Jessica Lee chairs Loeb & Loeb's Privacy, Security & Data Innovations practice and serves as Chief Privacy & Security Partner. She provides strategic legal counsel to companies navigating complex data governance issues, helping them turn compliance into a competitive advantage. Jessica advises on the full spectrum of privacy, security, and AI-related regulations, focusing on companies navigating the issues that arise from AdTech, the use of health data and other sensitive information, and other data monetization practices. In this episode… The California Invasion of Privacy Act (CIPA) is putting many businesses under legal scrutiny. Modeled after federal wiretapping laws, CIPA requires two-party consent for recording or intercepting communications and has become a target for the plaintiffs’ bar. The law has been used to challenge the use of session replay cookies, chatbots, and social media pixels, with claims that these technologies intercept data and communications without proper consent. As courts issue mixed rulings, businesses need to adapt their privacy frameworks and governance programs to reduce the risk of CIPA violations. Addressing CIPA-related risks requires a proactive and thorough approach. Managing website tracking technologies is no longer just about implementing cookie consent banners. Businesses also need to conduct comprehensive website audits to identify which cookies, pixels, and trackers are in use, ensuring these technologies comply with CIPA's consent requirements. Implementing a cookie governance program, securing thorough contractual agreements with third-party vendors, and disclosing data collection and consent practices in privacy notices are critical steps for mitigating CIPA-related risks. By adopting these strategies, companies can reduce their exposure to legal action and maintain trust with their users, even as courts continue to interpret CIPA’s application to modern technologies. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Jessica Lee, Chief Privacy & Security Partner and Chair of the Privacy, Security, and Data Innovations Practice at Loeb & Loeb, about managing CIPA compliance. Jessica provides a detailed overview of CIPA’s requirements and breaks down why certain technologies are being targeted. She also discusses the importance of regular website audits and offers practical advice on mitigating risk by implementing a cookie governance program, reviewing consent management practices, and establishing contractual protections.

Timothy Nobles, Chief Commercial Officer at Integral, is passionate about empowering organizations to explore the full potential of their data while maintaining the highest standards of privacy and compliance. With over 20 years of experience in data and analytics, he has held leadership roles at innovative companies across multiple industries. In this episode… Balancing data enablement with privacy compliance is vital for organizations aiming to use data effectively while maintaining trust and meeting regulatory requirements. Data enablement focuses on making data accessible, usable, and valuable to users across an organization while ensuring it remains secure and compliant. Regulated industries, such as healthcare, face significant challenges, including evolving privacy laws and managing re-identification risks tied to sensitive data. Without a strong privacy framework, businesses risk regulatory penalties, reputational damage, and missed opportunities for data-driven decision-making.  Effective data enablement relies on more than just technology — it requires governance and a thoughtful approach to privacy and compliance. By adopting privacy-enhancing technologies (PETs), such as tokenization, homomorphic encryption, data masking, and differential privacy, organizations can minimize risks and protect personal information while making data usable. However, these tools alone are not enough. Organizations need to implement data governance frameworks, assess re-identification risks, and balance data utility with regulatory requirements. By aligning compliance efforts with strategic business goals, organizations can unlock data potential without compromising privacy. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Timothy Nobles, Chief Commercial Officer at Integral, about how organizations can embrace data enablement in regulated industries. Timothy discusses practical applications of privacy-enhancing technologies, strategies to mitigate re-identification risks, and the importance of starting with governance to guide data use. The conversation also highlights how companies can approach AI responsibly by focusing on understanding data inputs to ensure ethical and compliant outcomes.

Aaron Painter is a deepfake expert and the CEO of Nametag, an identity verification company at the forefront of stopping social engineering attacks at the employee IT helpdesk. In this episode… New cybersecurity threats, like deepfakes and social engineering attacks, are forcing companies to rethink their security measures  and fraud prevention processes. Companies face mounting risks as threat actors leverage advanced AI tools and other techniques to bypass traditional verification methods, such as passwords and security questions. This evolving threat landscape calls for innovative solutions that help companies verify identities, prevent fraud, and protect privacy, and that’s why companies like Nametag are creating secure platforms to address these challenges. Nametag’s innovative approach to identity verification offers a practical solution to this pressing challenge. By leveraging the security features of mobile devices, such as cryptography and three-dimensional facial recognition, Nametag enables companies to verify identities with greater accuracy. This method offers a practical alternative to outdated approaches like passwords and security questions, which are often prone to fraud. Additionally, Nametag’s privacy-first design enables companies to tailor their solutions while protecting user data through features like privacy masking. Listening closely to customer feedback, Nametag has developed tools that empower companies to address pain points, such as help desk vulnerabilities, to improve security and privacy measures and the user experience. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Aaron Painter, CEO of Nametag, about the evolution of identity verification and deepfakes. Aaron explains the threats posed by deepfakes, the weaknesses in current systems, and how Nametag’s platform addresses these challenges. Aaron shares insights into the importance of balancing privacy with security and how companies can protect themselves as threat actors become more sophisticated. He also discusses how Nametag’s solutions address real-world problems, including reducing help desk vulnerabilities and improving MFA recovery processes.

Ben Chapman is the General Counsel and Chief Privacy Officer at Swoop. Prior to Swoop, Ben was the Deputy General Counsel for Real Chemistry. He has nearly 10 years of experience in ad tech, data, and privacy matters. In this episode… Companies that operate in the healthcare marketing space, like Swoop, approach privacy by emphasizing transparency, ethical practices, and building trusted partnerships. To remain compliant, businesses need to thoroughly understand their data handling processes and regularly assess their partners. By asking detailed, factual questions, companies can make informed decisions about their partners’ practices and ultimately strengthen their privacy programs. Additionally, adopting a consumer- or patient-centric perspective helps businesses navigate the complexities of privacy laws while aligning with regulatory requirements and ethical standards. A proactive and well-informed approach to privacy strengthens compliance efforts and builds trust. Healthcare marketing faces new challenges as privacy laws evolve and health data definitions expand. Laws like the Washington My Health My Data Act broaden the scope of what constitutes health data, requiring organizations to reevaluate how they handle consumer data. Navigating this complex regulatory landscape requires companies to ensure compliance with state privacy laws and federal regulations like HIPAA, all while maintaining trust and transparency with consumers. How can companies ensure ethical and privacy-friendly marketing practices? In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Ben Chapman, General Counsel and Chief Privacy Officer at Swoop, about the intersection of privacy and healthcare marketing. They discuss how state privacy laws redefine health data, the importance of ethical data practices, and strategies for evaluating partners. Ben shares his insights on building privacy programs, fostering collaboration, and navigating the nuances of healthcare marketing in a highly regulated environment. He also highlights the importance of continuous learning and collaboration within the privacy community to stay ahead in the ever-changing regulatory environment.

Natalie LaPorta is the Chief US Privacy Officer for Walgreens, where she focuses on various privacy matters that impact US patient and consumer data privacy, including state and federal data privacy compliance, complex contract negotiations, digital privacy, de-identification, AI, analytics, and marketing. Prior to her most recent role at Walgreens, Natalie was an Associate Attorney at Dentons US LLP, where she handled healthcare regulatory, tax-exempt bond finance, and M&A matters. She holds a bachelor’s degree in political science from Benedictine University and a law degree from The John Marshall Law School. In this episode… New privacy laws, requirements, and expanding health data definitions require organizations to rethink and adjust their privacy programs accordingly. For companies like Walgreens, navigating these changes entails addressing both long-standing regulations, such as HIPAA, and emerging privacy laws that govern a broader scope of data. As businesses juggle diverse regulatory requirements, shifting data definitions, and operational demands, how can they create a privacy program that is effective and adaptable? Walgreens’ approach to privacy exemplifies how businesses can adapt to an evolving regulatory landscape. Effective privacy programs start with understanding how shifting privacy requirements impact different business functions, from marketing to IT and analytics. With privacy regulations now extending beyond HIPAA to include other forms of personal information, companies need to develop tailored privacy strategies, provide ongoing education, and build strong relationships across departments to ensure privacy measures are integrated into everyday business operations. By making privacy a proactive and collaborative effort, companies can enhance compliance and reduce risks. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Natalie LaPorta, Chief US Privacy Officer at Walgreens, about the evolution of privacy programs in the healthcare and retail sectors. Natalie shares her journey of building a privacy legal function at Walgreens, the importance of building cross-functional relationships, and how tailored approaches can address privacy challenges. She also offers practical advice for creating a privacy culture and shares insights on navigating vendor relationships and using technology to support compliance efforts.

Shay Colson is a Co-founder and Managing Partner at Intentional Cybersecurity, a risk assessment and strategic advisory firm. After spending his early career as a security engineer for the US Government, he worked for a global consulting firm.  In this episode… The evolving cyber landscape constantly presents new challenges that require businesses to elevate their cybersecurity posture. With the release of NIST CSF 2.0, organizations now have a stronger framework to guide their approach, focusing on governance as a critical function. This addition emphasizes the importance of integrating cybersecurity as a core business function rather than treating it as a siloed IT function. How can organizations adapt to this evolving landscape while improving resilience and reducing risk? Governance now leads NIST CSF 2.0 as the primary function, emphasizing the importance for organizations to clearly define cybersecurity ownership, responsibilities, and decision-making processes. Organizations need to move beyond treating cybersecurity as a technical issue to recognizing it as a core business function. And, as threat actors become more sophisticated and leverage AI to accelerate cyber attacks, businesses need to adopt governance models that promote agility, resilience, and proactive risk management. This means integrating security and privacy frameworks into business operations. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Shay Colson, Managing Partner and Co-founder of Intentional Cybersecurity, about the critical role governance plays in building cyber resilience. Shay explains how companies can use frameworks like NIST CSF 2.0 to implement scalable cybersecurity strategies without overextending their resources. He also shares insights on the intersection of security and privacy, AI-driven risk assessments, and why focusing on the basics is essential before adopting advanced solutions.

Julia Shullman is the General Counsel and Chief Privacy Officer at Telly, the world's first dual-screen smart TV fully paid for by advertising. Prior to Telly, Julia was General Counsel and Chief Privacy Officer at TripleLift, through its $1.4B acquisition by Vista Equity Partners. She also held various leadership positions, including Chief Privacy Counsel and Lead Attorney, Publisher Technology Group at AppNexus, through its $1.6B sale to AT&T. Before advertising, Julia spent a decade in mergers and acquisitions at both Latham & Watkins and UBM. She is recognized as an industry leader at the intersection of privacy, products, advertising, policy, and strategy. In this episode… Navigating the intersection of privacy, product, and advertising demands strategy. Companies need to view privacy as integral to their operations and growth, especially in highly regulated industries like AdTech. Without effective privacy programs, companies face potential deal disruptions, diminished valuations, and reputational damages. For early-stage companies in particular, failing to integrate privacy into their operations can hinder growth, derail funding opportunities, and even lead to regulatory scrutiny. How can organizations ensure that privacy is both a priority and an enabler of success? Developing effective privacy programs requires a tailored, pragmatic approach. Leaders need to educate their teams on privacy obligations and integrate privacy practices into business processes. This includes fostering collaboration among privacy experts and cross-functional departments, such as engineering and marketing, while adapting to industry-specific nuances. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Julia Shullman, General Counsel and Chief Privacy Officer at Telly, about building privacy programs that drive business success. Drawing from her extensive experience in M&A, privacy, and AdTech, Julia offers insights into balancing privacy with business monetization goals. She discusses the importance of understanding industry dynamics and the role of privacy in facilitating successful exits and partnerships. Julia emphasizes the value of cross-departmental collaboration and education in creating privacy solutions that resonate with a company’s culture and business objectives. She also provides tips on how organizations can align their privacy programs with broader business strategies to build trust, ensure compliance, and drive innovation.

Arjun and Abhijay Bhatnagar are Co-founders of Cloaked, a consumer privacy company. As developers and privacy advocates, they have created a secure, all-in-one privacy platform that gives consumers control over their personal information while helping reshape how industries access, use, and think about data. In this episode… The digital world often exposes individuals to risks through seemingly simple data points like phone numbers and emails. These identifiers can reveal a lot of personal information, making users vulnerable to phishing, spam, identity theft, and malicious AI-driven impersonation. As companies collect, share, and sell personal information more than ever, there is a pressing need for solutions that prioritize user control, privacy, and security. What steps can you take to safeguard your personal information? Companies like Cloaked are changing the game and offering individuals a way to regain control over their personal information by allowing users to create unique identifiers, like emails, phone numbers, and passwords, for every digital interaction. The platform also enables users to clean up past data footprints and limit future vulnerabilities while employing a siloed database architecture that keeps personal information secure even in the event of a system breach. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Arjun and Abhijay Bhatnagar, Co-founders of Cloaked, about how their platform addresses critical privacy challenges and empowers users to reclaim control of their personal information. Arjun and Abhijay share how Cloaked's features, like identity masking and password and passcode manager tools, help users navigate today’s privacy and security complexities easily and confidently. They also provide actionable privacy tips, such as limiting permissions, and discuss how Cloaked aims to combat AI misuse. 

Alan Chapell is the President of Chapell & Associates, a law firm serving the interactive technology, media, and advertising industries. He has served for 20 years as an outside counsel and privacy advisor to VC-funded AdTech and MarTech companies. Alan is also the Principal Analyst for The Chapell Report, a monthly continuous information research tool that helps investors and compliance teams understand the key privacy, competition, and regulatory trends driving the advertising and media marketplace. In this episode… Businesses often struggle to balance their privacy programs with the demands of evolving privacy laws and operational obligations. Privacy programs often reveal hidden vulnerabilities — what some call the “privacy underbelly” — that can expose companies to risks. With a growing patchwork of state privacy laws, businesses need to adopt flexible, proactive strategies to maintain compliance while aligning with business objectives. How can privacy and business teams collaborate to build strategic privacy programs? Privacy professionals need to bridge the gap between compliance and operational goals by clearly explaining liability risks to business teams while aligning privacy initiatives with organizational objectives. Leveraging privacy resources like The Chapell Report can provide actionable insights into evolving regulations, helping privacy and business teams simplify complex concepts to collaborate effectively and build trust with each other. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Alan Chapell, President of Chapell & Associates, about balancing privacy programs with business priorities and compliance obligations. Alan discusses strategies for navigating complex privacy regulations, finding hidden vulnerabilities in privacy programs, and aligning privacy efforts with business goals. He also explains the need to push back against his concept of “McPrivacy” — an oversimplification of privacy measures that can create risks in privacy programs.

Allie Hunter, author of Mothers Against Cyber Crime, is a cybersecurity awareness advocate, advisory board member at Savvy Cyber Kids, and mother. With a background in psychology, marketing, and behavioral science, she empowers parents to protect their families online. Her work blends storytelling with practical insights, making cyber safety accessible to everyone. In this episode… Cybersecurity awareness is not just for businesses — it’s also essential for families navigating today’s complex digital world. Children’s online activities can expose families to cyber threats like hacking, data breaches, and privacy intrusions, with many parents unaware of the potential risks in everyday technology and digital platforms. From the overlooked risks of unsecured smart devices to gaming platforms and the rising threats of deepfakes and social engineering scams, parents face new threats impacting their children’s safety and privacy. So, how can parents proactively take control of cybersecurity measures while fostering a safer online environment? Simple, yet actionable steps, like enabling two-factor authentication, regularly updating passwords, and fostering open communication with children about online activities are vital for managing their online presence safely. Combining these practices with cybersecurity awareness education equips parents with the tools they need to protect their children in today’s ever-changing digital landscape. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Allie Hunter, author of Mothers Against Cybercrime and a cybersecurity advocate, about how parents can protect their children from cyber threats. Allie highlights common but underestimated threats, such as unsecured smart devices and online gaming vulnerabilities, offering practical tips for enhancing security measures at home. She also discusses her work with Savvy Cyber Kids and shares insights into the development of her “Hunter Method,” a unique training approach that leverages real-life scenarios to help parents identify and respond to cyber threats effectively.