shesaidprivacyhesaidsecurity

Joe Toscano is the Founder and CEO of DataGrade, a technology company helping companies discover, analyze, and manage data privacy risk. He has advised US Attorney Generals on Facebook and Google antitrust cases, helped shape privacy law across multiple states, and worked with large organizations such as the World Economic Forum.

In addition to his work at DataGrade, Joe was featured in the Netflix documentary The Social Dilemma, and he is an international keynote speaker known for his TEDx Talk “Want to Work for Google? You Already Do.”

Joe is also Senior Fellow at The Diplomatic Courier and a contributing author for Forbes.

In this episode…

Privacy and social engineering have become deeply integrated into modern society. The average person is unaware of the complex systems around them every day — privacy risk management has become a necessity for businesses and people alike. So what should everyone know as the world enters a new age of data?

The best start is awareness. Thanks to documentaries such as The Social Dilemma, people are looking into their relationship to data and privacy. For businesses, more privacy and strategy is required.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels are joined by Joe Toscano, the CEO and Founder of DataGrade, to talk about technology and privacy in personal and corporate settings. They break down Joe’s role in The Social Dilemma, discuss his TED Talk, what DataGrade does, and what people should know about their own everyday privacy.

Ben Brook is the CEO and Co-founder of Transcend, a company helping the world’s largest companies control their data by simplifying compliance, unlocking strategic growth, and improving business resilience.

Prior to co-founding Transcend, Ben studied computer science, astrophysics, and neuroscience at Harvard University. Originally from Toronto, Canada, he is a passionate and award-winning filmmaker.

In this episode…

Privacy compliance is a necessity for businesses, but can often be a hindrance. It requires time, attention, money, and knowledge to keep up with regulations and track data effectively. Some platforms can make this process easier, but how do you select the right one?

The list of vendors is steadily growing as privacy becomes an increasingly pressing issue. Choosing the right one can simplify and clarify everyday processes. Even while working with a quality platform, there is still much to know for managing and improving your privacy. For both issues, it’s best to learn from the experts.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Ben Brook, the CEO and Co-founder of Transcend, about selecting and utilizing privacy software. They discuss essential criteria for programs, adapting to regulatory environments, and breaking down the issues with privacy and generative AI.

Jamal Ahmed is a Global Privacy Consultant at Kazient Privacy Experts and has been dubbed the "King of Data Protection" by the BBC. He is a passionate advocate for privacy rights and is the acclaimed author of the international #1 bestselling book The Easy Peasy Guide to the GDPR. He has transformed the complex world of data compliance into an accessible subject for everyone.

In this episode…

Privacy affects all fields of technology and business, but specializing in the subject can be particularly difficult. Privacy experts work tirelessly every day to not only help their clients, but stay current with new information. While some knowledge is essential for most jobs, more depth is required to be a master.

This barrier to entry has kept some from pursuing a career in privacy. Additionally, many current professionals can feel overwhelmed by the ever-growing scale of the subject. So how can you dive deeper into privacy and progress in the field?

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Jamal Ahmed, a privacy expert and consultant, to discover the best tips to enhance your privacy practice. The three discuss common misconceptions, understanding the current privacy landscape, essential skills for the field, and building a supportive community. Lastly, they unveil the quintessential trait needed to excel in privacy.

Chris Voss is the CEO and Founder of The Black Swan Group, an organization that teaches strategies found in hostage negotiations and applies them to the business world. He is also the best-selling author of the book Never Split the Difference: Negotiating As If Your Life Depended On It.

Prior to 2008, Chris was the Lead Negotiator for the FBI International Kidnapping Response as well as the FBI’s hostage negotiation representative for the National Security Council’s Hostage Working Group. During his career, he also represented the U.S. government as an expert in kidnapping at two international conferences sponsored by the G8.

In this episode…

Negotiation is a specialized yet universally useful skill. Even mundane conversations are filled with requests, persuasion, and deliberation. The basics are learned intuitively, but for more serious circumstances, more is required.

Hostage situations are the most dire instance of negotiation. Experts are equipped to handle these scenarios with care and precision, pulling from thorough training and prior experience. In our digital world ransomware is also a hostage situation only your IT network is the hostage!! These advanced principles are incredibly useful for emergencies and day-to-day life alike. Now you can learn directly from a real-world ransomware example of how high-level negotiation works in practice.

In this episode of She Said Privacy/He Said Security, Justin and Jodi Daniels are joined by Chris Voss, the CEO and Founder of The Black Swan Group, to share the concepts of high-stakes negotiations. They walk step-by-step through Justin’s ransomware negotiation for a hostage IT network and how he applied Chris’ principles to great success. They also discuss how to handle timelines, good questions for negotiations, and the best negotiation tip for privacy and security professionals.

Karen McGee is the Chief Privacy Officer at Levi Strauss & Co., overseeing its privacy program and upholding the company’s principles. She specializes in translating intricate legal frameworks into manageable and legible systems.

Karen’s preceding career includes Managing Privacy Counsel at Intel, CPO at LifeLock and General Counsel at ID Analytics. She was honored with the In-House Legal Adviser of the Year Award at the Women in Law Awards by Lawyer Monthly.

In this episode…

Company values can be taken for granted, but they hold the potential for so much more. When followed and honored correctly, corporate values can define a business. It can bring respect, trust, and even success by maintaining internal and external consistency.

Few corporate sectors are as strongly influenced by company values as privacy and security. There is a long history of brands breaking consumer trust and suffering the consequences. It’s a complex topic, requiring agile changes and rigorous supervision. It can be illuminating to look toward companies that have paved the way and set a good example.

In this episode of She Said Privacy/He Said Security, Justin and Jodi Daniels are joined by Karen McGee, the Chief Privacy Officer of Levi Strauss & Co., to discuss how Levi’s corporate values apply to its privacy program. They go over AI use cases, new SEC rules on cybersecurity, privacy policy, and how to develop a quality program. They also talk about Karen’s career journey and her advice for other practitioners.

Olivia Rose is the Founder of Rose CISO Group, which offers virtual chief information security officer services, including assessments, boardroom and leadership communications, and event presentations. She has over 22 years of experience in the industry and has served as the CISO for Amplitude, Mailchimp, and QloudSecure. Before founding Rose CISO Group, Olivia sat on the board of directors at Cyversity, a nonprofit dedicated to increasing diversity in cybersecurity. Olivia has also shared her knowledge and expertise as a faculty member and advisor at IANS, a leading security insights and support provider.

In this episode…

A chief information security officer is vital to protecting an organization from cyber threats. However, the role has become a watered-down casual term — many people wear the title, but need more training and qualifications.

Veteran security professional Olivia Rose asserts that in-house CISOs are expensive resources. Instead, organizations can benefit from outsourcing virtual CISOs, as they are cost-effective, offer an objective viewpoint, and provide higher expertise. In addition to experience and certifications, Olivia maintains that security experts can stay current on trends and jargon by using online educational platforms like Coursera and YouTube. Olivia also recommends taking an introduction to marketing, as it helps them effectively convey messages. 

In this episode of the She Said Privacy/He Said Security, Jodi and Justin Daniels interview Olivia Rose, Founder of Rose CISO Group, about the role of a virtual chief information security officer. Olivia discusses burnout in the security profession, the qualifications and responsibilities of a vCISO, and who benefits from CISO services.

Brian Haugli is the Co-founder and CEO of SideChannel, a cybersecurity company that provides cyber risk assessment and ensures cybersecurity compliance for mid-sized organizations. He is a 20-year industry veteran who’s led programs for the Department of Defense, the Pentagon, the Intelligence Community, and Fortune 500 companies. 

With expertise in NIST guidance, threat intelligence implementations, and strategic organization initiatives, Brian is a sought-after speaker and the host of the #CISOlife podcast and YouTube channel. Brian also co-authored Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework, an analysis of cybersecurity risk planning and management principles.

In this episode…

Public and private companies should prepare to meet SEC regulations with the new cybersecurity rules set to take effect in December. However, with cybersecurity assessment costs starting at six figures, how can small and mid-sized companies maintain compliance?

Organizations that lack the resources of larger corporations can reduce costs by securing an information security consultant. These consultancies develop customized compliance programs to identify specific cybersecurity risks and recommend cost-effective strategies. For companies that adopt this type of service, cybersecurity expert Brian Haugli suggests retaining a CISO for at least 80 hours per month. During this time, a CISO should be able to formulate risk management solutions including acceptance, mitigation, and transfer.

In this episode of the She Said Privacy/He Said Security, Jodi and Justin Daniels interview Brian Haugli, CEO of SideChannel, for an in-depth conversation about cybersecurity. Brian discusses the inspiration behind SideChannel and its mission, how mid-size companies can afford to retain a CISO, and procedures for navigating ransomware demands.

Aaron Weller is the Leader of the Global Privacy Engineering Center of Excellence at HP, an international IT company developing personal computers, printers, and 3D printing solutions. Aaron provides technical leadership for privacy engineering, enablement, and experience for HP’s global operations. 

As a seasoned privacy and information security veteran, Aaron has offered his knowledge and experience as a department head for various companies, including PwC and Blueprint. He is also a Co-founder of both Concise Consulting and Ethos Privacy, a consulting firm offering privacy strategies. Aaron is a sought-after thought leader who’s presented at national and international conferences and universities. He’s also been quoted in mainstream publications, including The Wall Street Journal and Forbes.

In this episode…

Privacy engineering is an emerging field of engineering. What is the role of this profession, and how can companies benefit from their expertise?

Seasoned information security professional Aaron Walker  explains the categories of privacy engineering include user experience, design infrastructure, software development, and privacy-enhancing technologies. PETs are tools and techniques that help companies and individuals control and protect their personal information — they can be used to encrypt data, anonymize individuals, and control access to information. Privacy engineers have various responsibilities, such as implementing systems that provide acceptable levels of privacy. Aaron advises that smaller organizations can integrate privacy engineers by educating existing engineers to build their system development lifecycle process.

In this episode of the She Said Privacy/He Said Security with Jodi and Justin Daniels, Aaron Weller, Leader of the Global Privacy Engineering Center of Excellence at HP, expounds on privacy engineering, PETs, and information security. Aaron discusses the integration of AI and privacy engineering, how companies can implement privacy-enhancing technologies, and offers advice to aspiring engineers.

Dr. Emre Kazim is the Co-CEO and Co-founder of Holistic AI, an AI governance, risk, and compliance (GRC) start-up focusing on software for auditing and risk management of AI systems. His PhD in philosophy and undergrad in science cleared a path for his role as a Research Fellow at the University College London’s computer science department. Dr. Kazim explains that curiosity, exploration, and experimentation helped him enter the AI space.

In this episode…

Artificial Intelligence is a tool that has already revolutionized many aspects of our lives. As AI systems become more sophisticated, ethical implications become an increased concern. So how can we, as developers and users, ensure the systems are used safely, ethically, and responsibly?

Dr. Emre Kazim explains how implementing policies and procedures, also known as AI governance, is one solution to protect AI integrity. AI governance includes addressing privacy, safety, and bias. While some organizations have created their own internal policies, others have adopted frameworks developed by governments or industry groups. When drafting AI governance policies, some general policies to consider are transparency, accountability, fairness, and explainability — meaning AI systems should aim to be explainable, so users can understand how it works.

Listen to the She Said Privacy/He Said Security Podcast as Jodi and Justin Daniels welcome Dr. Emre Kazim, Co-CEO and Co-founder of Holistic AI, to discuss AI governance and AI responsibility. Dr. Kazim explains the meaning of AI governance and why companies need it, the challenges organizations face using AI, his best privacy and security practices, and more.

Robin Andruss is the Chief Privacy Officer at Skyflow, a privacy data vault dedicated to isolating, protecting, and governing sensitive data. Robin has 20 years of experience as a protection leader in the privacy, risk, audit, finance, strategy, and compliance space. She is a sought-after speaker on privacy, technology, and leadership. Additionally, Robin is a privacy tech advisor and sits on the Advisory Board of emerging tech startup Evident ID and is part of the Privacy Engineering group advisement team for Data Protocol.

In this episode…

With the combination of personal electronic devices, swift Wi-Fi and 5G, we can purchase medicine, airline tickets, and check our payslips online. As convenient as technology is, it can also be a curse, considering our personal data is at risk anytime we make online transactions. So, what can we do better to safeguard our private information?

Like all technology, improvements in privacy are ever-evolving. But it’s important to understand the types of privacy risks that exist to understand how to protect our data. 

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Robin Andruss, the Chief Privacy Officer at Skyflow, to discuss the current challenges privacy faces. Robin, along with Jodi and Justin, discusses AI in the privacy space, building scalable privacy programs, and the overlapping of privacy and security in data breaches.

Andrew Hopkins is the President of PrivacyChain, a data security platform that encrypts each data record with a unique key, making it useless for hackers. Andrew believes that data security should start from the data itself and not from the perimeter. With his team of innovators at PrivacyChain, he is challenging the status quo and creating a safer online environment.

In this episode…

Data security and privacy are becoming more challenging in the digital age, especially with the rise of AI and data security threats. How can you protect your data from cybercriminals and AI-associated privacy breaches? How can you manage your data at a granular level without compromising its quality and usability?

PrivacyChain offers a modern data security and privacy solution. It can prevent breaches, leaks, and tampering by ensuring that only authorized users can access and edit the data. PrivacyChain can also protect data from AI-generated threats by verifying its source and authenticity. Through distributed data management, you can store your data in centralized locations.

In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Andrew Hopkins, the Founder of PrivacyChain, to talk about data encryption, control, and management. Andrew shares his insights on data security, privacy, AI, and how PrivacyChain can help safeguard your data.

Krista Hollingsworth is the Chief Revenue Officer at Consilien, a managed services security solutions provider helping organizations protect their data from cyber attackers. In her role, she creates a security awareness culture through an integrated approach to cybersecurity awareness training for employees. Krista is also the CEO of Boutique Marketing Group, a digital marketing company providing mid-size B2B businesses with content, strategy, and lead-generating sales funnels.

In this episode…

Traditionally, organizations have relied on cyber insurance to protect against attacks. But as marketing and technology have become more elaborate, ransomware has intensified, leading to a 79% increase in cyber premiums. How can you develop a calculated security approach that addresses compliance and risks?

As Krista Hollingsworth observes, cybercriminals are skilled marketers, with 82% of attacks involving human elements. Additionally, Krista predicts that the emergence of AI chatbots will lead to sophisticated voice phishing attacks, so businesses should implement two-factor authentication and other verification systems for maximum protection. Managed security service providers such as Consilien help businesses create and manage cybersecurity programs.

In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels invite CRO of Consilien, Krista Hollingsworth, to speak about the role of managed security services providers in developing cyber programs. Krista shares how the cyber sales cycle has evolved since the rise of ransomware, how AI could lead to voice phishing attacks, and advice for strengthening your passwords.

Jules Polonetsky is the CEO of the Future of Privacy Forum, a nonprofit organization advancing principled data practices to support emerging technologies. FPF is supported by more than 180 leading companies and foundations. Jules has led the development of numerous codes of conduct and best practices and assisted in drafting data protection legislation.

He is an IAPP Westin Emeritus Fellow, the 2023 recipient of the IAPP leadership award, and the Co-editor of The Cambridge Handbook of Consumer Privacy. With 30 years of experience in consumer protection, Jules has served as Chief Privacy Officer at AOL and DoubleClick, a consumer affairs commissioner for New York City, and an elected New York State Legislator.

In this episode…

The emergence of ChatGPT and other AI chatbots has added another layer to the convoluted privacy landscape, further solidifying the need for comprehensive regulations. So what should corporations and lawmakers consider when protecting consumer and public privacy?

Companies often have a superficial understanding of customer data, lacking consideration for the nuances and categories of each set. But ChatGPT has introduced additional bias, which can lead to legal consequences. Privacy law advocate Jules Polonetsky says that to ensure AI remains compliant, organizations must apply data protection laws to public data sets. The Future of Privacy Forum offers a collaborative space to create and enforce policies and resolve pressing issues in the space.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome CEO of the Future of Privacy Forum Jules Polonetsky to discuss AI’s privacy ramifications. Jules explains how to incorporate AI into global data protection laws, privacy’s nuances and industry developments, and how to protect privacy when using AI chatbots.

Gary Kibel is a Partner at Davis+Gilbert LLP, a law firm serving various industries and sectors including real estate, financial services, hospitality, and technology. In his role, he counsels clients on new media and advertising law, privacy and data security, and information technology. As a Certified Information Privacy Professional (CIPP), Gary advises providers of information technology services and customers for products and services regarding complex technology and intellectual property issues. Before Davis+Gilbert, he was an Information Systems Analyst at Merrill Lynch.

In this episode…

With ad tech rapidly advancing and the US passing contradictory privacy laws in various states, compliance is not a universal approach. Instead, conformity requires companies to have a keen understanding of ad tech and data exchanges within the industry. So how can you develop an approach that encompasses ad tech’s multifaceted components? 

As a privacy law council on digital media, Gary Kibel understands the challenges businesses face managing differing standards, information-sharing, opt-outs, and targeted advertising. He states that by evaluating data types, you can determine which requirements apply to each use case. When implementing compliance features on websites, corporations often deploy cookie banners as a primary solution. But this requires thorough consideration for disclosure requirements, opt-outs, and performance and must be integrated with additional approaches.

In today’s episode of She Said Privacy/He Said Security, Davis+Gilbert’s Partner, Gary Kibel, joins Jodi and Justin Daniels for a discussion on advertising technology privacy laws. Gary shares key takeaways from his IAPP Global Privacy Summit presentation, how to comply with conflicting US privacy laws, and how businesses should consider cross-contextual opt-outs. 

Jodi Daniels is the Founder and CEO of Red Clover Advisors, a boutique data privacy consultancy and one of the few certified Women’s Business Enterprises focused solely on privacy. Since its launch, Red Clover Advisors has helped hundreds of companies create privacy programs, achieve GDPR, CCPA, and US privacy law compliance, and establish a secure online data strategy that their customers can count on.

Jodi is a Certified Informational Privacy Professional (CIPP/US) with over 20 years of experience helping businesses — from solopreneurs to multinational companies — in privacy, marketing, strategy, and finance roles. She has worked with numerous companies throughout her corporate career, including Deloitte, The Home Depot, Cox Enterprises, Bank of America, and many more. Jodi is also a national keynote speaker, a member of the Forbes Business Council, and the co-host of the She Said Privacy/He Said Security podcast. 

Justin Daniels is a cybersecurity subject matter expert and business attorney who helps his clients implement strategies to better manage and recover from data breaches. As outsourced general counsel for Baker Donelson, Justin advises executives on how to successfully navigate cyber business and legal concerns related to operations, M&A, incident response, and more.

In 2017, Justin founded and led the inaugural Atlanta Cyber Week, where multiple organizations held events that attracted more than 1,000 attendees. Justin is also a TEDx and keynote speaker and the co-host of the She Said Privacy/He Said Security podcast with his wife, Jodi.

In this episode…

ChatGPT is an international sensation, with businesses utilizing it for content creation, debugging, translation, and writing code. But this AI tool is still unregulated, raising privacy and security concerns regarding data input. Since ChatGPT is easily accessible to the public, what should you consider before implementing it, and how can you mitigate the associated risks?

When adopting ChatGPT for your company, Certified Privacy Professional Jodi Daniels says you should evaluate the tool by conducting due diligence on potential use cases. For instance, a marketing department may want to acquire consumer insights involving personal information. Developing a policy to assess data types and functions, train and educate employees about risks, and regulate information sharing eliminates bias and privacy infringements. 

On this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels share their thoughts on ChatGPT’s privacy and security implications. Together, they address the current and future state of AI ethics, the importance of ChatGPT regulations in the absence of federal privacy law, and how businesses can protect sensitive data when employing ChatGPT.

`Amy Chipperson serves as General Counsel for Axtria, a global provider of cloud software and data analytics to the life sciences industry. In her role, she manages a team of attorneys in the US and Mexico who are responsible for drafting and negotiating various complex IT outsourcing agreements, including Cloud and SaaS. Amy is also responsible for mergers and acquisitions, maintaining corporate compliance, and implementing GDPR regulations.

In this episode…

The privacy and security landscape is intricate and layered, with companies often managing multiple priorities simultaneously, including consumer trust and national and global regulations. How can you craft a program that addresses each aspect while remaining informed?

General counsel Amy Chipperson affirms that companies should adopt a holistic approach to privacy and security to develop a program that satisfies various needs, goals, and requirements. Given that privacy laws are volatile, you must pivot effectively to maintain compliance. Amy urges being proactive and conducting extensive research into evolving regulations to adapt your strategies accordingly. 

Axtria’s General Counsel Amy Chipperson joins Jodi and Justin Daniels on this episode of She Said Privacy/He Said Security to discuss how businesses can develop privacy and security programs in a changing environment. Amy also talks about privacy and security’s effects on data analytics, maintaining compliance amid fluid regulations, and how a common-sense approach to privacy guarantees customer trust.

Arlo Gilbert is the Founding CEO of Osano, a leading data privacy platform that simplifies compliance by helping organizations build, manage, and scale their privacy programs. As a high-growth technology leader, he has over 25 years of experience building new SaaS startups and positioning them in industries, including telecommunications and digital health. Arlo has bootstrapped a tech startup from $0 to $50 million in annual recurring revenue and invented and patented voice commerce

In this episode…

Historically, businesses lacked an adequate understanding of the exigency of privacy programs. But with multiple states passing nuanced laws, privacy by design is more crucial than ever. So how can you develop a reliable privacy program to remain compliant?

Arlo Gilbert maintains that the foundational component of any privacy program is cookie policies. Businesses can leverage privacy SaaS platforms to build programs from scratch — starting with cookies and progressing to rights management, vendor and risk assessments, and disclosure, security, and consent associated with compliance. Osano allows problem-solving entrepreneurs to find innovative solutions to data sharing.

Tune in to this episode of She Said Privacy/He Said Security as Jodi and Justin Daniels sit down with Arlo Gilbert, Founding CEO of Osano, to discuss how SaaS platforms can help companies build compliant privacy programs. Arlo also talks about how AI is advancing privacy SaaS platforms, the types of organizations developing privacy programs, and how Osano helps companies manage privacy.

Al Saikali is a Partner at Shook, Hardy & Bacon, LLP, where he founded and serves as chair of the law firm’s privacy and data security practice. In his role, he directs breach response efforts, represents companies in litigation, and counsels organizations on the various laws governing sensitive information. Under Al’s leadership, Legal 500 has named Shook, Hardy & Bacon a Top Cyber Law Firm. He has also been ranked by Chambers USA as a national leader in privacy and data security law for four consecutive years. 

In this episode…

As advertising technology evolves, many websites are embedded with pixels that gather and transmit user information to third parties. Yet the emergence of a private right of action has elicited class action lawsuits regarding wiretapping and information sharing. So how can you avoid such lawsuits and reduce risks?

According to Al Saikali, class action lawsuits often transpire due to a lack of communication between internal departments and external stakeholders. There’s a significant knowledge barrier between marketing, IT, and law, so transparent education is crucial in identifying privacy breaches. When you understand how this technology functions, you can implement privacy controls to limit information sharing. Al also suggests placing pop-up disclosures and consent notices on your website and acquiring cyber insurance to protect against risks.

Shook, Hardy & Bacon’s Partner Al Saikali joins Jodi and Justin Daniels on this episode of She Said Privacy/He Said Security to discuss the emergence of class action lawsuits for website pixels. Al also explains the evolution and current state of Florida’s privacy laws, the common types of privacy litigation cases, and how to mitigate risks associated with class action lawsuits.

Mike Gustafson is the President of Search Discovery, a data transformation company that helps organizations transform by executing data strategies to achieve desired business outcomes. As a leader and senior executive, he has experience leading professional services and technology teams. Mike has also created and implemented solutions for multiple industries including nonprofits, consumer products, and financial services. Before Search Discovery, he held various partner roles at Rosetta.

In this episode…

In the era of digital marketing and advertising, data privacy is a growing concern, and companies must recognize the implications of data collection to comply with emerging regulations. But a data privacy compliance survey of 300 businesses reveals that in some industries, approximately 93% of these companies lack restrictions around data collection. So how can you safeguard consumer data?

According to data analytics expert Mike Gustafson, many organizations lack an adequate understanding of the data they’ve gathered. Acknowledging privacy regulations requires developing a proactive data collection strategy that addresses objectives for usage, variety, and management. Businesses should only gather relevant information to personalize and streamline the customer experience, so holistic privacy programs involving the entire organization are essential. 

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Mike Gustafson, President of Search Discovery, about transforming how corporations collect and utilize consumer data. Mike shares why companies should consider end-to-end data transformation, the challenges of data privacy compliance, and how companies respond to Google Analytics regulations.

Caitlin Fennessy is the VP and Chief Knowledge Officer at the International Association of Privacy Professionals, the largest privacy association in the world facilitating conversations, debates, and collaboration among key industry leaders and organizations.

In her role, she leads the research team in developing content that helps privacy professionals understand the operational impacts of global data protection-related developments. Caitlin is a recognized privacy expert serving as an inaugural member of the UK International Data Transfers on the German Marshall Global Task Force to promote trusted data sharing.

In this episode…

With the US taking a fragmented approach to privacy laws, individual states are passing various regulations, and the likelihood of the ADPPA being passed seems unlikely. Meanwhile, data is becoming increasingly complex, and new technologies are emerging daily. So how are companies maintaining compliance in this evolving landscape, and what can you observe from their efforts?

According to Caitlin Fennessy, most companies recognize the elevated risks in the privacy landscape, and her organization’s governance survey reports a 12% increase in the size of privacy teams. AI poses one of the most significant risks in this space, so more than 50% of businesses have integrated AI governance guidelines with robust privacy programs. Caitlin says that the current regulatory ecosystem impacts these companies’ decisions significantly and that you should remain vigilant when sharing sensitive data and compare each state’s laws to stay abreast of new developments. 

VP and Chief Knowledge Officer at IAPP, Caitlin Fennessy, joins Jodi and Justin Daniels for this episode of She Said Privacy/He Said Security to talk about how privacy risks inform federal privacy legislation. Caitlin also explains the key takeaways from privacy violation fines, how privacy has evolved, and current industry trends.