Alexandria (Lexi) Lutz is the Senior Corporate Counsel at Nordstrom, where she advises the company on legal matters related to privacy, cybersecurity, and AI. Prior to Nordstrom, Lexi worked for a large national hotel brand and an international food service company. She is a Certified Information Privacy Professional in the US and Europe and holds the Charlotte Business Journal award for Outstanding Corporate Counsel in a large company. 

19 states have passed privacy laws, fundamentally altering how companies collect, share, and sell consumer data. And, as consumers become more aware of their privacy rights and how companies and their third-party vendors handle their data, retailers are at the forefront adapting their privacy programs, due diligence processes, and third-party contractual agreements to meet compliance requirements and maintain customer trust. What’s more, the new SEC cyber rules place even more security requirements on retailers’ relationships with third-party vendors, further complicating expectations. How can retailers navigate this complex regulatory landscape while providing the best experiences for their customers?

Adapting privacy programs to evolving regulations is an intricate process requiring a company to evaluate its operations, size, and resources. No matter the circumstances, it’s crucial to maintain control over consumer information and ensure all third-party vendor contracts are up to date and transparent. And as retailers incorporate generative AI into their online and in-store shopping experiences, they should take extra steps to ensure personalization, efficiency, and protection are not lost. 

In this week’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Alexandria (Lexi) Lutz, the Senior Corporate Counsel at Nordstrom, how retailers can navigate privacy challenges, leverage AI, and maintain consumer trust in an increasingly complex regulatory environment. Lexi highlights how these regulations — including the SEC cyber rules — impact everything from third-party vendor due diligence and contractual requirements to in-house privacy programs and consumer data sharing and selling. She also discusses the implications of generative AI in retail, maintaining that it should enhance the shopping experience rather than replace human input.