She Said Privacy/He Said Security

Arlo Gilbert is the Founding CEO of Osano, a leading data privacy platform that simplifies compliance by helping organizations build, manage, and scale their privacy programs. As a high-growth technology leader, he has over 25 years of experience building new SaaS startups and positioning them in industries, including telecommunications and digital health. Arlo has bootstrapped a tech startup from $0 to $50 million in annual recurring revenue and invented and patented voice commerce In this episode… Historically, businesses lacked an adequate understanding of the exigency of privacy programs. But with multiple states passing nuanced laws, privacy by design is more crucial than ever. So how can you develop a reliable privacy program to remain compliant? Arlo Gilbert maintains that the foundational component of any privacy program is cookie policies. Businesses can leverage privacy SaaS platforms to build programs from scratch — starting with cookies and progressing to rights management, vendor and risk assessments, and disclosure, security, and consent associated with compliance. Osano allows problem-solving entrepreneurs to find innovative solutions to data sharing. Tune in to this episode of She Said Privacy/He Said Security as Jodi and Justin Daniels sit down with Arlo Gilbert, Founding CEO of Osano, to discuss how SaaS platforms can help companies build compliant privacy programs. Arlo also talks about how AI is advancing privacy SaaS platforms, the types of organizations developing privacy programs, and how Osano helps companies manage privacy.

Al Saikali is a Partner at Shook, Hardy & Bacon, LLP, where he founded and serves as chair of the law firm’s privacy and data security practice. In his role, he directs breach response efforts, represents companies in litigation, and counsels organizations on the various laws governing sensitive information. Under Al’s leadership, Legal 500 has named Shook, Hardy & Bacon a Top Cyber Law Firm. He has also been ranked by Chambers USA as a national leader in privacy and data security law for four consecutive years.  In this episode… As advertising technology evolves, many websites are embedded with pixels that gather and transmit user information to third parties. Yet the emergence of a private right of action has elicited class action lawsuits regarding wiretapping and information sharing. So how can you avoid such lawsuits and reduce risks? According to Al Saikali, class action lawsuits often transpire due to a lack of communication between internal departments and external stakeholders. There’s a significant knowledge barrier between marketing, IT, and law, so transparent education is crucial in identifying privacy breaches. When you understand how this technology functions, you can implement privacy controls to limit information sharing. Al also suggests placing pop-up disclosures and consent notices on your website and acquiring cyber insurance to protect against risks. Shook, Hardy & Bacon’s Partner Al Saikali joins Jodi and Justin Daniels on this episode of She Said Privacy/He Said Security to discuss the emergence of class action lawsuits for website pixels. Al also explains the evolution and current state of Florida’s privacy laws, the common types of privacy litigation cases, and how to mitigate risks associated with class action lawsuits.

Mike Gustafson is the President of Search Discovery, a data transformation company that helps organizations transform by executing data strategies to achieve desired business outcomes. As a leader and senior executive, he has experience leading professional services and technology teams. Mike has also created and implemented solutions for multiple industries including nonprofits, consumer products, and financial services. Before Search Discovery, he held various partner roles at Rosetta. In this episode… In the era of digital marketing and advertising, data privacy is a growing concern, and companies must recognize the implications of data collection to comply with emerging regulations. But a data privacy compliance survey of 300 businesses reveals that in some industries, approximately 93% of these companies lack restrictions around data collection. So how can you safeguard consumer data? According to data analytics expert Mike Gustafson, many organizations lack an adequate understanding of the data they’ve gathered. Acknowledging privacy regulations requires developing a proactive data collection strategy that addresses objectives for usage, variety, and management. Businesses should only gather relevant information to personalize and streamline the customer experience, so holistic privacy programs involving the entire organization are essential.  In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Mike Gustafson, President of Search Discovery, about transforming how corporations collect and utilize consumer data. Mike shares why companies should consider end-to-end data transformation, the challenges of data privacy compliance, and how companies respond to Google Analytics regulations.

Caitlin Fennessy is the VP and Chief Knowledge Officer at the International Association of Privacy Professionals, the largest privacy association in the world facilitating conversations, debates, and collaboration among key industry leaders and organizations. In her role, she leads the research team in developing content that helps privacy professionals understand the operational impacts of global data protection-related developments. Caitlin is a recognized privacy expert serving as an inaugural member of the UK International Data Transfers on the German Marshall Global Task Force to promote trusted data sharing. In this episode… With the US taking a fragmented approach to privacy laws, individual states are passing various regulations, and the likelihood of the ADPPA being passed seems unlikely. Meanwhile, data is becoming increasingly complex, and new technologies are emerging daily. So how are companies maintaining compliance in this evolving landscape, and what can you observe from their efforts? According to Caitlin Fennessy, most companies recognize the elevated risks in the privacy landscape, and her organization’s governance survey reports a 12% increase in the size of privacy teams. AI poses one of the most significant risks in this space, so more than 50% of businesses have integrated AI governance guidelines with robust privacy programs. Caitlin says that the current regulatory ecosystem impacts these companies’ decisions significantly and that you should remain vigilant when sharing sensitive data and compare each state’s laws to stay abreast of new developments.  VP and Chief Knowledge Officer at IAPP, Caitlin Fennessy, joins Jodi and Justin Daniels for this episode of She Said Privacy/He Said Security to talk about how privacy risks inform federal privacy legislation. Caitlin also explains the key takeaways from privacy violation fines, how privacy has evolved, and current industry trends.

Cat Coode is the Founder of Binary Tattoo, a data and privacy consultancy. With a certification in data privacy law and two decades of experience in mobile development and software architecture, she helps individuals and corporations better understand cybersecurity and data privacy. Cat specializes in global privacy regulation compliance and delivering privacy education seminars. She is a member of the Canadian Standards Council for GDPR and in 2021, was named one of Canada’s Top 20 Women in Cybersecurity.  In this episode… Most professionals and corporations are familiar with GDPR and CCPA, but Canada’s data privacy law differs in that individuals are permitted to access and amend personal information from companies. This right has exposed various data privacy breaches from large organizations like Tim Hortons and Home Depot. So what can companies learn from these mistakes? Data privacy infringements occur when businesses mislead their customers about how they’re utilizing personal information for various services. Regardless of where you’re located, Cat Coode says to avoid disclosing sensitive data to third parties. Instead, it’s crucial to maintain transparency regarding data collection and usage so consumers can take control of their information. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels host data privacy strategist and Founder of Binary Tattoo, Cat Coode, to chat about Canadian data privacy laws. Cat also shares the implications of Home Depot’s data collection and sharing methods, the three best practices for vendor due diligence, and how Canada’s data privacy laws compare to other regulations.

Phil Rubin is the Founder and Principal of Grey Space Matters, a consulting firm that works with companies ranging from early-stage and emerging growth to global brand leaders across various industries and sectors. He is a customer-focused strategic growth leader with more than 30 years of experience driving growth for global brands.  Recognized as an industry thought leader, Phil is a keynote speaker for events across North America, Asia, and Europe. He has been quoted in The Wall Street Journal, Forbes, and numerous other trade publications. Before GSM, Phil led Global Insights and Strategic Partnerships for Bond, a loyalty and customer marketing firm. In this episode… Airlines and other brands utilize loyalty programs to generate customer insights and enhance experiences. For instance, Delta Airlines has partnered with American Express and Lyft to offer frequent flier miles and discounted transportation — but this raises concerns regarding data collection. So how are brands collecting customer data, and how can you take precautions to protect privacy? According to Phil Rubin, brands collect two types of data: zero-party data that customers share willingly with the company and first-party data, which brands collect and own directly from their customers. When leveraging loyalty programs, brands should remain transparent about data collection methods to avoid costly privacy breaches. Customers join loyalty programs to receive value and benefits, so it’s crucial to provide useful services and establish trust to increase consent. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Phil Rubin, Founder and Principal of Grey Space Matters, to discuss data-sharing in loyalty programs. Phil explains integrated loyalty experiences, the common forms of data collected for loyalty programs, and how privacy laws impact these programs.

Larry Slusser is the Senior Director of Professional Services at SecurityScorecard, the global leader in cybersecurity ratings. In his role, he assists clients in both active and reactive cybersecurity through services including global digital forensics, incident response, and ransomware mitigation. As a retired Air Force officer, Larry partnered with technical engineers, investigators, and business and external stakeholders to sustain focus and achieve milestones. Before SecurityScorecard, he held several leadership positions at Fortune 500 companies.   In this episode… As ransomware attacks grow increasingly elaborate, companies need to develop sound incident response measures to protect their data. Yet less than 10% of incident response plans are prepared to combat these attacks, and in the event of a threat, 80% of businesses pay the ransom. So how can you optimize your response strategies to ensure maximum preparation? Larry Slusser advises developing and executing tabletop exercises to simulate an actual attack. But this exercise is ineffective without proper data analysis, so it’s crucial to locate and safeguard your most valuable data. Optimal awareness and preparation require you to become educated on incident detection and response and invest in antivirus security tools. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels host Larry Slusser, Senior Director of Professional Services at SecurityScorecard, to discuss cyber attacks and incident response measures. Larry talks about the types of ransomware, the importance of tabletop exercises, and how companies respond to ransomware attacks.

Chris Bullock is the Founder, CEO, and Managing Member of Cyber Investigations and Intelligence Agency (CI2A), a company that provides world-class cybersecurity and cybercrime solution services. He is also an award-winning chief information security officer and a decorated law enforcement veteran. As a leader and program builder, Chris has built and managed several successful cybersecurity programs at large and small organizations across many business verticals and governments. He holds multiple certifications including Certified Information Systems Security Professional (CISSP) and Certified Cybercrime Examiner (CCCE). Chris frequently speaks at major security conferences and writes articles on cybersecurity, and in 2012, he was voted “85th Top Ranking CISO in the US.” In this episode… Open-source intelligence has provided public access to personal information on the internet, allowing hackers to compromise anyone’s digital profile. With technology becoming increasingly pervasive in our daily lives, what steps can you take to reduce your digital footprint? According to Chris Bullock, attackers can steal data from your personal devices to be exchanged on the dark web. Most users aren’t aware that seemingly mundane settings on these devices can collect and release your data. To prevent unwanted attacks, Chris recommends disabling location services, photo, and microphone access for all apps and deactivating the auto-join feature for Wi-Fi and Hotspots.  In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Chris Bullock, Founder, CEO, and Managing Member of CI2A, to discuss tips for protecting your digital profile. Chris also explains open-source intelligence, the impact of privacy laws on data security, and how security attacks against high-profile individuals have evolved.

Beatrice Botti is the Vice President and Global Data & Privacy Officer at DoubleVerify, a leading software platform for digital media measurement and analytics. After an academic career in the EU and the US, she became a contract attorney before working in various privacy roles at Virgin Pulse, including Director of Privacy, Partnerships & Legal, Privacy Officer, and Data Protection Officer.  In this episode… Privacy regulations in the US are rapidly evolving, with five new laws expected to be enacted by the end of the year. But with individual governments working independently, each law is interpreted differently, making it challenging for organizations to fully comprehend privacy. So how can you build a privacy program that conforms to each law’s regulatory framework? When it comes to privacy in the ad tech space, Beatrice Botti says that predicting the outlook of impending regulations is futile. It’s critical to prepare for uncertainty by analyzing your data’s location and categories to determine which laws apply to your business. Once you’ve collected the appropriate data, you can seek advice from a privacy consultant or attorney to help you assess possible solutions, create a compliant program, and decide on further action. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels sit down with Beatrice Botti, VP and Global Data & Privacy Officer at DoubleVerify, to discuss how privacy regulations impact ad tech. Beatrice speaks about the most pervasive privacy challenges companies face, advice for navigating US privacy laws, and how organizations can build privacy programs.

Curtis Preston is the Chief Technical Evangelist at Druva, a SaaS data protection platform. He is also the Founder and Webmaster of Backup Central, a website dedicated to data backup and recovery. Since 1993, Curtis has specialized in storage, backup, and recovery and has been an end-user, consultant, and analyst. He has written four books on these subjects and is the host of the Restore it All and No Hardware Required podcasts. In this episode… Ransomware is becoming increasingly sophisticated, with hackers deactivating companies’ backup servers to counteract cybersecurity efforts in a traditional attack. Still, businesses are neglecting to test and protect their backup servers. So how can you safeguard your data against cyberattacks? With the emergence of modern technology and impending security regulations, W. Curtis Preston says it’s more crucial than before to implement disaster recovery plans that facilitate data restoration. One way to ensure maximum protection is to utilize a SaaS data protection provider. Selecting a provider necessitates evaluating your cybersecurity methods and aligning them with the provider’s disaster response plans. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels sit down with W. Curtis Preston of Druva and Backup Central to talk about data protection and disaster recovery. Curtis explains how ransomware targets backup servers, the importance of updating backup plans, and key considerations for selecting data protection SaaS providers.