Robert Bateman is a freelance writer who creates privacy and data protection content for blogs, emails, articles, websites, reports, and white papers. He’s been an industry advocate since 2017 and has interviewed leading figures in the privacy field, including Max Schrems and Johnny Ryan. As a thought leader, Robert is a sought-after speaker and panelist for online and in-person privacy conferences, events, and webinars. Because of his thirst for knowledge and passion for privacy, Robert began providing training and consultancy work in 2023. In this episode… The United States and the United Kingdom have different approaches to privacy and data protection. The US has a patchwork of state privacy laws, while the UK has one unified national data protection law. So how can US companies comply with UK data protection laws when transferring data to the UK? Data privacy and protection thought leader Robert Bateman explains that one of the main challenges is understanding the different requirements of US state privacy laws and UK data protection laws. For example, some US states mandate that companies obtain consent from people before collecting their personal information. In contrast, the UK data protection law does not require consent for all types of data collection. To mitigate the risk of fines and other penalties, US companies should examine their data collection and processing procedures to comply with both US state privacy and UK data protection laws. Companies should also seek the counsel of an experienced data privacy attorney to assist them in understanding their obligations and developing a compliance plan. Join Justin and Jodi Daniels in this episode of the She Said Privacy/He Said Security Podcast as privacy and data protection content creator Robert Bateman joins the show. Robert explains the challenges UK data privacy professionals face, the difficulties US companies encounter in understanding UK data transfer rules, and why ICO regulators should adhere to cookie compliance.

Sharon Bauer is a Lawyer and the Founder of Bamboo Data Consulting, a team of privacy consultants specializing in privacy, security, data strategy, and cutting-edge technology ethics work. As a consultant, she provides privacy solutions for various entities including retail, fintech, health, and education. Sharon is an expert in designing creative privacy programs solving hidden challenges for startups and international corporations. In addition to acting as a virtual chief privacy officer, IT World Canada named Sharon one of the Top 20 Women in Cybersecurity in 2022. In this episode… Quebec Law 25 is Quebec's privacy legislation, which applies to businesses or businesses collecting Quebec data. As a relatively new law, many companies need to know its governance framework. What are the critical concepts of Law 25, and how does it apply to company compliance? Privacy lawyer and consultant Sharon Bauer explains that companies should understand Law 25’s key components: governance, privacy officer, transfer impact assessment, transparency, and employment. However, this privacy legislation does not apply to B2B businesses. Regarding privacy officers, Quebecian CEOs must either appoint a PO or hold themselves accountable for compliance with Law 25. Additionally, companies must adhere to the transfer impact assessment or privacy impact assessment when data is transferred outside of Quebec, when acquiring personal information, or when overhauling electronic service delivery systems involving destroying personal information. Sharon warns that companies that fail to comply with Quebec’s Law 25 are subject to a $25 million fine. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Sharon Bauer, Founder of Bamboo Data Consulting, to examine Quebec’s Law 25. Sharon reflects on her career background, discusses the intersection of Law 25 and the GDPR, and Canada’s basis for Personal Information Protection and Electronics Data Act (PIPEDA).

Noga Rosenthal is the Chief Privacy Officer and General Counsel at Ampersand, a data-driven TV advertising sales technology company. Noga possesses extensive expertise in developing and implementing comprehensive privacy programs and oversees the company’s privacy and legal initiatives. Before Ampersand, she served as Chief Privacy Officer at Epsilon, overseeing the company’s worldwide privacy, compliance, and regulatory activities. She also worked as General Counsel and Vice President for Compliance and Policy for the Network Advertising Initiative, where she managed the NAI’s compliance program and ensured that member companies upheld the promise of self-regulation for interest-based advertising. Noga is a member of the Women Leading Privacy Advisory Board of the International Association of Privacy Professionals and the IAB Federal Privacy Working Group. In this episode… The emergence of the adtech ecosystem has created a data-as-a-commodity paradigm that has given rise to privacy laws and regulations restricting targeted advertising and cookie usage. To integrate evolving technology tools with adtech privacy laws, what are some strategies to employ? Noga Rosenthal, an expert in adtech privacy law, asserts that alliances should be formed within the adtech industry. When teams learn from and communicate with each other, it helps to create transparency about data collection. Therefore, it becomes instinct to share information, obtain consumer consent or opt-outs, and collaborate with the Interactive Advertising Bureau and National Advertising Initiative. Another helpful source is the use of data clean rooms — a secure environment that enables organizations to merge data from multiple sources in order to analyze and share data while controlling how, where, and when it is used. Join Justin and Jodi Daniels on today’s episode of the She Said Privacy/He Said Security Podcast, where they welcome Noga Rosenthal, Chief Privacy Officer and General Counsel at Ampersand to discuss adtech privacy laws. Noga shares strategies for integrating adtech privacy laws with evolving technology tools, explains the significance of data clean rooms, and advises how companies can manage privacy risks concerning AI technologies.

Taylor Hersom is the Founder and CEO of Eden Data, a cybersecurity firm focusing on the next generation of businesses primed to build security and privacy into their DNA. A self-described cybersecurity compliance nerd, he’s passionate about building world-class cybersecurity programs for startups and beyond. Taylor began his career advising Fortune 500 companies on compliance and security at Deloitte before moving on to Renaissance Systems Inc. at RSI, where he was one of the youngest CISOs in the industry. There, he developed an entire security program from the ground up. He’s also a sought-after thought leader who speaks at multiple global organizations, writes blog content on cybersecurity, and serves as a CompTIA Cybersecurity Advisory Council board member. In this episode… Data protection is essential for all companies, including protecting intellectual property and customer data. Once a data breach has occurred, criminals use information like credit card numbers, patents, and trade secrets to engage in multitudes of cyber crimes. What should companies be aware of to protect their data? Due to limited resources and budgets, small businesses and startups are more susceptible to data breaches. This is why many small companies rely on AI technologies to support automated business processes, data analysis insights, and customer engagement. Cybersecurity expert Taylor Hersom explains that AI reliance exposes them to dangers like phishing attacks, deep fake accounts, and AI-powered ransomware. SIM swapping and nation-state cyberattacks, particularly those sponsored by Russia and China, are other threats that put companies at risk of ransomware. Taylor proposes that startups can make a significant impact on security — reducing their breach risk — by allying with legal and security teams. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Taylor Hersom, Founder and CEO of Eden Data, to the show. Taylor discusses the common mistakes companies make concerning data protection, various cyber threats, and why companies should be weary of GRC platforms.

Jennifer Mitchell is a Partner and the Head of Privacy Governance and Technology Transactions at Baker Hostetler, a law firm specializing in digital risk advisory and cybersecurity, blockchain and digital assets, financial services, and more. Jennifer’s law career spans over 15 years with legal, compliance, and operations expertise. At Baker Hostetler, Jennifer provides business solutions to uphold evolving US state privacy laws in compliance with the General Data Protection Regulation, HIPAA, and California Consumer Privacy Act. In this episode… The amended California Consumer Privacy Act defines employees as consumers. So what does that mean for employee privacy rights? The CCPA affects employee rights by requiring employers to implement security measures to protect employees' personal information. These measures include implementing data security policies and procedures, conducting regular security audits, and training employees on data security best practices. Privacy lawyer Jennifer Mitchell explains that CCPA gives workers the right to request their employers disclose the personal information employers have collected about them. This gives employees the freedom to either opt out of selling their data or have their information deleted from their employer’s records. Additionally, CCPA prohibits companies from discriminating against employees who request their rights. Join Jodi and Justin Daniels in today’s episode of the She Said Privacy/He Said Security Podcast, where they welcome Jennifer Mitchell, Partner at Baker Hostetler, to discuss employee privacy under the California Consumer Privacy Act. Jennifer discusses the difference between “right to know” and “right to delete,” opportunities for employee privacy rights to build relationships between companies and employees, and how company employee monitoring may potentially violate employee privacy rights.

Olivia Rose is the Founder of Rose CISO Group, which offers virtual chief information security officer services, including assessments, boardroom and leadership communications, and event presentations. She has over 22 years of experience in the industry and has served as the CISO for Amplitude, Mailchimp, and QloudSecure. Before founding Rose CISO Group, Olivia sat on the board of directors at Cyversity, a nonprofit dedicated to increasing diversity in cybersecurity. Olivia has also shared her knowledge and expertise as a faculty member and advisor at IANS, a leading security insights and support provider. In this episode… A chief information security officer is vital to protecting an organization from cyber threats. However, the role has become a watered-down casual term — many people wear the title, but need more training and qualifications. Veteran security professional Olivia Rose asserts that in-house CISOs are expensive resources. Instead, organizations can benefit from outsourcing virtual CISOs, as they are cost-effective, offer an objective viewpoint, and provide higher expertise. In addition to experience and certifications, Olivia maintains that security experts can stay current on trends and jargon by using online educational platforms like Coursera and YouTube. Olivia also recommends taking an introduction to marketing, as it helps them effectively convey messages.  In this episode of the She Said Privacy/He Said Security, Jodi and Justin Daniels interview Olivia Rose, Founder of Rose CISO Group, about the role of a virtual chief information security officer. Olivia discusses burnout in the security profession, the qualifications and responsibilities of a vCISO, and who benefits from CISO services.

Brian Haugli is the Co-founder and CEO of SideChannel, a cybersecurity company that provides cyber risk assessment and ensures cybersecurity compliance for mid-sized organizations. He is a 20-year industry veteran who’s led programs for the Department of Defense, the Pentagon, the Intelligence Community, and Fortune 500 companies.  With expertise in NIST guidance, threat intelligence implementations, and strategic organization initiatives, Brian is a sought-after speaker and the host of the #CISOlife podcast and YouTube channel. Brian also co-authored Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework, an analysis of cybersecurity risk planning and management principles. In this episode… Public and private companies should prepare to meet SEC regulations with the new cybersecurity rules set to take effect in December. However, with cybersecurity assessment costs starting at six figures, how can small and mid-sized companies maintain compliance? Organizations that lack the resources of larger corporations can reduce costs by securing an information security consultant. These consultancies develop customized compliance programs to identify specific cybersecurity risks and recommend cost-effective strategies. For companies that adopt this type of service, cybersecurity expert Brian Haugli suggests retaining a CISO for at least 80 hours per month. During this time, a CISO should be able to formulate risk management solutions including acceptance, mitigation, and transfer. In this episode of the She Said Privacy/He Said Security, Jodi and Justin Daniels interview Brian Haugli, CEO of SideChannel, for an in-depth conversation about cybersecurity. Brian discusses the inspiration behind SideChannel and its mission, how mid-size companies can afford to retain a CISO, and procedures for navigating ransomware demands.

Al Raymond is the Privacy Compliance Officer at ZoomInfo Technologies, a powerful research and lead-generation tool used for sales, marketing, and talent acquisition. In his role, Al leads the assurance team, ensuring ZoomInfo maintains compliance with regulations, rules, and laws. He is a privacy compliance and data governance professional and 20-year veteran in customer data privacy, information security, regulatory compliance, and risk management. Al’s experience and skills have benefited prominent companies such as PHP Corporation, ARAMARK, TD Bank, Deloitte Touche, and JPMorgan Chase. In this episode… Marketers and sales teams utilize third-party data to acquire customers and scale their businesses. How can privacy teams appease marketing teams while complying with privacy laws? Seasoned privacy professional Al Raymond recommends open communication with all parties when purchasing data from third-party data providers. He suggests conferring with privacy counsel, privacy and compliance teams, and the sales team to discuss their obligations to the public. When buying data, marketers must send privacy notices to those targeted. Upon receipt of the notice, third parties can remove individuals from the database. The notice also reveals full transparency, informing people where their data goes, who owns it, and the purpose of the collection. Al also explains that marketers must properly use Article Six of the General Data Protection Regulation. Article Six outlines six legal bases for processing personal data: consent, contract, legal obligation, vital interests, public task, and legitimate interests. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Al Raymond, Privacy Compliance Officer at ZoomInfo Technologies, to discuss B2B privacy programs and third-party risk management. Al explains privacy laws and data protection in B2B marketing, the challenges in building and maintaining a privacy program, and privacy policies and contracts for data usage.

Aaron Weller is the Leader of the Global Privacy Engineering Center of Excellence at HP, an international IT company developing personal computers, printers, and 3D printing solutions. Aaron provides technical leadership for privacy engineering, enablement, and experience for HP’s global operations.  As a seasoned privacy and information security veteran, Aaron has offered his knowledge and experience as a department head for various companies, including PwC and Blueprint. He is also a Co-founder of both Concise Consulting and Ethos Privacy, a consulting firm offering privacy strategies. Aaron is a sought-after thought leader who’s presented at national and international conferences and universities. He’s also been quoted in mainstream publications, including The Wall Street Journal and Forbes. In this episode… Privacy engineering is an emerging field of engineering. What is the role of this profession, and how can companies benefit from their expertise? Seasoned information security professional Aaron Walker  explains the categories of privacy engineering include user experience, design infrastructure, software development, and privacy-enhancing technologies. PETs are tools and techniques that help companies and individuals control and protect their personal information — they can be used to encrypt data, anonymize individuals, and control access to information. Privacy engineers have various responsibilities, such as implementing systems that provide acceptable levels of privacy. Aaron advises that smaller organizations can integrate privacy engineers by educating existing engineers to build their system development lifecycle process. In this episode of the She Said Privacy/He Said Security with Jodi and Justin Daniels, Aaron Weller, Leader of the Global Privacy Engineering Center of Excellence at HP, expounds on privacy engineering, PETs, and information security. Aaron discusses the integration of AI and privacy engineering, how companies can implement privacy-enhancing technologies, and offers advice to aspiring engineers.

Keith Novak is the Co-founder and CISO at Intentional Cybersecurity, an advisory firm supporting clients with cyber risk needs using penetration testing, control validation, and cyber due diligence. Keith drives the company’s growth and success by delivering high-value cybersecurity advisory assessments. A seasoned veteran in the industry, he’s worked with clients in all sectors and verticals. Before founding Intentional Cybersecurity, Keith led the global cyber risk advisory and strategy practice for Kroll, a leading cyber risk management and incident response firm. Keith is one of the few cyber professionals with experience in technical operations and business strategy, adding value to any cybersecurity team. In this episode… The SEC requires companies that have experienced drastic fiscal changes to submit a Form 8-K. With the number of data breaches in recent events, we will likely see more 8-K filings. How can organizations be more proactive about protecting their data? Cybersecurity expert Keith Novak explains humans are still fallible regardless of how flawless their security program might be. Therefore, it’s imperative to train helpdesk personnel to be steadfast in confirming identities. Keith suggests significant improvements to the multifactor authentication process, such as asking for passphrases or employee IDs. He also shares that private companies do not fall under SEC, NYDFS, and NEIC requirements and are not obligated to report breaches. However, boards do encourage cybersecurity services, including risk assessments. Individuals can practice risk assessments, as well, by adopting a healthy dose of skepticism. Don’t shy away from asking why your social security card or driver’s license is needed. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Keith Novak, Co-founder and CISO at Intentional Cybersecurity, discusses how privacy and security relate to cybersecurity. Keith explains the significance of data transparency, how individuals and companies can protect themselves from data breaches, and suggests multifactor authentication (MFA) process improvements.