She Said Privacy/He Said Security

Teresa "T" Troester-Falk has over 20 years of experience building privacy programs that work when resources are limited and timelines are real. She led initiatives at DoubleClick (Google), Epsilon, Nielsen, and Nymity (TrustArc) before founding BlueSky Privacy and BlueSky PrivacyStack. Today she creates practical tools and systems that help privacy professionals step into their role with confidence and give executives decisions they can act on. Through her writing and teaching, she brings clarity to complex requirements and shows how privacy can succeed in practice. In this episode… Privacy professionals step into their roles with foundational knowledge, yet often without the support needed to apply it in practice. They are sometimes expected to build and maintain privacy programs without a budget, authority, or a clear plan. This gap creates daily uncertainty, especially for newly certified privacy professionals who enter the field with little operational experience. So how can privacy professionals move through these challenges and build programs they can defend with confidence? Building a functioning privacy program requires making decisions in gray areas and moving forward without waiting for perfect information. Privacy pros can start by focusing on high-risk areas first and documenting their decision-making process using a three-pillar approach. This framework helps professionals explain the decision they made, maintain what was decided, and defend it with evidence. Clear ownership and accountability ensure processes hold over time. With the right operational structure in place, privacy pros can move privacy programs forward even when resources are tight. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Teresa Troester-Falk, Founder of BlueSky Privacy and BlueSky PrivacyStack, about building effective privacy programs with limited resources. Teresa explains how a simple decision-making framework can help new and seasoned privacy professionals work through ambiguity. She also shares strategies for prioritizing privacy work when budgets are tight and expectations are high, and explains why establishing ownership and operational processes are essential for sustaining long-term privacy success.

Monique Priestley is a Vermont State Representative focused on data privacy, AI, right to repair, and the future of work. Monique serves on the House Commerce & Economic Development Committee, Joint IT Oversight Committee, and multiple national tech policy task forces. She was named a 2024 EPIC Champion of Freedom. In this episode… State privacy laws are evolving faster than ever, yet the dynamics shaping them often remain out of view for most organizations. Technology shifts quickly, and the issues raised in proposed privacy and AI bills require far more research and preparation than the calendar allows. That's why lawmakers work year-round to understand these complex technologies and collaborate with their peers in other states to refine definitions and bill provisions, ensuring that appropriate privacy protections are in place. Many states entered 2025 with strong privacy bills on the table, yet progress slowed as industry counterproposals and competing drafts drew support away from stronger models, making it harder for legislators to keep consumer privacy protections intact. Vermont State Representative Monique Priestley has seen this firsthand and brings a unique lens to this dynamic, drawing on her discussions with the public and her collaborative work with lawmakers across the country. As public concerns about privacy and AI grow and privacy laws evolve, companies will need to be proactive about the steps they take to protect people's data and be clear about how those protections work. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Monique Priestley, Vermont State Representative, about the realities that shape state-level privacy and AI legislation. Monique discusses the behind-the-scenes work required to educate lawmakers and build strong, technology-informed privacy and AI bills, and what might change in the year ahead. She also shares insights into the public's rising concerns about how their data is used, highlighting the steps companies can take to build trust.

Mariette Clardy-Davis is Assistant General Counsel at Primerica, providing strategic guidance on the Securities Business. Recognizing AI competence as a professional duty, she launched "Unboxing Generative AI for In-House Lawyers" virtual workshops and an online directory empowering lawyers to move from AI overwhelm to practical application through hands-on learning. In this episode… Legal teams are turning to generative AI to speed up their work, yet many struggle with getting consistent, usable results. Learning AI skills requires hands-on practice with prompting frameworks, styling guides, and instructions that improve output quality. That's why attorneys need creative training approaches that help these skills stick and carry over into their day-to-day work. Building AI fluency isn't about mastering the technology itself. It's about shifting mindset and approach. One common challenge legal teams encounter is expecting AI to deliver consistent outputs every time, yet AI doesn't work like a copy machine. It responds through patterns, so the same prompt might produce different results. That's why creative, narrative-based training is effective for learning prompting frameworks. When attorneys pair detailed prompt instructions with gold standard examples, AI tools get the reference points they need for tone, style, and structure. Saving strong prompts into a library creates leverage and reduces the time spent rebuilding instructions for recurring tasks. This helps attorneys reduce rework, improve accuracy, and shift from basic efficiency tasks to work that supports strategy and collaboration. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Mariette Clardy-Davis, Assistant General Counsel at Primerica, about how in-house legal teams can embrace generative AI education. Mariette explains how creative, story-driven workshops make AI learning more engaging and why understanding prompting frameworks is essential for consistent results. She discusses common misconceptions lawyers have about generative AI tools and how building a task-based directory with reusable prompts helps legal teams save time on repetitive work. Mariette also explains how attorneys can use AI not just to speed up tasks but to support more substantive legal work.

Khurram Chhipa currently serves as General Counsel at Halborn, a leading cybersecurity company in the Web3 space. With expertise spanning blockchain security, compliance, and digital risk management, he brings a unique perspective to the intersection of law and technology. Outside of work, Khurram enjoys spending time with family and friends. In this episode… Artificial intelligence is changing how cybersecurity teams detect and respond to threats. What once required manual monitoring has evolved into an adaptive solution that uses predictive modeling to identify risks sooner. While AI can strengthen security defenses, it also raises questions about accuracy and the need for human oversight. For legal and security teams working in fast-moving sectors like blockchain, AI offers efficiency yet also introduces new risks. Large language models (LLMs) can help general counsels generate contracts and prepare for negotiations, yet they require human oversight to spot and correct errors. That's why companies need to develop clear playbooks, train teams, and implement a continuous review process to ensure responsible AI use. For security teams, the same principle applies. While predictive AI tools can identify threats earlier, security teams should also test their incident response readiness through tabletop exercises and encourage employees to adopt a don't trust, verify" mindset to guard against threats like deepfakes. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Khurram Chhipa, General Counsel at Halborn, about how AI is transforming cybersecurity. Khurram explains how AI is reshaping threat detection, why human oversight is essential when using AI in legal and security contexts, and provides practical strategies for implementing safeguards. He also describes the growing AI arms race and its impact on cybersecurity, and he provides tips on how companies can mitigate AI deepfake threats through custom training and implementing advanced security measures.

Mark Weinstein is a successful tech entrepreneur, board member, and consultant, and one of the visionary inventors of social networking. He is the author of Restoring Our Sanity Online (Wiley, 2025), a book endorsed by Sir Tim Berners-Lee and Steve Wozniak. Mark is the Founder of MeWe, the first social network with a Privacy Bill of Rights, which grew to over 20 million members. He also founded SuperFamily.com and SuperFriends.com, early social networks recognized by PC Magazine as "Top 100" sites. He is an inventor of 15 groundbreaking digital advertising patents. Mark has delivered the landmark TED Talk, "The Rise of Surveillance Capitalism." He is frequently interviewed and published in major media outlets around the world. Beyond his entrepreneurial achievements, Mark has chaired the New Mexico Accountancy Board and served as an Adjunct Marketing Professor at the University of New Mexico. He holds an MBA from UCLA's Anderson School of Management. In this episode… The internet began as a way to connect family, friends, and communities. Over time, platforms shifted towards surveillance capitalism, where users' personal information can be monetized and people can be targeted and even manipulated. Social media and AI now shape what people see, think, and buy, while algorithms quietly learn how to influence our choices. As technology advances, how can companies and individuals alike protect privacy and rebuild trust in the systems that connect us? As one of the pioneers of social networking, Mark Weinstein has seen this transformation firsthand. Early models were built around community and connection, while later models monetized personal information for targeting and profit. The next phase focuses on stronger privacy controls, data portability, and user choice. Building safer digital experiences means companies need to avoid unnecessary data collection and manipulative design tactics, and to communicate transparently about how personal information is used and shared. Individuals can also play a role by supporting user ID verification to make social media safer and by teaching children critical thinking skills to help them combat misinformation and manipulation online. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Mark Weinstein, tech entrepreneur, author, board member, and consultant, about rethinking privacy and control in the digital age. Mark reflects on the lessons learned from early social network models and discusses the evolution of the internet from connection-driven communities to surveillance capitalism, explaining how current models exploit user data. He explores his vision for Web4 and its new approach centered on data ownership and portability. He also offers practical advice for protecting children from online harms and the importance of fostering critical thinking in the age of AI.

Lane Blumenfeld is the Chief Legal Officer for Data Driven Holdings (DDH). Through its portfolio companies, headed by TEAM VELOCITY, DDH has become a market leader of data-powered technology and marketing solutions for the automotive industry. Lane was named a Top 50 Corporate Counsel by OnCon. Lane holds a JD from Yale Law School, an MA in international affairs from the Johns Hopkins University School of Advanced International Studies (SAIS), and a BA magna cum laude from Cornell University. In this episode… The pressure on companies to deliver faster, more personalized digital experiences often conflicts with their privacy and security obligations. General counsels sit at the center of this tension, balancing the business value of personal data with the need to protect it. That's why their involvement early in product development is essential. Working with product and engineering teams from the start allows legal teams to build safeguards into design, before products and services reach customers. So, how can companies find the right balance without compromising privacy and security? AI also adds a new layer of complexity. As companies use it to analyze data, refine customer targeting, and generate marketing content, legal teams and general counsels are adapting to evolving regulations. While clean, reliable data is essential, general counsels need to evaluate accuracy and bias to ensure responsible use. Even as AI advances, fundamental privacy and security principles still apply. That's why it's important for organizations to take ownership of their privacy practices, especially when it comes to privacy notices and vendor relationships. Companies shouldn't depend on generic privacy notices or third-party templates that fail to reflect their actual data handling practices. Vendor contracts need equal attention, with privacy and cybersecurity provisions that mirror company commitments to consumers, since one vendor's mistake can create significant risk. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Lane Blumenfeld, Chief Legal Officer at Data Driven Holdings, about how general counsels can balance innovation with privacy and security. Lane explains how early legal involvement helps embed privacy and security into product design. He emphasizes that clear, accurate privacy notices and well-structured vendor contracts are essential for reducing privacy and security risks and maintaining accountability. And, as AI reshapes compliance obligations, Lane highlights the need for defined ownership across legal, product, and vendor teams and why companies sometimes need to walk away from vendors that expose them to excessive risk.

Summer Crenshaw is the Co-Founder and CEO of the Enterprise Technology Association (ETA), the national leader in AI and emerging technology adoption. She serves on multiple advisory boards and champions innovation, education, and responsible technology adoption. A seasoned tech entrepreneur and strategist, she previously co-founded Tilr, an AI-powered job marketplace recognized by CNBC, Forbes, and VentureBeat. Summer has been featured in major outlets and spoken on national stages, including DisruptHR and Dreamforce. In this episode… Business leaders across industries are responding to AI with a mix of excitement, fear, and uncertainty. Many want to use AI tools to accelerate business goals, yet they also worry about the risks and how these tools could disrupt jobs and existing roles. To move forward, companies need to focus on continuous learning that helps people understand and apply AI responsibly. So how can companies close the skill gaps that limit progress while ensuring their teams continue learning as AI evolves? Accelerating responsible AI adoption starts with education that connects people, communities, and industries. Organizations like the Enterprise Technology Association are helping bridge that gap through AI Week, a fast-moving initiative that brings together local leaders, educators, and companies to share insights for responsible AI adoption. These community-driven gatherings are designed around the industries and priorities of each city, creating programming that makes AI accessible to both technical and non-technical audiences. For companies to succeed, they also need to rethink how they approach governance. Rather than viewing it as a brake that hinders progress, it should serve as a steering wheel that guides teams with implementation and helps them achieve their goals. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Summer Crenshaw, Co-founder and CEO of the Enterprise Technology Association (ETA), about how businesses can accelerate responsible AI adoption through education and collaboration. Summer shares how AI Week launched in just five weeks and scaled across multiple cities by empowering local leaders and creating accessible AI programming. She explains why governance should enable rather than hinder AI implementation and what separates the 5% of successful AI projects from those that fail. Summer also discusses how to prepare for AI in 2026, addressing the shift from theory to measuring human impact.

Eric Greenberg is the Executive Vice President, General Counsel, and Corporate Secretary of Cox Media Group, a multi-platform media company based in Atlanta that serves major US media markets. CMG is a portfolio company of the private equity firm, Apollo Global Management. In this episode… AI is transforming how general counsels and legal teams approach their work, with efficiency being just the beginning. For general counsels, the real opportunity lies in using technology to strengthen strategic thinking and decision making, not replace it. Large language models enable lawyers to analyze complex issues and identify patterns across vast amounts of information, yet they still need to apply critical thinking to interpret the results. So, how can legal professionals leverage AI to elevate their roles without compromising the judgment that defines their value? Legal professionals should approach AI as a strategic collaborator rather than a simple efficiency tool. Prompt engineering is emerging as a critical skill that bridges tech-savvy younger lawyers with seasoned attorneys who bring deep judgment and experience. Together, they can build more collaborative, strategic teams. Inside companies, AI is changing how legal departments and outside counsel work together by enhancing efficiency and fostering opportunities for shared learning across systems. Embedding institutional knowledge into AI systems offers benefits for consistency and strategic alignment, yet it also carries risk if general counsel and legal teams rely too heavily on its static outputs instead of applying their own judgment. And as AI evolves, organizations need to also prepare for fast-moving threats like deepfakes, building plans that allow them to respond within minutes, not days. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Eric Greenberg, Executive Vice President, General Counsel, and Corporate Secretary of Cox Media Group, about how general counsels can effectively use AI. Eric discusses how AI tools are reshaping due diligence and decision-making, why developing strong prompt engineering skills can strengthen collaboration between junior and senior lawyers, and how in-house and outside counsel can work more effectively through interoperable AI systems. He shares insights from his Bloomberg Law article series on AI's impact, emphasizing the importance of continuous learning and staying open-minded as technology evolves. Eric also explains the benefits and risks of embedding institutional knowledge into AI systems and offers practical ways legal professionals can experiment with AI tools.

Dan Thornton is the Co-founder and CEO of Goldphish. He is a former Royal Marine Commando who channeled his operational expertise into cybersecurity. Today, Dan leads a security awareness training company, helping organizations turn their people into their strongest defense with over 2.1 million learners trained worldwide. In this episode… Threat actors don't just target large corporations. Small and medium-sized businesses (SMBs) are finding themselves in the crosshairs of attackers who use automation, AI, and social engineering to cast a wide net of cyber threats. From convincing phishing scams that capture credentials to AI deepfakes that mimic trusted voices, the methods used to manipulate and exploit unsuspecting employees are becoming more sophisticated. So how can organizations protect themselves when even the most vigilant staff can be fooled? Organizations that believe they are too small to be targeted by threat actors often learn the hard way that one single mistake can have devastating consequences. Yet improving cybersecurity posture and building awareness doesn't have to be overwhelming or costly. SMBs can take simple steps, such as enabling multifactor authentication (MFA) for all business accounts, updating software and systems, and maintaining regular backups. Security training is also critical because it helps employees recognize threats and avoid mistakes that often lead to incidents. By combining basic security measures with security awareness training, businesses can foster a culture that strengthens their defenses against cyber threats. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Dan Thornton, Co-founder and CEO of Goldphish, about how small and medium-sized businesses can enhance their cybersecurity defenses. Dan emphasizes that attackers do not discriminate based on company size and that common blind spots, such as over-relying on technology, neglecting incident planning, and staying silent after mistakes, can leave organizations vulnerable. He explains why steps like enabling multifactor authentication, performing regular backups, and conducting employee security training make a big difference in reducing risk. Dan also shares insights on how companies can counter the growing threat of AI deepfakes and why business email compromise (BEC) remains one of the most effective scams.

Andy Hepburn is the Co-founder of NEOLAW LLC and General Counsel at SafeGuard Privacy. He is a privacy lawyer with deep experience helping clients in the digital advertising industry navigate complex privacy laws. In this episode… Global Privacy Control (GPC) is transforming the way companies approach consumer consent. The rise of state privacy laws has fueled an explosion of cookie consent banners and other consent mechanisms that tend to confuse consumers about what they're agreeing to. GPC, also known as a universal opt-out mechanism, offers a simpler alternative by allowing consumers to set their privacy permissions once for electronic tracking at the browser level. Yet, its current all-or-nothing design raises the question: Does a single switch reflect what consumers really want? Some consumers want to block all digital tracking, while others are open to targeted ads in specific situations, like shopping for a car or clothing. Most consumers fall somewhere in between. Earlier attempts, like the Do Not Track initiative, received pushback from the advertising industry, which argued that a simple on/off switch was too limited in capturing the diversity of consumer privacy preferences. A more nuanced approach would let individuals accept targeted ads in some areas while blocking them in others. Industry standards, such as the Interactive Advertising Bureau's Global Privacy Platform and the Multi-State Privacy Agreement, are designed to help companies ensure that consumer privacy preferences are consistently applied across publishers, advertisers, and the numerous intermediaries in the ad ecosystem. As consumer pressure and regulatory enforcement actions intensify, this may accelerate the adoption of these standards across various industries. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Andy Hepburn, Co-founder of NEOLAW LLC and General Counsel at SafeGuard Privacy, about whether universal opt-out mechanisms meet the needs of today's consumers. Andy explains why a single opt-out switch falls short of consumer needs and what more flexible models could enable. He highlights how industry standards can help companies and their vendors transmit privacy preferences across the ad ecosystem and why adoption will depend on consumer pressure and regulatory enforcement actions. Andy also explores the challenges smaller companies face in meeting privacy compliance requirements and how cooperation among regulators could shape the next phase of privacy enforcement.