She Said Privacy/He Said Security

Al Raymond is the Privacy Compliance Officer at ZoomInfo Technologies, a powerful research and lead-generation tool used for sales, marketing, and talent acquisition. In his role, Al leads the assurance team, ensuring ZoomInfo maintains compliance with regulations, rules, and laws. He is a privacy compliance and data governance professional and 20-year veteran in customer data privacy, information security, regulatory compliance, and risk management. Al’s experience and skills have benefited prominent companies such as PHP Corporation, ARAMARK, TD Bank, Deloitte Touche, and JPMorgan Chase. In this episode… Marketers and sales teams utilize third-party data to acquire customers and scale their businesses. How can privacy teams appease marketing teams while complying with privacy laws? Seasoned privacy professional Al Raymond recommends open communication with all parties when purchasing data from third-party data providers. He suggests conferring with privacy counsel, privacy and compliance teams, and the sales team to discuss their obligations to the public. When buying data, marketers must send privacy notices to those targeted. Upon receipt of the notice, third parties can remove individuals from the database. The notice also reveals full transparency, informing people where their data goes, who owns it, and the purpose of the collection. Al also explains that marketers must properly use Article Six of the General Data Protection Regulation. Article Six outlines six legal bases for processing personal data: consent, contract, legal obligation, vital interests, public task, and legitimate interests. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels welcome Al Raymond, Privacy Compliance Officer at ZoomInfo Technologies, to discuss B2B privacy programs and third-party risk management. Al explains privacy laws and data protection in B2B marketing, the challenges in building and maintaining a privacy program, and privacy policies and contracts for data usage.

Aaron Weller is the Leader of the Global Privacy Engineering Center of Excellence at HP, an international IT company developing personal computers, printers, and 3D printing solutions. Aaron provides technical leadership for privacy engineering, enablement, and experience for HP’s global operations.  As a seasoned privacy and information security veteran, Aaron has offered his knowledge and experience as a department head for various companies, including PwC and Blueprint. He is also a Co-founder of both Concise Consulting and Ethos Privacy, a consulting firm offering privacy strategies. Aaron is a sought-after thought leader who’s presented at national and international conferences and universities. He’s also been quoted in mainstream publications, including The Wall Street Journal and Forbes. In this episode… Privacy engineering is an emerging field of engineering. What is the role of this profession, and how can companies benefit from their expertise? Seasoned information security professional Aaron Walker  explains the categories of privacy engineering include user experience, design infrastructure, software development, and privacy-enhancing technologies. PETs are tools and techniques that help companies and individuals control and protect their personal information — they can be used to encrypt data, anonymize individuals, and control access to information. Privacy engineers have various responsibilities, such as implementing systems that provide acceptable levels of privacy. Aaron advises that smaller organizations can integrate privacy engineers by educating existing engineers to build their system development lifecycle process. In this episode of the She Said Privacy/He Said Security with Jodi and Justin Daniels, Aaron Weller, Leader of the Global Privacy Engineering Center of Excellence at HP, expounds on privacy engineering, PETs, and information security. Aaron discusses the integration of AI and privacy engineering, how companies can implement privacy-enhancing technologies, and offers advice to aspiring engineers.

Keith Novak is the Co-founder and CISO at Intentional Cybersecurity, an advisory firm supporting clients with cyber risk needs using penetration testing, control validation, and cyber due diligence. Keith drives the company’s growth and success by delivering high-value cybersecurity advisory assessments. A seasoned veteran in the industry, he’s worked with clients in all sectors and verticals. Before founding Intentional Cybersecurity, Keith led the global cyber risk advisory and strategy practice for Kroll, a leading cyber risk management and incident response firm. Keith is one of the few cyber professionals with experience in technical operations and business strategy, adding value to any cybersecurity team. In this episode… The SEC requires companies that have experienced drastic fiscal changes to submit a Form 8-K. With the number of data breaches in recent events, we will likely see more 8-K filings. How can organizations be more proactive about protecting their data? Cybersecurity expert Keith Novak explains humans are still fallible regardless of how flawless their security program might be. Therefore, it’s imperative to train helpdesk personnel to be steadfast in confirming identities. Keith suggests significant improvements to the multifactor authentication process, such as asking for passphrases or employee IDs. He also shares that private companies do not fall under SEC, NYDFS, and NEIC requirements and are not obligated to report breaches. However, boards do encourage cybersecurity services, including risk assessments. Individuals can practice risk assessments, as well, by adopting a healthy dose of skepticism. Don’t shy away from asking why your social security card or driver’s license is needed. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Keith Novak, Co-founder and CISO at Intentional Cybersecurity, discusses how privacy and security relate to cybersecurity. Keith explains the significance of data transparency, how individuals and companies can protect themselves from data breaches, and suggests multifactor authentication (MFA) process improvements.

Pedro Pavón is the Global Director of Monetization, Privacy, and Fairness at Meta, the tech company behind Facebook, Instagram, WhatsApp and Threads. In addition to providing legal counsel and advocating for data privacy, data protection, fairness, and algorithmic transparency, Pedro leads a team of lawyers and policy professionals. Beyond his responsibilities at Meta, Pedro teaches privacy and information security law at the Georgia State University College of Law. Pedro is a thought leader and writer on privacy and data security issues related to AI, Metaverse, digital advertising, blockchain, and IoT. In this episode… In December 2022, Meta (formerly Facebook) settled a $725 million lawsuit alleging that the company gave third parties access to users' private data without permission. Meta is now attempting to become a data privacy leader, so what safeguards have they implemented? Privacy professional Pedro Pavón explains Meta is making tremendous efforts to improve data protection and user transparency. Besides empowering the legal team with the authority to negate atrocious ideas with the potential to harm users, Meta now equips individuals with more control and transparency regarding their data. Meta is also launching new technology, such as the AI chatbot. To shield data, the security team enables security by design protection and transparent communication on how AI systems use people’s data. Data privacy transparency is crucial because it helps build trust between consumers and businesses. It lets customers understand how their data is collected, used, and shared. This enables them to make informed decisions about their privacy and security. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Pedro Pavón, Global Director of Monetization, Privacy, and Fairness at Meta, discusses how the company is improving data privacy. Pedro shares the role privacy and data protection play in the new Meta AI chatbot, why privacy should be more transparent, and ways AI can improve privacy.

Nia Castelly is the Co-founder and Legal Lead at Checks, a Google-backed privacy platform that uses AI to simplify privacy compliance for developers. Before Checks, Nia spent nearly five years as a legal advisor for Google Play’s Developer Console, Policy, and Operations teams. Nia is an entrepreneur and supporter of early-stage startups, serving as an Angel Investor at the Black Angel Group and as a Limited Partner at How Women Invest. In this episode… In the early 2000s, Apple trademarked the phrase “there’s an app for that!” Fast forward to today — the public demands applications because it simplifies areas of our lives. With that demand, developers often rush to launch but must adhere to complicated privacy regulations. How can developers create delightful apps while remaining compliant? Most mobile engineers use software developer kits, a third-party code. If developers do not adequately edit the codes, it can cause unintentional consequences, such as data collection and sharing. Seasoned lawyer Nia Castelly, co-founder of privacy platform Checks, explains there is a three-step procedure known as a triangle to analyze such issues. Once detected, mobile app companies can make requirements to be compliant. Product developers also leverage AI to translate privacy policies, helping simplify compliance complexities. In this episode of the She Said Privacy/He Said Security Podcast with Jodi and Justin Daniels, Nia Castelly, Co-founder and Legal Lead at Checks, discusses data privacy compliance within mobile app development. Nia explains how cultural differences affect privacy across the globe, demystifying compliance complexities, and procedures for governing AI within product development.

Roderic Deichler is the Co-founder and Chief Security Officer at AfterDark, a boutique blockchain security company delivering white glove services, such as smart contract advising, pentesting, and security advising. Roderic founded the company to fill the security gap in Web3. Before AfterDark, he led pentesting at Mandiant and smart contract audits at Coinbase and OpenZeppelin. Roderic discovered his enthusiasm for cybersecurity while studying computer science at UC Santa Barbara and competing in Capture the Flag competitions and hackathons. In this episode… Web3 is an extension of cryptocurrency and innovatively uses blockchain. Since a blockchain stores many tokens in a digital wallet, how can cybersecurity professionals fill security gaps on Web3? Risks that threaten Web3 include smart contracts, phishing, scams, and hacks targeting a user’s crypto wallet. According to Roderic Deichler, a veteran cybersecurity professional, there are multiple best practices to mitigate security risks, including applying security strategically, security audits, and multifactor authentication. Security architects use various thought processes when applying security, usually embracing security-by-design principles. Since developers conduct several project tests before and after releasing new code, companies should consider employing internal security teams or consulting security auditors to reveal potential bugs. Social hacking has become a prevalent method for tricking users into revealing their confidential information. To diminish this risk, Roderic suggests using multifactor authentication (MFA), a multi-step process requiring more instruction plus a password. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Roderic Deichler, Co-founder and Chief Security Officer of AfterDark, about cybersecurity risks. Roderic explains security risks in smart contracts, phishing risks in Bitcoin and other digital wallet assets, and AI’s impact on cybersecurity.

Mark Webber is the US Managing Partner of Fieldfisher, a London-based international law firm with offices in Europe, the US, and China. An English lawyer living in the Silicon Valley, Mark oversees the firm’s US operations. As a recognized leader in privacy law with extensive experience working with the world's leading technology companies, Mark is known for finding innovative solutions to complex legal challenges. At Fieldfisher, Mark has been instrumental in establishing, nurturing, and expanding the firm's presence, operations, and services in the US. In this episode… Lawyers endorse the Data Privacy Framework as a valuable tool to mitigate cybersecurity risks. However, many experts argue that protecting businesses from other privacy risks — such as those posed by AI — is not enough. The draft of the European Union AI Act has sparked debate among privacy professionals, with some advocating for a prohibition on the unrestricted use of AI technologies such as biometrics in real time. Mark Webber, a seasoned lawyer with expertise in technology and privacy, disagrees with this approach. He cautions against AI's high-risk threats to transport, infrastructure, and decision-making. To mitigate these risks, Mark suggests that companies conduct an AI impact assessment, such as the one developed by the National Institute of Standards and Technology, before implementing generative AI systems. He also warns that, given the ever-evolving nature of AI, any governing policies will only be effective with proper education and training. In this episode of the She Said Privacy/He Said Security Podcast, Mark Webber, US Managing Partner at Fieldfisher, joins Jodi and Justin Daniels to discuss the US-EU Data Privacy Framework and AI. Mark explains how the framework will impact businesses, the European Union AI Act, the intersection of AI regulation with GDPR, and why organizations should consider implementing AI assessment frameworks.

Riley Hughes is the Co-founder and CEO of Trinsic, a reusable identity infrastructure provider. Riley educates and trains businesses on the benefits of using Trinsic to improve the identity verification processes within their products, improving privacy and the user experience. As a pioneer in the decentralized identity community, Riley has spearheaded privacy-preserving technologies, such as identity wallets and verifiable credentials eligible to the masses. Before Trinsic, he honed his skills in the decentralized identity space as the second employee at the Sovrin Foundation — an international nonprofit that was established to administer the Governance Framework at the Sovrin Network. In this episode… It is a common experience to verify one's identity online only to have the website fail to accept the provided identification. Additionally, many people are uncomfortable sharing their driver's license and other forms of ID, as it contains personal information. With so many technological advances, why is proving one’s identity such an antiquated process? These are the burning questions Riley Hughes had while working for the Sovrin Foundation, a Governance Framework administrator, so he was inspired to develop decentralized identity products such as digital wallets and verifiable credentials. Digital wallets are convenient and secure methods to store payment information on mobile devices, including bank information and debit and credit cards. Like digital wallets, verifiable credentials digitally store information found on physical documents such as driver’s licenses, passports, birth certificates, employee IDs, and educational certificates and can be cryptographically verified. These self-sovereign methods give individuals complete autonomy over their data and allow them to control how it’s shared. Join Jodi and Justin Daniels in today’s episode of the She Said Privacy/He Said Security Podcast, as they welcome Riley Hughes, Co-founder and CEO of Trinsic, to discuss decentralized identity. Riley expounds on self-sovereign identity, how decentralized identity enhances privacy, and how AI impacts the reusable identity infrastructure.

Tim Lupinacci is the Chairman and CEO at Baker Donelson, one of the largest US law firms — composed of 650 attorneys and public policy advisors — representing over 30 practice areas. Under his tutelage, Tim led the firm through organizational reconstruction, growth, and the COVID-19 pandemic. He chaired the Financial Services Department and the Women’s Pathways to Leadership Committee and was a Diversity & Inclusion Committee board member. A self-professed “leadership junkie,” Tim continuously elevates his leadership skills through studying, reading, and learning from his failures. His passion for leadership inspired him to launch Everybody Leads, a nonprofit dedicated to empowering individuals in underserved communities with essential leadership skills and confidence. In this episode… Cybercriminals target law firms because they store valuable and sensitive information. In a security breach, ransomware could lock down the office’s files for an extended period, making it impossible to perform routine operations. So, how can law firms protect themselves from cyberattacks? Regardless of a firm’s size, all law offices are vulnerable. Tim Lupinacci, a chief leader at one of the most prominent legal firms in the US, advises implementing a strategic cybersecurity plan. Hiring a full-time CISO and security team could spearhead the program and strictly focus on managing cyber risks. Preventive measures like phishing simulations can prevent their colleagues from falling victim to cyberattacks. If a cohort fails the designated tests, they must attend additional training to protect themselves and the office's devices. Tim advises that the best protection is to be vigilant, have mitigation plans, inform staff members of the latest cyber threats, and educate them on “cybersecurity hygiene.” On today's She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Tim Lupinacci, Chairman and CEO at Baker Donelson, about Baker Donelson's strategic cybersecurity planning, the importance of forging relationships between the C-suite and the firm's security team, and his personal experience with being hacked.

Julian Llorente Perdigones is the Director of Data Privacy at Tealium, a customer data platform company with offices in the US, Germany, Singapore, UK, Japan, the Netherlands, France, and Austria. Julian is an experienced data scientist and expert in data privacy. In his role, he analyzes technical challenges while assessing privacy concerns. Before Tealium, he was a Data Scientist at zeroG, a Germany-based company committed to making data work for air travel. He also worked at Lufthansa in the digital analytics and online sales department. Julian holds a MS in Big Data & Business Analytics from SRH University in Heidelberg, Germany. He also holds a BS in International Business Information Systems from the University of Applied Sciences in Frankfurt. In this episode… A customer data plan can be a valuable tool for businesses. It allows businesses to collect and analyze customer data from multiple sources. However, it’s important to be aware of the data privacy implications. Data scientist and CDP professional Julian Llorente Perdigones explains businesses must ensure they have consent from customers to collect and use their data, and they must also take steps to protect customer data from unauthorized access or disclosure. At Tealium, their mission is to establish customer trust in data. According to Julian, companies can establish customer trust using CDP by reducing risk using siloed data, propagating privacy preferences, and enabling operational efficiency. Businesses can be transparent by giving customers control over their data and personalizing the customer experience. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels interview Julian Llorente Perdigones, Director of Data Privacy at Tealium, about data privacy and CDP. Julian explains customer data plans, how companies can use CDPs while adhering to privacy laws, and the common mistakes companies make when working with CDPs.