She Said Privacy/He Said Security

Todd Renner is a seasoned cybersecurity professional with over 25 years of experience leading global cyber investigations, incident response efforts, and digital asset recovery operations. He advises clients on a wide range of cybersecurity and data privacy matters, combining deep technical knowledge with a strategic understanding of risk, compliance, and regulatory frameworks. With a distinguished background at the Federal Bureau of Investigation (FBI) and National Security Agency (NSA), Mr. Renner has contributed to national security, international cyber collaboration, and has played a key role in mentoring the next generation of cybersecurity professionals. In this episode… The rising complexity of cyber threats continues to test how businesses prepare, respond, and recover. Sophisticated threat actors are exploiting these vulnerabilities of private companies and leveraging AI tools to accelerate their attacks. Despite these dangers, many organizations hesitate to involve law enforcement when a cyber event occurs. This hesitation often stems from misconceptions about what law enforcement involvement entails, including fears of losing control over their systems or exposing sensitive company information. As a result, companies may prioritize quickly restoring operations over pursuing retribution from the attackers, leaving critical security gaps unaddressed. Collaborating with law enforcement doesn’t mean forfeiting control or exposing confidential data unnecessarily. Investigations often reveal repeated issues, including mobile device compromises, missing multifactor authentication, and failing to improve cybersecurity measures after a breach. To be better prepared, companies need to develop and practice incident response plans, ensure leadership remains involved, and build security programs that evolve beyond incident response. And, as threat actors actively use AI to accelerate data aggregation and create convincing deepfakes, companies need to start thinking about how to better detect these threats. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Todd Renner, Senior Managing Director at FTI Consulting, about how organizations are responding to modern cyber threats and where many still fall short. Todd shares why companies hesitate to engage law enforcement, how threat actors are using AI for faster targeting and impersonation, and why many businesses fail to strengthen their cybersecurity programs after a breach. He also discusses why deepfakes are eroding trust and raising new challenges for companies, and he provides practical tips for keeping both organizations and families safe from evolving threats.

Jodi Daniels is the Founder and CEO of Red Clover Advisors, a privacy consultancy, that integrates data privacy strategy and compliance into a flexible, scalable approach that simplifies complex privacy challenges. A Certified Information Privacy Professional, Jodi brings over 27 years of experience in privacy, marketing, strategy, and finance across diverse sectors, working and supporting startups to Fortune 500 companies. Jodi Daniels is a national keynote speaker, and she has also been featured in CNBC, The Economist, WSJ, Forbes, Inc., and many more publications. Jodi holds a MBA and BBA from Emory University’s Goizueta Business School. Read her full bio. Justin Daniels is a corporate attorney who advises domestic and international companies on business growth, M&A, and technology transactions, with over $2 billion in closed deals. He helps clients navigate complex issues involving data privacy, cybersecurity, and emerging technologies like AI, autonomous vehicles, blockchain, and fintech. Justin partners with C-suites and boards to manage cybersecurity as a strategic enterprise risk and leads breach response efforts across industries such as healthcare, logistics, and manufacturing. A frequent keynote speaker and media contributor, Justin has presented at top events including the RSA Conference, covering topics like cybersecurity in M&A, AI risk, and the intersection of privacy and innovation. Together, Jodi and Justin host the top ranked She Said Privacy / He Said Security Podcast and are authors of WSJ best-selling book, Data Reimagined: Building Trust One Byte at a Time. In this episode… From a major privacy summit to a regional AI event, experts across sectors are emphasizing that regulatory scrutiny is intensifying while AI capabilities and risks are accelerating. State privacy regulators are coordinating enforcement efforts, actively monitoring how companies handle privacy rights requests and whether cookie consent platforms work as they should. At the same time, AI tools are advancing rapidly with limited regulatory oversight, raising serious ethical and societal concerns. What practical lessons can businesses take from IAPP’s 2025 Global Privacy Summit and Atlanta’s AI Week to strengthen compliance, reduce risk, and prepare for what’s ahead? At the 2025 IAPP Global Privacy Summit, a major theme emerged: state privacy regulators are collaborating on enforcement more closely than ever before. When it comes to honoring privacy rights, this collaboration spans early inquiry stages through active enforcement, making it critical for businesses to establish, regularly test, and monitor their privacy rights processes. It also means that companies need to audit cookie consent platforms regularly, ensure compliance with universal opt-out signals like the Global Privacy Control, and align privacy notices with actual practices. Regulatory enforcement advisories and FAQs should be treated as essential readings to stay current on regulators' priorities. Likewise at the inaugural Atlanta AI Week, national security and ethical concerns came into sharper focus. Despite promises of localized data storage, some social media platforms and apps continue to raise alarms over foreign governments’ potential access to personal data. While experts encourage experimentation and practical application of AI tools, they are also urging businesses to remain vigilant to threats such as deepfakes, AI-driven misinformation, and the broader societal implications of unchecked AI development. In this episode of She Said Privacy/He Said Security, Jodi Daniels, Founder and CEO of Red Clover Advisors, and Justin Daniels, Shareholder and Corporate Attorney at Baker Donelson, share their top takeaways from the IAPP Global Privacy Summit 2025 and the inaugural Atlanta AI Week. Jodi highlights practical steps for improving privacy rights request handling, the importance of regularly testing cookie consent management platforms, and ensuring...

Peter Kosmala is a course developer and instructor at York University in Canada and leads its Information Privacy Program. Peter is a former marketer, technologist, lobbyist, and association leader and a current consultant, educator, and international speaker. He served the IAPP as Vice President and led the launch of the CIPP certification in the early 2000s. In this episode… As data privacy continues to evolve, privacy professionals need to stay sharp by reinforcing their foundational knowledge and refining their practical skills. It’s no longer enough to just understand and comply with regulatory requirements. Today’s privacy work also demands cultural awareness, ethical judgment, and the ability to apply privacy principles to real-world settings. How can privacy professionals expand their expertise and remain effective in an ever-changing environment? Privacy professionals can’t rely on legal knowledge alone to stay ahead. Privacy frameworks like the Fair Information Practice Principles (FIPPs), OECD Guidelines, and others offer principles that help privacy pros navigate shifting global privacy laws and emerging technologies. Privacy pros should also deepen their cultural literacy, recognizing the societal and political drivers behind laws like GDPR to align privacy practices with public expectations. Hands-on operational experience is just as important. Conducting privacy impact assessments (PIAs), responding to data subject access requests (DSARs), and developing clear communications are just a few ways privacy pros can turn knowledge into practical applications. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Peter Kosmala, Course Developer and Instructor at York University, about how privacy professionals can future-proof their skills. Peter discusses the value of foundational privacy frameworks, the tension between personalization and privacy, the limits of law-based compliance, and the growing need for ethical data use. He also explains the importance of privacy certifications, hands-on learning, and principled thinking to build programs that work in the real world.

Amanda Moore is a seasoned leader with extensive experience in privacy strategy, technology, and operations. She currently serves as the Senior Director of Privacy at DIRECTV, where she oversees the company’s privacy program with respect to technology and operations. Prior to her role at DIRECTV, she held pivotal positions at CVS Health and AT&T leading technical and business teams. Her career started in information technology but shifted to privacy before the onset of CCPA. Amanda holds the CIPM certifications and is a OneTrust Fellow of Privacy Technology. In this episode… Many organizations invest in privacy technology expecting it to deliver instant compliance, only to find that it fails to integrate with existing tools or processes. Adoption often lags when internal teams see privacy as a barrier or when tools are implemented without clearly defined goals. Choosing privacy technology before businesses understand the specific problem they’re meant to solve leads to confusion, inefficiency, and low adoption. One of the most effective ways to boost technology adoption is to start with a clear understanding of business processes and goals before introducing new privacy tech. Successful privacy programs start by mapping business processes and making small, non-disruptive backend adjustments that minimize disruption. Additionally, building internal awareness through roadshows, clear communication, and simplified privacy impact assessments helps shift perceptions and encourages teams to view privacy as a business enabler. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Amanda Moore, Senior Director of Privacy at DIRECTV, about integrating privacy technology into business operations. Amanda highlights how strong internal relationships help position privacy as a business enabler, why reframing communication to various business executives enhances support for privacy initiatives, and how measuring privacy program maturity with the use of technology provides more insight than surface-level metrics. She also discusses methods to increase adoption through internal awareness campaigns and simplified assessments, and the long-term value of reputation-building within organizations.

Brian Mullin is the CEO and Co-founder of Karlsgate. He is also a creator of Karlsgate Identity Exchange, a groundbreaking solution for zero-trust remote data matching and integration. Brian has over 30 years of experience in data privacy and security with leadership roles at companies across the data-driven marketing ecosystem. In this episode… Data is often viewed as binary and categorized as either public or private with the assumption that private data is secure and tightly protected. Companies often rely on firewalls, contracts, and policies to secure data, yet these measures don’t guarantee control once data is shared across multiple platforms and with third-party vendors. Every time data changes hands, the risk of exposure, misuse, or compliance failure increases. So, how can organizations securely share data while minimizing risks and protecting individual identities? To address this challenge, companies can treat sensitive information as a “protected data” category where data is only shared under specific, controlled, and technology-enforced conditions. Rather than trusting third-party data clean rooms to match and analyze data sets, businesses can use Karlsgate’s peer-to-peer privacy-enhancing technology to prevent identity exposure altogether. This allows companies to reduce risk while eliminating the need for persistent IDs like cookies to ensure data set matching occurs without revealing personal information. In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels talk with Brian Mullin, CEO and Co-founder of Karlsgate, about how companies can rethink data sharing with privacy-first tools. Brian discusses the dangers of persistent identifiers and why protected pipelines offer a more scalable and secure solution than traditional data clean rooms. Brian also shares how Karlsgate enables secure data set matching between organizations while eliminating the need to hand over control and explains how organizations can adopt these technologies quickly without adding friction to existing workflows.

Farah Gasmi is the Co-founder and CPO of Dioptra, the accurate and customizable AI agent that drafts playbooks and consistently redlines contracts in Microsoft Word. Dioptra is trusted by some of the most innovative teams, like Y Combinator and Wilson Sonsini. She has over 10 years of experience building AI products in healthcare, insurance, and tech for companies like Spotify. Farah is also an adjunct professor at Columbia Business School in NYC. She teaches a Product Management course with a focus on AI and data products. Laurie Ehrlich is the Chief Legal Officer at Dioptra, a cutting-edge legal tech startup revolutionizing contract redlining and playbook generation with AI. With a background leading legal operations and commercial contracting at Datadog and Cognizant, Laurie has deep expertise in scaling legal functions to drive business impact. She began her career in intellectual property law at top firms and holds a JD from NYU School of Law and a BS from Cornell. Passionate about innovation and diversity in tech, Laurie has also been a champion for women in leadership throughout her career. In this episode… Contract review can be time-consuming and complex, especially when working with third-party agreements that use unfamiliar language and formats. Legal teams often rely on manual review processes that make it challenging to maintain consistency across contracts, contributing to inefficiencies and increased costs. That’s why businesses need an effective solution that reduces the burden of contract analysis while supporting legal and strategic decision-making. Dioptra, a legal tech startup, helps solve these challenges by leveraging AI to automate first-pass contract reviews, redline contracts, and generate playbooks. The AI agent analyzes past agreements to identify patterns, standard language, and key risk areas, allowing teams to streamline the review process. It supports a range of use cases — from NDAs to real estate deals — while improving consistency and reducing review time. Dioptra also enhances post-execution analysis by enabling companies to assess past agreements for compliance and risk exposure. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Farah Gasmi, Co-founder and Chief Product Officer at Dioptra, and Laurie Ehrlich, the Chief Legal Officer at Dioptra, about how AI is used to streamline contract reviews. Together, they discuss how Dioptra accelerates contract reviews, supports security and privacy through strict data controls, and enables organizations to build smarter, more consistent contract processes — without removing the need for expert human judgment. Farah and Laurie also delve into the importance of AI-driven consistency in contract negotiation, vendor security evaluations, and how companies can safeguard sensitive data when using AI tools.

David Kennedy is the Founder and CEO of TrustedSec and Co-founder at Binary Defense. He is considered an industry leader in cybersecurity. As the former Chief Security Officer of Diebold, David has led global cybersecurity teams, testified before Congress, and continues to shape cybersecurity policy. He co-authored the Penetration Testing Execution Standard and is renowned in offensive security. A Marine with intelligence experience, he prioritizes family, fitness, and co-hosts the Hacking Your Health Podcast. He built a DeLorean time machine inspired by Back to the Future. David's life mission is to help others and to make the world a safer place in cybersecurity, which drives him every single day. In this episode… Cybersecurity threats are evolving at an alarming rate, and businesses face an uphill battle in protecting their data and systems. Ransomware attacks, supply chain vulnerabilities, and sophisticated social engineering tactics put organizations at constant risk. At the same time, companies face mounting pressure to protect customer data amid the growing influence of AI-driven misinformation, concerns surrounding platforms like TikTok, and other evolving cyber threats. How can businesses defend themselves proactively? Building a strong cybersecurity program requires leadership, governance, and proactive risk management, not just technology. Many organizations struggle with detecting breaches in real time, making rapid threat detection and response essential. TrustedSec and Binary Defense are helping companies address these challenges by providing expert-led security consulting, penetration testing, and real-time threat monitoring. As cyber threats become more advanced, collaboration between security and privacy teams is essential to building a comprehensive defense strategy. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with David Kennedy, Founder and CEO of TrustedSec and Co-founder at Binary Defense, about evolving cybersecurity threats and how businesses can improve their security posture. David talks about the intersection of cybersecurity and privacy, the role of governance in building cybersecurity resilience and protecting data, how AI is shaping cyber threats, and the implications of cyber warfare. He also shares his experience testifying before Congress, explaining why lawmakers struggle to grasp cybersecurity issues. David provides advice on how companies can improve their threat detection and response capabilities and why social media presents a growing risk.

Jason Brenner is the RVP of Healthcare & Lifesciences at LiveRamp and has been working in the advertising and ad tech industries for over 20 years. He is leading efforts on building data connectivity solutions for the healthcare and life sciences industries. Prior to LiveRamp, Jason has held leadership positions at Placed, Verve, PayPal, Time Inc., The New York Times, and Condé Nast. In this episode… Companies in industries like healthcare and life sciences are leveraging data collaboration to collect valuable insights to drive innovation and improve customer experiences. However, for many organizations, balancing data collaboration with privacy, security, and regulatory compliance obligations remains a significant challenge. With consumer trust at stake, and the risks of improper data handling, how can companies balance innovation with responsible data use? Data collaboration in healthcare presents both opportunities and challenges. Companies need to adopt privacy-by-design principles and engage legal and privacy teams early in the process. By implementing techniques such as data tokenization and de-identification, businesses can extract valuable insights while minimizing privacy and security risks. That's why companies like LiveRamp are making this process easier with a platform that transforms personally identifiable information into non-reversible tokens, allowing organizations to use data responsibly while minimizing privacy and security risks. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Jason Brenner, RVP of Healthcare and Life Sciences at LiveRamp, about the critical role of privacy and security in data collaboration. Jason shares insights on how organizations are navigating a complex and fragmented regulatory landscape, the importance of adopting privacy-by-design principles, and engaging legal and privacy teams early in the process. He also shares how businesses can minimize data retention risks, the role of de-identification and tokenization in protecting sensitive information, and the importance of building customer trust through responsible data practices.

Niel Harper is a Certified Director and ISACA Board Vice Chair. He is also the Chief Information Security Officer and Data Protection Officer at Doodle. Niel is based in Germany. He has more than 20 years of experience in IT risk management, cybersecurity, privacy, Internet governance and policy, and digital transformation. Safia Kazi is the Privacy Professional Practices Principal at ISACA. She has worked at ISACA for just over a decade, initially working on ISACA’s periodicals and now serving as the Privacy Professional Practices Principal. She is based in Chicago. In 2021, she was a recipient of the AM&P Network’s Emerging Leader award, which recognizes innovative association publishing professionals under the age of 35. In this episode… ISACA’s State of Privacy 2025 survey reveals that privacy professionals are facing significant hurdles, including staffing shortages, budget cuts, and increasing demands for technical privacy expertise. Many organizations are shifting privacy responsibilities to legal and security teams, without additional resources or training. At the same time, AI adoption is increasing, introducing new complexities and risks. With privacy budgets under strain and teams expected to do more with less, how can businesses sustain effective privacy programs while navigating new challenges? According to ISACA’s State of Privacy 2025 survey, one of the most pressing concerns for privacy teams is the growing demand for technical privacy expertise. Privacy by design also remains a challenge, with limited resources making it difficult for teams to embed privacy into product development from the outset. AI also plays a growing role in privacy operations, helping automate processes while raising concerns about data security, bias, and third-party risks. Despite these findings from ISACA’s survey, businesses can make privacy sustainable by fostering a culture of privacy awareness from the top down, ensuring leadership understands the value of privacy beyond compliance. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Niel Harper, Certified Director and Board Vice Chair at ISACA and CISO and DPO at Doodle, and Safia Kazi, Privacy Professional Practices Principal at ISACA, about the findings from ISACA’s State of Privacy 2025 survey. Safia explains how privacy professionals can adapt to changes by continuously learning and staying informed on emerging risks, while Niel highlights the need for board-level privacy advocacy. They also explore how organizations are adapting to staffing shortages and budget constraints, the impact of AI on privacy operations, and how organizations can effectively navigate emerging risks.

Stephen Bolinger, Chief Privacy Officer at Informa, has a career that spans three continents and more than two decades, with the last seventeen years devoted to privacy and data protection matters across a range of industries, including tech, medical devices, and financial services. Stephen produced a fascinating film called Privacy People. In this episode… As technology evolves and cultural perspectives shift, so does the debate over privacy. With each new tech innovation, from smartphones to AI, companies are collecting more personal information than ever, leading some to claim that privacy is dead. Meanwhile, businesses are navigating a fragmented regulatory landscape, particularly in the United States, where varying laws create compliance challenges. These growing concerns raise the question: is privacy dead, or is it just evolving? Cultural perspectives on privacy differ significantly, influencing how laws are structured in regions like the U.S., Europe, and Australia. While some nations treat privacy as a human right, others see it as a consumer protection issue. To address these concerns, companies need to integrate privacy into their overall data governance strategies, ensuring responsible data collection and AI oversight. As privacy expectations shift, businesses need to adapt, recognizing that privacy is not disappearing — it is being redefined, reinforcing the need for dedicated privacy professionals. In this episode of the She Said Privacy/He Said Security podcast, Jodi and Justin Daniels chat with Stephen Bolinger, Chief Privacy Officer at Informa, about the evolving role of privacy professionals and how cultural differences influence data protection expectations worldwide. Stephen discusses the challenges of navigating privacy laws across different countries, the increasing importance of data and AI governance, and why privacy professionals need to expand their expertise beyond compliance to address broader ethical implications and technological advancements. Stephen also highlights his latest project, a documentary film entitled Privacy People, which sheds light on the complexities of data privacy.

Dave Sampson is the Vice President of Cyber Risk & Strategy at Thrive. In his role, he heads Thrive’s Consulting Practice, where he and his team of experts join forces with clients to deliver strategic guidance on a range of topics, including cybersecurity, IT operations, Cloud, Microsoft 365, compliance, disaster recovery planning, and more. Over the course of his extensive career, Dave has taken up various influential positions in the industry. He served as a Senior Consulting Technical Solution Manager at IBM, was Executive Vice President and Chief Technology Officer at Itrica, founded and served as CEO of Cloud Provider USA, and held the position of Chief Technology Officer at ColoSpace. Dave holds an MBA from Northeastern University and a BS in Communication and Media Studies from Emerson College. He is a former elected official in his hometown of Sandwich, MA. In this episode… As the cyber threat landscape becomes more unpredictable, organizations often struggle with implementing and managing different security tools and ensuring systems communicate effectively to keep up with threats. Organizations can no longer afford to take a reactive approach. Without a clear strategy and proper proactive security measures, organizations face operational disruptions, increased vulnerability to attacks, and challenges in responding to security incidents. So, how can companies take a smarter, more proactive approach to cyber risk management? A proactive cybersecurity strategy isn’t just about having the right tools — it’s about integrating these tools effectively and ensuring visibility across systems to detect risk and prepare for worst-case scenarios. Companies like Thrive are making this process more efficient with their security platform that combines industry leading security tools, real-time monitoring, and AI-driven automation into a cohesive, managed solution that helps companies optimize operations and mitigate cyber risks. Yet, beyond the technology, companies also need to establish a disaster recovery plan, maintain transparency with third-party vendors, and perform privacy and security risk assessments to further enhance security and privacy measures and incident preparedness. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Dave Sampson, VP of Cyber Risk & Strategy at Thrive, about the critical components of cyber risk management. Dave discusses the challenges of integrating security solutions, the lessons learned from the CrowdStrike incident, and how AI is both a threat and an advantage in cybersecurity. He shares insights on cybersecurity best practices and discusses the growing need for outsourcing cybersecurity expertise, the role of third-party risk management, and the importance of disaster recovery planning. Dave also offers practical tips for strengthening both personal and enterprise security, emphasizing the need for vigilance, adaptability, and a proactive security mindset.

Doug Miller is an Executive Coach at Doug Miller Strategies, a consultancy for privacy and compliance executives, professionals, and teams. Having been a Global Privacy Leader at AOL and Yahoo, he's faced the challenges of overburdened privacy teams firsthand. In this episode… Privacy professionals face unique challenges in their roles, often working across teams to implement privacy initiatives that might not always be a top priority for the broader organization. Many privacy professionals struggle with persuading stakeholders, managing heavy workloads, and effectively communicating risk across their organizations. This uphill battle requires confidence, strong leadership skills, and persuasive communication to effectively integrate privacy into business operations. How can privacy professionals develop these skills while building privacy programs and addressing burnout and career growth? Executive coaching is a powerful tool for privacy professionals looking to improve their leadership skills and ability to influence decision-making. Mastering prioritization, cross-functional collaboration, and articulating the value of privacy programs are essential for long-term success in privacy roles. Practical strategies such as improving time management, refining persuasion techniques, and addressing burnout can help privacy professionals navigate their responsibilities more effectively. By focusing on behavioral shifts and mindset adjustments, privacy leaders can strengthen their influence, drive organizational change, and create sustainable privacy programs. Whether working solo or as part of a privacy team, patience, adaptability, and proactive engagement are critical for success. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Doug Miller, Executive Coach at Doug Miller Strategies, about how coaching can help privacy professionals refine their leadership skills to navigate challenges and lead their teams. Doug shares insights on the skills privacy professionals need to develop, how leaders can better support their teams, and why coaching can help professionals build resilience amid regulatory and organizational challenges. He offers strategies for preventing burnout and fostering cross-departmental collaboration to build effective privacy programs.

Jessica Lee chairs Loeb & Loeb's Privacy, Security & Data Innovations practice and serves as Chief Privacy & Security Partner. She provides strategic legal counsel to companies navigating complex data governance issues, helping them turn compliance into a competitive advantage. Jessica advises on the full spectrum of privacy, security, and AI-related regulations, focusing on companies navigating the issues that arise from AdTech, the use of health data and other sensitive information, and other data monetization practices. In this episode… The California Invasion of Privacy Act (CIPA) is putting many businesses under legal scrutiny. Modeled after federal wiretapping laws, CIPA requires two-party consent for recording or intercepting communications and has become a target for the plaintiffs’ bar. The law has been used to challenge the use of session replay cookies, chatbots, and social media pixels, with claims that these technologies intercept data and communications without proper consent. As courts issue mixed rulings, businesses need to adapt their privacy frameworks and governance programs to reduce the risk of CIPA violations. Addressing CIPA-related risks requires a proactive and thorough approach. Managing website tracking technologies is no longer just about implementing cookie consent banners. Businesses also need to conduct comprehensive website audits to identify which cookies, pixels, and trackers are in use, ensuring these technologies comply with CIPA's consent requirements. Implementing a cookie governance program, securing thorough contractual agreements with third-party vendors, and disclosing data collection and consent practices in privacy notices are critical steps for mitigating CIPA-related risks. By adopting these strategies, companies can reduce their exposure to legal action and maintain trust with their users, even as courts continue to interpret CIPA’s application to modern technologies. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Jessica Lee, Chief Privacy & Security Partner and Chair of the Privacy, Security, and Data Innovations Practice at Loeb & Loeb, about managing CIPA compliance. Jessica provides a detailed overview of CIPA’s requirements and breaks down why certain technologies are being targeted. She also discusses the importance of regular website audits and offers practical advice on mitigating risk by implementing a cookie governance program, reviewing consent management practices, and establishing contractual protections.

Timothy Nobles, Chief Commercial Officer at Integral, is passionate about empowering organizations to explore the full potential of their data while maintaining the highest standards of privacy and compliance. With over 20 years of experience in data and analytics, he has held leadership roles at innovative companies across multiple industries. In this episode… Balancing data enablement with privacy compliance is vital for organizations aiming to use data effectively while maintaining trust and meeting regulatory requirements. Data enablement focuses on making data accessible, usable, and valuable to users across an organization while ensuring it remains secure and compliant. Regulated industries, such as healthcare, face significant challenges, including evolving privacy laws and managing re-identification risks tied to sensitive data. Without a strong privacy framework, businesses risk regulatory penalties, reputational damage, and missed opportunities for data-driven decision-making. Effective data enablement relies on more than just technology — it requires governance and a thoughtful approach to privacy and compliance. By adopting privacy-enhancing technologies (PETs), such as tokenization, homomorphic encryption, data masking, and differential privacy, organizations can minimize risks and protect personal information while making data usable. However, these tools alone are not enough. Organizations need to implement data governance frameworks, assess re-identification risks, and balance data utility with regulatory requirements. By aligning compliance efforts with strategic business goals, organizations can unlock data potential without compromising privacy. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Timothy Nobles, Chief Commercial Officer at Integral, about how organizations can embrace data enablement in regulated industries. Timothy discusses practical applications of privacy-enhancing technologies, strategies to mitigate re-identification risks, and the importance of starting with governance to guide data use. The conversation also highlights how companies can approach AI responsibly by focusing on understanding data inputs to ensure ethical and compliant outcomes.

Aaron Painter is a deepfake expert and the CEO of Nametag, an identity verification company at the forefront of stopping social engineering attacks at the employee IT helpdesk. In this episode… New cybersecurity threats, like deepfakes and social engineering attacks, are forcing companies to rethink their security measures and fraud prevention processes. Companies face mounting risks as threat actors leverage advanced AI tools and other techniques to bypass traditional verification methods, such as passwords and security questions. This evolving threat landscape calls for innovative solutions that help companies verify identities, prevent fraud, and protect privacy, and that’s why companies like Nametag are creating secure platforms to address these challenges. Nametag’s innovative approach to identity verification offers a practical solution to this pressing challenge. By leveraging the security features of mobile devices, such as cryptography and three-dimensional facial recognition, Nametag enables companies to verify identities with greater accuracy. This method offers a practical alternative to outdated approaches like passwords and security questions, which are often prone to fraud. Additionally, Nametag’s privacy-first design enables companies to tailor their solutions while protecting user data through features like privacy masking. Listening closely to customer feedback, Nametag has developed tools that empower companies to address pain points, such as help desk vulnerabilities, to improve security and privacy measures and the user experience. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Aaron Painter, CEO of Nametag, about the evolution of identity verification and deepfakes. Aaron explains the threats posed by deepfakes, the weaknesses in current systems, and how Nametag’s platform addresses these challenges. Aaron shares insights into the importance of balancing privacy with security and how companies can protect themselves as threat actors become more sophisticated. He also discusses how Nametag’s solutions address real-world problems, including reducing help desk vulnerabilities and improving MFA recovery processes.

Ben Chapman is the General Counsel and Chief Privacy Officer at Swoop. Prior to Swoop, Ben was the Deputy General Counsel for Real Chemistry. He has nearly 10 years of experience in ad tech, data, and privacy matters. In this episode… Companies that operate in the healthcare marketing space, like Swoop, approach privacy by emphasizing transparency, ethical practices, and building trusted partnerships. To remain compliant, businesses need to thoroughly understand their data handling processes and regularly assess their partners. By asking detailed, factual questions, companies can make informed decisions about their partners’ practices and ultimately strengthen their privacy programs. Additionally, adopting a consumer- or patient-centric perspective helps businesses navigate the complexities of privacy laws while aligning with regulatory requirements and ethical standards. A proactive and well-informed approach to privacy strengthens compliance efforts and builds trust. Healthcare marketing faces new challenges as privacy laws evolve and health data definitions expand. Laws like the Washington My Health My Data Act broaden the scope of what constitutes health data, requiring organizations to reevaluate how they handle consumer data. Navigating this complex regulatory landscape requires companies to ensure compliance with state privacy laws and federal regulations like HIPAA, all while maintaining trust and transparency with consumers. How can companies ensure ethical and privacy-friendly marketing practices? In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Ben Chapman, General Counsel and Chief Privacy Officer at Swoop, about the intersection of privacy and healthcare marketing. They discuss how state privacy laws redefine health data, the importance of ethical data practices, and strategies for evaluating partners. Ben shares his insights on building privacy programs, fostering collaboration, and navigating the nuances of healthcare marketing in a highly regulated environment. He also highlights the importance of continuous learning and collaboration within the privacy community to stay ahead in the ever-changing regulatory environment.

Natalie LaPorta is the Chief US Privacy Officer for Walgreens, where she focuses on various privacy matters that impact US patient and consumer data privacy, including state and federal data privacy compliance, complex contract negotiations, digital privacy, de-identification, AI, analytics, and marketing. Prior to her most recent role at Walgreens, Natalie was an Associate Attorney at Dentons US LLP, where she handled healthcare regulatory, tax-exempt bond finance, and M&A matters. She holds a bachelor’s degree in political science from Benedictine University and a law degree from The John Marshall Law School. In this episode… New privacy laws, requirements, and expanding health data definitions require organizations to rethink and adjust their privacy programs accordingly. For companies like Walgreens, navigating these changes entails addressing both long-standing regulations, such as HIPAA, and emerging privacy laws that govern a broader scope of data. As businesses juggle diverse regulatory requirements, shifting data definitions, and operational demands, how can they create a privacy program that is effective and adaptable? Walgreens’ approach to privacy exemplifies how businesses can adapt to an evolving regulatory landscape. Effective privacy programs start with understanding how shifting privacy requirements impact different business functions, from marketing to IT and analytics. With privacy regulations now extending beyond HIPAA to include other forms of personal information, companies need to develop tailored privacy strategies, provide ongoing education, and build strong relationships across departments to ensure privacy measures are integrated into everyday business operations. By making privacy a proactive and collaborative effort, companies can enhance compliance and reduce risks. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Natalie LaPorta, Chief US Privacy Officer at Walgreens, about the evolution of privacy programs in the healthcare and retail sectors. Natalie shares her journey of building a privacy legal function at Walgreens, the importance of building cross-functional relationships, and how tailored approaches can address privacy challenges. She also offers practical advice for creating a privacy culture and shares insights on navigating vendor relationships and using technology to support compliance efforts.

Shay Colson is a Co-founder and Managing Partner at Intentional Cybersecurity, a risk assessment and strategic advisory firm. After spending his early career as a security engineer for the US Government, he worked for a global consulting firm. In this episode… The evolving cyber landscape constantly presents new challenges that require businesses to elevate their cybersecurity posture. With the release of NIST CSF 2.0, organizations now have a stronger framework to guide their approach, focusing on governance as a critical function. This addition emphasizes the importance of integrating cybersecurity as a core business function rather than treating it as a siloed IT function. How can organizations adapt to this evolving landscape while improving resilience and reducing risk? Governance now leads NIST CSF 2.0 as the primary function, emphasizing the importance for organizations to clearly define cybersecurity ownership, responsibilities, and decision-making processes. Organizations need to move beyond treating cybersecurity as a technical issue to recognizing it as a core business function. And, as threat actors become more sophisticated and leverage AI to accelerate cyber attacks, businesses need to adopt governance models that promote agility, resilience, and proactive risk management. This means integrating security and privacy frameworks into business operations. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Shay Colson, Managing Partner and Co-founder of Intentional Cybersecurity, about the critical role governance plays in building cyber resilience. Shay explains how companies can use frameworks like NIST CSF 2.0 to implement scalable cybersecurity strategies without overextending their resources. He also shares insights on the intersection of security and privacy, AI-driven risk assessments, and why focusing on the basics is essential before adopting advanced solutions.

Julia Shullman is the General Counsel and Chief Privacy Officer at Telly, the world's first dual-screen smart TV fully paid for by advertising. Prior to Telly, Julia was General Counsel and Chief Privacy Officer at TripleLift, through its $1.4B acquisition by Vista Equity Partners. She also held various leadership positions, including Chief Privacy Counsel and Lead Attorney, Publisher Technology Group at AppNexus, through its $1.6B sale to AT&T. Before advertising, Julia spent a decade in mergers and acquisitions at both Latham & Watkins and UBM. She is recognized as an industry leader at the intersection of privacy, products, advertising, policy, and strategy. In this episode… Navigating the intersection of privacy, product, and advertising demands strategy. Companies need to view privacy as integral to their operations and growth, especially in highly regulated industries like AdTech. Without effective privacy programs, companies face potential deal disruptions, diminished valuations, and reputational damages. For early-stage companies in particular, failing to integrate privacy into their operations can hinder growth, derail funding opportunities, and even lead to regulatory scrutiny. How can organizations ensure that privacy is both a priority and an enabler of success? Developing effective privacy programs requires a tailored, pragmatic approach. Leaders need to educate their teams on privacy obligations and integrate privacy practices into business processes. This includes fostering collaboration among privacy experts and cross-functional departments, such as engineering and marketing, while adapting to industry-specific nuances. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Julia Shullman, General Counsel and Chief Privacy Officer at Telly, about building privacy programs that drive business success. Drawing from her extensive experience in M&A, privacy, and AdTech, Julia offers insights into balancing privacy with business monetization goals. She discusses the importance of understanding industry dynamics and the role of privacy in facilitating successful exits and partnerships. Julia emphasizes the value of cross-departmental collaboration and education in creating privacy solutions that resonate with a company’s culture and business objectives. She also provides tips on how organizations can align their privacy programs with broader business strategies to build trust, ensure compliance, and drive innovation.

Arjun and Abhijay Bhatnagar are Co-founders of Cloaked, a consumer privacy company. As developers and privacy advocates, they have created a secure, all-in-one privacy platform that gives consumers control over their personal information while helping reshape how industries access, use, and think about data. In this episode… The digital world often exposes individuals to risks through seemingly simple data points like phone numbers and emails. These identifiers can reveal a lot of personal information, making users vulnerable to phishing, spam, identity theft, and malicious AI-driven impersonation. As companies collect, share, and sell personal information more than ever, there is a pressing need for solutions that prioritize user control, privacy, and security. What steps can you take to safeguard your personal information? Companies like Cloaked are changing the game and offering individuals a way to regain control over their personal information by allowing users to create unique identifiers, like emails, phone numbers, and passwords, for every digital interaction. The platform also enables users to clean up past data footprints and limit future vulnerabilities while employing a siloed database architecture that keeps personal information secure even in the event of a system breach. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Arjun and Abhijay Bhatnagar, Co-founders of Cloaked, about how their platform addresses critical privacy challenges and empowers users to reclaim control of their personal information. Arjun and Abhijay share how Cloaked's features, like identity masking and password and passcode manager tools, help users navigate today’s privacy and security complexities easily and confidently. They also provide actionable privacy tips, such as limiting permissions, and discuss how Cloaked aims to combat AI misuse.