She Said Privacy/He Said Security

Gary Kibel is a Partner at Davis+Gilbert LLP, a law firm serving various industries and sectors including real estate, financial services, hospitality, and technology. In his role, he counsels clients on new media and advertising law, privacy and data security, and information technology. As a Certified Information Privacy Professional (CIPP), Gary advises providers of information technology services and customers for products and services regarding complex technology and intellectual property issues. Before Davis+Gilbert, he was an Information Systems Analyst at Merrill Lynch. In this episode… With ad tech rapidly advancing and the US passing contradictory privacy laws in various states, compliance is not a universal approach. Instead, conformity requires companies to have a keen understanding of ad tech and data exchanges within the industry. So how can you develop an approach that encompasses ad tech's multifaceted components? As a privacy law council on digital media, Gary Kibel understands the challenges businesses face managing differing standards, information-sharing, opt-outs, and targeted advertising. He states that by evaluating data types, you can determine which requirements apply to each use case. When implementing compliance features on websites, corporations often deploy cookie banners as a primary solution. But this requires thorough consideration for disclosure requirements, opt-outs, and performance and must be integrated with additional approaches. In today's episode of She Said Privacy/He Said Security, Davis+Gilbert's Partner, Gary Kibel, joins Jodi and Justin Daniels for a discussion on advertising technology privacy laws. Gary shares key takeaways from his IAPP Global Privacy Summit presentation, how to comply with conflicting US privacy laws, and how businesses should consider cross-contextual opt-outs.

Jodi Daniels is the Founder and CEO of Red Clover Advisors, a boutique data privacy consultancy and one of the few certified Women's Business Enterprises focused solely on privacy. Since its launch, Red Clover Advisors has helped hundreds of companies create privacy programs, achieve GDPR, CCPA, and US privacy law compliance, and establish a secure online data strategy that their customers can count on. Jodi is a Certified Informational Privacy Professional (CIPP/US) with over 20 years of experience helping businesses — from solopreneurs to multinational companies — in privacy, marketing, strategy, and finance roles. She has worked with numerous companies throughout her corporate career, including Deloitte, The Home Depot, Cox Enterprises, Bank of America, and many more. Jodi is also a national keynote speaker, a member of the Forbes Business Council, and the co-host of the She Said Privacy/He Said Security podcast. Justin Daniels is a cybersecurity subject matter expert and business attorney who helps his clients implement strategies to better manage and recover from data breaches. As outsourced general counsel for Baker Donelson, Justin advises executives on how to successfully navigate cyber business and legal concerns related to operations, M&A, incident response, and more. In 2017, Justin founded and led the inaugural Atlanta Cyber Week, where multiple organizations held events that attracted more than 1,000 attendees. Justin is also a TEDx and keynote speaker and the co-host of the She Said Privacy/He Said Security podcast with his wife, Jodi. In this episode… ChatGPT is an international sensation, with businesses utilizing it for content creation, debugging, translation, and writing code. But this AI tool is still unregulated, raising privacy and security concerns regarding data input. Since ChatGPT is easily accessible to the public, what should you consider before implementing it, and how can you mitigate the associated risks? When adopting ChatGPT for your company, Certified Privacy Professional Jodi Daniels says you should evaluate the tool by conducting due diligence on potential use cases. For instance, a marketing department may want to acquire consumer insights involving personal information. Developing a policy to assess data types and functions, train and educate employees about risks, and regulate information sharing eliminates bias and privacy infringements. On this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels share their thoughts on ChatGPT's privacy and security implications. Together, they address the current and future state of AI ethics, the importance of ChatGPT regulations in the absence of federal privacy law, and how businesses can protect sensitive data when employing ChatGPT.

`Amy Chipperson serves as General Counsel for Axtria, a global provider of cloud software and data analytics to the life sciences industry. In her role, she manages a team of attorneys in the US and Mexico who are responsible for drafting and negotiating various complex IT outsourcing agreements, including Cloud and SaaS. Amy is also responsible for mergers and acquisitions, maintaining corporate compliance, and implementing GDPR regulations. In this episode… The privacy and security landscape is intricate and layered, with companies often managing multiple priorities simultaneously, including consumer trust and national and global regulations. How can you craft a program that addresses each aspect while remaining informed? General counsel Amy Chipperson affirms that companies should adopt a holistic approach to privacy and security to develop a program that satisfies various needs, goals, and requirements. Given that privacy laws are volatile, you must pivot effectively to maintain compliance. Amy urges being proactive and conducting extensive research into evolving regulations to adapt your strategies accordingly. Axtria's General Counsel Amy Chipperson joins Jodi and Justin Daniels on this episode of She Said Privacy/He Said Security to discuss how businesses can develop privacy and security programs in a changing environment. Amy also talks about privacy and security's effects on data analytics, maintaining compliance amid fluid regulations, and how a common-sense approach to privacy guarantees customer trust.

Arlo Gilbert is the Founding CEO of Osano, a leading data privacy platform that simplifies compliance by helping organizations build, manage, and scale their privacy programs. As a high-growth technology leader, he has over 25 years of experience building new SaaS startups and positioning them in industries, including telecommunications and digital health. Arlo has bootstrapped a tech startup from $0 to $50 million in annual recurring revenue and invented and patented voice commerce In this episode… Historically, businesses lacked an adequate understanding of the exigency of privacy programs. But with multiple states passing nuanced laws, privacy by design is more crucial than ever. So how can you develop a reliable privacy program to remain compliant? Arlo Gilbert maintains that the foundational component of any privacy program is cookie policies. Businesses can leverage privacy SaaS platforms to build programs from scratch — starting with cookies and progressing to rights management, vendor and risk assessments, and disclosure, security, and consent associated with compliance. Osano allows problem-solving entrepreneurs to find innovative solutions to data sharing. Tune in to this episode of She Said Privacy/He Said Security as Jodi and Justin Daniels sit down with Arlo Gilbert, Founding CEO of Osano, to discuss how SaaS platforms can help companies build compliant privacy programs. Arlo also talks about how AI is advancing privacy SaaS platforms, the types of organizations developing privacy programs, and how Osano helps companies manage privacy.

Al Saikali is a Partner at Shook, Hardy & Bacon, LLP, where he founded and serves as chair of the law firm's privacy and data security practice. In his role, he directs breach response efforts, represents companies in litigation, and counsels organizations on the various laws governing sensitive information. Under Al's leadership, Legal 500 has named Shook, Hardy & Bacon a Top Cyber Law Firm. He has also been ranked by Chambers USA as a national leader in privacy and data security law for four consecutive years. In this episode… As advertising technology evolves, many websites are embedded with pixels that gather and transmit user information to third parties. Yet the emergence of a private right of action has elicited class action lawsuits regarding wiretapping and information sharing. So how can you avoid such lawsuits and reduce risks? According to Al Saikali, class action lawsuits often transpire due to a lack of communication between internal departments and external stakeholders. There's a significant knowledge barrier between marketing, IT, and law, so transparent education is crucial in identifying privacy breaches. When you understand how this technology functions, you can implement privacy controls to limit information sharing. Al also suggests placing pop-up disclosures and consent notices on your website and acquiring cyber insurance to protect against risks. Shook, Hardy & Bacon's Partner Al Saikali joins Jodi and Justin Daniels on this episode of She Said Privacy/He Said Security to discuss the emergence of class action lawsuits for website pixels. Al also explains the evolution and current state of Florida's privacy laws, the common types of privacy litigation cases, and how to mitigate risks associated with class action lawsuits.

Mike Gustafson is the President of Search Discovery, a data transformation company that helps organizations transform by executing data strategies to achieve desired business outcomes. As a leader and senior executive, he has experience leading professional services and technology teams. Mike has also created and implemented solutions for multiple industries including nonprofits, consumer products, and financial services. Before Search Discovery, he held various partner roles at Rosetta. In this episode… In the era of digital marketing and advertising, data privacy is a growing concern, and companies must recognize the implications of data collection to comply with emerging regulations. But a data privacy compliance survey of 300 businesses reveals that in some industries, approximately 93% of these companies lack restrictions around data collection. So how can you safeguard consumer data? According to data analytics expert Mike Gustafson, many organizations lack an adequate understanding of the data they've gathered. Acknowledging privacy regulations requires developing a proactive data collection strategy that addresses objectives for usage, variety, and management. Businesses should only gather relevant information to personalize and streamline the customer experience, so holistic privacy programs involving the entire organization are essential. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Mike Gustafson, President of Search Discovery, about transforming how corporations collect and utilize consumer data. Mike shares why companies should consider end-to-end data transformation, the challenges of data privacy compliance, and how companies respond to Google Analytics regulations.

Caitlin Fennessy is the VP and Chief Knowledge Officer at the International Association of Privacy Professionals, the largest privacy association in the world facilitating conversations, debates, and collaboration among key industry leaders and organizations. In her role, she leads the research team in developing content that helps privacy professionals understand the operational impacts of global data protection-related developments. Caitlin is a recognized privacy expert serving as an inaugural member of the UK International Data Transfers on the German Marshall Global Task Force to promote trusted data sharing. In this episode… With the US taking a fragmented approach to privacy laws, individual states are passing various regulations, and the likelihood of the ADPPA being passed seems unlikely. Meanwhile, data is becoming increasingly complex, and new technologies are emerging daily. So how are companies maintaining compliance in this evolving landscape, and what can you observe from their efforts? According to Caitlin Fennessy, most companies recognize the elevated risks in the privacy landscape, and her organization's governance survey reports a 12% increase in the size of privacy teams. AI poses one of the most significant risks in this space, so more than 50% of businesses have integrated AI governance guidelines with robust privacy programs. Caitlin says that the current regulatory ecosystem impacts these companies' decisions significantly and that you should remain vigilant when sharing sensitive data and compare each state's laws to stay abreast of new developments. VP and Chief Knowledge Officer at IAPP, Caitlin Fennessy, joins Jodi and Justin Daniels for this episode of She Said Privacy/He Said Security to talk about how privacy risks inform federal privacy legislation. Caitlin also explains the key takeaways from privacy violation fines, how privacy has evolved, and current industry trends.

Cat Coode is the Founder of Binary Tattoo, a data and privacy consultancy. With a certification in data privacy law and two decades of experience in mobile development and software architecture, she helps individuals and corporations better understand cybersecurity and data privacy. Cat specializes in global privacy regulation compliance and delivering privacy education seminars. She is a member of the Canadian Standards Council for GDPR and in 2021, was named one of Canada's Top 20 Women in Cybersecurity. In this episode… Most professionals and corporations are familiar with GDPR and CCPA, but Canada's data privacy law differs in that individuals are permitted to access and amend personal information from companies. This right has exposed various data privacy breaches from large organizations like Tim Hortons and Home Depot. So what can companies learn from these mistakes? Data privacy infringements occur when businesses mislead their customers about how they're utilizing personal information for various services. Regardless of where you're located, Cat Coode says to avoid disclosing sensitive data to third parties. Instead, it's crucial to maintain transparency regarding data collection and usage so consumers can take control of their information. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels host data privacy strategist and Founder of Binary Tattoo, Cat Coode, to chat about Canadian data privacy laws. Cat also shares the implications of Home Depot's data collection and sharing methods, the three best practices for vendor due diligence, and how Canada's data privacy laws compare to other regulations.

Phil Rubin is the Founder and Principal of Grey Space Matters, a consulting firm that works with companies ranging from early-stage and emerging growth to global brand leaders across various industries and sectors. He is a customer-focused strategic growth leader with more than 30 years of experience driving growth for global brands. Recognized as an industry thought leader, Phil is a keynote speaker for events across North America, Asia, and Europe. He has been quoted in The Wall Street Journal, Forbes, and numerous other trade publications. Before GSM, Phil led Global Insights and Strategic Partnerships for Bond, a loyalty and customer marketing firm. In this episode… Airlines and other brands utilize loyalty programs to generate customer insights and enhance experiences. For instance, Delta Airlines has partnered with American Express and Lyft to offer frequent flier miles and discounted transportation — but this raises concerns regarding data collection. So how are brands collecting customer data, and how can you take precautions to protect privacy? According to Phil Rubin, brands collect two types of data: zero-party data that customers share willingly with the company and first-party data, which brands collect and own directly from their customers. When leveraging loyalty programs, brands should remain transparent about data collection methods to avoid costly privacy breaches. Customers join loyalty programs to receive value and benefits, so it's crucial to provide useful services and establish trust to increase consent. In today's episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Phil Rubin, Founder and Principal of Grey Space Matters, to discuss data-sharing in loyalty programs. Phil explains integrated loyalty experiences, the common forms of data collected for loyalty programs, and how privacy laws impact these programs.

Larry Slusser is the Senior Director of Professional Services at SecurityScorecard, the global leader in cybersecurity ratings. In his role, he assists clients in both active and reactive cybersecurity through services including global digital forensics, incident response, and ransomware mitigation. As a retired Air Force officer, Larry partnered with technical engineers, investigators, and business and external stakeholders to sustain focus and achieve milestones. Before SecurityScorecard, he held several leadership positions at Fortune 500 companies. In this episode… As ransomware attacks grow increasingly elaborate, companies need to develop sound incident response measures to protect their data. Yet less than 10% of incident response plans are prepared to combat these attacks, and in the event of a threat, 80% of businesses pay the ransom. So how can you optimize your response strategies to ensure maximum preparation? Larry Slusser advises developing and executing tabletop exercises to simulate an actual attack. But this exercise is ineffective without proper data analysis, so it's crucial to locate and safeguard your most valuable data. Optimal awareness and preparation require you to become educated on incident detection and response and invest in antivirus security tools. In today's episode of She Said Privacy/He Said Security, Jodi and Justin Daniels host Larry Slusser, Senior Director of Professional Services at SecurityScorecard, to discuss cyber attacks and incident response measures. Larry talks about the types of ransomware, the importance of tabletop exercises, and how companies respond to ransomware attacks.