Caitlin Fennessy is the VP and Chief Knowledge Officer at the International Association of Privacy Professionals, the largest privacy association in the world facilitating conversations, debates, and collaboration among key industry leaders and organizations. In her role, she leads the research team in developing content that helps privacy professionals understand the operational impacts of global data protection-related developments. Caitlin is a recognized privacy expert serving as an inaugural member of the UK International Data Transfers on the German Marshall Global Task Force to promote trusted data sharing. In this episode… With the US taking a fragmented approach to privacy laws, individual states are passing various regulations, and the likelihood of the ADPPA being passed seems unlikely. Meanwhile, data is becoming increasingly complex, and new technologies are emerging daily. So how are companies maintaining compliance in this evolving landscape, and what can you observe from their efforts? According to Caitlin Fennessy, most companies recognize the elevated risks in the privacy landscape, and her organization’s governance survey reports a 12% increase in the size of privacy teams. AI poses one of the most significant risks in this space, so more than 50% of businesses have integrated AI governance guidelines with robust privacy programs. Caitlin says that the current regulatory ecosystem impacts these companies’ decisions significantly and that you should remain vigilant when sharing sensitive data and compare each state’s laws to stay abreast of new developments.  VP and Chief Knowledge Officer at IAPP, Caitlin Fennessy, joins Jodi and Justin Daniels for this episode of She Said Privacy/He Said Security to talk about how privacy risks inform federal privacy legislation. Caitlin also explains the key takeaways from privacy violation fines, how privacy has evolved, and current industry trends.

Cat Coode is the Founder of Binary Tattoo, a data and privacy consultancy. With a certification in data privacy law and two decades of experience in mobile development and software architecture, she helps individuals and corporations better understand cybersecurity and data privacy. Cat specializes in global privacy regulation compliance and delivering privacy education seminars. She is a member of the Canadian Standards Council for GDPR and in 2021, was named one of Canada’s Top 20 Women in Cybersecurity.  In this episode… Most professionals and corporations are familiar with GDPR and CCPA, but Canada’s data privacy law differs in that individuals are permitted to access and amend personal information from companies. This right has exposed various data privacy breaches from large organizations like Tim Hortons and Home Depot. So what can companies learn from these mistakes? Data privacy infringements occur when businesses mislead their customers about how they’re utilizing personal information for various services. Regardless of where you’re located, Cat Coode says to avoid disclosing sensitive data to third parties. Instead, it’s crucial to maintain transparency regarding data collection and usage so consumers can take control of their information. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels host data privacy strategist and Founder of Binary Tattoo, Cat Coode, to chat about Canadian data privacy laws. Cat also shares the implications of Home Depot’s data collection and sharing methods, the three best practices for vendor due diligence, and how Canada’s data privacy laws compare to other regulations.

Phil Rubin is the Founder and Principal of Grey Space Matters, a consulting firm that works with companies ranging from early-stage and emerging growth to global brand leaders across various industries and sectors. He is a customer-focused strategic growth leader with more than 30 years of experience driving growth for global brands.  Recognized as an industry thought leader, Phil is a keynote speaker for events across North America, Asia, and Europe. He has been quoted in The Wall Street Journal, Forbes, and numerous other trade publications. Before GSM, Phil led Global Insights and Strategic Partnerships for Bond, a loyalty and customer marketing firm. In this episode… Airlines and other brands utilize loyalty programs to generate customer insights and enhance experiences. For instance, Delta Airlines has partnered with American Express and Lyft to offer frequent flier miles and discounted transportation — but this raises concerns regarding data collection. So how are brands collecting customer data, and how can you take precautions to protect privacy? According to Phil Rubin, brands collect two types of data: zero-party data that customers share willingly with the company and first-party data, which brands collect and own directly from their customers. When leveraging loyalty programs, brands should remain transparent about data collection methods to avoid costly privacy breaches. Customers join loyalty programs to receive value and benefits, so it’s crucial to provide useful services and establish trust to increase consent. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels interview Phil Rubin, Founder and Principal of Grey Space Matters, to discuss data-sharing in loyalty programs. Phil explains integrated loyalty experiences, the common forms of data collected for loyalty programs, and how privacy laws impact these programs.

Larry Slusser is the Senior Director of Professional Services at SecurityScorecard, the global leader in cybersecurity ratings. In his role, he assists clients in both active and reactive cybersecurity through services including global digital forensics, incident response, and ransomware mitigation. As a retired Air Force officer, Larry partnered with technical engineers, investigators, and business and external stakeholders to sustain focus and achieve milestones. Before SecurityScorecard, he held several leadership positions at Fortune 500 companies.   In this episode… As ransomware attacks grow increasingly elaborate, companies need to develop sound incident response measures to protect their data. Yet less than 10% of incident response plans are prepared to combat these attacks, and in the event of a threat, 80% of businesses pay the ransom. So how can you optimize your response strategies to ensure maximum preparation? Larry Slusser advises developing and executing tabletop exercises to simulate an actual attack. But this exercise is ineffective without proper data analysis, so it’s crucial to locate and safeguard your most valuable data. Optimal awareness and preparation require you to become educated on incident detection and response and invest in antivirus security tools. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels host Larry Slusser, Senior Director of Professional Services at SecurityScorecard, to discuss cyber attacks and incident response measures. Larry talks about the types of ransomware, the importance of tabletop exercises, and how companies respond to ransomware attacks.

Chris Bullock is the Founder, CEO, and Managing Member of Cyber Investigations and Intelligence Agency (CI2A), a company that provides world-class cybersecurity and cybercrime solution services. He is also an award-winning chief information security officer and a decorated law enforcement veteran. As a leader and program builder, Chris has built and managed several successful cybersecurity programs at large and small organizations across many business verticals and governments. He holds multiple certifications including Certified Information Systems Security Professional (CISSP) and Certified Cybercrime Examiner (CCCE). Chris frequently speaks at major security conferences and writes articles on cybersecurity, and in 2012, he was voted “85th Top Ranking CISO in the US.” In this episode… Open-source intelligence has provided public access to personal information on the internet, allowing hackers to compromise anyone’s digital profile. With technology becoming increasingly pervasive in our daily lives, what steps can you take to reduce your digital footprint? According to Chris Bullock, attackers can steal data from your personal devices to be exchanged on the dark web. Most users aren’t aware that seemingly mundane settings on these devices can collect and release your data. To prevent unwanted attacks, Chris recommends disabling location services, photo, and microphone access for all apps and deactivating the auto-join feature for Wi-Fi and Hotspots.  In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Chris Bullock, Founder, CEO, and Managing Member of CI2A, to discuss tips for protecting your digital profile. Chris also explains open-source intelligence, the impact of privacy laws on data security, and how security attacks against high-profile individuals have evolved.

Beatrice Botti is the Vice President and Global Data & Privacy Officer at DoubleVerify, a leading software platform for digital media measurement and analytics. After an academic career in the EU and the US, she became a contract attorney before working in various privacy roles at Virgin Pulse, including Director of Privacy, Partnerships & Legal, Privacy Officer, and Data Protection Officer.  In this episode… Privacy regulations in the US are rapidly evolving, with five new laws expected to be enacted by the end of the year. But with individual governments working independently, each law is interpreted differently, making it challenging for organizations to fully comprehend privacy. So how can you build a privacy program that conforms to each law’s regulatory framework? When it comes to privacy in the ad tech space, Beatrice Botti says that predicting the outlook of impending regulations is futile. It’s critical to prepare for uncertainty by analyzing your data’s location and categories to determine which laws apply to your business. Once you’ve collected the appropriate data, you can seek advice from a privacy consultant or attorney to help you assess possible solutions, create a compliant program, and decide on further action. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels sit down with Beatrice Botti, VP and Global Data & Privacy Officer at DoubleVerify, to discuss how privacy regulations impact ad tech. Beatrice speaks about the most pervasive privacy challenges companies face, advice for navigating US privacy laws, and how organizations can build privacy programs.

Curtis Preston is the Chief Technical Evangelist at Druva, a SaaS data protection platform. He is also the Founder and Webmaster of Backup Central, a website dedicated to data backup and recovery. Since 1993, Curtis has specialized in storage, backup, and recovery and has been an end-user, consultant, and analyst. He has written four books on these subjects and is the host of the Restore it All and No Hardware Required podcasts. In this episode… Ransomware is becoming increasingly sophisticated, with hackers deactivating companies’ backup servers to counteract cybersecurity efforts in a traditional attack. Still, businesses are neglecting to test and protect their backup servers. So how can you safeguard your data against cyberattacks? With the emergence of modern technology and impending security regulations, W. Curtis Preston says it’s more crucial than before to implement disaster recovery plans that facilitate data restoration. One way to ensure maximum protection is to utilize a SaaS data protection provider. Selecting a provider necessitates evaluating your cybersecurity methods and aligning them with the provider’s disaster response plans. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels sit down with W. Curtis Preston of Druva and Backup Central to talk about data protection and disaster recovery. Curtis explains how ransomware targets backup servers, the importance of updating backup plans, and key considerations for selecting data protection SaaS providers.

Jared Coseglia is the Founder and CEO of TRU Staffing Partners, an award-winning staffing company representing talent and opportunities in data privacy, e-discovery, and cybersecurity. TRU has been voted a top-three legal and/or litigation support staffing agency for seven consecutive years in both the National Law Journal and the New York Law Journal and has been named one of the Inc. 5000 Fastest Growing Private Companies in America.  Jared has placed over 3000 professionals in full-time and temporary positions at the Fortune 1000 and Am Law 200 levels and throughout the global consultancy, service, and software provider communities. As an active member of the legal and cybersecurity community, he is a member of the Board of Editors for Cybersecurity Law and Strategy, has written over 90 articles, regularly appears in podcasts and webinars, and has spoken at over 50 conferences.  In this episode… When it comes to hiring, data privacy and security companies aren’t sure what to look for in candidates. Similarly, professionals are struggling to understand businesses’ qualifications and gain the skills needed for each discipline. With so much variability surrounding hiring practices, how can organizations maintain clarity to attract and retain top talent? Privacy and security staffing expert Jared Coseglia says that companies need to develop robust, transparent, and simple privacy and security programs. This demonstrates that you recognize your business’ requirements and can assess the market effectively. Some companies have employed AI technology to streamline the hiring process. Yet, this raises representation issues, so Jared says it’s crucial to utilize this technology to enhance diversity and provide candidates with an inclusive experience.  In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Jared Coseglia about hiring and staffing trends in privacy and security. Jared talks about how companies can attract and retain privacy talent, AI’s role in the hiring process, and compensation in privacy versus security.

Zenobia Godschalk is the SVP of Communications at Hedera, an enterprise-grade public network for building decentralized applications. As the Founder and CEO of the technology marketing firm ZAG Communications, she has launched and grown multiple $1B, high-growth, global technology companies. Zenobia has experience in distributed databases, cybersecurity strategies, public relations, and financial reporting. She is also a board member of Stanford FLAN (First-Generation and/or Low-Income Alumni Network).  In this episode… Blockchain is surging in popularity — everything from banking transactions to digital concert tickets uses some form of decentralized finance. Yet, consumers distrust this software as it poses security risks and often results in adverse online experiences. So, what does this mean for the future of blockchain? Early adopters of this technology have employed a more synthetic version of decentralized finance (DeFi), exploiting customers by claiming unrealistic ROIs. Given that blockchain and other types of DeFi are still unregulated by FDIC and venture capital, Zenobia Godschalk says that the road to full adoption is likely to be hindered. Meanwhile, she notes that companies seeking to integrate blockchain must understand its underlying protocols and technology infrastructure to create seamless consumer interactions.  In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels welcome Zenobia Godschalk, SVP of Communications at Hedera, to discuss security trends in the blockchain space. Zenobia talks about venture capital’s security regulations for blockchain, how to build trust in decentralized finance, and how to optimize digital transactions.

Ian Cohen is the Founder and CEO of Lokker, a company committed to protecting businesses from third-party privacy risks. Before Lokker, he served as CEO of Credit.com, where he transformed the company into a trusted high-growth hub for consumers seeking guidance on credit and finance. Ian is also a Board Member of Uqual, an Industry Advisor at Long Ridge Equity Partners, and an Advisor and Investor at PolyScale.  In this episode… Data collection has become increasingly obscure, and companies like Meta and Oracle are facing lawsuits for unauthorized data tracking and sharing across third parties. With data sharing largely unregulated among companies, how can you protect customer data? When collecting consumer data, companies often struggle to interpret the data and lack knowledge about its location and usage. With the emergence of GDPR (General Data Protection Regulation) in the US, businesses must go beyond internal privacy programs to regulate external data sharing and comply with the law. Ian Cohen stresses the importance of establishing awareness campaigns and fostering transparency and visibility among third parties. In today’s episode of She Said Privacy/He Said Security, Jodi and Justin Daniels host Ian Cohen, Founder and CEO of Lokker, to discuss protecting consumer data from third-party access. Ian explains how Lokker collects and analyzes data, discusses the compliance challenges of third-party data, and offers advice on third-party data sharing.