Show cover of She Said Privacy/He Said Security

She Said Privacy/He Said Security

This is the She Said Privacy / He Said Security podcast with Jodi and Justin Daniels. Like any good marriage, Jodi and Justin will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

Tracks

AdTech Confidential: Mastering Vendor Due Diligence and Privacy with Richy Glassberg
Richy Glassberg is the CEO and Co-founder of SafeGuard Privacy, a company established in 2019 to help businesses manage privacy compliance with effectiveness and efficiency. He is a digital media veteran with more than 25 years of experience. Richy has led seven startups and held executive roles at renowned brands and businesses, such as CNN, MTVN, and Turner Broadcasting. In this episode… Every professional sector benefits from its regulatory and professional organizations, which hold any given industry up to higher standards and harmonize processes. As concerns over privacy and security intensify, so does the need for these types of organizations to offer support.  For digital marketing, the Interactive Advertising Bureau (IAB) plays a pivotal role by championing the interests of media and marketing professionals in the modern era. Navigating compliance remains a burning issue, and many companies are lost on how to address it. That’s why the IAB partnered with SafeGuard Privacy on the IAB Vendor Diligence platform to help make it easier for companies to perform vendor due diligence. Now you can learn from leading organizations and experts on what it takes to stay ahead of the curve. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Richy Glassberg, Co-founder and CEO of SafeGuard Privacy, on ad tech, compliance, and the IAB’s role. They delve into Richy’s extensive career in media, tackle pressing compliance issues in digital advertising, explore the impact of Demand Side Platforms (DSPs), and discuss the future trajectory of the industry.
40:52 5/16/24
Offensive Cybersecurity Strategies with Bryson Bort
Bryson Bort is the CEO and Founder of SCYTHE, a threat emulation platform. He is Co-founder of GRIMM, a cybersecurity consultancy and ICS Village, a 501c3 for industrial control security systems. He is recognized as a Top 50 in Cyber by Business Insider and SANS Difference Maker Awards’ Innovator of the Year. In this episode… Any security or privacy protocol comes with a plan, and every plan fits into a larger strategy. Coordinating a large-scale strategy while maintaining the finer details is more complicated than it sounds. It helps to have professionals experienced not only in security, but also in strategy in general. Bryson Bort has translated much of his military experience into cybersecurity. His team-forward, offensive mindset has been the foundation of his consulting service and the SCYTHE tool. This framework has proven useful for many notable companies, and it could also work in your arsenal. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Bryson Bort, the CEO and Founder of SCYTHE, to discuss his offensive cybersecurity strategy. They talk about the issues with training, the problems SCYTHE solves, learning about ransomware, and his previous work with Target. They also touch on Bryson’s process for grabbing and keeping attention.
34:10 5/9/24
The CISO and The SEC Cyber Regulations and Their Impact on Privacy and Security
Svetlana Braunscheidel is the General Counsel and VP of Operations at PNG Cyber, a forensic investigations and remediation business. In her role, she deals in digital forensics, incident response, threat actor communications, and cyber risk compliance services. Her previous experience spans executive operations, business development, and national security fields as a legal expert. In this episode… Cybersecurity is more than a corporate issue, bleeding directly into ever-evolving federal and state legislation. Legal protections can be immensely beneficial, but can also be equally confusing and opaque. As new SEC rules and regulations are put into place, how should businesses best adapt? Svetlana Braunscheidel is a professional privacy and security expert who helps companies navigate these exact issues. Her advice includes nimble action, keeping up with trends, and utilizing the knowledge of other experts to ensure compliance. In this episode of She Said Security/He Said Privacy, Jodi and Justin Daniels speak with Svetlana Braunscheidel, the General Counsel and VP of Operations at PNG Cyber, on the topic of cybersecurity after new SEC regulations. The three touch on current laws and recent additions, how these changes affect privacy, and what businesses should do to respond.
27:40 5/2/24
Strategies for Privacy Professionals in the Boardroom With Judy Titera
Judy Titera is the owner of J Titera Solutions, where she provides privacy and security consulting services. She is also a faculty member of IANS Research and serves as Independent Director on the Mitsui Sumitomo Transverse Insurance board. Judy retired from USAA, where she served as the Chief Privacy Officer. She now spends her free time participating in professional and speaking engagements. In this episode… In a vacuum, privacy concerns are a simple matter of ethics and logistics. In reality, the structure of most businesses makes privacy a far more complex topic. With so many executives and experts involved in implementation, how can you communicate effectively? For companies with a board of directors, speaking with boardrooms is a key opportunity to make your voice heard. Talking with executive leadership requires tact, skill, and knowledge. If you learn from professionals who have been in the same situation, you can have an advantage in communicating. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels have an informative conversation with Judy Titera, Owner of J Titera Solutions, about privacy professionals in the boardroom. They discuss key strategies, why healthy working relationships are so vital, and what privacy success looks like. Judy discusses her career and explains how she was able to become involved with various boards of directors.
31:11 4/25/24
Pixel Litigation, Ad Tech, and Digital Advertising Privacy With Alysa Hutnik
Alysa Hutnik is the Chair of the Privacy and Information Security practice at Kelley Drye. She is one of the nation’s leading ad tech attorneys, active in the industry, and well-versed in the unique legal challenges faced by advertisers and data-focused companies.  Alysa has spent the past two decades working with and growing Kelley Drye & Warren LLP, an Am Law 200 law firm of more than 350 lawyers and other professionals across the US. In this episode… Advertisers have a host of new and advanced tools to better target their audience. While this is a lucrative opportunity for companies, many of them utilize data closely tied to privacy concerns. The line is growing increasingly thin between ethical and unethical usage. How can both companies and consumers stay safe in the process? Experts in the field work tirelessly to keep up with technology and legislation. As litigation unfolds, the future of ad tech is being decided in real time, necessitating the help of legal experts who have a firm grasp of this rapidly shifting environment. Here are some of the most crucial pieces to the puzzle. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Alysa Hutnik, the Chair of the Privacy and Information Security practice at Kelley Drye & Warren LLP, to discuss pixel litigation and ad tech. They break down what is currently happening in the courts, common mistakes companies are making, and the complications introduced by AI in advertising.
24:11 4/18/24
Building Privacy Programs for Global Businesses
Jordan Smith is the VP of Privacy Compliance for Peloton Interactive and is responsible for their global privacy program. Before joining Peloton, Jordan built compliance and global data privacy programs for startups as well as publicly traded companies.  Jordan’s resumé includes the development of policies for regulatory oversight, data privacy, fraud, brand safety, and social responsibility. He is a member of the International Association of Privacy Professionals and is a Certified Information Privacy Professional for the United States. In this episode… In the modern era, patchwork privacy regulations and policies are insufficient for the increasing demand and constant changes. Having a robust program is essential, but for larger businesses, this grows exponentially more difficult to build. On a global scale, the proposition can be outright exhausting. For these large corporations, elite privacy experts are putting their minds together to keep up with the changing tides. Companies such as Peloton deal with personal information, health data, financial details, and much more. Learn directly from professionals to see how they handle all of these variables. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Jordan Smith, the Vice President of Privacy Compliance at Peloton, about building privacy programs on a global scale. They discuss how to work across several internal teams, handling unique privacy needs, and the greatest challenges facing professionals today.
35:25 4/11/24
Measuring Cybersecurity and Privacy With a Scorecard With Owen Denby
Owen Denby is the General Counsel of SecurityScorecard, a late stage VC backed cybersecurity company. He is a veteran of SaaS technology startups and a corporate M&A lawyer by training. Additionally, he is a Charter Member of TechGC — an independent, invitation-only, peer community for general counsels. In this episode… Every organization and business wants to increase their security, but how do you quantify the change? Security is a complex, multi-faceted topic where almost anything can go wrong. Many companies do their best, but have no clear measurement for how safe they and their customers truly are. For this reason, security experts can run thorough tests, and even simplify that analysis into a digestible and familiar medium. SecurityScorecard lives up to its name by providing a scorecard and offering risk management options. This approach can expose weaknesses and lead to a better understanding of your security needs. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels invite Owen Denby, General Counsel at SecurityScorecard, onto the show to learn more about quantifying cybersecurity. They discuss how the software measures risks, how new SEC regulations enter the equation, and regular pitfalls that companies face.
26:27 4/4/24
Privacy and Security Concerns in Data Retention With Bill Piwonka
Bill Piwonka is the Chief Marketing Officer for Exterro, a data risk management and privacy platform. Over the past 30 years, he has led marketing teams and initiatives spanning strategy, product marketing, product management, demand generation, and business development. As a semi-retired tech executive, he also spends his time as a philanthropist, mentor, and board member. In this episode…  Data has become an all-consuming subject in business, with modern technology affording a comprehensive view of all kinds of data. With data retention, information is easier to access now than ever, but that power comes with valid concerns and questions. So how can you mitigate such high levels of risk and complexity? Companies such as Exterro are working to keep a tighter rein on data retention and infrastructure. Topics of e-discovery, privacy, digital forensics, and data governance are vital for compliance and user security. Learn how these concerns are being addressed by leading professionals today. this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Bill Piwonka, the Chief Marketing Officer at Exterro, on the subject of data retention and how it relates to privacy. They go step-by-step through the pressing concerns, how companies like Exterro seek to help, how laws play into the equation, and keeping up with the lightning-fast pace of AI development.
35:23 3/28/24
Protecting Children’s Privacy in the Social Media Age With Titania Jordan
Titania Jordan is the Chief Marketing Officer and Chief Parent Officer of Bark Technologies, an online safety company that helps nearly seven million kids stay safe online and in real life. She is a renowned thought leader on digital parenting, contributing to pieces in The Wall Street Journal, Forbes, The New York Times, Huffington Post, USA Today, and many more. Titania is the author of Parenting in a Tech World, a bestseller featured in the 2020 documentary Childhood 2.0. She founded Parenting in a Tech World, a Facebook group of more than 450,000 members where parents discuss raising kids in the digital age. In this episode… Privacy is already a pressing issue for the general population, but the topic is exponentially important for children. Kids have unprecedented access to the internet and all the dangers it entails. Combined with the advent of AI in the mainstream, parents need to be more careful than ever. Fortunately, there are people helping make the internet safer for children. Companies like Bark Technologies offer comprehensive parental controls that get to the heart of the problem. For children to thrive, they need more protections for their safety and their privacy. Parents need to be aware of the issues in modern society and what they can do to counteract them. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Titania Jordan, the Chief Marketing Officer and Chief Parent Officer of Bark Technologies, to discuss privacy and protection for children. They delve into the current dangers facing children online, how AI fits into the equation, and how Bark works to help. They also touch on the importance of digital citizenship and how the law applies to children’s privacy.
34:26 3/21/24
The Essentials of Privacy Engineering With Jay Averitt
Jay Averitt is the Senior Privacy Product Manager and a Privacy Engineer at Microsoft. He began his career as a software engineer and also attended law school, practicing for 10 years as a corporate attorney specializing in software license agreements. Jay was exposed to privacy during his time as an attorney and has since become an expert in the field. In this episode… The privacy space is filled with litigation and ethical deliberation; much of the conversation is fixated on policy rather than the technical elements. However, the technical pieces are just as important and can sometimes fly under the radar. For privacy professionals, this is known as privacy engineering. The methodologies, tools, and techniques of privacy engineering help put ideas into motion. The field is rapidly evolving and is currently being defined by experts. With so much still left to figure out, what do you need to know about the topic? In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Jay Averitt, Senior Privacy Product Manager and Privacy Engineer at Microsoft, to discuss the key points of privacy engineering. The three discuss the burgeoning field, AI and security, working with companies, and collaboration across unique teams. They also talk about how to highlight the importance of privacy to others.
33:27 3/14/24
U.S. Privacy Law Models Across the States With Keir Lamont
Keir Lamont is the Director for U.S. Legislation at the Future of Privacy Forum. In this position, he supports research and independent analysis concerning federal, state, and local consumer privacy laws and regulations. His background includes privacy and policy positions at The Ohio State University’s Moritz College of Law and the Computer & Communications Industry Association. In this episode… In the United States, there is a constant tension between federal and state laws. The intersection of the two has been a constant source of consternation for many regulators and litigators over the years. This is especially true for privacy laws. As each state is defining and redefining their privacy regulations, it becomes more crucial than ever to stay on top of changes. These shifts are far from random — patterns emerge from states influencing others with their approach to privacy and data. Studying these movements can inform regulators and help prepare for the future — here is what the experts are saying on the matter. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Keir Lamont, the Director for U.S. Legislation at The Future of Privacy Forum, to learn more about privacy laws at the state level. They go through the unique trends, patchwork legislation, the precedent set by Washington’s My Health My Data Act, and what regulators should know going into the future.
45:29 3/7/24
New Technologies and Navigating Privacy Risk With Joe Toscano
Joe Toscano is the Founder and CEO of DataGrade, a technology company helping companies discover, analyze, and manage data privacy risk. He has advised US Attorney Generals on Facebook and Google antitrust cases, helped shape privacy law across multiple states, and worked with large organizations such as the World Economic Forum. In addition to his work at DataGrade, Joe was featured in the Netflix documentary The Social Dilemma, and he is an international keynote speaker known for his TEDx Talk “Want to Work for Google? You Already Do.” Joe is also Senior Fellow at The Diplomatic Courier and a contributing author for Forbes. In this episode… Privacy and social engineering have become deeply integrated into modern society. The average person is unaware of the complex systems around them every day — privacy risk management has become a necessity for businesses and people alike. So what should everyone know as the world enters a new age of data? The best start is awareness. Thanks to documentaries such as The Social Dilemma, people are looking into their relationship to data and privacy. For businesses, more privacy and strategy is required. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels are joined by Joe Toscano, the CEO and Founder of DataGrade, to talk about technology and privacy in personal and corporate settings. They break down Joe’s role in The Social Dilemma, discuss his TED Talk, what DataGrade does, and what people should know about their own everyday privacy.
39:09 2/29/24
Selecting and Leveraging Privacy Software and Generative AI’s Impact on Privacy With Ben Brook
Ben Brook is the CEO and Co-founder of Transcend, a company helping the world’s largest companies control their data by simplifying compliance, unlocking strategic growth, and improving business resilience. Prior to co-founding Transcend, Ben studied computer science, astrophysics, and neuroscience at Harvard University. Originally from Toronto, Canada, he is a passionate and award-winning filmmaker. In this episode… Privacy compliance is a necessity for businesses, but can often be a hindrance. It requires time, attention, money, and knowledge to keep up with regulations and track data effectively. Some platforms can make this process easier, but how do you select the right one? The list of vendors is steadily growing as privacy becomes an increasingly pressing issue. Choosing the right one can simplify and clarify everyday processes. Even while working with a quality platform, there is still much to know for managing and improving your privacy. For both issues, it’s best to learn from the experts. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Ben Brook, the CEO and Co-founder of Transcend, about selecting and utilizing privacy software. They discuss essential criteria for programs, adapting to regulatory environments, and breaking down the issues with privacy and generative AI.
39:41 2/22/24
Best Tips for Privacy Experts To Elevate Their Practice With Jamal Ahmed
Jamal Ahmed is a Global Privacy Consultant at Kazient Privacy Experts and has been dubbed the "King of Data Protection" by the BBC. He is a passionate advocate for privacy rights and is the acclaimed author of the international #1 bestselling book The Easy Peasy Guide to the GDPR. He has transformed the complex world of data compliance into an accessible subject for everyone. In this episode… Privacy affects all fields of technology and business, but specializing in the subject can be particularly difficult. Privacy experts work tirelessly every day to not only help their clients, but stay current with new information. While some knowledge is essential for most jobs, more depth is required to be a master. This barrier to entry has kept some from pursuing a career in privacy. Additionally, many current professionals can feel overwhelmed by the ever-growing scale of the subject. So how can you dive deeper into privacy and progress in the field? In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Jamal Ahmed, a privacy expert and consultant, to discover the best tips to enhance your privacy practice. The three discuss common misconceptions, understanding the current privacy landscape, essential skills for the field, and building a supportive community. Lastly, they unveil the quintessential trait needed to excel in privacy.
29:30 2/15/24
Expert Negotiation Tips When Your IT Network Is Held Hostage
Chris Voss is the CEO and Founder of The Black Swan Group, an organization that teaches strategies found in hostage negotiations and applies them to the business world. He is also the best-selling author of the book Never Split the Difference: Negotiating As If Your Life Depended On It. Prior to 2008, Chris was the Lead Negotiator for the FBI International Kidnapping Response as well as the FBI’s hostage negotiation representative for the National Security Council’s Hostage Working Group. During his career, he also represented the U.S. government as an expert in kidnapping at two international conferences sponsored by the G8. In this episode… Negotiation is a specialized yet universally useful skill. Even mundane conversations are filled with requests, persuasion, and deliberation. The basics are learned intuitively, but for more serious circumstances, more is required. Hostage situations are the most dire instance of negotiation. Experts are equipped to handle these scenarios with care and precision, pulling from thorough training and prior experience. In our digital world ransomware is also a hostage situation only your IT network is the hostage!! These advanced principles are incredibly useful for emergencies and day-to-day life alike. Now you can learn directly from a real-world ransomware example of how high-level negotiation works in practice. In this episode of She Said Privacy/He Said Security, Justin and Jodi Daniels are joined by Chris Voss, the CEO and Founder of The Black Swan Group, to share the concepts of high-stakes negotiations. They walk step-by-step through Justin’s ransomware negotiation for a hostage IT network and how he applied Chris’ principles to great success. They also discuss how to handle timelines, good questions for negotiations, and the best negotiation tip for privacy and security professionals.
41:15 2/8/24
How Levi’s Values Influences its Privacy Program With Karen McGee
Karen McGee is the Chief Privacy Officer at Levi Strauss & Co., overseeing its privacy program and upholding the company’s principles. She specializes in translating intricate legal frameworks into manageable and legible systems. Karen’s preceding career includes Managing Privacy Counsel at Intel, CPO at LifeLock and General Counsel at ID Analytics. She was honored with the In-House Legal Adviser of the Year Award at the Women in Law Awards by Lawyer Monthly. In this episode… Company values can be taken for granted, but they hold the potential for so much more. When followed and honored correctly, corporate values can define a business. It can bring respect, trust, and even success by maintaining internal and external consistency. Few corporate sectors are as strongly influenced by company values as privacy and security. There is a long history of brands breaking consumer trust and suffering the consequences. It’s a complex topic, requiring agile changes and rigorous supervision. It can be illuminating to look toward companies that have paved the way and set a good example. In this episode of She Said Privacy/He Said Security, Justin and Jodi Daniels are joined by Karen McGee, the Chief Privacy Officer of Levi Strauss & Co., to discuss how Levi’s corporate values apply to its privacy program. They go over AI use cases, new SEC rules on cybersecurity, privacy policy, and how to develop a quality program. They also talk about Karen’s career journey and her advice for other practitioners.
31:39 2/1/24
Breaking Down the Washington State My Health, My Data Act With Mike Hintze
Mike Hintze is a recognized expert in privacy and data protection with more than 20 years of experience in the field. He is a Member Partner at Hintze Law, a boutique firm that specializes in privacy and cybersecurity. Previously, Mike was the Chief Privacy Counsel at Microsoft, developing his expertise in data protection and privacy policy for over 18 years. He shares his knowledge as an Affiliate Instructor of Law at the University of Washington School of Law and a Senior Fellow of The Future of Privacy Forum. In this episode… Health data remains a pressing issue in the legal space, especially with the rapid advancement of cloud technology. Physical location is becoming less and less relevant as more data is stored away from the patients. Since Washington hosts such massive servers, they have found themselves in the sights of legislative action. The Washington My Health, My Data Act seeks to protect consumers both in the state and those whose data is collected there. Due to the scope of the Act, businesses and legal professionals are still working to understand the resulting nuances. How does this affect businesses and healthcare facilities? Which consents and requirements will be required? Most importantly, how does this tangibly help consumer privacy? In this episode of She Said Privacy/He Said Security Podcast, Justin and Jodi Daniels sit down with Mike Hintze to break down the Washington My Health, My Data Act. They define consumer health data, how it is designed to be protected, and the ramifications for institutions. They also walk through the most vital tips and advice to navigate the new legal parameters.
35:43 1/25/24
Updates and Changes in US State Privacy Laws for 2024 With Andrew Kingman
Andrew Kingman is the President of Mariner Strategies, a premier law firm where he specializes in privacy technology and cybersecurity issues in all 50 states at the legislative and Attorney General levels. As a public policy advocate with experience in compliance, Andrew brings a unique and substantive perspective to discussions on how to best increase consumer privacy protections while maintaining operational workability and cybersecurity protections for businesses. He is a nationally recognized thought leader in the field — in 2020, Andrew was one of 25 attorneys named to Massachusetts Lawyers Weekly Up & Coming Lawyers list. In this episode… The bustling year of 2023 saw the introduction, passage, and signing of various laws — many of which vary from US state to state. What were some of the year’s most significant regulations? Beyond the passage of privacy bills in seven red states, the passage of Washington state’s My Health, My Data Act was the most astonishing event for privacy lawyer Andrew Kingman. This act is the nation’s first privacy-focused law safeguarding personal health data not already covered by HIPAA. Because of this, Andrew warns that companies doing business with Washington state establishments should consider additional data compliance requirements, security measures, and consumer consent and rights. Since robust security measures are required to protect health and data, companies should be aware of the security standards and protocols outlined in the legislation and implement measures to prevent unauthorized access or breaches — all while respecting individual rights and ensuring transparent practices in obtaining and managing such consent. In today’s episode of the She Said Privacy/He Said Security Podcast, Justin and Jodi Daniels welcome Andrew Kingman to discuss integral changes in US State privacy law taking place in 2024. Andrew gives insight into the My Health, My Data Act, state legislature criteria for prioritizing certain bills, and why he’s a proponent of companies implementing data protection assessments.
35:16 1/18/24
Navigating Privacy Landscapes: US State Privacy Laws, UK Data Protection, and Cross-Border Transfers
Robert Bateman is a freelance writer who creates privacy and data protection content for blogs, emails, articles, websites, reports, and white papers. He’s been an industry advocate since 2017 and has interviewed leading figures in the privacy field, including Max Schrems and Johnny Ryan. As a thought leader, Robert is a sought-after speaker and panelist for online and in-person privacy conferences, events, and webinars. Because of his thirst for knowledge and passion for privacy, Robert began providing training and consultancy work in 2023. In this episode… The United States and the United Kingdom have different approaches to privacy and data protection. The US has a patchwork of state privacy laws, while the UK has one unified national data protection law. So how can US companies comply with UK data protection laws when transferring data to the UK? Data privacy and protection thought leader Robert Bateman explains that one of the main challenges is understanding the different requirements of US state privacy laws and UK data protection laws. For example, some US states mandate that companies obtain consent from people before collecting their personal information. In contrast, the UK data protection law does not require consent for all types of data collection. To mitigate the risk of fines and other penalties, US companies should examine their data collection and processing procedures to comply with both US state privacy and UK data protection laws. Companies should also seek the counsel of an experienced data privacy attorney to assist them in understanding their obligations and developing a compliance plan. Join Justin and Jodi Daniels in this episode of the She Said Privacy/He Said Security Podcast as privacy and data protection content creator Robert Bateman joins the show. Robert explains the challenges UK data privacy professionals face, the difficulties US companies encounter in understanding UK data transfer rules, and why ICO regulators should adhere to cookie compliance.
36:32 1/11/24
Decoding Quebec’s Law 25: What Companies Need To Know With Sharon Bauer
Sharon Bauer is a Lawyer and the Founder of Bamboo Data Consulting, a team of privacy consultants specializing in privacy, security, data strategy, and cutting-edge technology ethics work. As a consultant, she provides privacy solutions for various entities including retail, fintech, health, and education. Sharon is an expert in designing creative privacy programs solving hidden challenges for startups and international corporations. In addition to acting as a virtual chief privacy officer, IT World Canada named Sharon one of the Top 20 Women in Cybersecurity in 2022. In this episode… Quebec Law 25 is Quebec's privacy legislation, which applies to businesses or businesses collecting Quebec data. As a relatively new law, many companies need to know its governance framework. What are the critical concepts of Law 25, and how does it apply to company compliance? Privacy lawyer and consultant Sharon Bauer explains that companies should understand Law 25’s key components: governance, privacy officer, transfer impact assessment, transparency, and employment. However, this privacy legislation does not apply to B2B businesses. Regarding privacy officers, Quebecian CEOs must either appoint a PO or hold themselves accountable for compliance with Law 25. Additionally, companies must adhere to the transfer impact assessment or privacy impact assessment when data is transferred outside of Quebec, when acquiring personal information, or when overhauling electronic service delivery systems involving destroying personal information. Sharon warns that companies that fail to comply with Quebec’s Law 25 are subject to a $25 million fine. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Sharon Bauer, Founder of Bamboo Data Consulting, to examine Quebec’s Law 25. Sharon reflects on her career background, discusses the intersection of Law 25 and the GDPR, and Canada’s basis for Personal Information Protection and Electronics Data Act (PIPEDA).
33:21 1/4/24
The Paradigm of Adtech Privacy: Using Data Clean Rooms and Opt-In/Opt-Outs To Achieve Compliance
Noga Rosenthal is the Chief Privacy Officer and General Counsel at Ampersand, a data-driven TV advertising sales technology company. Noga possesses extensive expertise in developing and implementing comprehensive privacy programs and oversees the company’s privacy and legal initiatives. Before Ampersand, she served as Chief Privacy Officer at Epsilon, overseeing the company’s worldwide privacy, compliance, and regulatory activities. She also worked as General Counsel and Vice President for Compliance and Policy for the Network Advertising Initiative, where she managed the NAI’s compliance program and ensured that member companies upheld the promise of self-regulation for interest-based advertising. Noga is a member of the Women Leading Privacy Advisory Board of the International Association of Privacy Professionals and the IAB Federal Privacy Working Group. In this episode… The emergence of the adtech ecosystem has created a data-as-a-commodity paradigm that has given rise to privacy laws and regulations restricting targeted advertising and cookie usage. To integrate evolving technology tools with adtech privacy laws, what are some strategies to employ? Noga Rosenthal, an expert in adtech privacy law, asserts that alliances should be formed within the adtech industry. When teams learn from and communicate with each other, it helps to create transparency about data collection. Therefore, it becomes instinct to share information, obtain consumer consent or opt-outs, and collaborate with the Interactive Advertising Bureau and National Advertising Initiative. Another helpful source is the use of data clean rooms — a secure environment that enables organizations to merge data from multiple sources in order to analyze and share data while controlling how, where, and when it is used. Join Justin and Jodi Daniels on today’s episode of the She Said Privacy/He Said Security Podcast, where they welcome Noga Rosenthal, Chief Privacy Officer and General Counsel at Ampersand to discuss adtech privacy laws. Noga shares strategies for integrating adtech privacy laws with evolving technology tools, explains the significance of data clean rooms, and advises how companies can manage privacy risks concerning AI technologies.
32:37 12/14/23
How Reliance on AI Technologies Places Smaller Businesses at Risk of Ransomware Attacks With Taylor Hersom
Taylor Hersom is the Founder and CEO of Eden Data, a cybersecurity firm focusing on the next generation of businesses primed to build security and privacy into their DNA. A self-described cybersecurity compliance nerd, he’s passionate about building world-class cybersecurity programs for startups and beyond. Taylor began his career advising Fortune 500 companies on compliance and security at Deloitte before moving on to Renaissance Systems Inc. at RSI, where he was one of the youngest CISOs in the industry. There, he developed an entire security program from the ground up. He’s also a sought-after thought leader who speaks at multiple global organizations, writes blog content on cybersecurity, and serves as a CompTIA Cybersecurity Advisory Council board member. In this episode… Data protection is essential for all companies, including protecting intellectual property and customer data. Once a data breach has occurred, criminals use information like credit card numbers, patents, and trade secrets to engage in multitudes of cyber crimes. What should companies be aware of to protect their data? Due to limited resources and budgets, small businesses and startups are more susceptible to data breaches. This is why many small companies rely on AI technologies to support automated business processes, data analysis insights, and customer engagement. Cybersecurity expert Taylor Hersom explains that AI reliance exposes them to dangers like phishing attacks, deep fake accounts, and AI-powered ransomware. SIM swapping and nation-state cyberattacks, particularly those sponsored by Russia and China, are other threats that put companies at risk of ransomware. Taylor proposes that startups can make a significant impact on security — reducing their breach risk — by allying with legal and security teams. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Taylor Hersom, Founder and CEO of Eden Data, to the show. Taylor discusses the common mistakes companies make concerning data protection, various cyber threats, and why companies should be weary of GRC platforms.
26:00 12/7/23
Privacy Lawyer Jennifer Mitchell on Employee Data Privacy Under the California Consumer Privacy Act
Jennifer Mitchell is a Partner and the Head of Privacy Governance and Technology Transactions at Baker Hostetler, a law firm specializing in digital risk advisory and cybersecurity, blockchain and digital assets, financial services, and more. Jennifer’s law career spans over 15 years with legal, compliance, and operations expertise. At Baker Hostetler, Jennifer provides business solutions to uphold evolving US state privacy laws in compliance with the General Data Protection Regulation, HIPAA, and California Consumer Privacy Act. In this episode… The amended California Consumer Privacy Act defines employees as consumers. So what does that mean for employee privacy rights? The CCPA affects employee rights by requiring employers to implement security measures to protect employees' personal information. These measures include implementing data security policies and procedures, conducting regular security audits, and training employees on data security best practices. Privacy lawyer Jennifer Mitchell explains that CCPA gives workers the right to request their employers disclose the personal information employers have collected about them. This gives employees the freedom to either opt out of selling their data or have their information deleted from their employer’s records. Additionally, CCPA prohibits companies from discriminating against employees who request their rights. Join Jodi and Justin Daniels in today’s episode of the She Said Privacy/He Said Security Podcast, where they welcome Jennifer Mitchell, Partner at Baker Hostetler, to discuss employee privacy under the California Consumer Privacy Act. Jennifer discusses the difference between “right to know” and “right to delete,” opportunities for employee privacy rights to build relationships between companies and employees, and how company employee monitoring may potentially violate employee privacy rights.
27:59 11/30/23
Why Companies Should Outsource CISO Services and How the Role Intersects With Privacy Duties
Olivia Rose is the Founder of Rose CISO Group, which offers virtual chief information security officer services, including assessments, boardroom and leadership communications, and event presentations. She has over 22 years of experience in the industry and has served as the CISO for Amplitude, Mailchimp, and QloudSecure. Before founding Rose CISO Group, Olivia sat on the board of directors at Cyversity, a nonprofit dedicated to increasing diversity in cybersecurity. Olivia has also shared her knowledge and expertise as a faculty member and advisor at IANS, a leading security insights and support provider. In this episode… A chief information security officer is vital to protecting an organization from cyber threats. However, the role has become a watered-down casual term — many people wear the title, but need more training and qualifications. Veteran security professional Olivia Rose asserts that in-house CISOs are expensive resources. Instead, organizations can benefit from outsourcing virtual CISOs, as they are cost-effective, offer an objective viewpoint, and provide higher expertise. In addition to experience and certifications, Olivia maintains that security experts can stay current on trends and jargon by using online educational platforms like Coursera and YouTube. Olivia also recommends taking an introduction to marketing, as it helps them effectively convey messages.  In this episode of the She Said Privacy/He Said Security, Jodi and Justin Daniels interview Olivia Rose, Founder of Rose CISO Group, about the role of a virtual chief information security officer. Olivia discusses burnout in the security profession, the qualifications and responsibilities of a vCISO, and who benefits from CISO services.
36:27 11/16/23
How Smaller Companies Can Mitigate Cybersecurity Risks and Comply With the New SEC Rules
Brian Haugli is the Co-founder and CEO of SideChannel, a cybersecurity company that provides cyber risk assessment and ensures cybersecurity compliance for mid-sized organizations. He is a 20-year industry veteran who’s led programs for the Department of Defense, the Pentagon, the Intelligence Community, and Fortune 500 companies.  With expertise in NIST guidance, threat intelligence implementations, and strategic organization initiatives, Brian is a sought-after speaker and the host of the #CISOlife podcast and YouTube channel. Brian also co-authored Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework, an analysis of cybersecurity risk planning and management principles. In this episode… Public and private companies should prepare to meet SEC regulations with the new cybersecurity rules set to take effect in December. However, with cybersecurity assessment costs starting at six figures, how can small and mid-sized companies maintain compliance? Organizations that lack the resources of larger corporations can reduce costs by securing an information security consultant. These consultancies develop customized compliance programs to identify specific cybersecurity risks and recommend cost-effective strategies. For companies that adopt this type of service, cybersecurity expert Brian Haugli suggests retaining a CISO for at least 80 hours per month. During this time, a CISO should be able to formulate risk management solutions including acceptance, mitigation, and transfer. In this episode of the She Said Privacy/He Said Security, Jodi and Justin Daniels interview Brian Haugli, CEO of SideChannel, for an in-depth conversation about cybersecurity. Brian discusses the inspiration behind SideChannel and its mission, how mid-size companies can afford to retain a CISO, and procedures for navigating ransomware demands.
43:49 11/9/23
ZoomInfo’s Al Raymond on B2B Privacy Programs and Third-Party Privacy Risk Management
Al Raymond is the Privacy Compliance Officer at ZoomInfo Technologies, a powerful research and lead-generation tool used for sales, marketing, and talent acquisition. In his role, Al leads the assurance team, ensuring ZoomInfo maintains compliance with regulations, rules, and laws. He is a privacy compliance and data governance professional and 20-year veteran in customer data privacy, information security, regulatory compliance, and risk management. Al’s experience and skills have benefited prominent companies such as PHP Corporation, ARAMARK, TD Bank, Deloitte Touche, and JPMorgan Chase. In this episode… Marketers and sales teams utilize third-party data to acquire customers and scale their businesses. How can privacy teams appease marketing teams while complying with privacy laws? Seasoned privacy professional Al Raymond recommends open communication with all parties when purchasing data from third-party data providers. He suggests conferring with privacy counsel, privacy and compliance teams, and the sales team to discuss their obligations to the public. When buying data, marketers must send privacy notices to those targeted. Upon receipt of the notice, third parties can remove individuals from the database. The notice also reveals full transparency, informing people where their data goes, who owns it, and the purpose of the collection. Al also explains that marketers must properly use Article Six of the General Data Protection Regulation. Article Six outlines six legal bases for processing personal data: consent, contract, legal obligation, vital interests, public task, and legitimate interests. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Al Raymond, Privacy Compliance Officer at ZoomInfo Technologies, to discuss B2B privacy programs and third-party risk management. Al explains privacy laws and data protection in B2B marketing, the challenges in building and maintaining a privacy program, and privacy policies and contracts for data usage.
36:40 11/2/23
HP’s Aaron Weller on Privacy Engineering, PETs, and Information Security
Aaron Weller is the Leader of the Global Privacy Engineering Center of Excellence at HP, an international IT company developing personal computers, printers, and 3D printing solutions. Aaron provides technical leadership for privacy engineering, enablement, and experience for HP’s global operations.  As a seasoned privacy and information security veteran, Aaron has offered his knowledge and experience as a department head for various companies, including PwC and Blueprint. He is also a Co-founder of both Concise Consulting and Ethos Privacy, a consulting firm offering privacy strategies. Aaron is a sought-after thought leader who’s presented at national and international conferences and universities. He’s also been quoted in mainstream publications, including The Wall Street Journal and Forbes. In this episode… Privacy engineering is an emerging field of engineering. What is the role of this profession, and how can companies benefit from their expertise? Seasoned information security professional Aaron Walker  explains the categories of privacy engineering include user experience, design infrastructure, software development, and privacy-enhancing technologies. PETs are tools and techniques that help companies and individuals control and protect their personal information — they can be used to encrypt data, anonymize individuals, and control access to information. Privacy engineers have various responsibilities, such as implementing systems that provide acceptable levels of privacy. Aaron advises that smaller organizations can integrate privacy engineers by educating existing engineers to build their system development lifecycle process. In this episode of the She Said Privacy/He Said Security with Jodi and Justin Daniels, Aaron Weller, Leader of the Global Privacy Engineering Center of Excellence at HP, expounds on privacy engineering, PETs, and information security. Aaron discusses the integration of AI and privacy engineering, how companies can implement privacy-enhancing technologies, and offers advice to aspiring engineers.
25:38 10/26/23
How Cyber Services Can Heed the New SEC Regulations to Address Privacy and Security Concerns
Keith Novak is the Co-founder and CISO at Intentional Cybersecurity, an advisory firm supporting clients with cyber risk needs using penetration testing, control validation, and cyber due diligence. Keith drives the company’s growth and success by delivering high-value cybersecurity advisory assessments. A seasoned veteran in the industry, he’s worked with clients in all sectors and verticals. Before founding Intentional Cybersecurity, Keith led the global cyber risk advisory and strategy practice for Kroll, a leading cyber risk management and incident response firm. Keith is one of the few cyber professionals with experience in technical operations and business strategy, adding value to any cybersecurity team. In this episode… The SEC requires companies that have experienced drastic fiscal changes to submit a Form 8-K. With the number of data breaches in recent events, we will likely see more 8-K filings. How can organizations be more proactive about protecting their data? Cybersecurity expert Keith Novak explains humans are still fallible regardless of how flawless their security program might be. Therefore, it’s imperative to train helpdesk personnel to be steadfast in confirming identities. Keith suggests significant improvements to the multifactor authentication process, such as asking for passphrases or employee IDs. He also shares that private companies do not fall under SEC, NYDFS, and NEIC requirements and are not obligated to report breaches. However, boards do encourage cybersecurity services, including risk assessments. Individuals can practice risk assessments, as well, by adopting a healthy dose of skepticism. Don’t shy away from asking why your social security card or driver’s license is needed. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Keith Novak, Co-founder and CISO at Intentional Cybersecurity, discusses how privacy and security relate to cybersecurity. Keith explains the significance of data transparency, how individuals and companies can protect themselves from data breaches, and suggests multifactor authentication (MFA) process improvements.
35:52 10/19/23
Meta, AI, and the New Privacy Laws: What You Need to Know
Pedro Pavón is the Global Director of Monetization, Privacy, and Fairness at Meta, the tech company behind Facebook, Instagram, WhatsApp and Threads. In addition to providing legal counsel and advocating for data privacy, data protection, fairness, and algorithmic transparency, Pedro leads a team of lawyers and policy professionals. Beyond his responsibilities at Meta, Pedro teaches privacy and information security law at the Georgia State University College of Law. Pedro is a thought leader and writer on privacy and data security issues related to AI, Metaverse, digital advertising, blockchain, and IoT. In this episode… In December 2022, Meta (formerly Facebook) settled a $725 million lawsuit alleging that the company gave third parties access to users' private data without permission. Meta is now attempting to become a data privacy leader, so what safeguards have they implemented? Privacy professional Pedro Pavón explains Meta is making tremendous efforts to improve data protection and user transparency. Besides empowering the legal team with the authority to negate atrocious ideas with the potential to harm users, Meta now equips individuals with more control and transparency regarding their data. Meta is also launching new technology, such as the AI chatbot. To shield data, the security team enables security by design protection and transparent communication on how AI systems use people’s data. Data privacy transparency is crucial because it helps build trust between consumers and businesses. It lets customers understand how their data is collected, used, and shared. This enables them to make informed decisions about their privacy and security. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Pedro Pavón, Global Director of Monetization, Privacy, and Fairness at Meta, discusses how the company is improving data privacy. Pedro shares the role privacy and data protection play in the new Meta AI chatbot, why privacy should be more transparent, and ways AI can improve privacy.
38:56 10/12/23
Privacy Regulations, Privacy by Design, and AI: Creating Engaging Apps While Remaining Compliant
Nia Castelly is the Co-founder and Legal Lead at Checks, a Google-backed privacy platform that uses AI to simplify privacy compliance for developers. Before Checks, Nia spent nearly five years as a legal advisor for Google Play’s Developer Console, Policy, and Operations teams. Nia is an entrepreneur and supporter of early-stage startups, serving as an Angel Investor at the Black Angel Group and as a Limited Partner at How Women Invest. In this episode… In the early 2000s, Apple trademarked the phrase “there’s an app for that!” Fast forward to today — the public demands applications because it simplifies areas of our lives. With that demand, developers often rush to launch but must adhere to complicated privacy regulations. How can developers create delightful apps while remaining compliant? Most mobile engineers use software developer kits, a third-party code. If developers do not adequately edit the codes, it can cause unintentional consequences, such as data collection and sharing. Seasoned lawyer Nia Castelly, co-founder of privacy platform Checks, explains there is a three-step procedure known as a triangle to analyze such issues. Once detected, mobile app companies can make requirements to be compliant. Product developers also leverage AI to translate privacy policies, helping simplify compliance complexities. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Nia Castelly, Co-founder and Legal Lead at Checks, discusses data privacy compliance within mobile app development. Nia explains how cultural differences affect privacy across the globe, demystifying compliance complexities, and procedures for governing AI within product development.
22:54 10/5/23