights on the skills privacy professionals need to develop, how leaders can better support their teams, and why coaching can help professionals build resilience amid regulatory and organizational challenges. He offers strategies for preventing burnout and fostering cross-departmental collaboration to build effective privacy programs.…
S
She Said Privacy/He Said Security
1 Navigating CIPA Claims: Strategies for Protecting Your Business 29:27
29:27 Play Later Play Later Lists Like Liked29:27
Play Later Play Later Lists Like LikedJessica Lee chairs Loeb & Loeb's Privacy, Security & Data Innovations practice and serves as Chief Privacy & Security Partner. She provides strategic legal counsel to companies navigating complex data governance issues, helping them turn compliance into a competitive advantage. Jessica advises on the full spectrum of privacy, security, and AI-related regulations, focusing on companies navigating the issues that arise from AdTech, the use of health data and other sensitive information, and other data monetization practices. In this episode… The California Invasion of Privacy Act (CIPA) is putting many businesses under legal scrutiny. Modeled after federal wiretapping laws, CIPA requires two-party consent for recording or intercepting communications and has become a target for the plaintiffs’ bar. The law has been used to challenge the use of session replay cookies, chatbots, and social media pixels, with claims that these technologies intercept data and communications without proper consent. As courts issue mixed rulings, businesses need to adapt their privacy frameworks and governance programs to reduce the risk of CIPA violations. Addressing CIPA-related risks requires a proactive and thorough approach. Managing website tracking technologies is no longer just about implementing cookie consent banners. Businesses also need to conduct comprehensive website audits to identify which cookies, pixels, and trackers are in use, ensuring these technologies comply with CIPA's consent requirements. Implementing a cookie governance program, securing thorough contractual agreements with third-party vendors, and disclosing data collection and consent practices in privacy notices are critical steps for mitigating CIPA-related risks. By adopting these strategies, companies can reduce their exposure to legal action and maintain trust with their users, even as courts continue to interpret CIPA’s application to modern technologies. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Jessica Lee, Chief Privacy & Security Partner and Chair of the Privacy, Security, and Data Innovations Practice at Loeb & Loeb, about managing CIPA compliance. Jessica provides a detailed overview of CIPA’s requirements and breaks down why certain technologies are being targeted. She also discusses the importance of regular website audits and offers practical advice on mitigating risk by implementing a cookie governance program, reviewing consent management practices, and establishing contractual protections.…
S
She Said Privacy/He Said Security
1 Data Enablement & Responsible AI in Regulated Industries: Transforming Compliance Into Innovation 28:19
28:19 Play Later Play Later Lists Like Liked28:19
Play Later Play Later Lists Like LikedTimothy Nobles, Chief Commercial Officer at Integral, is passionate about empowering organizations to explore the full potential of their data while maintaining the highest standards of privacy and compliance. With over 20 years of experience in data and analytics, he has held leadership roles at innovative companies across multiple industries. In this episode… Balancing data enablement with privacy compliance is vital for organizations aiming to use data effectively while maintaining trust and meeting regulatory requirements. Data enablement focuses on making data accessible, usable, and valuable to users across an organization while ensuring it remains secure and compliant. Regulated industries, such as healthcare, face significant challenges, including evolving privacy laws and managing re-identification risks tied to sensitive data. Without a strong privacy framework, businesses risk regulatory penalties, reputational damage, and missed opportunities for data-driven decision-making. Effective data enablement relies on more than just technology — it requires governance and a thoughtful approach to privacy and compliance. By adopting privacy-enhancing technologies (PETs), such as tokenization, homomorphic encryption, data masking, and differential privacy, organizations can minimize risks and protect personal information while making data usable. However, these tools alone are not enough. Organizations need to implement data governance frameworks, assess re-identification risks, and balance data utility with regulatory requirements. By aligning compliance efforts with strategic business goals, organizations can unlock data potential without compromising privacy. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Timothy Nobles, Chief Commercial Officer at Integral, about how organizations can embrace data enablement in regulated industries. Timothy discusses practical applications of privacy-enhancing technologies, strategies to mitigate re-identification risks, and the importance of starting with governance to guide data use. The conversation also highlights how companies can approach AI responsibly by focusing on understanding data inputs to ensure ethical and compliant outcomes.…
S
She Said Privacy/He Said Security
1 Outsmarting Deepfakes: A New Era of Identity Verification 31:53
31:53 Play Later Play Later Lists Like Liked31:53
Play Later Play Later Lists Like LikedAaron Painter is a deepfake expert and the CEO of Nametag, an identity verification company at the forefront of stopping social engineering attacks at the employee IT helpdesk. In this episode… New cybersecurity threats, like deepfakes and social engineering attacks, are forcing companies to rethink their security measures and fraud prevention processes. Companies face mounting risks as threat actors leverage advanced AI tools and other techniques to bypass traditional verification methods, such as passwords and security questions. This evolving threat landscape calls for innovative solutions that help companies verify identities, prevent fraud, and protect privacy, and that’s why companies like Nametag are creating secure platforms to address these challenges. Nametag’s innovative approach to identity verification offers a practical solution to this pressing challenge. By leveraging the security features of mobile devices, such as cryptography and three-dimensional facial recognition, Nametag enables companies to verify identities with greater accuracy. This method offers a practical alternative to outdated approaches like passwords and security questions, which are often prone to fraud. Additionally, Nametag’s privacy-first design enables companies to tailor their solutions while protecting user data through features like privacy masking. Listening closely to customer feedback, Nametag has developed tools that empower companies to address pain points, such as help desk vulnerabilities, to improve security and privacy measures and the user experience. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Aaron Painter, CEO of Nametag, about the evolution of identity verification and deepfakes. Aaron explains the threats posed by deepfakes, the weaknesses in current systems, and how Nametag’s platform addresses these challenges. Aaron shares insights into the importance of balancing privacy with security and how companies can protect themselves as threat actors become more sophisticated. He also discusses how Nametag’s solutions address real-world problems, including reducing help desk vulnerabilities and improving MFA recovery processes.…
S
She Said Privacy/He Said Security
1 Health Data, Privacy, and Ethical Marketing: What Companies Need To Know 21:42
21:42 Play Later Play Later Lists Like Liked21:42
Play Later Play Later Lists Like LikedBen Chapman is the General Counsel and Chief Privacy Officer at Swoop. Prior to Swoop, Ben was the Deputy General Counsel for Real Chemistry. He has nearly 10 years of experience in ad tech, data, and privacy matters. In this episode… Companies that operate in the healthcare marketing space, like Swoop, approach privacy by emphasizing transparency, ethical practices, and building trusted partnerships. To remain compliant, businesses need to thoroughly understand their data handling processes and regularly assess their partners. By asking detailed, factual questions, companies can make informed decisions about their partners’ practices and ultimately strengthen their privacy programs. Additionally, adopting a consumer- or patient-centric perspective helps businesses navigate the complexities of privacy laws while aligning with regulatory requirements and ethical standards. A proactive and well-informed approach to privacy strengthens compliance efforts and builds trust. Healthcare marketing faces new challenges as privacy laws evolve and health data definitions expand. Laws like the Washington My Health My Data Act broaden the scope of what constitutes health data, requiring organizations to reevaluate how they handle consumer data. Navigating this complex regulatory landscape requires companies to ensure compliance with state privacy laws and federal regulations like HIPAA, all while maintaining trust and transparency with consumers. How can companies ensure ethical and privacy-friendly marketing practices? In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Ben Chapman, General Counsel and Chief Privacy Officer at Swoop, about the intersection of privacy and healthcare marketing. They discuss how state privacy laws redefine health data, the importance of ethical data practices, and strategies for evaluating partners. Ben shares his insights on building privacy programs, fostering collaboration, and navigating the nuances of healthcare marketing in a highly regulated environment. He also highlights the importance of continuous learning and collaboration within the privacy community to stay ahead in the ever-changing regulatory environment.…
S
She Said Privacy/He Said Security
1 Integrating Privacy Across Healthcare, Retail, and Business Operations 29:12
29:12 Play Later Play Later Lists Like Liked29:12
Play Later Play Later Lists Like LikedNatalie LaPorta is the Chief US Privacy Officer for Walgreens, where she focuses on various privacy matters that impact US patient and consumer data privacy, including state and federal data privacy compliance, complex contract negotiations, digital privacy, de-identification, AI, analytics, and marketing. Prior to her most recent role at Walgreens, Natalie was an Associate Attorney at Dentons US LLP, where she handled healthcare regulatory, tax-exempt bond finance, and M&A matters. She holds a bachelor’s degree in political science from Benedictine University and a law degree from The John Marshall Law School. In this episode… New privacy laws, requirements, and expanding health data definitions require organizations to rethink and adjust their privacy programs accordingly. For companies like Walgreens, navigating these changes entails addressing both long-standing regulations, such as HIPAA, and emerging privacy laws that govern a broader scope of data. As businesses juggle diverse regulatory requirements, shifting data definitions, and operational demands, how can they create a privacy program that is effective and adaptable? Walgreens’ approach to privacy exemplifies how businesses can adapt to an evolving regulatory landscape. Effective privacy programs start with understanding how shifting privacy requirements impact different business functions, from marketing to IT and analytics. With privacy regulations now extending beyond HIPAA to include other forms of personal information, companies need to develop tailored privacy strategies, provide ongoing education, and build strong relationships across departments to ensure privacy measures are integrated into everyday business operations. By making privacy a proactive and collaborative effort, companies can enhance compliance and reduce risks. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Natalie LaPorta, Chief US Privacy Officer at Walgreens, about the evolution of privacy programs in the healthcare and retail sectors. Natalie shares her journey of building a privacy legal function at Walgreens, the importance of building cross-functional relationships, and how tailored approaches can address privacy challenges. She also offers practical advice for creating a privacy culture and shares insights on navigating vendor relationships and using technology to support compliance efforts.…
S
She Said Privacy/He Said Security
1 Developing Resilient Cybersecurity Strategies for Businesses 36:43
36:43 Play Later Play Later Lists Like Liked36:43
Play Later Play Later Lists Like LikedShay Colson is a Co-founder and Managing Partner at Intentional Cybersecurity, a risk assessment and strategic advisory firm. After spending his early career as a security engineer for the US Government, he worked for a global consulting firm. In this episode… The evolving cyber landscape constantly presents new challenges that require businesses to elevate their cybersecurity posture. With the release of NIST CSF 2.0, organizations now have a stronger framework to guide their approach, focusing on governance as a critical function. This addition emphasizes the importance of integrating cybersecurity as a core business function rather than treating it as a siloed IT function. How can organizations adapt to this evolving landscape while improving resilience and reducing risk? Governance now leads NIST CSF 2.0 as the primary function, emphasizing the importance for organizations to clearly define cybersecurity ownership, responsibilities, and decision-making processes. Organizations need to move beyond treating cybersecurity as a technical issue to recognizing it as a core business function. And, as threat actors become more sophisticated and leverage AI to accelerate cyber attacks, businesses need to adopt governance models that promote agility, resilience, and proactive risk management. This means integrating security and privacy frameworks into business operations. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Shay Colson, Managing Partner and Co-founder of Intentional Cybersecurity, about the critical role governance plays in building cyber resilience. Shay explains how companies can use frameworks like NIST CSF 2.0 to implement scalable cybersecurity strategies without overextending their resources. He also shares insights on the intersection of security and privacy, AI-driven risk assessments, and why focusing on the basics is essential before adopting advanced solutions.…
S
She Said Privacy/He Said Security
1 Privacy as a Business Driver: How To Build Effective Programs 31:36
31:36 Play Later Play Later Lists Like Liked31:36
Play Later Play Later Lists Like LikedJulia Shullman is the General Counsel and Chief Privacy Officer at Telly, the world's first dual-screen smart TV fully paid for by advertising. Prior to Telly, Julia was General Counsel and Chief Privacy Officer at TripleLift, through its $1.4B acquisition by Vista Equity Partners. She also held various leadership positions, including Chief Privacy Counsel and Lead Attorney, Publisher Technology Group at AppNexus, through its $1.6B sale to AT&T. Before advertising, Julia spent a decade in mergers and acquisitions at both Latham & Watkins and UBM. She is recognized as an industry leader at the intersection of privacy, products, advertising, policy, and strategy. In this episode… Navigating the intersection of privacy, product, and advertising demands strategy. Companies need to view privacy as integral to their operations and growth, especially in highly regulated industries like AdTech. Without effective privacy programs, companies face potential deal disruptions, diminished valuations, and reputational damages. For early-stage companies in particular, failing to integrate privacy into their operations can hinder growth, derail funding opportunities, and even lead to regulatory scrutiny. How can organizations ensure that privacy is both a priority and an enabler of success? Developing effective privacy programs requires a tailored, pragmatic approach. Leaders need to educate their teams on privacy obligations and integrate privacy practices into business processes. This includes fostering collaboration among privacy experts and cross-functional departments, such as engineering and marketing, while adapting to industry-specific nuances. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Julia Shullman, General Counsel and Chief Privacy Officer at Telly, about building privacy programs that drive business success. Drawing from her extensive experience in M&A, privacy, and AdTech, Julia offers insights into balancing privacy with business monetization goals. She discusses the importance of understanding industry dynamics and the role of privacy in facilitating successful exits and partnerships. Julia emphasizes the value of cross-departmental collaboration and education in creating privacy solutions that resonate with a company’s culture and business objectives. She also provides tips on how organizations can align their privacy programs with broader business strategies to build trust, ensure compliance, and drive innovation.…
S
She Said Privacy/He Said Security
1 Your Data, Your Rules: How Cloaked Puts You in Control of Privacy and Security 26:51
26:51 Play Later Play Later Lists Like Liked26:51
Play Later Play Later Lists Like LikedArjun and Abhijay Bhatnagar are Co-founders of Cloaked, a consumer privacy company. As developers and privacy advocates, they have created a secure, all-in-one privacy platform that gives consumers control over their personal information while helping reshape how industries access, use, and think about data. In this episode… The digital world often exposes individuals to risks through seemingly simple data points like phone numbers and emails. These identifiers can reveal a lot of personal information, making users vulnerable to phishing, spam, identity theft, and malicious AI-driven impersonation. As companies collect, share, and sell personal information more than ever, there is a pressing need for solutions that prioritize user control, privacy, and security. What steps can you take to safeguard your personal information? Companies like Cloaked are changing the game and offering individuals a way to regain control over their personal information by allowing users to create unique identifiers, like emails, phone numbers, and passwords, for every digital interaction. The platform also enables users to clean up past data footprints and limit future vulnerabilities while employing a siloed database architecture that keeps personal information secure even in the event of a system breach. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels chat with Arjun and Abhijay Bhatnagar, Co-founders of Cloaked, about how their platform addresses critical privacy challenges and empowers users to reclaim control of their personal information. Arjun and Abhijay share how Cloaked's features, like identity masking and password and passcode manager tools, help users navigate today’s privacy and security complexities easily and confidently. They also provide actionable privacy tips, such as limiting permissions, and discuss how Cloaked aims to combat AI misuse.…
S
She Said Privacy/He Said Security
1 From McPrivacy to Mastery: A Collaborative Approach To Building Strategic Privacy Programs 25:37
25:37 Play Later Play Later Lists Like Liked25:37
Play Later Play Later Lists Like LikedAlan Chapell is the President of Chapell & Associates, a law firm serving the interactive technology, media, and advertising industries. He has served for 20 years as an outside counsel and privacy advisor to VC-funded AdTech and MarTech companies. Alan is also the Principal Analyst for The Chapell Report, a monthly continuous information research tool that helps investors and compliance teams understand the key privacy, competition, and regulatory trends driving the advertising and media marketplace. In this episode… Businesses often struggle to balance their privacy programs with the demands of evolving privacy laws and operational obligations. Privacy programs often reveal hidden vulnerabilities — what some call the “privacy underbelly” — that can expose companies to risks. With a growing patchwork of state privacy laws, businesses need to adopt flexible, proactive strategies to maintain compliance while aligning with business objectives. How can privacy and business teams collaborate to build strategic privacy programs? Privacy professionals need to bridge the gap between compliance and operational goals by clearly explaining liability risks to business teams while aligning privacy initiatives with organizational objectives. Leveraging privacy resources like The Chapell Report can provide actionable insights into evolving regulations, helping privacy and business teams simplify complex concepts to collaborate effectively and build trust with each other. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Alan Chapell, President of Chapell & Associates, about balancing privacy programs with business priorities and compliance obligations. Alan discusses strategies for navigating complex privacy regulations, finding hidden vulnerabilities in privacy programs, and aligning privacy efforts with business goals. He also explains the need to push back against his concept of “McPrivacy” — an oversimplification of privacy measures that can create risks in privacy programs.…
S
She Said Privacy/He Said Security
1 Mothers Against Cyber Crime: Tackling Cyber Threats at Home 25:44
25:44 Play Later Play Later Lists Like Liked25:44
Play Later Play Later Lists Like LikedAllie Hunter, author of Mothers Against Cyber Crime , is a cybersecurity awareness advocate, advisory board member at Savvy Cyber Kids, and mother. With a background in psychology, marketing, and behavioral science, she empowers parents to protect their families online. Her work blends storytelling with practical insights, making cyber safety accessible to everyone. In this episode… Cybersecurity awareness is not just for businesses — it’s also essential for families navigating today’s complex digital world. Children’s online activities can expose families to cyber threats like hacking, data breaches, and privacy intrusions, with many parents unaware of the potential risks in everyday technology and digital platforms. From the overlooked risks of unsecured smart devices to gaming platforms and the rising threats of deepfakes and social engineering scams, parents face new threats impacting their children’s safety and privacy. So, how can parents proactively take control of cybersecurity measures while fostering a safer online environment? Simple, yet actionable steps, like enabling two-factor authentication, regularly updating passwords, and fostering open communication with children about online activities are vital for managing their online presence safely. Combining these practices with cybersecurity awareness education equips parents with the tools they need to protect their children in today’s ever-changing digital landscape. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels talk with Allie Hunter, author of Mothers Against Cybercrime and a cybersecurity advocate, about how parents can protect their children from cyber threats. Allie highlights common but underestimated threats, such as unsecured smart devices and online gaming vulnerabilities, offering practical tips for enhancing security measures at home. She also discusses her work with Savvy Cyber Kids and shares insights into the development of her “Hunter Method,” a unique training approach that leverages real-life scenarios to help parents identify and respond to cyber threats effectively.…
S
She Said Privacy/He Said Security
1 Privacy Risk Assessments: Aligning Business With Compliance 20:27
20:27 Play Later Play Later Lists Like Liked20:27
Play Later Play Later Lists Like LikedAlan L. Friel is Chair of Squire Patton Boggs’ Data Privacy, Cybersecurity & Digital Assets Practice. He is tier-1 ranked by Chambers , and BTI Consulting Group has named Alan a Client Service All-Star, recognizing lawyers who stand above all others in delivering exceptional client service. In this episode… Evolving privacy regulations like the California Consumer Privacy Act (CCPA) are reshaping the way companies approach data management and compliance. CCPA’s proposed draft regulations would require certain businesses to conduct cybersecurity audits, privacy risk assessments, and implement governance surrounding automated decision-making and AI technologies. While these frameworks help protect consumer data, they also introduce operational challenges and increased expenses for companies. How can companies prepare for compliance while effectively managing data and reducing costs? Privacy compliance is more than a legal requirement — it’s a vital part of sound business strategy. Navigating compliance obligations requires companies to adopt a proactive approach to data governance. Businesses need to implement good data hygiene practices and conduct privacy risk assessments to identify and mitigate risks. These processes help businesses maintain their data inventory, respond to consumer privacy rights requests, and manage information assets. However, the legal landscape remains complicated, with questions about whether some regulatory requirements may conflict with First Amendment protections. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Alan Friel, Chair of the Data Privacy, Cybersecurity & Digital Assets Practice at Squire Patton Boggs, about the costs, benefits, and legal implications of regulatory compliance. Alan explains why businesses should adopt privacy risk assessments as a best practice, regardless of ongoing legal uncertainties, and discusses the intersection of privacy regulations with free speech rights under the First Amendment. He emphasizes the importance of proactive data management practices and governance to navigate compliance challenges and position businesses for long-term success in a shifting regulatory environment.…
S
She Said Privacy/He Said Security
1 How Secure is Your Health Data and Why Does it Matter? 22:19
22:19 Play Later Play Later Lists Like Liked22:19
Play Later Play Later Lists Like LikedAnna Hall is an educator, mother of two, and Co-founder of Embody, a privacy-forward menstrual health and wellness app. In this episode… As awareness grows around health data privacy, misconceptions about protecting menstrual health data remain widespread. That’s because menstrual health data is often commodified and can be shared or sold without explicit user consent, exposing sensitive information to third parties. With recent legal changes affecting reproductive rights, there is a greater need than ever for secure, user-controlled solutions. What steps should companies take to prioritize and protect sensitive health data? In a rapidly changing health tech landscape, most regulations haven’t adapted to cover personal wellness apps effectively, especially those designed for menstrual health tracking. Companies like Embody address this by implementing local encryption and avoiding default cloud storage, which safeguards privacy and encourages a user-first approach. By eliminating the need for logins and accounts, Embody limits data access, allowing users to track personal health information privately and securely. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels talk with Anna Hall, Co-founder of Embody, about developing a privacy- and security-focused menstrual health app. Anna shares the story behind Embody and how the app prioritizes user privacy by eliminating user logins and passwords, keeping user data stored offline and locally on user devices. She highlights misconceptions about menstrual health data privacy and shares how Embody’s design directly addresses these challenges. With features like local encryption and plans to open-source their code, Embody aims to provide secure, user-controlled health tracking that upholds privacy standards.…
S
She Said Privacy/He Said Security
1 Integrating Privacy Into Business Operations: A Cross-Collaborative Approach 30:05
30:05 Play Later Play Later Lists Like Liked30:05
Play Later Play Later Lists Like LikedChristin McMeley is the SVP and Chief Privacy and Data Strategy Officer at Comcast, a role that involves partnering across Comcast's business units and spearheading the execution of enterprise privacy and data governance strategies, focusing on responsible use of data and artificial intelligence. As an attorney, Christin is experienced in privacy compliance, public policy, and government affairs. In this episode… As companies navigate the fast-changing landscape of privacy regulations, many are focusing on integrating privacy practices into business strategies, made more complex by the rise of new technologies like generative AI. To maintain consumer trust and ensure compliance, companies need to understand how to align privacy obligations with business innovation. How can privacy and business teams collaborate to navigate this evolving space? For businesses to succeed, privacy can’t work in isolation — it needs to be integrated with broader business strategies. Embedding privacy by design principles and fostering a culture of consumer trust are key to achieving this. Educating teams on privacy principles and building strong internal relationships ensures privacy becomes a natural part of the business workflow rather than an afterthought. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels talk with Christin McMeley, SVP & Chief Privacy and Data Strategy Officer at Comcast, about how privacy teams can collaborate with business units to address privacy risks. Christin highlights the importance of practices like privacy tabletop exercises, which allow teams to proactively address privacy concerns during product and service development. She stresses that integrating privacy into the company culture, along with the right mix of automation and human oversight, is key to long-term success.…
S
She Said Privacy/He Said Security
1 Insights from IANS CISO Compensation and Budget Survey 24:26
24:26 Play Later Play Later Lists Like Liked24:26
Play Later Play Later Lists Like LikedNick Kakolowski is the Senior Research Director at IANS Research, where he specializes in the managerial, leadership, risk management, privacy, and regulatory compliance components of the company’s curriculum. In this episode… The role of the Chief Information Security Officer (CISO) is expanding. Many CISOs are now responsible for more than just security — they are also managing privacy, AI risk, and other critical business functions. Organizations like IANS are helping security teams navigate these changes by providing critical data on CISO compensation, budget trends, and organizational structures through its research and surveys. So, how can companies ensure their security leadership is equipped to align with broader business goals while managing these new responsibilities effectively? IANS focuses on helping CISOs and their teams address real-world security challenges through its faculty of industry practitioners. Through its annual CISO Compensation and Budget Survey, conducted in partnership with Artico Search, IANS uncovers valuable insights into compensation disparities, evolving CISO responsibilities, and how security roles are expanding to include privacy and AI risk management. By leveraging real-world data, IANS equips businesses with the information they need to build more resilient security programs and infosec teams. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Nick Kakolowski, Senior Research Director at IANS, about the CISO’s expanding role. Nick shares valuable insights from IANS’ research, highlighting how CISOs are taking on new responsibilities in areas like privacy, AI, and security governance. He underscores the growing importance of business and leadership skills for CISOs and emphasizes the need for collaboration across teams as boards increasingly turn to CISOs for security governance and risk management.…
S
She Said Privacy/He Said Security
1 How Grammarly Embeds Trust and Transparency Into Its Privacy, Security, and AI Programs 41:09
41:09 Play Later Play Later Lists Like Liked41:09
Play Later Play Later Lists Like LikedJennifer Miller is Grammarly’s General Counsel. She focuses on enabling Grammarly to grow and innovate while carefully managing business risk. Her responsibilities include navigating AI and regulation and scaling the company’s managed business. Suha Can is Grammarly’s CISO and VP of Engineering, leading global security, privacy, compliance, and identity for the company. He’s dedicated to securing the data of Grammarly’s over 30 million users and 70,000 teams at enterprises and organizations worldwide. In this episode… As AI continues to reshape the tech landscape, companies like Grammarly are navigating new challenges in balancing innovation with privacy and security. With advanced AI tools, businesses can improve user experiences, but they also need to manage privacy and security risks that come with it. Grammarly, known for its communication assistant that leverages AI, strongly emphasizes user trust by embedding transparency and user control at the core of its privacy and security strategy. So, how can companies in the AI space adopt similar practices, innovate responsibly, and stay ahead of evolving privacy and security risks? Grammarly champions transparency and has built a privacy and security program centered on user trust and control. By establishing governance frameworks, regularly reviewing their products for privacy, security, and AI-related risks, and maintaining collaborative communication between legal and technical teams, Grammarly proactively mitigates risks while staying compliant with regulations. The company also offers clear privacy practices through its public-facing web pages and ensures its contracts with customers and third-party vendors reflect the same principles of transparency. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels chat with Jennifer Miller, General Counsel, and Suha Can, CISO, of Grammarly about how the company has built a privacy and security program centered on trust and transparency. Jennifer and Suha discuss how they navigate AI advancements and regulatory challenges by prioritizing user control, conducting privacy and security audits, and fostering collaboration between legal and technical teams. They also emphasize the importance of proactive governance and responsible AI practices to keep pace with evolving regulatory landscapes.…
S
She Said Privacy/He Said Security
1 Navigating Digital Entropy: Insights from IAPP’s Organizational Digital Governance Report 29:05
29:05 Play Later Play Later Lists Like Liked29:05
Play Later Play Later Lists Like LikedJoe Jones serves as the Director of Research and Insights at the IAPP. Previously, he served as the UK Government’s Deputy Head of Digital Trade, where he was responsible for digital policy. Joe also served as a private practice lawyer on international data issues. In this episode… Companies are grappling with the challenges of managing privacy, security, AI, and data governance in an increasingly complex regulatory environment. The IAPP’s Organizational Digital Governance Report highlights the challenges businesses face due to “digital entropy” — caused by overlapping laws, rapid technological shifts, and cultural and socio-technical differences, emphasizing the need for organizations to align their governance structures to address these challenges. How can companies navigate these complexities while maintaining compliance and operational efficiency? The IAPP’s digital governance report provides insights into how companies can adapt their structures and processes to meet the growing demands of digital governance. It outlines three varying approaches companies are using to navigate digital entropy: the analog model, where companies use their current structures while adding more tasks to existing teams; the augmented model, where companies create new committees or cross-functional teams to define overarching terms for digital governance and policy; and the aligned model, where companies have dedicated roles for digital governance. The report underscores the importance of moving toward a more aligned model, where privacy, security, and AI governance are streamlined under cohesive leadership. This involves empowering privacy teams, implementing regular audits, fostering collaboration across departments, and avoiding reliance on ad hoc committees to align with evolving privacy regulations. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels chat with Joe Jones, Director of Research and Insights at IAPP, about how companies can leverage insights from the IAPP Organizational Digital Governance Report to improve their digital governance frameworks. Joe explains how companies can stay ahead of regulatory changes by embracing more structured governance models. He also emphasizes the need for privacy professionals to act as enablers within organizations, offering guidance on leveraging data responsibly while navigating the growing complexity of privacy regulations.…
S
She Said Privacy/He Said Security
1 How To Stay Privacy-Conscious in the Evolving AdTech World 33:16
33:16 Play Later Play Later Lists Like Liked33:16
Play Later Play Later Lists Like LikedDaniel B. Rosenzweig is the Founder and Principal Attorney at DBR Data Privacy Solutions, a boutique data privacy law firm. He advises clients on legal and technical compliance with data protection and privacy laws and counsels clients on the responsible use of AI, AdTech, and privacy-enhancing technologies. Dan’s legal practice is unique in that he also codes and develops technical solutions to enhance his legal services. In this episode… As the AdTech landscape evolves, companies are facing new challenges with cookie alternatives like server-side technologies and alternative IDs. While these new tools offer improved targeting capabilities, they also bring risk, especially when it comes to managing opt-outs and tracking user consent. To preserve consumer trust and drive revenue, businesses need to fully understand how these advanced technologies work while adhering to applicable privacy laws. So, how can companies stay compliant while leveraging these technologies? Adopting alternative IDs, advanced matching, and server-side technologies offers new opportunities for businesses to enhance targeting while maintaining consumer trust. Still, companies need to carefully assess the risks and ensure proper implementation. Establishing a proper governance process, conducting regular audits and testing, maintaining transparency in privacy notices, and avoiding dark patterns are crucial steps for regulatory compliance and protecting consumer privacy. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels chat with Daniel Rosenzweig, Founder and Principal Attorney at DBR Data Privacy Solutions, about the challenges of balancing data privacy with AdTech solutions. Dan explains how businesses can implement these technologies without sacrificing consumer privacy by effectively managing consent platforms, auditing and testing technologies, and ensuring transparent data practices that align with regulations. He also emphasizes the importance of regular collaboration between legal, marketing, and technical teams to stay compliant with evolving regulations.…
S
She Said Privacy/He Said Security
1 A CISO’s Guide To Using AI in Governance, Risk, & Compliance Programs 30:47
30:47 Play Later Play Later Lists Like Liked30:47
Play Later Play Later Lists Like LikedRob Black is the Founder of Fractional CISO and has guided numerous companies in enhancing their security postures. With extensive experience in product and corporate security roles at prominent companies like PTC, Axeda, and RSA Security, Rob is recognized as a trusted authority in risk management and cybersecurity innovation. In this episode… As companies face increasing pressure to meet security and compliance demands, many are turning to AI to enhance their governance, risk, and compliance programs. Tools like ChatGPT and Claude can streamline processes such as summarizing reports and generating responses to security questionnaires. While these tools can improve efficiency, they can also produce inaccuracies, underscoring the importance of human oversight. How can companies use AI responsibly to enhance these programs? AI tools can save security teams a ton of time, but they’re not reliable enough to replace human oversight. This means that companies need to establish clear guidelines and governance frameworks on AI usage to protect sensitive information and mitigate risks. By integrating these strategies, companies can build more resilient and compliant programs. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels talk with Rob Black, the Founder of Fractional CISO, about integrating AI into governance, risk, and compliance programs. Rob explores the benefits and risks of utilizing AI in these programs, emphasizing the need to blend AI with human oversight. He also emphasizes the need for companies to have a security-first mindset when implementing AI tools to reduce risk and ensure long-term success.…
S
She Said Privacy/He Said Security
1 Crafting a Cutting-Edge AI Governance Program: A Must-Know Guide for Businesses 33:12
33:12 Play Later Play Later Lists Like Liked33:12
Play Later Play Later Lists Like LikedArsen Kourinian is a Partner in Mayer Brown’s AI Governance and Cybersecurity & Data Privacy practices. He advises clients on data privacy and AI laws and frameworks. Arsen has published numerous articles regarding nuanced issues in these fields, including a forthcoming book entitled Implementing a Global Artificial Intelligence Governance Program. In this episode… The growing number of global and state privacy laws and AI regulations is prompting companies to integrate fundamental frameworks into their AI governance programs. While the US lacks a comprehensive federal AI law, states like Colorado have begun implementing AI regulations that could serve as a model for future state-level standards. With seemingly fragmented regulations, how can companies effectively develop an AI governance program? A multi-regulatory approach to AI governance can be challenging for companies to navigate with regulations like the EU AI Act, Colorado's Artificial Intelligence Act, and international standards like ISO and NIST. While the regulatory landscape is patchy, harmonizing across various regulations and frameworks can help companies meet compliance obligations and reduce risk. This includes forming an AI governance committee, implementing a data governance plan, conducting risk assessments, documenting accountability with policies and procedures, and continuous monitoring and oversight of AI vendors. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Arsen Kourinian, Partner at Mayer Brown, about developing an AI governance program amid emerging global and state regulations. Arsen emphasizes incorporating key components and frameworks from various laws to develop AI governance programs. He also delves into the departments that assume responsibility for these programs and offers guidance on completing AI impact assessments, highlighting the importance of risk mitigation and understanding practical harms.…
S
She Said Privacy/He Said Security
1 The Future of Ad Tech: Privacy-Savvy Strategies for Businesses 38:48
38:48 Play Later Play Later Lists Like Liked38:48
Play Later Play Later Lists Like LikedDarren Abernethy is a Shareholder in Greenberg Traurig's data, privacy, and cybersecurity practice. As an AdTech and data privacy attorney, he is licensed to practice law in California, New York, and Washington, DC. Darren holds seven IAPP Certified Information Privacy Professional, Manager, and Technologist certifications. In this episode… Talks about shifting away from third-party cookies is pushing companies to rethink their advertising strategies and adopt cookieless alternatives. As many companies explore other AdTech solutions like first-party data collection strategies, they need to evaluate their advertising practices to ensure alignment with evolving state and global privacy laws. How can businesses effectively implement alternative AdTech solutions while adhering to evolving compliance requirements? First-party data collection, contextual advertising, and CRM-based approaches present opportunities for businesses to refine their ad targeting strategies. However, these alternatives also require companies to ask probing questions when evaluating new technologies, such as how these solutions fit within evolving privacy laws and what vendor safeguards are needed. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels chat with Darren Abernethy, Shareholder at Greenberg Traurig, about the future of AdTech and data privacy in a world transitioning away from third-party cookies. Darren explains how businesses can take a privacy-first approach to implementing new AdTech solutions by proactively managing vendors and keeping privacy programs up to date. He underscores the importance of modernizing vendor assessments, updating contracts regularly, and maintaining proper documentation in case of regulatory scrutiny to build trust and mitigate risks.…
S
She Said Privacy/He Said Security
1 From Codes to Security by Design: Navigating Software Cybersecurity 28:51
28:51 Play Later Play Later Lists Like Liked28:51
Play Later Play Later Lists Like LikedShanti Ariker is the Chief Legal Officer of JFrog (NASDAQ: FROG), where she leads the company’s global legal policy development and compliance. She is a solution-creator with global legal expertise, leveraging more than 20 years of experience working with high-growth technology companies to act as a trusted business advisor to CEO and executive teams and public company Boards of Directors. In this episode… The rise in cyber risks is placing increased pressure on companies to closely examine their software and codes and integrate security measures into every stage of the software development process. And, with the SEC cyber rule requiring publicly traded companies to report material breaches, there’s an increased need for companies to perform thorough due diligence on their vendors, especially those incorporating AI into their products. So, how can businesses protect their supply chains in such a volatile environment? Supply chain security is not a one-time task but an ongoing process that demands continuous integration of security throughout the software lifecycle. Companies like JFrog, a software supply chain platform, recognize this and utilize a security by design approach to help companies reduce cyber risk by embedding security protocols into every stage of its software design process, securing each piece of code at the binary level before it reaches the end user. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Shanti Ariker, the Chief Legal Officer at JFrog, about the complexities of securing the software supply chain in today’s tech and regulatory landscapes. Shanti explains how JFrog embeds security by design principles into every stage of software development to help companies mitigate cyber risks, while enabling companies to conduct thorough due diligence on their suppliers' cybersecurity, legal, IT, and privacy practices. She also emphasizes the need for companies to implement a robust AI review process, particularly for third-party vendors incorporating AI into their products to gain a holistic review of the cybersecurity, data privacy, and regulatory compliance implications.…
S
She Said Privacy/He Said Security
1 State Privacy Laws Are Shifting: What Businesses Need to Know 33:47
33:47 Play Later Play Later Lists Like Liked33:47
Play Later Play Later Lists Like LikedOmer Tene is a Partner in Goodwin’s Technology group and Data, Privacy, and Cybersecurity practice. For the past two decades, he has consulted governments, regulatory agencies, and businesses on privacy, cybersecurity, and data management. Omer is also an Affiliate Scholar at the Stanford Center for Internet and Society and a Senior Fellow at the Future of Privacy Forum. Before Goodwin, he was the Chief Knowledge Officer at the IAPP. In this episode… The US privacy landscape is rapidly evolving, as more states enforce privacy regulations similar to California’s comprehensive privacy law. In 2025, eight new privacy laws will come into force — even states without comprehensive privacy laws are imposing regulations to protect consumer data. Notably, New York, where the New York Attorney General recently established guidelines around cookies and tracking technologies emphasizing the need for companies to properly categorize cookies and configure consent mechanisms. The NY AG has also proposed regulations surrounding kids' privacy, like the Child Data Protection Act, that will impact how companies process children’s data. As the US privacy landscape becomes an increasingly complex web of regulations, how can companies prepare for what lies ahead? Beyond New York, privacy regulations around kids' data are gaining momentum across the US, with laws like the California’s Age-Appropriate Design Code aiming to protect minors from harmful content. Regulations on kids' privacy include everything from age verifications that restrict the sale of minors’ data to design codes that protect children from exposure to harmful internet content. These guidelines have garnered pushback in states like California, where businesses claim violation of the First Amendment, consequently delaying enforcement. Regardless, companies should prepare to respond to these regulations that govern the collection, processing, and sale of children's data. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Omer Tene, a Partner at Goodwin, to explore the complexities of evolving privacy regulations, specifically on children’s data. Omer shares his insights on the nuances of various privacy regulations, ethical challenges surrounding children’s data protection, and the potential future of privacy legislation. Omer maintains that although some regulations have not yet been enforced, companies should take a proactive approach adapting to these new regulations as the privacy landscape shifts.…
S
She Said Privacy/He Said Security
1 Beyond AI Governance: Building a Program for the Future 31:07
31:07 Play Later Play Later Lists Like Liked31:07
Play Later Play Later Lists Like LikedShoshana Rosenberg is the Senior Vice President, Chief AI Governance and Privacy Officer at WSP, one of the world’s leading engineering and professional services firms. She is also the Founder of SafePorter, Co-founder of Women in AI Governance, and a Strategic Program Advisor at Logical AI Governance. Shoshana is a seasoned attorney with over 16 years of experience in international data protection law, a US Navy veteran, and a passionate advocate for social entrepreneurship and inclusion. In this episode… In the ever-evolving and largely unsettled AI landscape, one certainty remains — the need for companies to develop governance programs to navigate and address the organizational impacts of AI. Such governance accounts for client, stakeholder, and employee expectations for AI use, as well as risk management and overarching visions for innovation. But the process involves more than simply understanding AI tools and vendors. So where do companies begin when developing AI governance programs? AI governance isn’t another compliance program where decisions are made in a vacuum. Instead, it’s about building a centralized intelligence function across various teams to identify and understand AI tools, use cases, and vendors. A sustainable AI governance program evolves with the changing regulatory and technology landscape and is monitored and evaluated by the governance committee and other organizational stakeholders. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels sit down with Shoshana Rosenberg, the SVP, Chief AI Governance and Privacy Officer at WSP, to talk about how companies can build an AI governance program in an evolving landscape. Shoshana emphasizes the need for a proactive approach to AI governance and recommends regularly evaluating AI tools and use cases while creating and adapting associated risk profiles. This establishes a foundation that allows companies to keep moving forward, regardless of how business needs change and the AI landscape shifts.…
S
She Said Privacy/He Said Security
1 Data Resilience: The Key to Surviving Security Breaches 28:36
28:36 Play Later Play Later Lists Like Liked28:36
Play Later Play Later Lists Like LikedAmy Bogac is the Chief Information Security Officer at Elevate Textiles. As a seasoned security leader, she has over 20 years of experience in information security, IT governance, and compliance. She holds an MBA from Lake Forest Graduate School of Management and a CISSP certification from ISC2. Previously, Amy was the CISO for The Clorox Company during a significant cyber incident. In this episode… The concept of disaster recovery has evolved significantly in recent years, urging companies to evaluate their security capabilities and infrastructure to plan for cyber events and specific scenarios. While publicly traded companies have some measures in place to restore data and minimize disruptions, privately held companies may not be as prepared. And, as new SEC cyber disclosure rules target third-party risk management, this places pressure on privately held companies to disclose breaches. How can companies maintain strong data resilience and incident response planning? With cyber events becoming increasingly disastrous, having a business disaster recovery plan that can recover data and resume operations is more critical than ever. Yet, sometimes the affected data isn’t always trustworthy, especially if the breach occurred among third-party vendors. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Amy Bogac, the CISO at Elevate Textiles, about the critical need for businesses to revisit their disaster recovery plans and integrate data resilience strategies. Amy stresses going back to the basics by regularly reviewing and updating DR plans and ensuring that all business processes are documented and tested. She also explains the magnitude of risks companies face today, highlighting the need for stakeholder and company-wide involvement in training and incident response planning.…
S
She Said Privacy/He Said Security
1 Cyber Insurance Missteps: What Companies Are Getting Wrong 29:31
29:31 Play Later Play Later Lists Like Liked29:31
Play Later Play Later Lists Like LikedRalph Pasquariello is a Senior Partner at The Tech Collective, a technology solutions company. He works with the FBI, GBI, and US Secret Service on the Atlanta Cyber Fraud Task Force. Ralph is also the former Executive Committee Chairman for the Tech400 Cyber Symposium and an advisor to the Georgia Tech Research Institute. He has served and chaired on numerous boards and organizations. Ralph’s cyber liability expertise has qualified him to present at over 100 events. For the past 14 years, he has moderated and spoke at dozens of conferences and panels on cyber liability and data breach risk management. He’s hosted educational seminars on cyber exposure for professional associations of all industries, including operational technology and intellectual technology. In this episode… When a company undergoes a cyber attack, the repercussions are costly. From remediation and replacement costs to third-party damages and operational interruptions, cyber insurance aims to cover expenses businesses incur and help them stay afloat after a cyber event. Cyber insurance is a crucial part of security, yet many businesses remain underinsured, believing that compliance with third-party vendors and/or client contracts is sufficient. What coverage might your company be missing, and how can you ensure it’s optimal? Cyber insurance coverage may include more than basic security provisions, encompassing additional elements such as commercial crime, social engineering, ransomware, and fraudulent transfers. As cyber insurance requirements have become increasingly strict over the years — The Tech Collective helps companies navigate complex insurance applications, analyze optimal insurance coverage based on business-specific needs and risks, and perform a comparative industry analysis. In this week’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Ralph Pasquariello, Senior Partner at The Tech Collective, to talk about how companies can ensure optimal cyber insurance coverage. Ralph emphasizes that business security measures and contractual compliance are not equivalent to proper cyber insurance coverage. He also shares instances where insurance companies may deny claims and provides insight into carriers changing requirements.…
S
She Said Privacy/He Said Security
1 From Data Collection to Consumer Trust: How Retailers Adapt to Evolving Privacy and Security Laws 31:26
31:26 Play Later Play Later Lists Like Liked31:26
Play Later Play Later Lists Like LikedAlexandria (Lexi) Lutz is the Senior Corporate Counsel at Nordstrom, where she advises the company on legal matters related to privacy, cybersecurity, and AI. Prior to Nordstrom, Lexi worked for a large national hotel brand and an international food service company. She is a Certified Information Privacy Professional in the US and Europe and holds the Charlotte Business Journal award for Outstanding Corporate Counsel in a large company. In this episode… 19 states have passed privacy laws, fundamentally altering how companies collect, share, and sell consumer data. And, as consumers become more aware of their privacy rights and how companies and their third-party vendors handle their data, retailers are at the forefront adapting their privacy programs, due diligence processes, and third-party contractual agreements to meet compliance requirements and maintain customer trust. What’s more, the new SEC cyber rules place even more security requirements on retailers’ relationships with third-party vendors, further complicating expectations. How can retailers navigate this complex regulatory landscape while providing the best experiences for their customers? Adapting privacy programs to evolving regulations is an intricate process requiring a company to evaluate its operations, size, and resources. No matter the circumstances, it’s crucial to maintain control over consumer information and ensure all third-party vendor contracts are up to date and transparent. And as retailers incorporate generative AI into their online and in-store shopping experiences, they should take extra steps to ensure personalization, efficiency, and protection are not lost. In this week’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Alexandria (Lexi) Lutz, the Senior Corporate Counsel at Nordstrom, how retailers can navigate privacy challenges, leverage AI, and maintain consumer trust in an increasingly complex regulatory environment. Lexi highlights how these regulations — including the SEC cyber rules — impact everything from third-party vendor due diligence and contractual requirements to in-house privacy programs and consumer data sharing and selling. She also discusses the implications of generative AI in retail, maintaining that it should enhance the shopping experience rather than replace human input.…
S
She Said Privacy/He Said Security
1 Merging Marketing and Privacy to Create Sustainable Consent Solutions 33:38
33:38 Play Later Play Later Lists Like Liked33:38
Play Later Play Later Lists Like LikedJulie Rubash is the General Counsel and Chief Privacy Officer at Sourcepoint, a data privacy software company. She coordinates legal efforts for Sourcepoint and ensures that the product suite innovates and expands to meet the demands created by the ever-changing regulatory landscape. Julie brings over 15 years of legal experience and has worked at both law firms and as internal counsel in the media, technology, and advertising sectors. Prior to Sourcepoint, Julie served as the VP of Legal at the advertising platform Nativo. In this episode… As companies head towards a cookieless future, advertisers are devising clever ways to target consumers, some of which may risk infringing on privacy laws and privacy rights obligations. While companies are creating universal solutions to comply with evolving privacy laws, they may overlook nuanced targeting methods that use consumer data differently than cookies. The stakes are high for any company engaging in these emerging targeting methods, as businesses must recognize the privacy risks and carefully blend legal requirements with their marketing efforts to protect consumer data. Some of the most innovative companies have embraced privacy considerations as a marketing touchpoint, working with consumers to build trust and provide clear options to manage their preferences. Companies like Sourcepoint recognize this need and that privacy obligations and consent solutions are not one-size-fits-all, so they offer flexible privacy software solutions that allow companies to tailor privacy programs based on their unique business goals, circumstances, and legal requirements. In this week’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Julie Rubash, the General Counsel and Chief Privacy Officer at Sourcepoint, about the ins and outs of managing consent as new targeting methods emerge. Julie stresses the need for customized consent solutions that align with company principles and privacy regulations while allowing consumers to manage their preferences. She also discusses how privacy professionals can recognize and mitigate the risks of new targeting methods, the importance of understanding the data you’re collecting, and why combining marketing and privacy goals is paramount in this evolving ad tech landscape.…
S
She Said Privacy/He Said Security
1 AI, Privacy, and Innovation: Navigating Global Regulatory Challenges 23:25
23:25 Play Later Play Later Lists Like Liked23:25
Play Later Play Later Lists Like LikedCraig Schwartz is the Head of Legal at Covariant, an AI and robotics company out of Berkeley. He is a veteran tech lawyer with 20 years of experience at the intersection of emerging technology and regulated markets. Craig previously worked for Palantir Technologies, where he led the USG Partnerships team and served as Lead Counsel for the Intelligence Community business. Now at Covariant, Craig is part of a team building foundational models for the physical world, focusing on automation and AI integration in industrial settings. In this episode… Europe's aging workforce is fueling a growing demand for automated labor solutions, with US-based AI robotics companies stepping in to fill the gap. But this trend isn't just about technological innovation. For US-based companies entering the European market, success in this landscape requires a deep understanding of product capabilities and the global regulatory environment. To stay ahead, companies must make informed decisions on ethical AI use and on how to handle data — from collection to storage to use — without stepping on any global regulatory toes. With emerging regulations like the EU AI Act and Internet of Things (IoT) legislation, it's now more important than ever for companies to integrate privacy considerations into product design from the start. By adopting privacy-by-design principles early on, companies like Covariant can meet anticipated global compliance requirements and create operational efficiencies, demonstrating their proactive approach to these regulatory challenges. In this week's episode of She Said Privacy/He Said Security , Jodi and Justin Daniels chat with Craig Schwartz, the Head of Legal at Covariant, who shares invaluable insights on navigating the complex intersection of AI, robotics, and international privacy regulations. Craig explains the steps Covariant takes to stay ahead of global privacy regulations. He also discusses the critical need for legal professionals in tech to immerse themselves in technical product knowledge, the challenges of applying existing global privacy laws, such as GDPR, to cutting-edge technologies, and the potential impact of antitrust policies on innovation in the AI space.…
S
She Said Privacy/He Said Security
1 Privacy vs. Profit: Inside the Ad Tech Ecosystem 44:27
44:27 Play Later Play Later Lists Like Liked44:27
Play Later Play Later Lists Like LikedAward-winning data ethics and responsible media luminary Arielle Garcia is the Director of Intelligence at Check My Ads. In her role, she partners with businesses and organizations to lead research and develop standards and solutions that foster a healthier market, protect civil and human rights, and promote industry accountability. A steadfast advocate for transparency, trust, and fairness in the digital ecosystem, she has advised 100+ marketers on the evolving digital landscape, driving the development and adoption of trustworthy and effective media and data strategies for the benefit of brands and their customers. She was previously the Chief Privacy and Responsibility Officer at UM Worldwide, and she holds a J.D. from Fordham University School of Law.. In 2021, Arielle was inducted into the AAF Advertising Hall of Achievement. She has also been recognized by Crain's New York Business "20 in their 20s," a Cynopsis “Top Woman in Media” in 2021, and a “Top Woman in Media & Ad Tech” by AdExchanger in 2023. In this episode… In the intricate world of ad tech, the exchange of data has become as common as trading stocks on Wall Street. Marketers now have advanced tools to pinpoint their target audience, but this data trove also brings significant privacy concerns. Brands are often challenged with the privacy implications of tracking, data selling, and sharing. And that’s understandable - it’s a complex web of information, and it’s not always clear where consumer data ends up. With the imminent demise of third-party cookies, companies are exploring new methods to sustain behavioral targeting like data clean rooms, conversion APIs, and alternative identifiers, raising questions about their privacy implications. That’s why Check My Ads is on a mission to keep the ad tech ecosystem in check by calling out false narratives and defunding bad actors that spread misinformation to drive systemic change. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Arielle Garcia, the Director of Intelligence at Check My Ads, to discuss some of the biggest privacy challenges facing the ad tech ecosystem today. Arielle highlights the fundamental conflict between ad tech business models and business privacy obligations, emphasizing the need for a shift toward consumer-centric approaches. She also shares the implications of third-party cookie deprecation, critiques current and emerging advertising business models, and discusses the critical need for implementing secure and effective media and data practices to benefit companies and their customers.…
S
She Said Privacy/He Said Security
1 AI Predators and Digital Dangers: Keeping Children Safe Online 24:29
24:29 Play Later Play Later Lists Like Liked24:29
Play Later Play Later Lists Like LikedAngeline Corvaglia is the Founder of Data Girl and Friends, where she is committed to helping young people thrive in an AI-driven digital world. Her strategy encompasses three key pillars: privacy and security awareness, critical thinking skills, and balancing the benefits and risks of AI. Angeline is on a mission to equip young minds with the tools they need to navigate and succeed in the ever-evolving digital landscape. In this episode… With rapid advancements in technology and AI, it is now more crucial than ever to protect children, particularly girls, online. Many parents are unaware of the full extent of digital and social media threats, such as AI-driven chatbots used by predators to manipulate children. How can parents protect their children, especially their daughters, and educate them about online risks? To combat these risks, parents should activate privacy settings and restrict information sharing on electronic devices. Parents should activate enable privacy settings and restrict information sharing on electronic devices. And with resources like Data Girl and Friends, parents can engage in meaningful conversations with their children, empowering them to become digitally savvy and take charge of their online privacy. In this week’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Angeline Corvaglia, the Founder of Data Girl and Friends, about protecting girls online. She shares actionable insights on shielding kids from intrusive data practices and online predators and discusses the underlying societal pressures that amplify these risks especially for girls.…
S
She Said Privacy/He Said Security
1 Innovation, Security, and Privacy: A CIO’s Playbook for Operational Success 31:29
31:29 Play Later Play Later Lists Like Liked31:29
Play Later Play Later Lists Like LikedChristina Shannon is an accomplished Chief Information Officer (CIO) in the CPG chemical manufacturing sector. With a career spanning over two decades, she transitioned from senior security leadership roles in Fortune 100 companies to executive technology leadership positions in mid-to-large-sized, private equity-owned firms. Christina's journey includes serving as a Chief Information Security Officer (CISO) four times, in which she gained deep experience in developing effective strategies to address enterprise cyber risk across various industries. As a CIO, she focuses on leveraging technology to drive innovation, improve operational efficiency, and secure critical digital assets in the CPG chemical manufacturing industry. In this episode… Understanding the multifaceted role of a CIO offers valuable insights into the synergy between technology and business operations, highlighting the importance of operational efficiency, robust cybersecurity measures, and comprehensive privacy controls. How does one effectively navigate these complex responsibilities? As a Chief Information Officer for the chemical manufacturing company, Christina Shannon emphasizes the need for strategic alignment between technology and business objectives. To be effective, CIOs must grasp the broader business implications of their decisions, not just the technical and security aspects. This involves developing a framework that integrates effective AI policies, ensures privacy compliance, and addresses operational security risks. Christina Shannon, CIO at KIK Consumer Products, joins Jodi and Justin Daniels on this week’s episode of She Said Privacy/He Said Security to discuss her role as a CIO, offering practical strategies for leveraging technology to drive innovation while safeguarding digital and physical assets. Christina describes the process of shifting from a technical mindset to an operational viewpoint to align technology with business goals, understand risk exposures, and manage privacy and security initiatives effectively. The conversation also covers how organizations can derive value from their security measures beyond checking off compliance requirements.…
S
She Said Privacy/He Said Security
1 Operationalizing Privacy: A Blueprint for Success 28:51
28:51 Play Later Play Later Lists Like Liked28:51
Play Later Play Later Lists Like LikedAaron Mendelsohn is currently Director - Privacy Officer at the LEGO Group in Denmark, where he leads data protection and privacy compliance within the Digital Technologies teams, including LEGO.com, LEGO Insiders, LEGO Marketing, and LEGO Retail. Prior to joining the LEGO Group, Aaron held leadership roles in data protection, privacy, and information security, including creating and managing global data protection and privacy programs at two Fortune 500 companies In this episode… Establishing a functional privacy framework within an organization is crucial for maintaining compliance and safeguarding data. It goes beyond simply adhering to legal regulations. Effective privacy management involves understanding how privacy laws and privacy initiatives work together to impact overall business operations. So, how can companies seamlessly integrate privacy into their day-to-day activities? Customizing privacy objectives to align with a company's individual needs, culture, and risk profile is imperative. To be successful in this approach, privacy professionals must be flexible and strategic, tailoring their strategies to align with organizational priorities through comprehensive policies, privacy-by-design programs, training, and other initiatives. In today’s episode of She Said Privacy/He Said Security , Jodi and Justin Daniels welcome Aaron Mendelsohn to discuss practical strategies for operationalizing privacy within organizations. Aaron emphasizes integrating people, processes, and technology to achieve effective privacy management. The discussion also underscores the value of targeted privacy training tailored to specific business roles and how privacy professionals can successfully adapt and evolve privacy strategies as business needs change.…
S
She Said Privacy/He Said Security
1 Revolutionizing Privacy: Automation, AI, and OneTrust’s Innovative Approach 34:24
34:24 Play Later Play Later Lists Like Liked34:24
Play Later Play Later Lists Like LikedKabir Barday’s career journey illustrates the power of innovation in privacy. As the Founder, CEO, and Chairman of OneTrust, he has transformed the landscape of privacy automation. He holds a Fellow of Information Privacy with the IAPP, the highest designation of a privacy professional, and is a Henry Crown Fellow at the Aspen Institute. With a BS in Computer Science from the Georgia Institute of Technology, where he serves on the Georgia Tech Advisory Board (GTAB), Kabir continues to lead OneTrust in setting new standards for privacy automation and responsible AI. In this episode… Many companies struggle with responsible use of data, AI, and creating privacy programs. From ethical data use to complying with evolving privacy laws and using new AI tools, it can be challenging for companies, especially with manual processes. How can businesses and privacy professionals ease the burden of manual privacy work and keep up with regulations? Trust has become a fundamental societal trend, so businesses must facilitate trusted interactions with customers and stakeholders by embedding privacy controls into the user experience. Fortunately, there is OneTrust, the company revolutionizing responsible use of data, AI, and privacy management with its proprietary software that automates privacy processes, helps organizations comply with regulations, and builds trust with customers. Kabir Bardy, Founder, CEO, and Chairman of the Board at OneTrust, joins Jodi and Justin Daniels on this week’s episode of She Said Privacy/He Said Security to discuss OneTrust’s innovative approach to privacy, automation, and AI. Kabir shares AI and privacy trends from Trust Week 2024, how OneTrust champions responsible use of data and AI, and how companies can evolve their privacy programs at various maturity levels.…
S
She Said Privacy/He Said Security
1 Maintaining Compliance With SEC Cyber Rules and Security Regulations 39:48
39:48 Play Later Play Later Lists Like Liked39:48
Play Later Play Later Lists Like LikedCharlotte Baker is the CEO and Co-founder of Digital Hands, a leading cybersecurity services provider. Under Charlotte’s leadership, Digital Hands has won numerous industry awards, with the most recent in 2023, which includes “Most Innovative MSSP”: at CyberDefenseCon and Inc ’s “Power Partner of Privacy and Security.” With a 100% US-based delivery model, Digital Hands’ clients received unparalleled speed in threat detection and incident response. In this episode… The recent security regulations and SEC cyber rules have shifted companies’ focus from risking fines to maintaining mandatory compliance. While these regulations force businesses to adopt stringent security and ethical data privacy practices, some privately held companies are turning a blind eye. What strategic measures can businesses implement to comply with these regulations? Many privately held companies don’t understand that regardless of their size, they must adhere to new SEC rules and thoroughly review security contract addendums to avoid breach response hijacks by publicly traded companies. Companies also need to understand that compliance involves more than just reviewing security addendums or publishing a privacy policy on their website. They must prove they follow these policies. Even when companies have cybersecurity solutions, follow the rules, and achieve compliance, they may still get breached. That's why companies like Digital Hands aim to get ahead of every threat. With its “get there first” approach to security, Digital Hands maintains speed and flexibility to execute security solutions, taking a proactive approach to compliance. In today’s She Said Privacy/He Said Security episode, Jodi and Justin Daniels welcome Charlotte Baker, the CEO of Digital Hands, to discuss the strategic measures businesses can implement to comply with security regulations. Charlotte emphasizes the need for multi-factor authentication, the benefits of avoiding point solutions, and the importance of having a strategic roadmap for security maturity.…
S
She Said Privacy/He Said Security
1 Compliance in the Modern Age: Building Effective Privacy Programs With Gretchen Herault 22:51
22:51 Play Later Play Later Lists Like Liked22:51
Play Later Play Later Lists Like LikedGretchen Herault is Chief Privacy Officer at Randstad USA and the global job board Monster.com. She has held several privacy leadership roles, including Chief Privacy Officer at Haven Healthcare, HIPAA Privacy Officer at GE Healthcare, and Chief Privacy Officer of Nuance Communications. In this episode… Since the introduction of CCPA and as of this recording there are just under two dozen privacy laws either signed or about to be, altering how companies manage consumer data.As compliance becomes increasingly urgent, how can businesses structure their privacy programs around these laws? Gretchen Herault manages Randstad USA's privacy program, collaborating with a cross-functional team of legal and business professionals to develop comprehensive strategies and operational solutions. As a result, Randstad's privacy program takes a proactive approach and adapts to new regulations by aligning with California's strict privacy standards. This simplifies compliance efforts and prepares the company for upcoming laws. In today’s She Said Privacy/He Said Security episode, Jodi and Justin Daniels engage in a thought-provoking conversation with Gretchen Herault, the Chief Privacy Officer of Randstad USA and Monster.com, about building and operationalizing privacy programs. They discuss how to develop privacy programs under a growing number of privacy laws, regulating company AI use, and Gretchen's advice for evaluating and building privacy teams.…
S
She Said Privacy/He Said Security
1 Privacy and Security Defenses for Cloud Software With Michael Moore 14:33
14:33 Play Later Play Later Lists Like Liked14:33
Play Later Play Later Lists Like LikedMichael Moore is the Chief Privacy Officer at Lacework, handling privacy and cybersecurity, product counseling, transactions, intellectual property strategy, and open-source software. He holds the IAPP privacy qualifications of CIPP-US, CIPP-E, CIPP-C, CIPM, and CIPT. Michael is also an inventor on 10 patents and author of over 20 published articles. In this episode… Cloud solutions are immensely helpful and strategic tools for companies, offering ubiquitous and immediate access to stored data. The benefits are abundant, but so are the dangers. Cloud software's vulnerabilities stem from the same features that make it valuable, making it a prime target for privacy and security threats in a centralized space. That's why companies like Lacework are tackling this issue with a tile-based cloud security platform that detects data and identity risks to protect against both known and unknown threats. How can your company amplify its cloud security to stay ahead in the evolving threat landscape? In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels are joined by Michael Moore, the Chief Privacy Officer at Lacework, to discuss security and privacy for the cloud. They discuss the modern concerns, how Lacework helps companies, the increasing threats companies face, and Michael’s personal privacy tips for anyone and everyone.…
S
She Said Privacy/He Said Security
1 AdTech Confidential: Mastering Vendor Due Diligence and Privacy with Richy Glassberg 40:52
40:52 Play Later Play Later Lists Like Liked40:52
Play Later Play Later Lists Like LikedRichy Glassberg is the CEO and Co-founder of SafeGuard Privacy, a company established in 2019 to help businesses manage privacy compliance with effectiveness and efficiency. He is a digital media veteran with more than 25 years of experience. Richy has led seven startups and held executive roles at renowned brands and businesses, such as CNN, MTVN, and Turner Broadcasting. In this episode… Every professional sector benefits from its regulatory and professional organizations, which hold any given industry up to higher standards and harmonize processes. As concerns over privacy and security intensify, so does the need for these types of organizations to offer support. For digital marketing, the Interactive Advertising Bureau (IAB) plays a pivotal role by championing the interests of media and marketing professionals in the modern era. Navigating compliance remains a burning issue, and many companies are lost on how to address it. That’s why the IAB partnered with SafeGuard Privacy on the IAB Vendor Diligence platform to help make it easier for companies to perform vendor due diligence. Now you can learn from leading organizations and experts on what it takes to stay ahead of the curve. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels chat with Richy Glassberg, Co-founder and CEO of SafeGuard Privacy, on ad tech, compliance, and the IAB’s role. They delve into Richy’s extensive career in media, tackle pressing compliance issues in digital advertising, explore the impact of Demand Side Platforms (DSPs), and discuss the future trajectory of the industry.…
S
She Said Privacy/He Said Security
1 Offensive Cybersecurity Strategies with Bryson Bort 34:10
34:10 Play Later Play Later Lists Like Liked34:10
Play Later Play Later Lists Like LikedBryson Bort is the CEO and Founder of SCYTHE, a threat emulation platform. He is Co-founder of GRIMM, a cybersecurity consultancy and ICS Village, a 501c3 for industrial control security systems. He is recognized as a Top 50 in Cyber by Business Insider and SANS Difference Maker Awards’ Innovator of the Year. In this episode… Any security or privacy protocol comes with a plan, and every plan fits into a larger strategy. Coordinating a large-scale strategy while maintaining the finer details is more complicated than it sounds. It helps to have professionals experienced not only in security, but also in strategy in general. Bryson Bort has translated much of his military experience into cybersecurity. His team-forward, offensive mindset has been the foundation of his consulting service and the SCYTHE tool. This framework has proven useful for many notable companies, and it could also work in your arsenal. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Bryson Bort, the CEO and Founder of SCYTHE, to discuss his offensive cybersecurity strategy. They talk about the issues with training, the problems SCYTHE solves, learning about ransomware, and his previous work with Target. They also touch on Bryson’s process for grabbing and keeping attention.…
S
She Said Privacy/He Said Security
1 The CISO and The SEC Cyber Regulations and Their Impact on Privacy and Security 27:40
27:40 Play Later Play Later Lists Like Liked27:40
Play Later Play Later Lists Like LikedSvetlana Braunscheidel is the General Counsel and VP of Operations at PNG Cyber, a forensic investigations and remediation business. In her role, she deals in digital forensics, incident response, threat actor communications, and cyber risk compliance services. Her previous experience spans executive operations, business development, and national security fields as a legal expert. In this episode… Cybersecurity is more than a corporate issue, bleeding directly into ever-evolving federal and state legislation. Legal protections can be immensely beneficial, but can also be equally confusing and opaque. As new SEC rules and regulations are put into place, how should businesses best adapt? Svetlana Braunscheidel is a professional privacy and security expert who helps companies navigate these exact issues. Her advice includes nimble action, keeping up with trends, and utilizing the knowledge of other experts to ensure compliance. In this episode of She Said Security/He Said Privacy , Jodi and Justin Daniels speak with Svetlana Braunscheidel, the General Counsel and VP of Operations at PNG Cyber, on the topic of cybersecurity after new SEC regulations. The three touch on current laws and recent additions, how these changes affect privacy, and what businesses should do to respond.…
S
She Said Privacy/He Said Security
1 Strategies for Privacy Professionals in the Boardroom With Judy Titera 31:11
31:11 Play Later Play Later Lists Like Liked31:11
Play Later Play Later Lists Like LikedJudy Titera is the owner of J Titera Solutions, where she provides privacy and security consulting services. She is also a faculty member of IANS Research and serves as Independent Director on the Mitsui Sumitomo Transverse Insurance board. Judy retired from USAA, where she served as the Chief Privacy Officer. She now spends her free time participating in professional and speaking engagements. In this episode… In a vacuum, privacy concerns are a simple matter of ethics and logistics. In reality, the structure of most businesses makes privacy a far more complex topic. With so many executives and experts involved in implementation, how can you communicate effectively? For companies with a board of directors, speaking with boardrooms is a key opportunity to make your voice heard. Talking with executive leadership requires tact, skill, and knowledge. If you learn from professionals who have been in the same situation, you can have an advantage in communicating. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels have an informative conversation with Judy Titera, Owner of J Titera Solutions, about privacy professionals in the boardroom. They discuss key strategies, why healthy working relationships are so vital, and what privacy success looks like. Judy discusses her career and explains how she was able to become involved with various boards of directors.…
S
She Said Privacy/He Said Security
1 Pixel Litigation, Ad Tech, and Digital Advertising Privacy With Alysa Hutnik 24:11
24:11 Play Later Play Later Lists Like Liked24:11
Play Later Play Later Lists Like LikedAlysa Hutnik is the Chair of the Privacy and Information Security practice at Kelley Drye. She is one of the nation’s leading ad tech attorneys, active in the industry, and well-versed in the unique legal challenges faced by advertisers and data-focused companies. Alysa has spent the past two decades working with and growing Kelley Drye & Warren LLP, an Am Law 200 law firm of more than 350 lawyers and other professionals across the US. In this episode… Advertisers have a host of new and advanced tools to better target their audience. While this is a lucrative opportunity for companies, many of them utilize data closely tied to privacy concerns. The line is growing increasingly thin between ethical and unethical usage. How can both companies and consumers stay safe in the process? Experts in the field work tirelessly to keep up with technology and legislation. As litigation unfolds, the future of ad tech is being decided in real time, necessitating the help of legal experts who have a firm grasp of this rapidly shifting environment. Here are some of the most crucial pieces to the puzzle. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels interview Alysa Hutnik, the Chair of the Privacy and Information Security practice at Kelley Drye & Warren LLP, to discuss pixel litigation and ad tech. They break down what is currently happening in the courts, common mistakes companies are making, and the complications introduced by AI in advertising.…
S
She Said Privacy/He Said Security
1 Building Privacy Programs for Global Businesses 35:25
35:25 Play Later Play Later Lists Like Liked35:25
Play Later Play Later Lists Like LikedJordan Smith is the VP of Privacy Compliance for Peloton Interactive and is responsible for their global privacy program. Before joining Peloton, Jordan built compliance and global data privacy programs for startups as well as publicly traded companies. Jordan’s resumé includes the development of policies for regulatory oversight, data privacy, fraud, brand safety, and social responsibility. He is a member of the International Association of Privacy Professionals and is a Certified Information Privacy Professional for the United States. In this episode… In the modern era, patchwork privacy regulations and policies are insufficient for the increasing demand and constant changes. Having a robust program is essential, but for larger businesses, this grows exponentially more difficult to build. On a global scale, the proposition can be outright exhausting. For these large corporations, elite privacy experts are putting their minds together to keep up with the changing tides. Companies such as Peloton deal with personal information, health data, financial details, and much more. Learn directly from professionals to see how they handle all of these variables. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels talk with Jordan Smith, the Vice President of Privacy Compliance at Peloton, about building privacy programs on a global scale. They discuss how to work across several internal teams, handling unique privacy needs, and the greatest challenges facing professionals today.…
S
She Said Privacy/He Said Security
1 Measuring Cybersecurity and Privacy With a Scorecard With Owen Denby 26:27
26:27 Play Later Play Later Lists Like Liked26:27
Play Later Play Later Lists Like LikedOwen Denby is the General Counsel of SecurityScorecard, a late stage VC backed cybersecurity company. He is a veteran of SaaS technology startups and a corporate M&A lawyer by training. Additionally, he is a Charter Member of TechGC — an independent, invitation-only, peer community for general counsels. In this episode… Every organization and business wants to increase their security, but how do you quantify the change? Security is a complex, multi-faceted topic where almost anything can go wrong. Many companies do their best, but have no clear measurement for how safe they and their customers truly are. For this reason, security experts can run thorough tests, and even simplify that analysis into a digestible and familiar medium. SecurityScorecard lives up to its name by providing a scorecard and offering risk management options. This approach can expose weaknesses and lead to a better understanding of your security needs. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels invite Owen Denby, General Counsel at SecurityScorecard, onto the show to learn more about quantifying cybersecurity. They discuss how the software measures risks, how new SEC regulations enter the equation, and regular pitfalls that companies face.…
S
She Said Privacy/He Said Security
1 Privacy and Security Concerns in Data Retention With Bill Piwonka 35:23
35:23 Play Later Play Later Lists Like Liked35:23
Play Later Play Later Lists Like LikedBill Piwonka is the Chief Marketing Officer for Exterro, a data risk management and privacy platform. Over the past 30 years, he has led marketing teams and initiatives spanning strategy, product marketing, product management, demand generation, and business development. As a semi-retired tech executive, he also spends his time as a philanthropist, mentor, and board member. In this episode… Data has become an all-consuming subject in business, with modern technology affording a comprehensive view of all kinds of data. With data retention, information is easier to access now than ever, but that power comes with valid concerns and questions. So how can you mitigate such high levels of risk and complexity? Companies such as Exterro are working to keep a tighter rein on data retention and infrastructure. Topics of e-discovery, privacy, digital forensics, and data governance are vital for compliance and user security. Learn how these concerns are being addressed by leading professionals today. this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Bill Piwonka, the Chief Marketing Officer at Exterro, on the subject of data retention and how it relates to privacy. They go step-by-step through the pressing concerns, how companies like Exterro seek to help, how laws play into the equation, and keeping up with the lightning-fast pace of AI development.…
S
She Said Privacy/He Said Security
1 Protecting Children’s Privacy in the Social Media Age With Titania Jordan 34:26
34:26 Play Later Play Later Lists Like Liked34:26
Play Later Play Later Lists Like LikedTitania Jordan is the Chief Marketing Officer and Chief Parent Officer of Bark Technologies, an online safety company that helps nearly seven million kids stay safe online and in real life. She is a renowned thought leader on digital parenting, contributing to pieces in The Wall Street Journal , Forbes , The New York Times , Huffington Post, USA Today, and many more. Titania is the author of Parenting in a Tech World , a bestseller featured in the 2020 documentary Childhood 2.0 . She founded Parenting in a Tech World, a Facebook group of more than 450,000 members where parents discuss raising kids in the digital age. In this episode… Privacy is already a pressing issue for the general population, but the topic is exponentially important for children. Kids have unprecedented access to the internet and all the dangers it entails. Combined with the advent of AI in the mainstream, parents need to be more careful than ever. Fortunately, there are people helping make the internet safer for children. Companies like Bark Technologies offer comprehensive parental controls that get to the heart of the problem. For children to thrive, they need more protections for their safety and their privacy. Parents need to be aware of the issues in modern society and what they can do to counteract them. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels interview Titania Jordan, the Chief Marketing Officer and Chief Parent Officer of Bark Technologies, to discuss privacy and protection for children. They delve into the current dangers facing children online, how AI fits into the equation, and how Bark works to help. They also touch on the importance of digital citizenship and how the law applies to children’s privacy.…
S
She Said Privacy/He Said Security
1 The Essentials of Privacy Engineering With Jay Averitt 33:27
33:27 Play Later Play Later Lists Like Liked33:27
Play Later Play Later Lists Like LikedJay Averitt is the Senior Privacy Product Manager and a Privacy Engineer at Microsoft. He began his career as a software engineer and also attended law school, practicing for 10 years as a corporate attorney specializing in software license agreements. Jay was exposed to privacy during his time as an attorney and has since become an expert in the field. In this episode… The privacy space is filled with litigation and ethical deliberation; much of the conversation is fixated on policy rather than the technical elements. However, the technical pieces are just as important and can sometimes fly under the radar. For privacy professionals, this is known as privacy engineering. The methodologies, tools, and techniques of privacy engineering help put ideas into motion. The field is rapidly evolving and is currently being defined by experts. With so much still left to figure out, what do you need to know about the topic? In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels interview Jay Averitt, Senior Privacy Product Manager and Privacy Engineer at Microsoft, to discuss the key points of privacy engineering. The three discuss the burgeoning field, AI and security, working with companies, and collaboration across unique teams. They also talk about how to highlight the importance of privacy to others.…
S
She Said Privacy/He Said Security
1 U.S. Privacy Law Models Across the States With Keir Lamont 45:29
45:29 Play Later Play Later Lists Like Liked45:29
Play Later Play Later Lists Like LikedKeir Lamont is the Director for U.S. Legislation at the Future of Privacy Forum. In this position, he supports research and independent analysis concerning federal, state, and local consumer privacy laws and regulations. His background includes privacy and policy positions at The Ohio State University’s Moritz College of Law and the Computer & Communications Industry Association. In this episode… In the United States, there is a constant tension between federal and state laws. The intersection of the two has been a constant source of consternation for many regulators and litigators over the years. This is especially true for privacy laws. As each state is defining and redefining their privacy regulations, it becomes more crucial than ever to stay on top of changes. These shifts are far from random — patterns emerge from states influencing others with their approach to privacy and data. Studying these movements can inform regulators and help prepare for the future — here is what the experts are saying on the matter. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels speak with Keir Lamont, the Director for U.S. Legislation at The Future of Privacy Forum, to learn more about privacy laws at the state level. They go through the unique trends, patchwork legislation, the precedent set by Washington’s My Health My Data Act, and what regulators should know going into the future.…
S
She Said Privacy/He Said Security
1 New Technologies and Navigating Privacy Risk With Joe Toscano 39:09
39:09 Play Later Play Later Lists Like Liked39:09
Play Later Play Later Lists Like LikedJoe Toscano is the Founder and CEO of DataGrade, a technology company helping companies discover, analyze, and manage data privacy risk. He has advised US Attorney Generals on Facebook and Google antitrust cases, helped shape privacy law across multiple states, and worked with large organizations such as the World Economic Forum. In addition to his work at DataGrade, Joe was featured in the Netflix documentary The Social Dilemma , and he is an international keynote speaker known for his TEDx Talk “Want to Work for Google? You Already Do.” Joe is also Senior Fellow at The Diplomatic Courier and a contributing author for Forbes . In this episode… Privacy and social engineering have become deeply integrated into modern society. The average person is unaware of the complex systems around them every day — privacy risk management has become a necessity for businesses and people alike. So what should everyone know as the world enters a new age of data? The best start is awareness. Thanks to documentaries such as The Social Dilemma , people are looking into their relationship to data and privacy. For businesses, more privacy and strategy is required. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels are joined by Joe Toscano, the CEO and Founder of DataGrade, to talk about technology and privacy in personal and corporate settings. They break down Joe’s role in The Social Dilemma , discuss his TED Talk, what DataGrade does, and what people should know about their own everyday privacy.…
S
She Said Privacy/He Said Security
1 Selecting and Leveraging Privacy Software and Generative AI’s Impact on Privacy With Ben Brook 39:41
39:41 Play Later Play Later Lists Like Liked39:41
Play Later Play Later Lists Like LikedBen Brook is the CEO and Co-founder of Transcend, a company helping the world’s largest companies control their data by simplifying compliance, unlocking strategic growth, and improving business resilience. Prior to co-founding Transcend, Ben studied computer science, astrophysics, and neuroscience at Harvard University. Originally from Toronto, Canada, he is a passionate and award-winning filmmaker. In this episode… Privacy compliance is a necessity for businesses, but can often be a hindrance. It requires time, attention, money, and knowledge to keep up with regulations and track data effectively. Some platforms can make this process easier, but how do you select the right one? The list of vendors is steadily growing as privacy becomes an increasingly pressing issue. Choosing the right one can simplify and clarify everyday processes. Even while working with a quality platform, there is still much to know for managing and improving your privacy. For both issues, it’s best to learn from the experts. In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels chat with Ben Brook, the CEO and Co-founder of Transcend, about selecting and utilizing privacy software. They discuss essential criteria for programs, adapting to regulatory environments, and breaking down the issues with privacy and generative AI.…
S
She Said Privacy/He Said Security
1 Best Tips for Privacy Experts To Elevate Their Practice With Jamal Ahmed 29:30
29:30 Play Later Play Later Lists Like Liked29:30
Play Later Play Later Lists Like LikedJamal Ahmed is a Global Privacy Consultant at Kazient Privacy Experts and has been dubbed the "King of Data Protection" by the BBC. He is a passionate advocate for privacy rights and is the acclaimed author of the international #1 bestselling book The Easy Peasy Guide to the GDPR . He has transformed the complex world of data compliance into an accessible subject for everyone. In this episode… Privacy affects all fields of technology and business, but specializing in the subject can be particularly difficult. Privacy experts work tirelessly every day to not only help their clients, but stay current with new information. While some knowledge is essential for most jobs, more depth is required to be a master. This barrier to entry has kept some from pursuing a career in privacy. Additionally, many current professionals can feel overwhelmed by the ever-growing scale of the subject. So how can you dive deeper into privacy and progress in the field? In this episode of She Said Privacy/He Said Security , Jodi and Justin Daniels interview Jamal Ahmed, a privacy expert and consultant, to discover the best tips to enhance your privacy practice. The three discuss common misconceptions, understanding the current privacy landscape, essential skills for the field, and building a supportive community. Lastly, they unveil the quintessential trait needed to excel in privacy.…
S
She Said Privacy/He Said Security
1 Expert Negotiation Tips When Your IT Network Is Held Hostage 41:15
41:15 Play Later Play Later Lists Like Liked41:15
Play Later Play Later Lists Like LikedChris Voss is the CEO and Founder of The Black Swan Group, an organization that teaches strategies found in hostage negotiations and applies them to the business world. He is also the best-selling author of the book Never Split the Difference: Negotiating As If Your Life Depended On It . Prior to 2008, Chris was the Lead Negotiator for the FBI International Kidnapping Response as well as the FBI’s hostage negotiation representative for the National Security Council’s Hostage Working Group. During his career, he also represented the U.S. government as an expert in kidnapping at two international conferences sponsored by the G8. In this episode… Negotiation is a specialized yet universally useful skill. Even mundane conversations are filled with requests, persuasion, and deliberation. The basics are learned intuitively, but for more serious circumstances, more is required. Hostage situations are the most dire instance of negotiation. Experts are equipped to handle these scenarios with care and precision, pulling from thorough training and prior experience. In our digital world ransomware is also a hostage situation only your IT network is the hostage!! These advanced principles are incredibly useful for emergencies and day-to-day life alike. Now you can learn directly from a real-world ransomware example of how high-level negotiation works in practice. In this episode of She Said Privacy/He Said Security , Justin and Jodi Daniels are joined by Chris Voss, the CEO and Founder of The Black Swan Group, to share the concepts of high-stakes negotiations. They walk step-by-step through Justin’s ransomware negotiation for a hostage IT network and how he applied Chris’ principles to great success. They also discuss how to handle timelines, good questions for negotiations, and the best negotiation tip for privacy and security professionals.…
S
She Said Privacy/He Said Security
1 How Levi’s Values Influences its Privacy Program With Karen McGee 31:39
31:39 Play Later Play Later Lists Like Liked31:39
Play Later Play Later Lists Like LikedKaren McGee is the Chief Privacy Officer at Levi Strauss & Co., overseeing its privacy program and upholding the company’s principles. She specializes in translating intricate legal frameworks into manageable and legible systems. Karen’s preceding career includes Managing Privacy Counsel at Intel, CPO at LifeLock and General Counsel at ID Analytics. She was honored with the In-House Legal Adviser of the Year Award at the Women in Law Awards by Lawyer Monthly . In this episode… Company values can be taken for granted, but they hold the potential for so much more. When followed and honored correctly, corporate values can define a business. It can bring respect, trust, and even success by maintaining internal and external consistency. Few corporate sectors are as strongly influenced by company values as privacy and security. There is a long history of brands breaking consumer trust and suffering the consequences. It’s a complex topic, requiring agile changes and rigorous supervision. It can be illuminating to look toward companies that have paved the way and set a good example. In this episode of She Said Privacy/He Said Security , Justin and Jodi Daniels are joined by Karen McGee, the Chief Privacy Officer of Levi Strauss & Co., to discuss how Levi’s corporate values apply to its privacy program. They go over AI use cases, new SEC rules on cybersecurity, privacy policy, and how to develop a quality program. They also talk about Karen’s career journey and her advice for other practitioners.…
S
She Said Privacy/He Said Security
1 Breaking Down the Washington State My Health, My Data Act With Mike Hintze 35:43
35:43 Play Later Play Later Lists Like Liked35:43
Play Later Play Later Lists Like LikedMike Hintze is a recognized expert in privacy and data protection with more than 20 years of experience in the field. He is a Member Partner at Hintze Law, a boutique firm that specializes in privacy and cybersecurity. Previously, Mike was the Chief Privacy Counsel at Microsoft, developing his expertise in data protection and privacy policy for over 18 years. He shares his knowledge as an Affiliate Instructor of Law at the University of Washington School of Law and a Senior Fellow of The Future of Privacy Forum. In this episode… Health data remains a pressing issue in the legal space, especially with the rapid advancement of cloud technology. Physical location is becoming less and less relevant as more data is stored away from the patients. Since Washington hosts such massive servers, they have found themselves in the sights of legislative action. The Washington My Health, My Data Act seeks to protect consumers both in the state and those whose data is collected there. Due to the scope of the Act, businesses and legal professionals are still working to understand the resulting nuances. How does this affect businesses and healthcare facilities? Which consents and requirements will be required? Most importantly, how does this tangibly help consumer privacy? In this episode of She Said Privacy/He Said Security Podcast , Justin and Jodi Daniels sit down with Mike Hintze to break down the Washington My Health, My Data Act. They define consumer health data, how it is designed to be protected, and the ramifications for institutions. They also walk through the most vital tips and advice to navigate the new legal parameters.…
S
She Said Privacy/He Said Security
1 Updates and Changes in US State Privacy Laws for 2024 With Andrew Kingman 35:16
35:16 Play Later Play Later Lists Like Liked35:16
Play Later Play Later Lists Like LikedAndrew Kingman is the President of Mariner Strategies, a premier law firm where he specializes in privacy technology and cybersecurity issues in all 50 states at the legislative and Attorney General levels. As a public policy advocate with experience in compliance, Andrew brings a unique and substantive perspective to discussions on how to best increase consumer privacy protections while maintaining operational workability and cybersecurity protections for businesses. He is a nationally recognized thought leader in the field — in 2020, Andrew was one of 25 attorneys named to Massachusetts Lawyers Weekly Up & Coming Lawyers list. In this episode… The bustling year of 2023 saw the introduction, passage, and signing of various laws — many of which vary from US state to state. What were some of the year’s most significant regulations? Beyond the passage of privacy bills in seven red states, the passage of Washington state’s My Health, My Data Act was the most astonishing event for privacy lawyer Andrew Kingman. This act is the nation’s first privacy-focused law safeguarding personal health data not already covered by HIPAA. Because of this, Andrew warns that companies doing business with Washington state establishments should consider additional data compliance requirements, security measures, and consumer consent and rights. Since robust security measures are required to protect health and data, companies should be aware of the security standards and protocols outlined in the legislation and implement measures to prevent unauthorized access or breaches — all while respecting individual rights and ensuring transparent practices in obtaining and managing such consent. In today’s episode of the She Said Privacy/He Said Security Podcast , Justin and Jodi Daniels welcome Andrew Kingman to discuss integral changes in US State privacy law taking place in 2024. Andrew gives insight into the My Health, My Data Act, state legislature criteria for prioritizing certain bills, and why he’s a proponent of companies implementing data protection assessments.…
S
She Said Privacy/He Said Security
1 Navigating Privacy Landscapes: US State Privacy Laws, UK Data Protection, and Cross-Border Transfers 36:32
36:32 Play Later Play Later Lists Like Liked36:32
Play Later Play Later Lists Like LikedRobert Bateman is a freelance writer who creates privacy and data protection content for blogs, emails, articles, websites, reports, and white papers. He’s been an industry advocate since 2017 and has interviewed leading figures in the privacy field, including Max Schrems and Johnny Ryan. As a thought leader, Robert is a sought-after speaker and panelist for online and in-person privacy conferences, events, and webinars. Because of his thirst for knowledge and passion for privacy, Robert began providing training and consultancy work in 2023. In this episode… The United States and the United Kingdom have different approaches to privacy and data protection. The US has a patchwork of state privacy laws, while the UK has one unified national data protection law. So how can US companies comply with UK data protection laws when transferring data to the UK? Data privacy and protection thought leader Robert Bateman explains that one of the main challenges is understanding the different requirements of US state privacy laws and UK data protection laws. For example, some US states mandate that companies obtain consent from people before collecting their personal information. In contrast, the UK data protection law does not require consent for all types of data collection. To mitigate the risk of fines and other penalties, US companies should examine their data collection and processing procedures to comply with both US state privacy and UK data protection laws. Companies should also seek the counsel of an experienced data privacy attorney to assist them in understanding their obligations and developing a compliance plan. Join Justin and Jodi Daniels in this episode of the She Said Privacy/He Said Security Podcast as privacy and data protection content creator Robert Bateman joins the show. Robert explains the challenges UK data privacy professionals face, the difficulties US companies encounter in understanding UK data transfer rules, and why ICO regulators should adhere to cookie compliance.…
S
She Said Privacy/He Said Security
1 Decoding Quebec’s Law 25: What Companies Need To Know With Sharon Bauer 33:21
33:21 Play Later Play Later Lists Like Liked33:21
Play Later Play Later Lists Like LikedSharon Bauer is a Lawyer and the Founder of Bamboo Data Consulting, a team of privacy consultants specializing in privacy, security, data strategy, and cutting-edge technology ethics work. As a consultant, she provides privacy solutions for various entities including retail, fintech, health, and education. Sharon is an expert in designing creative privacy programs solving hidden challenges for startups and international corporations. In addition to acting as a virtual chief privacy officer, IT World Canada named Sharon one of the Top 20 Women in Cybersecurity in 2022. In this episode… Quebec Law 25 is Quebec's privacy legislation, which applies to businesses or businesses collecting Quebec data. As a relatively new law, many companies need to know its governance framework. What are the critical concepts of Law 25, and how does it apply to company compliance? Privacy lawyer and consultant Sharon Bauer explains that companies should understand Law 25’s key components: governance, privacy officer, transfer impact assessment, transparency, and employment. However, this privacy legislation does not apply to B2B businesses. Regarding privacy officers, Quebecian CEOs must either appoint a PO or hold themselves accountable for compliance with Law 25. Additionally, companies must adhere to the transfer impact assessment or privacy impact assessment when data is transferred outside of Quebec, when acquiring personal information, or when overhauling electronic service delivery systems involving destroying personal information. Sharon warns that companies that fail to comply with Quebec’s Law 25 are subject to a $25 million fine. In this episode of the She Said Privacy/He Said Security Podcast , Jodi and Justin Daniels welcome Sharon Bauer, Founder of Bamboo Data Consulting, to examine Quebec’s Law 25. Sharon reflects on her career background, discusses the intersection of Law 25 and the GDPR, and Canada’s basis for Personal Information Protection and Electronics Data Act (PIPEDA).…
S
She Said Privacy/He Said Security
1 The Paradigm of Adtech Privacy: Using Data Clean Rooms and Opt-In/Opt-Outs To Achieve Compliance 32:37
32:37 Play Later Play Later Lists Like Liked32:37
Play Later Play Later Lists Like LikedNoga Rosenthal is the Chief Privacy Officer and General Counsel at Ampersand, a data-driven TV advertising sales technology company. Noga possesses extensive expertise in developing and implementing comprehensive privacy programs and oversees the company’s privacy and legal initiatives. Before Ampersand, she served as Chief Privacy Officer at Epsilon, overseeing the company’s worldwide privacy, compliance, and regulatory activities. She also worked as General Counsel and Vice President for Compliance and Policy for the Network Advertising Initiative, where she managed the NAI’s compliance program and ensured that member companies upheld the promise of self-regulation for interest-based advertising. Noga is a member of the Women Leading Privacy Advisory Board of the International Association of Privacy Professionals and the IAB Federal Privacy Working Group. In this episode… The emergence of the adtech ecosystem has created a data-as-a-commodity paradigm that has given rise to privacy laws and regulations restricting targeted advertising and cookie usage. To integrate evolving technology tools with adtech privacy laws, what are some strategies to employ? Noga Rosenthal, an expert in adtech privacy law, asserts that alliances should be formed within the adtech industry. When teams learn from and communicate with each other, it helps to create transparency about data collection. Therefore, it becomes instinct to share information, obtain consumer consent or opt-outs, and collaborate with the Interactive Advertising Bureau and National Advertising Initiative. Another helpful source is the use of data clean rooms — a secure environment that enables organizations to merge data from multiple sources in order to analyze and share data while controlling how, where, and when it is used. Join Justin and Jodi Daniels on today’s episode of the She Said Privacy/He Said Security Podcast , where they welcome Noga Rosenthal, Chief Privacy Officer and General Counsel at Ampersand to discuss adtech privacy laws. Noga shares strategies for integrating adtech privacy laws with evolving technology tools, explains the significance of data clean rooms, and advises how companies can manage privacy risks concerning AI technologies.…
S
She Said Privacy/He Said Security
1 How Reliance on AI Technologies Places Smaller Businesses at Risk of Ransomware Attacks With Taylor Hersom 26:00
26:00 Play Later Play Later Lists Like Liked26:00
Play Later Play Later Lists Like LikedTaylor Hersom is the Founder and CEO of Eden Data, a cybersecurity firm focusing on the next generation of businesses primed to build security and privacy into their DNA. A self-described cybersecurity compliance nerd, he’s passionate about building world-class cybersecurity programs for startups and beyond. Taylor began his career advising Fortune 500 companies on compliance and security at Deloitte before moving on to Renaissance Systems Inc. at RSI, where he was one of the youngest CISOs in the industry. There, he developed an entire security program from the ground up. He’s also a sought-after thought leader who speaks at multiple global organizations, writes blog content on cybersecurity, and serves as a CompTIA Cybersecurity Advisory Council board member. In this episode… Data protection is essential for all companies, including protecting intellectual property and customer data. Once a data breach has occurred, criminals use information like credit card numbers, patents, and trade secrets to engage in multitudes of cyber crimes. What should companies be aware of to protect their data? Due to limited resources and budgets, small businesses and startups are more susceptible to data breaches. This is why many small companies rely on AI technologies to support automated business processes, data analysis insights, and customer engagement. Cybersecurity expert Taylor Hersom explains that AI reliance exposes them to dangers like phishing attacks, deep fake accounts, and AI-powered ransomware. SIM swapping and nation-state cyberattacks, particularly those sponsored by Russia and China, are other threats that put companies at risk of ransomware. Taylor proposes that startups can make a significant impact on security — reducing their breach risk — by allying with legal and security teams. In this episode of the She Said Privacy/He Said Security Podcast , Jodi and Justin Daniels welcome Taylor Hersom, Founder and CEO of Eden Data, to the show. Taylor discusses the common mistakes companies make concerning data protection, various cyber threats, and why companies should be weary of GRC platforms.…
S
She Said Privacy/He Said Security
1 Privacy Lawyer Jennifer Mitchell on Employee Data Privacy Under the California Consumer Privacy Act 27:59
27:59 Play Later Play Later Lists Like Liked27:59
Play Later Play Later Lists Like LikedJennifer Mitchell is a Partner and the Head of Privacy Governance and Technology Transactions at Baker Hostetler, a law firm specializing in digital risk advisory and cybersecurity, blockchain and digital assets, financial services, and more. Jennifer’s law career spans over 15 years with legal, compliance, and operations expertise. At Baker Hostetler, Jennifer provides business solutions to uphold evolving US state privacy laws in compliance with the General Data Protection Regulation, HIPAA, and California Consumer Privacy Act. In this episode… The amended California Consumer Privacy Act defines employees as consumers. So what does that mean for employee privacy rights? The CCPA affects employee rights by requiring employers to implement security measures to protect employees' personal information. These measures include implementing data security policies and procedures, conducting regular security audits, and training employees on data security best practices. Privacy lawyer Jennifer Mitchell explains that CCPA gives workers the right to request their employers disclose the personal information employers have collected about them. This gives employees the freedom to either opt out of selling their data or have their information deleted from their employer’s records. Additionally, CCPA prohibits companies from discriminating against employees who request their rights. Join Jodi and Justin Daniels in today’s episode of the She Said Privacy/He Said Security Podcast , where they welcome Jennifer Mitchell, Partner at Baker Hostetler, to discuss employee privacy under the California Consumer Privacy Act. Jennifer discusses the difference between “right to know” and “right to delete,” opportunities for employee privacy rights to build relationships between companies and employees, and how company employee monitoring may potentially violate employee privacy rights.…
S
She Said Privacy/He Said Security
1 Why Companies Should Outsource CISO Services and How the Role Intersects With Privacy Duties 36:27
36:27 Play Later Play Later Lists Like Liked36:27
Play Later Play Later Lists Like LikedOlivia Rose is the Founder of Rose CISO Group, which offers virtual chief information security officer services, including assessments, boardroom and leadership communications, and event presentations. She has over 22 years of experience in the industry and has served as the CISO for Amplitude, Mailchimp, and QloudSecure. Before founding Rose CISO Group, Olivia sat on the board of directors at Cyversity, a nonprofit dedicated to increasing diversity in cybersecurity. Olivia has also shared her knowledge and expertise as a faculty member and advisor at IANS, a leading security insights and support provider. In this episode… A chief information security officer is vital to protecting an organization from cyber threats. However, the role has become a watered-down casual term — many people wear the title, but need more training and qualifications. Veteran security professional Olivia Rose asserts that in-house CISOs are expensive resources. Instead, organizations can benefit from outsourcing virtual CISOs, as they are cost-effective, offer an objective viewpoint, and provide higher expertise. In addition to experience and certifications, Olivia maintains that security experts can stay current on trends and jargon by using online educational platforms like Coursera and YouTube. Olivia also recommends taking an introduction to marketing, as it helps them effectively convey messages. In this episode of the She Said Privacy/He Said Security , Jodi and Justin Daniels interview Olivia Rose, Founder of Rose CISO Group, about the role of a virtual chief information security officer. Olivia discusses burnout in the security profession, the qualifications and responsibilities of a vCISO, and who benefits from CISO services.…
S
She Said Privacy/He Said Security
1 How Smaller Companies Can Mitigate Cybersecurity Risks and Comply With the New SEC Rules 43:49
43:49 Play Later Play Later Lists Like Liked43:49
Play Later Play Later Lists Like LikedBrian Haugli is the Co-founder and CEO of SideChannel, a cybersecurity company that provides cyber risk assessment and ensures cybersecurity compliance for mid-sized organizations. He is a 20-year industry veteran who’s led programs for the Department of Defense, the Pentagon, the Intelligence Community, and Fortune 500 companies. With expertise in NIST guidance, threat intelligence implementations, and strategic organization initiatives, Brian is a sought-after speaker and the host of the #CISOlife podcast and YouTube channel. Brian also co-authored Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework , an analysis of cybersecurity risk planning and management principles. In this episode… Public and private companies should prepare to meet SEC regulations with the new cybersecurity rules set to take effect in December. However, with cybersecurity assessment costs starting at six figures, how can small and mid-sized companies maintain compliance? Organizations that lack the resources of larger corporations can reduce costs by securing an information security consultant. These consultancies develop customized compliance programs to identify specific cybersecurity risks and recommend cost-effective strategies. For companies that adopt this type of service, cybersecurity expert Brian Haugli suggests retaining a CISO for at least 80 hours per month. During this time, a CISO should be able to formulate risk management solutions including acceptance, mitigation, and transfer. In this episode of the She Said Privacy/He Said Security , Jodi and Justin Daniels interview Brian Haugli, CEO of SideChannel, for an in-depth conversation about cybersecurity. Brian discusses the inspiration behind SideChannel and its mission, how mid-size companies can afford to retain a CISO, and procedures for navigating ransomware demands.…
S
She Said Privacy/He Said Security
1 ZoomInfo’s Al Raymond on B2B Privacy Programs and Third-Party Privacy Risk Management 36:40
36:40 Play Later Play Later Lists Like Liked36:40
Play Later Play Later Lists Like LikedAl Raymond is the Privacy Compliance Officer at ZoomInfo Technologies, a powerful research and lead-generation tool used for sales, marketing, and talent acquisition. In his role, Al leads the assurance team, ensuring ZoomInfo maintains compliance with regulations, rules, and laws. He is a privacy compliance and data governance professional and 20-year veteran in customer data privacy, information security, regulatory compliance, and risk management. Al’s experience and skills have benefited prominent companies such as PHP Corporation, ARAMARK, TD Bank, Deloitte Touche, and JPMorgan Chase. In this episode… Marketers and sales teams utilize third-party data to acquire customers and scale their businesses. How can privacy teams appease marketing teams while complying with privacy laws? Seasoned privacy professional Al Raymond recommends open communication with all parties when purchasing data from third-party data providers. He suggests conferring with privacy counsel, privacy and compliance teams, and the sales team to discuss their obligations to the public. When buying data, marketers must send privacy notices to those targeted. Upon receipt of the notice, third parties can remove individuals from the database. The notice also reveals full transparency, informing people where their data goes, who owns it, and the purpose of the collection. Al also explains that marketers must properly use Article Six of the General Data Protection Regulation. Article Six outlines six legal bases for processing personal data: consent, contract, legal obligation, vital interests, public task, and legitimate interests. In this episode of the She Said Privacy/He Said Security Podcast , Jodi and Justin Daniels welcome Al Raymond, Privacy Compliance Officer at ZoomInfo Technologies, to discuss B2B privacy programs and third-party risk management. Al explains privacy laws and data protection in B2B marketing, the challenges in building and maintaining a privacy program, and privacy policies and contracts for data usage.…
S
She Said Privacy/He Said Security
1 HP’s Aaron Weller on Privacy Engineering, PETs, and Information Security 25:38
25:38 Play Later Play Later Lists Like Liked25:38
Play Later Play Later Lists Like LikedAaron Weller is the Leader of the Global Privacy Engineering Center of Excellence at HP, an international IT company developing personal computers, printers, and 3D printing solutions. Aaron provides technical leadership for privacy engineering, enablement, and experience for HP’s global operations. As a seasoned privacy and information security veteran, Aaron has offered his knowledge and experience as a department head for various companies, including PwC and Blueprint. He is also a Co-founder of both Concise Consulting and Ethos Privacy, a consulting firm offering privacy strategies. Aaron is a sought-after thought leader who’s presented at national and international conferences and universities. He’s also been quoted in mainstream publications, including The Wall Street Journal and Forbes . In this episode… Privacy engineering is an emerging field of engineering. What is the role of this profession, and how can companies benefit from their expertise? Seasoned information security professional Aaron Walker explains the categories of privacy engineering include user experience, design infrastructure, software development, and privacy-enhancing technologies. PETs are tools and techniques that help companies and individuals control and protect their personal information — they can be used to encrypt data, anonymize individuals, and control access to information. Privacy engineers have various responsibilities, such as implementing systems that provide acceptable levels of privacy. Aaron advises that smaller organizations can integrate privacy engineers by educating existing engineers to build their system development lifecycle process. In this episode of the She Said Privacy/He Said Security with Jodi and Justin Daniels, Aaron Weller, Leader of the Global Privacy Engineering Center of Excellence at HP, expounds on privacy engineering, PETs, and information security. Aaron discusses the integration of AI and privacy engineering, how companies can implement privacy-enhancing technologies, and offers advice to aspiring engineers.…
S
She Said Privacy/He Said Security
1 How Cyber Services Can Heed the New SEC Regulations to Address Privacy and Security Concerns 35:52
35:52 Play Later Play Later Lists Like Liked35:52
Play Later Play Later Lists Like LikedKeith Novak is the Co-founder and CISO at Intentional Cybersecurity, an advisory firm supporting clients with cyber risk needs using penetration testing, control validation, and cyber due diligence. Keith drives the company’s growth and success by delivering high-value cybersecurity advisory assessments. A seasoned veteran in the industry, he’s worked with clients in all sectors and verticals. Before founding Intentional Cybersecurity, Keith led the global cyber risk advisory and strategy practice for Kroll, a leading cyber risk management and incident response firm. Keith is one of the few cyber professionals with experience in technical operations and business strategy, adding value to any cybersecurity team. In this episode… The SEC requires companies that have experienced drastic fiscal changes to submit a Form 8-K. With the number of data breaches in recent events, we will likely see more 8-K filings. How can organizations be more proactive about protecting their data? Cybersecurity expert Keith Novak explains humans are still fallible regardless of how flawless their security program might be. Therefore, it’s imperative to train helpdesk personnel to be steadfast in confirming identities. Keith suggests significant improvements to the multifactor authentication process, such as asking for passphrases or employee IDs. He also shares that private companies do not fall under SEC, NYDFS, and NEIC requirements and are not obligated to report breaches. However, boards do encourage cybersecurity services, including risk assessments. Individuals can practice risk assessments, as well, by adopting a healthy dose of skepticism. Don’t shy away from asking why your social security card or driver’s license is needed. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Keith Novak, Co-founder and CISO at Intentional Cybersecurity, discusses how privacy and security relate to cybersecurity. Keith explains the significance of data transparency, how individuals and companies can protect themselves from data breaches, and suggests multifactor authentication (MFA) process improvements.…
S
She Said Privacy/He Said Security
1 Meta, AI, and the New Privacy Laws: What You Need to Know 38:56
38:56 Play Later Play Later Lists Like Liked38:56
Play Later Play Later Lists Like LikedPedro Pavón is the Global Director of Monetization, Privacy, and Fairness at Meta, the tech company behind Facebook, Instagram, WhatsApp and Threads. In addition to providing legal counsel and advocating for data privacy, data protection, fairness, and algorithmic transparency, Pedro leads a team of lawyers and policy professionals. Beyond his responsibilities at Meta, Pedro teaches privacy and information security law at the Georgia State University College of Law. Pedro is a thought leader and writer on privacy and data security issues related to AI, Metaverse, digital advertising, blockchain, and IoT. In this episode… In December 2022, Meta (formerly Facebook) settled a $725 million lawsuit alleging that the company gave third parties access to users' private data without permission. Meta is now attempting to become a data privacy leader, so what safeguards have they implemented? Privacy professional Pedro Pavón explains Meta is making tremendous efforts to improve data protection and user transparency. Besides empowering the legal team with the authority to negate atrocious ideas with the potential to harm users, Meta now equips individuals with more control and transparency regarding their data. Meta is also launching new technology, such as the AI chatbot. To shield data, the security team enables security by design protection and transparent communication on how AI systems use people’s data. Data privacy transparency is crucial because it helps build trust between consumers and businesses. It lets customers understand how their data is collected, used, and shared. This enables them to make informed decisions about their privacy and security. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Pedro Pavón, Global Director of Monetization, Privacy, and Fairness at Meta, discusses how the company is improving data privacy. Pedro shares the role privacy and data protection play in the new Meta AI chatbot, why privacy should be more transparent, and ways AI can improve privacy.…
S
She Said Privacy/He Said Security
1 Privacy Regulations, Privacy by Design, and AI: Creating Engaging Apps While Remaining Compliant 22:54
22:54 Play Later Play Later Lists Like Liked22:54
Play Later Play Later Lists Like LikedNia Castelly is the Co-founder and Legal Lead at Checks, a Google-backed privacy platform that uses AI to simplify privacy compliance for developers. Before Checks, Nia spent nearly five years as a legal advisor for Google Play’s Developer Console, Policy, and Operations teams. Nia is an entrepreneur and supporter of early-stage startups, serving as an Angel Investor at the Black Angel Group and as a Limited Partner at How Women Invest. In this episode… In the early 2000s, Apple trademarked the phrase “there’s an app for that!” Fast forward to today — the public demands applications because it simplifies areas of our lives. With that demand, developers often rush to launch but must adhere to complicated privacy regulations. How can developers create delightful apps while remaining compliant? Most mobile engineers use software developer kits, a third-party code. If developers do not adequately edit the codes, it can cause unintentional consequences, such as data collection and sharing. Seasoned lawyer Nia Castelly, co-founder of privacy platform Checks, explains there is a three-step procedure known as a triangle to analyze such issues. Once detected, mobile app companies can make requirements to be compliant. Product developers also leverage AI to translate privacy policies, helping simplify compliance complexities. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Nia Castelly, Co-founder and Legal Lead at Checks, discusses data privacy compliance within mobile app development. Nia explains how cultural differences affect privacy across the globe, demystifying compliance complexities, and procedures for governing AI within product development.…
S
She Said Privacy/He Said Security
1 Best Practices for Mitigating Cybersecurity and Blockchain Risks With Roderic Deichler 25:25
25:25 Play Later Play Later Lists Like Liked25:25
Play Later Play Later Lists Like LikedRoderic Deichler is the Co-founder and Chief Security Officer at AfterDark, a boutique blockchain security company delivering white glove services, such as smart contract advising, pentesting, and security advising. Roderic founded the company to fill the security gap in Web3. Before AfterDark, he led pentesting at Mandiant and smart contract audits at Coinbase and OpenZeppelin. Roderic discovered his enthusiasm for cybersecurity while studying computer science at UC Santa Barbara and competing in Capture the Flag competitions and hackathons. In this episode… Web3 is an extension of cryptocurrency and innovatively uses blockchain. Since a blockchain stores many tokens in a digital wallet, how can cybersecurity professionals fill security gaps on Web3? Risks that threaten Web3 include smart contracts, phishing, scams, and hacks targeting a user’s crypto wallet. According to Roderic Deichler, a veteran cybersecurity professional, there are multiple best practices to mitigate security risks, including applying security strategically, security audits, and multifactor authentication. Security architects use various thought processes when applying security, usually embracing security-by-design principles. Since developers conduct several project tests before and after releasing new code, companies should consider employing internal security teams or consulting security auditors to reveal potential bugs. Social hacking has become a prevalent method for tricking users into revealing their confidential information. To diminish this risk, Roderic suggests using multifactor authentication (MFA), a multi-step process requiring more instruction plus a password. In this episode of the She Said Privacy/He Said Security Podcast , Jodi and Justin Daniels interview Roderic Deichler, Co-founder and Chief Security Officer of AfterDark, about cybersecurity risks. Roderic explains security risks in smart contracts, phishing risks in Bitcoin and other digital wallet assets, and AI’s impact on cybersecurity.…
S
She Said Privacy/He Said Security
1 Mark Webber on Law Firms Implementing AI and Complying with the US-EU Data Privacy Framework 34:58
34:58 Play Later Play Later Lists Like Liked34:58
Play Later Play Later Lists Like LikedMark Webber is the US Managing Partner of Fieldfisher, a London-based international law firm with offices in Europe, the US, and China. An English lawyer living in the Silicon Valley, Mark oversees the firm’s US operations. As a recognized leader in privacy law with extensive experience working with the world's leading technology companies, Mark is known for finding innovative solutions to complex legal challenges. At Fieldfisher, Mark has been instrumental in establishing, nurturing, and expanding the firm's presence, operations, and services in the US. In this episode… Lawyers endorse the Data Privacy Framework as a valuable tool to mitigate cybersecurity risks. However, many experts argue that protecting businesses from other privacy risks — such as those posed by AI — is not enough. The draft of the European Union AI Act has sparked debate among privacy professionals, with some advocating for a prohibition on the unrestricted use of AI technologies such as biometrics in real time. Mark Webber, a seasoned lawyer with expertise in technology and privacy, disagrees with this approach. He cautions against AI's high-risk threats to transport, infrastructure, and decision-making. To mitigate these risks, Mark suggests that companies conduct an AI impact assessment, such as the one developed by the National Institute of Standards and Technology, before implementing generative AI systems. He also warns that, given the ever-evolving nature of AI, any governing policies will only be effective with proper education and training. In this episode of the She Said Privacy/He Said Security Podcast , Mark Webber, US Managing Partner at Fieldfisher, joins Jodi and Justin Daniels to discuss the US-EU Data Privacy Framework and AI. Mark explains how the framework will impact businesses, the European Union AI Act, the intersection of AI regulation with GDPR, and why organizations should consider implementing AI assessment frameworks.…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Similar to She Said Privacy/He Said Security
Welcome to the What’s Next! Podcast. I’ve met so many brilliant people as I traveled the globe and have had some fascinating conversations that I’ve wished had been recorded so I could share them with you - this podcast was a way for me to recreate those moments and let you in on some fantastic insights. My current conversations center around one objective: what's next for companies and individuals as they look to innovate and grow. I hope these conversations inspire you as much as they have ...
…
continue reading
Call them changemakers. Call them rule breakers. We call them Redefiners. And in this provocative podcast, we explore how daring leaders from across industries and around the globe are redefining their organizations—and themselves—to create extraordinary impact in today’s rapidly changing world. In each episode, Russell Reynolds Associates Leadership Advisor Hoda Tahoun and former CEO Clarke Murphy host engaging, purposeful conversations with leaders in and out of the business world who shar ...
…
continue reading
Rachel Cooke is your guide to leadership and communication, helping you craft a workplace environment you can feel good about. She’ll share tips to help you balance your work and personal life, effectively invest your time, and be mindful about where you’re devoting your energy. Let Rachel help you navigate your path to success—however you define it.
…
continue reading
A top podcast for healthcare leaders, with over one million downloads, Radio Advisory is your weekly download on how to untangle the industry's most pressing challenges to help leaders like you make the best business decisions for your organization. From unpacking major trends in care delivery—like site-of-care shifts and the rise of high-cost drugs—to demystifying stakeholder dynamics, to shining a spotlight on priorities that may get overlooked, we're here to help. Our hosts and seasoned r ...
…
continue reading
Wharton faculty and industry leaders discuss their latest research, books, and relevant business topics. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Business tips for startups by proven entrepreneurs
…
continue reading
Hear the stories, learn the proven methods, and accelerate your growth and future through entrepreneurship. Welcome to The Foundr Podcast with Nathan Chan. About the show: For over a decade, The Foundr Podcast with Nathan Chan has been a leading entrepreneurship podcast for open-book conversations with, by, and for founders. Whether you're starting, building, or dreaming about your business, The Foundr Podcast is where you can access experienced founders who've been in your shoes to learn th ...
…
continue reading
T
The Influence Factor by The Influencer Marketing Factory
1
The Influence Factor by The Influencer Marketing Factory
The Influencer Marketing Factory
37k130
Alessandro Bogliari, CEO and Co-Founder of The Influencer Marketing Factory, a global influencer marketing agency, talks with great guests about influencer marketing, social media, the creator economy, social commerce and much more.
…
continue reading
Custom Manufacturing Industry podcast is an entrepreneurship and motivational podcast on all platforms, hosted by Aaron Clippinger. Being CEO of multiple companies including the signage industry and the software industry, Aaron has over 20 years of consulting and business management. His software has grown internationally and with over a billion dollars annually going through the software. Using his Accounting degree, Aaron will be talking about his organizational ways to get things done. Hi ...
…
continue reading
Some Goodness is hosted by Richard Ellis, a seasoned sales leader passionate about inviting top business minds to share their wisdom. Each episode is only 15-20 minutes, perfect for your commute or workout.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
