Ralph Pasquariello is a Senior Partner at The Tech Collective, a technology solutions company. He works with the FBI, GBI, and US Secret Service on the Atlanta Cyber Fraud Task Force. Ralph is also the former Executive Committee Chairman for the Tech400 Cyber Symposium and an advisor to the Georgia Tech Research Institute. He has served and chaired on numerous boards and organizations. Ralph’s cyber liability expertise has qualified him to present at over 100 events. For the past 14 years, he has moderated and spoke at dozens of conferences and panels on cyber liability and data breach risk management. He’s hosted educational seminars on cyber exposure for professional associations of all industries, including operational technology and intellectual technology. In this episode… When a company undergoes a cyber attack, the repercussions are costly. From remediation and replacement costs to third-party damages and operational interruptions, cyber insurance aims to cover expenses businesses incur and help them stay afloat after a cyber event. Cyber insurance is a crucial part of security, yet many businesses remain underinsured, believing that compliance with third-party vendors and/or client contracts is sufficient. What coverage might your company be missing, and how can you ensure it’s optimal? Cyber insurance coverage may include more than basic security provisions, encompassing additional elements such as commercial crime, social engineering, ransomware, and fraudulent transfers. As cyber insurance requirements have become increasingly strict over the years — The Tech Collective helps companies navigate complex insurance applications, analyze optimal insurance coverage based on business-specific needs and risks, and perform a comparative industry analysis. In this week’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Ralph Pasquariello, Senior Partner at The Tech Collective, to talk about how companies can ensure optimal cyber insurance coverage. Ralph emphasizes that business security measures and contractual compliance are not equivalent to proper cyber insurance coverage. He also shares instances where insurance companies may deny claims and provides insight into carriers changing requirements.

Alexandria (Lexi) Lutz is the Senior Corporate Counsel at Nordstrom, where she advises the company on legal matters related to privacy, cybersecurity, and AI. Prior to Nordstrom, Lexi worked for a large national hotel brand and an international food service company. She is a Certified Information Privacy Professional in the US and Europe and holds the Charlotte Business Journal award for Outstanding Corporate Counsel in a large company.  In this episode… 19 states have passed privacy laws, fundamentally altering how companies collect, share, and sell consumer data. And, as consumers become more aware of their privacy rights and how companies and their third-party vendors handle their data, retailers are at the forefront adapting their privacy programs, due diligence processes, and third-party contractual agreements to meet compliance requirements and maintain customer trust. What’s more, the new SEC cyber rules place even more security requirements on retailers’ relationships with third-party vendors, further complicating expectations. How can retailers navigate this complex regulatory landscape while providing the best experiences for their customers? Adapting privacy programs to evolving regulations is an intricate process requiring a company to evaluate its operations, size, and resources. No matter the circumstances, it’s crucial to maintain control over consumer information and ensure all third-party vendor contracts are up to date and transparent. And as retailers incorporate generative AI into their online and in-store shopping experiences, they should take extra steps to ensure personalization, efficiency, and protection are not lost.  In this week’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Alexandria (Lexi) Lutz, the Senior Corporate Counsel at Nordstrom, how retailers can navigate privacy challenges, leverage AI, and maintain consumer trust in an increasingly complex regulatory environment. Lexi highlights how these regulations — including the SEC cyber rules — impact everything from third-party vendor due diligence and contractual requirements to in-house privacy programs and consumer data sharing and selling. She also discusses the implications of generative AI in retail, maintaining that it should enhance the shopping experience rather than replace human input.

Julie Rubash is the General Counsel and Chief Privacy Officer at Sourcepoint, a data privacy software company. She coordinates legal efforts for Sourcepoint and ensures that the product suite innovates and expands to meet the demands created by the ever-changing regulatory landscape. Julie brings over 15 years of legal experience and has worked at both law firms and as internal counsel in the media, technology, and advertising sectors. Prior to Sourcepoint, Julie served as the VP of Legal at the advertising platform Nativo. In this episode… As companies head towards a cookieless future, advertisers are devising clever ways to target consumers, some of which may risk infringing on privacy laws and privacy rights obligations. While companies are creating universal solutions to comply with evolving privacy laws, they may overlook nuanced targeting methods that use consumer data differently than cookies. The stakes are high for any company engaging in these emerging targeting methods, as businesses must recognize the privacy risks and carefully blend legal requirements with their marketing efforts to protect consumer data. Some of the most innovative companies have embraced privacy considerations as a marketing touchpoint, working with consumers to build trust and provide clear options to manage their preferences. Companies like Sourcepoint recognize this need and that privacy obligations and consent solutions are not one-size-fits-all, so they offer flexible privacy software solutions that allow companies to tailor privacy programs based on their unique business goals, circumstances, and legal requirements. In this week’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Julie Rubash, the General Counsel and Chief Privacy Officer at Sourcepoint, about the ins and outs of managing consent as new targeting methods emerge. Julie stresses the need for customized consent solutions that align with company principles and privacy regulations while allowing consumers to manage their preferences. She also discusses how privacy professionals can recognize and mitigate the risks of new targeting methods, the importance of understanding the data you’re collecting, and why combining marketing and privacy goals is paramount in this evolving ad tech landscape.

Craig Schwartz is the Head of Legal at Covariant, an AI and robotics company out of Berkeley. He is a veteran tech lawyer with 20 years of experience at the intersection of emerging technology and regulated markets. Craig previously worked for Palantir Technologies, where he led the USG Partnerships team and served as Lead Counsel for the Intelligence Community business. Now at Covariant, Craig is part of a team building foundational models for the physical world, focusing on automation and AI integration in industrial settings. In this episode… Europe's aging workforce is fueling a growing demand for automated labor solutions, with US-based AI robotics companies stepping in to fill the gap. But this trend isn't just about technological innovation. For US-based companies entering the European market, success in this landscape requires a deep understanding of product capabilities and the global regulatory environment. To stay ahead, companies must make informed decisions on ethical AI use and on how to handle data — from collection to storage to use — without stepping on any global regulatory toes.  With emerging regulations like the EU AI Act and Internet of Things (IoT) legislation, it's now more important than ever for companies to integrate privacy considerations into product design from the start. By adopting privacy-by-design principles early on, companies like Covariant can meet anticipated global compliance requirements and create operational efficiencies, demonstrating their proactive approach to these regulatory challenges. In this week's episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Craig Schwartz, the Head of Legal at Covariant, who shares invaluable insights on navigating the complex intersection of AI, robotics, and international privacy regulations. Craig explains the steps Covariant takes to stay ahead of global privacy regulations. He also discusses the critical need for legal professionals in tech to immerse themselves in technical product knowledge, the challenges of applying existing global privacy laws, such as GDPR, to cutting-edge technologies, and the potential impact of antitrust policies on innovation in the AI space.

Award-winning data ethics and responsible media luminary Arielle Garcia is the Director of Intelligence at Check My Ads. In her role, she partners with businesses and organizations to lead research and develop standards and solutions that foster a healthier market, protect civil and human rights, and promote industry accountability.  A steadfast advocate for transparency, trust, and fairness in the digital ecosystem, she has advised 100+ marketers on the evolving digital landscape, driving the development and adoption of trustworthy and effective media and data strategies for the benefit of brands and their customers. She was previously the Chief Privacy and Responsibility Officer at UM Worldwide, and she holds a J.D. from Fordham University School of Law.. In 2021, Arielle was inducted into the AAF Advertising Hall of Achievement. She has also been recognized by Crain's New York Business "20 in their 20s," a Cynopsis “Top Woman in Media” in 2021, and a “Top Woman in Media & Ad Tech” by AdExchanger in 2023. In this episode… In the intricate world of ad tech, the exchange of data has become as common as trading stocks on Wall Street. Marketers now have advanced tools to pinpoint their target audience, but this data trove also brings significant privacy concerns. Brands are often challenged with the privacy implications of tracking, data selling, and sharing. And that’s understandable -  it’s a complex web of information, and it’s not always clear where consumer data ends up.  With the imminent demise of third-party cookies, companies are exploring new methods to sustain behavioral targeting like data clean rooms, conversion APIs, and alternative identifiers, raising questions about their privacy implications. That’s why Check My Ads is on a mission to keep the ad tech ecosystem in check by calling out false narratives and defunding bad actors that spread misinformation to drive systemic change. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Arielle Garcia, the Director of Intelligence at Check My Ads, to discuss some of the biggest privacy challenges facing the ad tech ecosystem today. Arielle highlights the fundamental conflict between ad tech business models and business privacy obligations, emphasizing the need for a shift toward consumer-centric approaches. She also shares the implications of third-party cookie deprecation, critiques current and emerging advertising business models, and discusses the critical need for implementing secure and effective media and data practices to benefit companies and their customers.

Angeline Corvaglia is the Founder of Data Girl and Friends, where she is committed to helping young people thrive in an AI-driven digital world. Her strategy encompasses three key pillars: privacy and security awareness, critical thinking skills, and balancing the benefits and risks of AI. Angeline is on a mission to equip young minds with the tools they need to navigate and succeed in the ever-evolving digital landscape. In this episode… With rapid advancements in technology and AI, it is now more crucial than ever to protect children, particularly girls, online. Many parents are unaware of the full extent of digital and social media threats, such as AI-driven chatbots used by predators to manipulate children. How can parents protect their children, especially their daughters, and educate them about online risks? To combat these risks, parents should activate privacy settings and restrict information sharing on electronic devices. Parents should activate enable privacy settings and restrict information sharing on electronic devices. And with resources like Data Girl and Friends, parents can engage in meaningful conversations with their children, empowering them to become digitally savvy and take charge of their online  privacy. In this week’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Angeline Corvaglia, the Founder of Data Girl and Friends, about protecting girls online. She shares actionable insights on shielding kids from intrusive data practices and online predators and discusses the underlying societal pressures that amplify these risks especially for girls.

Christina Shannon is an accomplished Chief Information Officer (CIO) in the CPG chemical manufacturing sector. With a career spanning over two decades, she transitioned from senior security leadership roles in Fortune 100 companies to executive technology leadership positions in mid-to-large-sized, private equity-owned firms. Christina's journey includes serving as a Chief Information Security Officer (CISO) four times, in which she gained deep experience in developing effective strategies to address enterprise cyber risk across various industries. As a CIO, she focuses on leveraging technology to drive innovation, improve operational efficiency, and secure critical digital assets in the CPG chemical manufacturing industry. In this episode… Understanding the multifaceted role of a CIO offers valuable insights into the synergy between technology and business operations, highlighting the importance of operational efficiency, robust cybersecurity measures, and comprehensive privacy controls. How does one effectively navigate these complex responsibilities? As a Chief Information Officer for the chemical manufacturing company, Christina Shannon emphasizes the need for strategic alignment between technology and business objectives. To be effective, CIOs must grasp the broader business implications of their decisions, not just the technical and security aspects. This involves developing a framework that integrates effective AI policies, ensures privacy compliance, and addresses operational security risks. Christina Shannon, CIO at KIK Consumer Products, joins Jodi and Justin Daniels on this week’s episode of She Said Privacy/He Said Security to discuss her role as a CIO, offering practical strategies for leveraging technology to drive innovation while safeguarding digital and physical assets. Christina describes the process of shifting from a technical mindset to an operational viewpoint to align technology with business goals, understand risk exposures, and manage privacy and security initiatives effectively. The conversation also covers how organizations can derive value from their security measures beyond checking off compliance requirements.

Aaron Mendelsohn is currently Director - Privacy Officer at the LEGO Group in Denmark, where he leads data protection and privacy compliance within the Digital Technologies teams, including LEGO.com, LEGO Insiders, LEGO Marketing, and LEGO Retail. Prior to joining the LEGO Group, Aaron held leadership roles in data protection, privacy, and information security, including creating and managing global data protection and privacy programs at two Fortune 500 companies In this episode… Establishing a functional privacy framework within an organization is crucial for maintaining compliance and safeguarding data. It goes beyond simply adhering to legal regulations. Effective privacy management involves understanding how privacy laws and privacy initiatives work together to impact overall business operations. So, how can companies seamlessly integrate privacy into their day-to-day activities? Customizing privacy objectives to align with a company's individual needs, culture, and risk profile is imperative. To be successful in this approach, privacy professionals must be flexible and strategic, tailoring their strategies to align with organizational priorities through comprehensive policies, privacy-by-design programs, training, and other initiatives. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Aaron Mendelsohn to discuss practical strategies for operationalizing privacy within organizations. Aaron emphasizes integrating people, processes, and technology to achieve effective privacy management. The discussion also underscores the value of targeted privacy training tailored to specific business roles and how privacy professionals can successfully adapt and evolve privacy strategies as business needs change.

Kabir Barday’s career journey illustrates the power of innovation in privacy. As the Founder, CEO, and Chairman of OneTrust, he has transformed the landscape of privacy automation. He holds a Fellow of Information Privacy with the IAPP, the highest designation of a privacy professional, and is a Henry Crown Fellow at the Aspen Institute. With a BS in Computer Science from the Georgia Institute of Technology, where he serves on the Georgia Tech Advisory Board (GTAB), Kabir continues to lead OneTrust in setting new standards for privacy automation and responsible AI. In this episode… Many companies struggle with responsible use of data, AI, and creating privacy programs. From ethical data use to complying with evolving privacy laws and using new AI tools, it can be challenging for companies, especially with manual processes. How can businesses and privacy professionals ease the burden of manual privacy work and keep up with regulations? Trust has become a fundamental societal trend, so businesses must facilitate trusted interactions with customers and stakeholders by embedding privacy controls into the user experience. Fortunately, there is OneTrust, the company revolutionizing responsible use of data, AI, and privacy management with its proprietary software that automates privacy processes, helps organizations comply with regulations, and builds trust with customers. Kabir Bardy, Founder, CEO, and Chairman of the Board at OneTrust, joins Jodi and Justin Daniels on this week’s episode of She Said Privacy/He Said Security to discuss OneTrust’s innovative approach to privacy, automation, and AI. Kabir shares AI and privacy trends from Trust Week 2024, how OneTrust champions responsible use of data and AI, and how companies can evolve their privacy programs at various maturity levels.

Charlotte Baker is the CEO and Co-founder of Digital Hands, a leading cybersecurity services provider. Under Charlotte’s leadership, Digital Hands has won numerous industry awards, with the most recent in 2023, which includes “Most Innovative MSSP”: at CyberDefenseCon and Inc’s “Power Partner of Privacy and Security.” With a 100% US-based delivery model, Digital Hands’ clients received unparalleled speed in threat detection and incident response. In this episode… The recent security regulations and SEC cyber rules have shifted companies’ focus from risking fines to maintaining mandatory compliance. While these regulations force businesses to adopt stringent security and ethical data privacy practices, some privately held companies are turning a blind eye. What strategic measures can businesses implement to comply with these regulations? Many privately held companies don’t understand that regardless of their size, they must adhere to new SEC rules and thoroughly review security contract addendums to avoid breach response hijacks by publicly traded companies. Companies also need to understand that compliance involves more than just reviewing security addendums or publishing a privacy policy on their website. They must prove they follow these policies. Even when companies have cybersecurity solutions, follow the rules, and achieve compliance, they may still get breached. That's why companies like Digital Hands aim to get ahead of every threat. With its “get there first” approach to security, Digital Hands maintains speed and flexibility to execute security solutions, taking a proactive approach to compliance. In today’s She Said Privacy/He Said Security episode, Jodi and Justin Daniels welcome Charlotte Baker, the CEO of Digital Hands, to discuss the strategic measures businesses can implement to comply with security regulations. Charlotte emphasizes the need for multi-factor authentication, the benefits of avoiding point solutions, and the importance of having a strategic roadmap for security maturity.