"The Data Diva" Talks Privacy Podcast

Send us a textIn episode 242 of The Data Diva Talks Privacy Podcast, host Debbie Reynolds, “The Data Diva,” welcomes Karina Klever, CEO and CISO at Klever Compliance. Karina shares her extensive career journey through IT operations, project management, and compliance leadership to demystify what effective governance really means. She challenges the outdated practice of blindly following frameworks and checklists that do not reflect a company’s actual business model or operational maturity. Karina introduces her pragmatic “Now, Next, Near, Never” methodology—a practical framework for prioritizing GRC (governance, risk, compliance) efforts based on relevance, applicability, and timing. She and Debbie unpack why so many organizations suffer from “compliance theater,” implementing policies they do not actually follow or understand. Karina explains the risks of orphaned controls, vague role descriptions, and overreliance on vendor templates that are misaligned with internal realities. She also stresses the importance of documentation, clarity in control language, and having a feedback loop for maturing compliance over time. This episode is a must-listen for organizations looking to move beyond checkbox audits and build scalable, operationally aligned governance structures that support real risk mitigation and long-term accountability.Support the show

Send us a textIn episode 241 of The Data Diva Talks Privacy Podcast, host Debbie Reynolds, “The Data Diva,” welcomes Phillip Mason, Global Privacy Program Manager at Corning, Inc. Phillip joins Debbie to discuss the complicated interplay between AI advancement, regulatory frameworks, and the ethical imperative of human judgment. Drawing from his diverse background in accounting, law, and privacy, Phillip offers an informed and multidimensional perspective on how businesses navigate emerging risks. He critiques overbroad AI legislation like the EU AI Act, which he believes may have unintended consequences for innovation, particularly among smaller firms lacking legal and compliance resources. Debbie and Phillip dive into examples of poorly executed AI rollouts that sparked public backlash, such as LinkedIn’s data harvesting practices and Microsoft’s Recall feature, emphasizing the importance of transparency and foresight. Phillip also unpacks the difference between having a “human in the loop” and placing real ethical judgment into practice. They discuss how organizations can build a culture of trust and accountability where data science and compliance work harmoniously. The conversation ultimately underscores that as algorithms get smarter, human oversight must also evolve, with thoughtful governance, interdisciplinary collaboration, and values-driven leadership.Support the show

Send us a textIn episode 240 of The Data Diva Talks Privacy Podcast, host Debbie Reynolds, “The Data Diva,” welcomes Ian Glazer, Vice President of Product Strategy at SGNL (SGNL.ai) and co-founder of IDPro. With decades of leadership in digital identity, Ian shares insights on how identity, privacy, and security have become essential foundations of digital interaction.They explore how identity has shifted from managing usernames and passwords to helping individuals assert who they are in digital spaces. Ian and Debbie examine the rise of “proofing creep,” where services now require government IDs and biometric selfies, raising questions about over-collection and user dignity. Ian explains that identity is how privacy controls are enforced, and that organizations need to ask what data they are collecting, what it represents, and how it should be protected.The conversation covers mobile driver's licenses, biometric authentication, and government-backed digital ID programs. Ian raises concerns about fragmented identity systems that could create barriers to global access and digital inclusion. They also discuss challenges with age verification laws that translate physical-world practices poorly into online environments, often leading to excessive data demands.Ian outlines how emerging AI systems acting on behalf of users present new identity challenges around authority, authentication, and accountability. He ties this to similar concerns around digital estate management, emphasizing the need for consistent identity frameworks across different contexts.Closing the episode, Ian calls for an empathetic approach to designing identity systems, one that recognizes real-world conditions such as aging, accessibility needs, and unequal access to technology. Debbie and Ian agree that identity systems should be easy to use, respectful of users, and built to support everyone, not just tech-savvy individuals.Support the show

Send us a textIn episode 239 of The Data Diva Talks Privacy Podcast, host Debbie Reynolds, “The Data Diva,” welcomes Saumya Gupta, Assistant Vice President for APAC and Japan at Platform 3 Solutions. Saumya brings a unique blend of deep technical expertise and strategic thinking to the conversation about data privacy in the modern enterprise. She and Debbie discuss how legacy systems represent one of the largest and most overlooked privacy risks—storing sensitive data long past its useful life and outside of governance controls. Saumya explains how data lake and lakehouse architectures can help businesses centralize, tag, and govern large volumes of structured and unstructured data more efficiently. She presents her open metadata model, a five-layer system that empowers organizations to classify data by technical properties, business relevance, operational quality, sensitivity, and compliance requirements. The conversation explores the collision between AI’s data hunger and privacy’s minimization mandate, and Saumya warns that enterprises cannot afford to ignore data lifecycle hygiene. They also discuss defensible deletion, audit readiness, and the importance of building data infrastructure with privacy as a foundational element. Saumya’s insights help organizations reframe legacy data not just as a cost center or liability, but as an opportunity to reset and future-proof their compliance strategies.Support the show

Send us a textDebbie Reynolds “The Data Diva” talks to Temi Odesanya, Director, Responsible AI and Automation. We discuss her extensive background in artificial intelligence automation, detailing her journey that began with her family's business in the Netherlands. This early exposure to technology ignited her interest in data science, leading her to pursue postgraduate degrees and a scholarship in Italy. Throughout her career, she has become increasingly aware of the critical importance of data governance and compliance, particularly regarding customer data. The conversation highlights Temi's curiosity and the significance of ethical considerations in technology, especially in the context of automated decision-making and data privacy.Support the show

Send us a textDebbie Reynolds “The Data Diva” talks to Mathew Waddell, Founder, Tactically Secure. We discuss insights from his career in the tech industry, particularly in cybersecurity, and his experience working with government agencies and large corporations. He discusses his commitment to simplifying security for individuals and protecting them from threats like ransomware.The discussion then shifts to the evolving landscape of cybersecurity threats, particularly the sophistication of ransomware attacks. Waddell stresses the need for businesses to integrate data privacy and cybersecurity strategies to combat these threats effectively. He points out the increasing trend of attackers stealing data and posting it online to coerce companies into paying ransoms, highlighting the interconnectedness of privacy violations and cybersecurity breaches. Both speakers agreed on the necessity for businesses to adopt proactive measures and recognize the importance of regulations like GDPR and CCPA in prioritizing data protection.Waddell and Reynolds address the dual potential of AI tools in cybersecurity, noting that they can enhance security measures but can also be exploited by malicious actors. They discuss the importance of training employees to recognize cyber threats and the need for effective identity verification strategies in light of emerging technologies like deepfakes and his data privacy wish for the future.Support the show

Send us a textDebbie Reynolds, "The Data Diva", talks to Michael McCracken,  a Data Privacy Strategist and Operational Expert. We discuss his career trajectory, transitioning from accounting to IT audit, which led him to specialize in data privacy, particularly concerning children's information and neurodivergence. He emphasizes the significance of inclusivity in the privacy sector, arguing that diverse teams enhance the effectiveness of privacy strategies.The conversation highlights the complexities surrounding data collection, especially regarding minors. Michael argues that businesses should prioritize individual privacy and not rely on exploiting data. Debbie pointed out the risks associated with unnecessary data collection, which can lead to breaches and erode trust.We advocate for treating data as a valuable asset requiring careful stewardship rather than a commodity to be exploited. They discussed the importance of passion and advocacy within organizations to bridge communication gaps and enhance collaboration on privacy initiatives.Michael raises concerns about the inadequacies of current legal frameworks in protecting children's privacy, warning that companies often prioritize legal defenses over accountability. He and Debbie agreed that a multifaceted approach is necessary for effective privacy regulation. They emphasize the need for transparency and organizational responsibility in privacy practices, particularly as large companies struggle to adapt to regulatory changes. The discussion also touches on the impact of GDPR on U.S. business practices and the challenges posed by the lack of a cohesive national privacy framework.In concluding,   Michael articulates his vision for a unified privacy ethic that prioritizes individual rights and ethical considerations. Debbie echoes this sentiment, advocating that organizations adopt clear ethical frameworks as guiding principles. Support the show

Send us a textIn this episode of The Data Diva Talks Privacy, Debbie Reynolds welcomes Carly Kind, the Australian Privacy Commissioner at the Office of the Australian Information Commissioner. Carly shares her remarkable journey from a career in criminal defense law and human rights advocacy to becoming one of the leading voices in global privacy regulation. She discusses her early exposure to privacy issues through work at the UN and NGOs such as Privacy International and the Ada Lovelace Institute, where she focused on the intersection of technology, human rights, and AI governance.Debbie and Carly explore the philosophical and practical dimensions of privacy, touching on its roots in human dignity, autonomy, and democracy. Carly challenges the often-framed conflict between privacy and innovation, arguing that strong privacy protections foster trust and are essential for societal progress and sustainable technological development. She also shares her insights as a regulator, describing the complex and often resource-intensive reality of enforcing privacy laws and ensuring compliance across a wide spectrum of entities.The conversation then turns to pressing global concerns, particularly the privacy implications of artificial intelligence, including the erosion of purpose limitation principles and the growing dominance of data-rich tech companies. Carly raises important concerns about biometric surveillance, data exploitation in real estate and credit sectors, and the widespread tracking of individuals’ digital behavior.One of the focal points of the discussion is Australia’s Social Media Minimum Age Act, which mandates a ban on children under 16 using social media platforms. Carly reflects on the privacy risks of increased identity verification, the evolving nature of the internet, and the unintended consequences of well-intentioned regulation. She also discusses the importance of advancing children’s online privacy rights through robust regulatory codes.In closing, Carly shares her vision for a more equitable digital future. She emphasizes the need for public reconnection with the foundational values of privacy, calls for a rebalancing of power in the digital ecosystem, and advocates for genuine consumer choice and competitive digital markets. This thought-provoking conversation offers a nuanced look at the global state of privacy, regulation, and the future of human rights in the digital age.Support the show

Send us a textDebbie Reynolds “The Data Diva” talks to Marko Dinic, CEO of Jatheon Technologies, Inc. We discuss the evolving landscape of data archiving, compliance, and artificial intelligence. Marko shares his extensive experience in the archiving space, spanning over two decades, and highlights how regulatory frameworks like Sarbanes-Oxley, GDPR, and CCPA have shaped data retention practices across industries. He explains the complexities of managing data archiving, including challenges with deletion, deduplication, and maintaining audit logs while complying with privacy laws. The conversation explores the growing tension between data retention requirements and privacy mandates, especially in light of AI advancements.Marko emphasizes how AI-driven systems are transforming corporate data management, creating both opportunities and new legal and compliance concerns. The discussion touches on the evolution of data archiving from being a compliance necessity to becoming a strategic corporate asset. Laws such as Sarbanes-Oxley, GDPR, and CCPA significantly impact how organizations must retain and manage data while balancing individuals’ right to be forgotten. AI complicates data deletion processes, raising new privacy risks as organizations increasingly rely on automated compliance workflows. The growing importance of archiving systems as enterprise-wide data hubs underscores their role in providing AI-driven insights while ensuring regulatory adherence.As AI continues to reshape the business landscape, organizations must rethink data governance strategies to navigate compliance challenges. AI models introduce complexities in legal discovery and searchability, requiring transparency in how AI-generated outputs are produced and stored. With companies leaning more heavily on archiving to manage the vast amounts of data being generated, data governance, compliance, and privacy concerns will remain central to business strategy. The integration of AI into archiving systems represents both an opportunity and a challenge, requiring careful consideration of legal, ethical, and technological factors to maintain compliance and data integrity.Support the show

Send us a textDebbie Reynolds “The Data Diva” talks to Peter Cranstone, CEO, 3PMobile, Digital Ecosystems and Consumer Choice. We discuss his personal journey in technology, beginning with his early work on data compression inspired by his uncle. He discusses the creation of the Do Not Track web standard aimed at enhancing user privacy, which faced challenges due to consumer preferences for convenience. Despite the introduction of privacy regulations such as GDPR and CCPA, he notes that users often prioritize instant gratification over privacy. His collaboration with a Kaiser Permanente executive shifted his focus from IT architecture to business strategy, broadening his understanding of how technology can be tailored to meet individual needs in healthcare.Cranstone also recountes the historical evolution of windshield wipers, illustrating how innovation can take time to gain public acceptance. He highlightes the contributions of Mary Anderson and Robert Kearns, emphasizing the importance of gradual acceptance in automotive technology. Additionally, he discusses the complexities of engaging patients in their health management, proposing a dynamic app that allows for continuous interaction with healthcare providers, thereby addressing the challenges posed by an aging population.The conversation shifts to data privacy and decentralization, with Cranstone advocating for a secure wallet system that empowers users to manage their data. He argues for a trusted web model where individuals are compensated for sharing their information, contrasting it with current practices that often exploit user data. Cranstone also addresses the need for equitable resource distribution, suggesting that the value generated by major tech companies could be redirected to alleviate issues like food insecurity. He concludes by emphasizing the importance of AI in personalizing user interactions while maintaining privacy, advocating for a moral approach to data management that respects individuals and promotes equitable distribution, and his data privacy hope for the future.Support the show