Jason Sarfati is the Chief Privacy Officer and VP of Legal at Gravy Analytics, a location intelligence company providing real-world consumer intelligence to help organizations overcome today’s biggest challenges. Before joining Gravy Analytics, he was a Privacy Associate at Arent Fox and the Director of Privacy & Data Ethics at Treliant, a consulting firm serving financial institutions.  Jason earned his JD from George Mason University and holds a Certified Information Privacy Professional certification with a US concentration, making him an expert in the data privacy laws that govern US private sectors. He’s a member of the International Association of Privacy Professionals, a thought leader on trending privacy issues, and a frequent contributor to legal publications. In this episode… Geographic information, or location data, is intelligence about the geographical whereabouts of a device, such as a smartphone. Companies like Gravy Analytics use mobile location data to gain insight into individuals’ movement patterns to understand market trends and consumer behaviors. The issue with this type of tracking is that sensitive materials like health data become vulnerable. There’s also the risk of unsolicited advertising, physical assaults, and other various attacks. So, how do companies like Gravy Analytics use data for the betterment of society without further harming society? Jason Sarfati, head of privacy at Gravy Analytics, explains how they integrate privacy controls into their products. While the company strives to provide accurate sources of usable and trusted data, privacy is at the forefront during development. With its privacy-enhancing technology, the privacy team can identify the collection of location data at sensitive places. Once detected, it’s deleted from all systems. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Jason Sarfati, Chief Privacy Officer and VP of Legal at Gravy Analytics, to discuss location data privacy. Jason talks about Gravy Analytics and the services the company offers, how privacy considerations are included during product development, using location data to identify individuals, and privacy and security best practices for parents of teenagers. 

Rohan Massey is a Partner at Ropes & Gray, a global law firm operating in the US, Asia, and Europe providing counsel in labor and employment issues, tax and benefits, and creditors’ rights. Rohan advises on complex global data and security compliance programs covering asset management and financial services, life sciences and clinical trials, and marketing. He’s an expert on the intersection of the extraterritorial scope of national data protection laws and data transfer issues for global organizations. In this episode… Cross-border data transfer is the exchange of electronic personal information across international borders. The European Union governs these transactions through a protection law known as the General Data Protection Regulation. Many large corporations operate in multiple countries, so acceptable contract agreements between partnering companies must be heavily enforced using a data privacy framework.  Data and cybersecurity experts like Rohan Massey work to implement and educate organizations about data privacy frameworks. These tools provide immediate support when concerns such as data breaches pose a threat to data privacy. DPFs are designed to adjust as events unfold. In regard to compliance, decision-making, and communication, corporations should consider adopting a data privacy framework.  In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Rohan Massey, Partner at Ropes & Gray, for an in-depth conversation about the data privacy framework in relation to cross-border transfers. Rohan explains how the data privacy framework affects international corporations, the treatment of HR data versus “regular” data under DPF, and when companies should consider using standard contractual clauses.

Dan Frechtling is the CEO of Boltive, a digital security and privacy developer creating technology for compliance. He’s been a trailblazer in the B2B and SaaS industries for nearly 25 years. Before joining Boltive, Dan was the President of G2 Web Services, a provider of merchant risk intelligence, where he developed cybersecurity solutions to detect damaging activity such as transaction laundering. Dan has held several executive leadership roles at Hibu, Mattel, Stamps.com, and McKinsey, a global management consulting firm offering solutions for organizations in the government and private sectors. He earned his MBA from Harvard University. In this episode… With the emergence of e-commerce retailers, digital advertising is constantly evolving. Once shoppers purchase items, brands monitor online shoppers’ behaviors through a collection of digital footprints. The result is targeted ads — products of behavior-based advertising. These ads are marketing strategies for companies to funnel sales and earn hefty profits. Unfortunately, these intrusive methods can lead to privacy issues, putting user data at risk for theft. Privacy expert Dan Frechtling warns it’s not enough for consumers to clear cookies, delete apps and browser extensions, or toggle on and off to ensure data protection. Digital security and privacy firms such as Boltive want to protect consumers from malware risks. Boltive provides online tools such as Ad Lightning and privacy guards to identify, block, and replace harmful ads. These tools can also detect data-sharing apps to avoid noncompliance. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Dan Frechtling, CEO of Boltive, to discuss data leakage and programmatic advertising. Dan explains privacy challenges in online marketing, Boltive’s secret shopper safeguard strategies, and offers consumers tips for protecting their online data.

Ed Britan is the VP and Head of Global Privacy at Salesforce, a cloud-based software company focused on helping businesses connect to its customers, allowing for a larger prospects database, deal closings, and quality service. Ed moved to Salesforce after exiting his role as Microsoft’s Senior Director and Policy Counsel for Privacy and AI, covering global privacy and AI legal and policy issues. He is an attorney with a Ph.D. in Law from the New York University School of Law. Before working for Microsoft, Ed served as an Adjunct Professor of Law at the Seattle University School of Law. In this episode… When working with cloud software, users expect reliable data so they’re able to understand their customers’ needs, build relationships, and sell more products. In technology, trust is integral for driving and retaining business. As a customer relationship management company, the Salesforce product and privacy teams aim to provide privacy and protective data software. Ed Britan, a global privacy and security professional, leads Salesforce’s global privacy department. He and his team are attuned to their customers’ concerns, which is why the organization integrated the privacy and product teams. By combining teams, the company can provide customers with better results — and that result is customers gaining value from their collected data. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Ed Britan, VP and Head of Global Privacy at Salesforce, to discuss data software privacy and security. Ed explains how privacy plays a role in the design of Salesforce’s products, the impact of AI while collecting data, and how soon we can expect the US to implement state and federal privacy AI regulations.

Jim Dempsey is the Senior Policy Advisor to the Stanford Program on Geopolitics, Technology, and Governance. Additionally, he’s a lecturer at the UC Berkeley School of Law, where he teaches cybersecurity law in the LL.M. program. Before joining the UC Berkeley staff, he was the Executive Director of the Berkeley Center of Law & Technology. Jim previously served as a part-time member of the US Privacy and Civil Liberties Oversight Board — an independent agency within the federal government charged with advising senior policymakers and overseeing the nation’s counterterrorism programs. Jim is the author of Cybersecurity Law Fundamentals, a summation of cybersecurity law for practitioners in the field. His other publications include “Cybersecurity Information Sharing Governance Structures: An Ecosystem of Diversity, Trust, and Tradeoffs” and “The Path to ECPA Reform and the Implications of United States v. Jones.” He also pens articles on cybersecurity for Lawfare, a non-partisan, nonprofit publication dedicated to national security issues. In this episode… With the emergence of innovative technologies, cybersecurity continues to be a topic of discussion. And as the constant evolution of AI further transforms our lives both personally and professionally, the products and services we rely on are at risk of becoming fundamentally insecure. Jim Dempsey, a cybersecurity expert, explains that many users with ill intent are on a mission to steal our information and disrupt AI technology. A particular intentional attack to be wary of is prompt injection attacks disguised as programming instructions. This occurs when a hacker hijacks a language model’s output, allowing the hacker to get the model to say anything they want. There are, however, privacy and security best-practices companies can adopt as a means of prevention. In this episode of the She Said Privacy, He Said Security Podcast, Jodi and Justin Daniels welcome Jim Dempsey, the Senior Policy Advisor to the Stanford Program on Geopolitics, Technology, and Governance, to discuss the risks of AI deployment. Jim explains why Open AI is suddenly a tech phenomenon, AI’s potential risks without US regulation, advice for privacy and security best practices, and more.

Dr. Emre Kazim is the Co-CEO and Co-founder of Holistic AI, an AI governance, risk, and compliance (GRC) start-up focusing on software for auditing and risk management of AI systems. His PhD in philosophy and undergrad in science cleared a path for his role as a Research Fellow at the University College London’s computer science department. Dr. Kazim explains that curiosity, exploration, and experimentation helped him enter the AI space. In this episode… Artificial Intelligence is a tool that has already revolutionized many aspects of our lives. As AI systems become more sophisticated, ethical implications become an increased concern. So how can we, as developers and users, ensure the systems are used safely, ethically, and responsibly? Dr. Emre Kazim explains how implementing policies and procedures, also known as AI governance, is one solution to protect AI integrity. AI governance includes addressing privacy, safety, and bias. While some organizations have created their own internal policies, others have adopted frameworks developed by governments or industry groups. When drafting AI governance policies, some general policies to consider are transparency, accountability, fairness, and explainability — meaning AI systems should aim to be explainable, so users can understand how it works. Listen to the She Said Privacy/He Said Security Podcast as Jodi and Justin Daniels welcome Dr. Emre Kazim, Co-CEO and Co-founder of Holistic AI, to discuss AI governance and AI responsibility. Dr. Kazim explains the meaning of AI governance and why companies need it, the challenges organizations face using AI, his best privacy and security practices, and more.

Donna Gallaher is the President and CEO of New Oceans Enterprises. New Oceans Enterprises is a Cyber, IT, and Operational Risk Management Advisory Service that facilitates collaboration among your company’s business units to develop policies and operational risk mitigation strategies appropriate for your risk tolerance. Donna was recently recognized as one of the top 12 vCISO Influencers to watch and inducted into EC Council's 2023 C|CISO Hall of Fame.  Donna currently serves on the Board of Advisors for the FAIR Institute and is President of the Atlanta FAIR Chapter. She is one of the founding members of vCISO Catalyst, a professional association for vCISOs. She holds CISSP, CCISO, CIPP/E, CIPM and ITIL, and Open FAIR certifications and is designated a Fellow of Information Privacy by IAPP. She is a graduate of Auburn University with a Bachelor of Science in Electrical Engineering. In this episode… In this age of technology, it’s wise for companies to have some sort of cybersecurity expert on staff to protect the organization’s data from theft and damage. But what happens if you’re a startup or small company and unable to afford a full-time expert? Or perhaps you’re a larger corporation with cyber technology in need of updating? Whatever your company's needs are, you may want to enlist the services of someone like Donna Gallaher, a securities strategist who owns a securities advisory firm that contracts out services. Firms like Donna’s can provide a list of options to protect your company’s data, intellectual property, and assets. Tune in to this informative episode of the She Said Privacy/He Said Security Podcast as Jodi and Justin Daniels welcome Donna Gallaher, President and CEO of New Oceans Enterprises, to discuss the role of a CISO. Donna explains the services a CISO offers, why smaller companies are prime targets for hackers, and how to prevent cybersecurity threats.

Silicon Valley-based entrepreneur Tom Kemp is the Managing Director of Kemp Au Ventures, an angel investment firm where he and his business partner invest their personal funds into seed and early-stage companies. As an angel investor, he has funded over 15 tech startups. Prior to becoming an investor, Tom was the Founder and CEO of Centrify, a leading cybersecurity cloud provider. As a result of his nearly 15 years in privacy, Tom devotes his time as a policy advisor for Californians for Consumer Privacy. His first book, Containing Big Tech: How to Protect Our Civil Rights, Economy, and Democracy, a definitive book on Big Tech, will be available for purchase in August. In this episode… In April, the California Delete Act was introduced in the California State Senate, a measure seeking to give state residents the right to have their personal information deleted from websites and apps. While some people believe it necessary to protect privacy, others believe the legislation could be a burden for businesses. The California Delete Act risks creating a mass exodus for California companies — it could also jeopardize future investments in new products and services to collect personal information. With the ever-increasing collection of personal information by businesses, it’s safe to say more needs to be done to protect individuals’ privacy. So, is the California Delete Act too harsh or a step in the right direction?  In this eye-opening episode of She Said Privacy/He Said Security Podcast, our hosts break down the California Delete Act with guest Tom Kemp, the Managing Director of Kemp Au Ventures. Together, these three privacy advisors inform us about everything we need to know about Senate Bill 362, the challenges of enforcing privacy laws, tips for reducing geolocation trackers, and more. This is one episode you don’t want to miss, so get comfortable and tune in now!

Robin Andruss is the Chief Privacy Officer at Skyflow, a privacy data vault dedicated to isolating, protecting, and governing sensitive data. Robin has 20 years of experience as a protection leader in the privacy, risk, audit, finance, strategy, and compliance space. She is a sought-after speaker on privacy, technology, and leadership. Additionally, Robin is a privacy tech advisor and sits on the Advisory Board of emerging tech startup Evident ID and is part of the Privacy Engineering group advisement team for Data Protocol. In this episode… With the combination of personal electronic devices, swift Wi-Fi and 5G, we can purchase medicine, airline tickets, and check our payslips online. As convenient as technology is, it can also be a curse, considering our personal data is at risk anytime we make online transactions. So, what can we do better to safeguard our private information? Like all technology, improvements in privacy are ever-evolving. But it’s important to understand the types of privacy risks that exist to understand how to protect our data.  In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Robin Andruss, the Chief Privacy Officer at Skyflow, to discuss the current challenges privacy faces. Robin, along with Jodi and Justin, discusses AI in the privacy space, building scalable privacy programs, and the overlapping of privacy and security in data breaches.

Don India is the CEO of RadarFirst, a company that helps businesses and their clients leverage emerging technologies. He has a strong and successful background as a sales executive and operator, with over 20 years of experience in delivering value to clients through cloud-based and on-premise solutions. Don has transformed organizations’ business strategies at a global scale, specializing in C-suite relationships, sales management, and direct sales. He is well-known for his boundless energy, unwavering passion, and exceptional coaching abilities. Don is also deeply curious and knowledgeable about artificial intelligence, cloud, and disruptive technologies. In this episode… If you’re a leader in a regulated industry, you know how challenging it is to keep up with the ever-changing regulatory compliance landscape. You need to scale your compliance program to meet the demands of new regulations, standards, customers, and products. You also need to make proactive decisions that align your compliance activities with your security objectives and business operations. To scale compliance effectively, organizations need to align their compliance activities with their security goals and business operations. They need to be prepared for the worst-case scenario — a data breach that could expose their sensitive data and damage their reputation.   In this episode of She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels talk to Don India, the CEO of RadarFirst, a software solution that helps organizations automate their incident response and compliance processes. Don shares his insights on how to scale your compliance culture, how to leverage technology to optimize your time and resources, and how RadarFirst can act as a lifeboat in case of a breach incident.