ADCG on Privacy & Cybersecurity Podcast
OVERVIEW
Join the “ADCG on Privacy & Cybersecurity” podcast and hear leaders in the privacy and cybersecurity arenas discuss a wide range of issues.
Data is the lifeblood of the U.S. economy and economic competitiveness issues loom large. The objective of the podcast is to bring cutting-edge views and newsworthy information on privacy and cybersecurity to our listening audience. The podcast series is global in scope, bringing in issues from the EU, UK, Russia, China, Australia, New Zealand, India, Canada, and around the world.
This series of podcasts will explore:
proposed federal and state legislation
cyber event-driven legal action
compliance with laws and regulations
policy proposals
regulatory actions
technical innovations
data analytics
cyberattacks
nation state cyber activities
best practices and standards
protection of critical infrastructure
whistleblowing on privacy & cybersecurity programs and more…..
HOST
Jody Westby, a prominent consultant and attorney on privacy, cybersecurity, and cyber governance issues will interview industry leaders, policy players, legal experts, consumer privacy advocates, academicians, and state and federal officials and bring fresh insights into important privacy and cybersecurity issues. Jody is CEO of Global Cyber Risk and is co-chair of the American Bar Association’s (ABA) Privacy & Computer Crime Committee and Cybercrime Committee. She is a professional blogger for Forbes and authors a regular column on privacy and cybersecurity issues for Leader’s Edge magazine. Jody is the author of seven books on privacy, cybersecurity, and cybercrime, the latest being the D&O Guide to Cyber Governance, published by the ABA in 2021.
EPISODES
December 5, 2023
103 | Privacy & Diversity, Equity & Inclusion and the Impact on the Development and Use of AI
This week the ADCG Privacy & Cybersecurity Podcast is pleased to have Shoshana Rosenberg, CEO and Founder of SafePorter and one of the most respected names in the field of privacy and a thought leader at the intersection of privacy and Diversity, Equity & Inclusion ("DEI"). We discuss her groundbreaking work analyzing how principles governing privacy and DEI can influence the development and use of AI technologies, including how privacy and bias concerns shape the conversation around AI, how the evolving landscape of AI is challenging our traditional understanding of privacy and inclusion, and how advancements in AI both challenge and embrace our ability to uphold DEI principles…and more!
October 17, 2023
102 | Tackling Data Deletion
This week’s episode of ADCG’s Privacy & Cybersecurity Podcast features a discussion with Jeff Jockisch about his new company, Avantis Privacy, which specializes in data deletion services. Jeff is a renowned privacy researcher, the CEO of PrivacyPlan and CPO of Avantis Privacy. In this episode, we discuss the daunting prospect of managing one’s personal data, data brokers and what they do, and the process of requesting personal be deleted. Jeff discusses the approach taken by Avantis Privacy and offers thoughts on anonymization and what is driving this type of service.
Jeff Jockisch is an independent data privacy researcher at PrivacyPlan. He joined privtech startup Avantis Privacy in 2023 as a partner and chief privacy officer.
At Avantis, Jeff helps consumers regain their privacy and overcome pervasive data surveillance. He helps clients effectuate their privacy rights and take ownership of their personal data.
Jeff is unique in his work creating and managing data sets about data privacy. His original research is the basis for datasets about privacy regulators, privacy laws, privacy podcasts, and more. He has built the largest known database of data brokers, containing over 6400 entities.
October 10, 2023
101 | American Bar Association: Leading Resource and Policy Leader Through Its Cybersecurity Task Force
This episode features Donata Stroink-Skillrud, Co-Founder and President of Termageddon, a software service that specializes in the identification of privacy laws applicable to an organization and the development of privacy policies, terms of service, and end user license agreements for that organization. Donata is an attorney who also represents the American Bar Association’s Section of Science and Technology Law on the ABA President’s Cybersecurity Legal Task Force (CLTF). In this episode, we discuss the CLTF, its purpose, topics and issue areas it addresses, and the cybersecurity resources the CLTF has created for attorneys and law firms (which are free and applicable to many other organizations). We also discuss recent Resolutions that CLTF has put forward for adoption by the ABA, including is AI Resolution. Links to CLTF resources are provided on the ADCG website for this episode.
Donata Stroink-Skillrud is an attorney licensed in Illinois and a Certified Information Privacy Professional. Donata is the President and Legal Engineer behind Termageddon, a SaaS that has generated tens of thousands of Privacy Policies and successfully kept them up to date with changing legislation. Donata is the Chair of ABA's ePrivacy Committee, member of the Science and Technology Council and member of the ABA's Cybersecurity Legal Task Force. Donata is also a Fellow of the American Bar Foundation.
September 20, 2023
100 | Looking at Cyber Risk Management: the Perspective Across the Pond
This episode features Dr. Peter Trim, a Reader in Marketing and Security Management at the University of London’s Birkbeck Business School. Dr. Trim has published a dozen books, and his most recent (2023) focuses on Strategic Cyber Security Risk Management. Cybersecurity best practices began in the UK with British Standard 7799, which morphed into ISO 27001/002. Dr. Trim discusses the necessity for a collective approach in cybersecurity and the need to maintain an international perspective. His work endeavors to link cyber risk management theory with practical application through use cases and simulation exercises. We explore the need for improved private sector interaction with academia and the need to integrate cybersecurity risk management content in interdisciplinary curricula.
September 6, 2023
99 | The Power of Choice for Authentication
In this episode of ADCG on Privacy & Security podcast, host Jody Westby is joined by Sabrina Gross, regional director of strategic partners at Veridas. Sabrina has worked globally and spent 15 years working with law enforcement agencies in Europe, the Middle East, and Africa. At Veridas, Sabrina focuses on cutting-edge technologies that are used for authentication and to prevent identity fraud. We discuss the importance of having a choice of authentication options, limitations of various devices, the pros and cons of facial recognition, fingerprints, and voice as authentication methods, what companies should look for in a biometrics provider, security factors, customer preferences, and more. We drill down into the role of state privacy laws and the circumstances under which a business should consider multiple, layered verification methods.
August 30, 2023
98 | The Importance of Digital Asset Inventories in Incident Response
This episode of the ADCG Privacy and Cybersecurity Podcast features Ken Westin, Field CISO for Panther Labs. Ken has been in the cybersecurity field for over 15 years, working with companies to improve their security posture through threat hunting, insider threat programs, and vulnerability research. We discuss how the lack of good application and data inventories impact incident response. When data is spread across data centers, clouds, and SaaS providers, it becomes difficult to track and trace an incident and understand its impact, but it becomes especially hard if the data involves confidential or proprietary business data that is not tracked by privacy officers or if it includes sensitive data that may involve regulators. The recent MOVEit breach, which involved software used to transfer sensitive data between servers, systems, and applications, provided rich lessons in the need for data asset inventories and SIEMs that can correlate data across providers and platforms.
August 16, 2023
97 | The Race Between AI and Laws
This episode features Scott Giordano, former vice president and general counsel for Spirion who has more than 25 years of legal, technology, and risk management expertise and was one of the first attorneys to jump into artificial intelligence. We will discuss the implications of AI for privacy and information security, current US state laws, the EU AI Act, and what companies can do to prepare for “AI everywhere.” Scott also discusses the recent “Career Essentials in Generative AI” course he took, which is offered by Microsoft and LinkedIn.
August 7, 2023
96 | SEC Cyber Risk Management: What It Means and Will It Make a Difference
In this episode, Jody Westby interviews Gerry Stegmaier, a partner in ReedSmith’s Tech & Data Group. Gerry focuses on digital issues, corporate governance, incident response, privacy, and cybersecurity matters, plus other areas. We discuss the new SEC Cybersecurity Risk Management Rule for public companies, how it differs from the proposed rule, key requirements and compliance deadlines, and the practical impact on cyber incident disclosures, identifying and disclosing material cyber risks, and how boards and C-suites will approach cyber governance.
August 1, 2023
95 | Data Privacy is Exploding: What You Need to Know & Do
This week’s podcast episode features Steve Britt, Counsel at Parker Poe and privacy expert to discuss the five state privacy laws that went into effect in 2023 and the TEN that have been enacted in 2023, how they vary, what they have in common, and this new “trend” to protect consumer health data (not HIPAA data). Steve also discusses the new requirement for Data Protection Assessments, expanded protections for children’s data, and regulatory risk factors and triggers. He ends with key takeaways and has provided a slide deck for listeners to download and follow along as they listen to the podcast (see adcg.org/podcast for supplemental materials on this episode).
July 24, 2023
94 | Cyber Insurance: What is Around the Corner?
This episode features Peter Halprin, a partner in the New York City office of Pasich LLP in New York, representing commercial policyholders in complex insurance coverage matters, including cyber. We discuss the price increases in coverage and the scrutiny given claims under property and casualty, cyber, and corporate general liability policies, the risks in the application process, new technology risks associated with biometrics and AI, cyberwar exclusions, and possible changes to policy language to help manage claim risks to carriers.
July 18, 2023
93 | SolarWinds and SEC: CISOs Back in the Crosshairs
This podcast episode features Mark Rasch, a renowned privacy and cybersecurity attorney, to discuss the SEC’s investigation into the SolarWinds incident and the “Wells notices” it sent to the company’s CISO and CFO. The Wells notices indicate the SEC is conducting a civil investigation of those individuals and they may be facing enforcement actions. The news sent tremors through the CISO community and brought back thoughts of Joe Sullivan’s criminal prosecution — and conviction — for the way he handled a breach while CISO at Uber. The SEC’s action is civil, but it targets certain individuals. We discuss what this means for CISOs, what they can do to protect themselves, and generally how the implementation of cyber governance programs can help protect CISOs by making cyber risk management a responsibility of all officers and directors.
JUNE 5, 2023
92 | Interview With Tom Kemp, Silicon Valley Privacy Advocate and Author of Containing Big Tech
In this episode we discuss privacy rights with Tom Kemp, a Silicon Valley-based author, entrepreneur, investor, and policy advisor who helped get the CPRA adopted and is author of the California Delete Act of 2023. His forthcoming book, Containing Big Tech: How to Protect our Civil Rights, Economy, and Democracy, published by Fast Company Press, focuses on the use of AI with personal data and the concentrated power of large Big Tech companies and how this paradigm impacts our personal privacy and lives. As an angel investor, Tom also discusses the types of privacy and cybersecurity companies that he is attracted to and the need for more technical solutions that can help manage privacy compliance.
Additional resource related to California Age-Appropriate Design Code Act published on September 15, 2022: https://www.huntonprivacyblog.com/2022/09/15/california-enacts-the-california-age-appropriate-design-code-act/
Tom’s book is available on pre-order at https://www.amazon.com/Containing-Big-Tech-Protect-Democracy/dp/1639080619
MAY 10, 2023
91 | Managed Detection & Response; the Path Forward
This week our guest is Sam DeNormandie, Senior Account Director with SilverSky, a Managed Detection and Response (MDR) firm primarily servicing the small and mid-sized business (SMB) market. Sam is a seasoned cybersecurity expert with experience at Cylance, Blackberry, and Cyvatar and understands the security needs of the small to mid-sized business. On this episode, Jody Westby and Sam discuss the challenges faced by SMBs, in part due to the difficulty they have in hiring the people they need and managing the vulnerabilities they face. The MDR industry is growing at CAGR 18.1% and is expected to be $22B by 2030. What does that growth mean for MSSPs? Join us for this episode and learn how companies are struggling to keep pace with the threat environment and how MDRs are filling a void.
Sam DeNormandie is a Lincoln, MA native who moved to Austin, TX in 2017 for a Cybersecurity startup Threatcare – working for industry legend, Marcus Carey. He grew up at the cyber unicorn company Cylance, which was acquired by Blackberry in 2020. Sam now helps Mid-Market companies manage their cybersecurity operations at SilverSky.
APRIL 13, 2023
90 | AdTech Meets Privacy Laws
This week our guest is Susan Israel, principal of Susan Israel Law, and one of the most respected privacy professionals in the field. Susan has a pre-law background in broadcast news and publishing and has become one of the foremost experts on privacy compliance in the field of advertising technology. Susan joins Jody Westby to discuss key aspects of AdTech compliance, such as cookies, location data, and IP addresses, the issues associated with them, and trends in legal frameworks and regulatory approaches. Susan also delves into industry groups playing a large role in AdTech and US and EU government perspectives.
Susan brings a deep understanding of the most complex and critical data privacy challenges faced by corporations and business entities, particularly within the media and advertising industries. Susan is an experienced privacy attorney who focuses her practice on developing and implementing data privacy policies and programs. She advises companies on how to comply with the CCPA, GDPR, and other global privacy laws. She has experience drafting and negotiating data deals that protect privacy, especially in the context of advertising and related technology, as well as providing counsel on public policy issues in relation to both privacy as well as advertising law.
MARCH 29, 2023
89 | Quantum Technologies: What is Possible, Where We Are Headed & Policy Issues to Consider
This week’s podcast guest is Chris Jay Hoofnagle, professor of law in residence at the University of California, Berkeley and affiliated faculty with the Simons Institute for the Theory of Computing. We discuss Chris and Simson Garfinkel’s new book, Law and Policy for the Quantum Age, what quantum technologies are, the consequential implications of quantum technologies, actions within the White House and Congress supporting quantum R&D, and geopolitical issues in the race to develop quantum technologies.
Links to The Quantum Age:
MARCH 17, 2023
88 | TikTok: A Path for Election Interference and Open Source Intelligence?
This episode features Berit Anderson, COO of Future in Review and Strategic News Service, and Evan Anderson, CEO of INVNT/IP. Both Berit and Evan are geopolitical analysts, tech thought leaders, and media executives. We discuss the issue of whether TikTok will be banned in the U.S. and examine the data that could be collected, how it can be a rich source for open intelligence, and how it could be used for election interference. Strategic News Service coined the term CRINK — China, Russia, Iran, and North Korea, and Berit and Evan discuss the geopolitical aspects of TikTok (including CRINK) and how it could be a threat to national security and cybersecurity.
Berit Anderson is joint COO at Strategic News Service, the most accurate publisher of information about the future of tech & the global economy, & Future in Review, called “The best technology conference in the world” by The Economist. As Managing Director of its Action Tank, she creates solution sets to global challenges. Most recently, “100% Renewable: An Action Plan for American Energy Independence.”
She is an Advisor to the NSF-funded Resilient Commission & Scripps Institute of Oceanography’s Mythos project, is Co-Chair of the YES! Media board, & a board member of InvestigateWest.
Berit has spoken at the Brussels Forum, European Council on Foreign Relations, Conference on World Affairs, TEDxVilnius & lectured at NYU, University of Washington & UC Boulder. Her work on information warfare was featured in the New Yorker, Gizmodo, BBC & TechCrunch & was cited by Tim Berners-Lee as a Top 3 challenge facing the internet.
Evan Anderson is CEO of INVNT/IP (Inventing Nations vs. Nation-Sponsored Theft of IP) and a senior analyst at Strategic News Service, publisher of the weekly SNS Global Report on Technology and the Global Economy. His seminal briefing book Theft Nation: How IP Theft Drives the Chinese National Business Model, and Its Effect Upon the Global Economy, has been featured in global media including 60 Minutes, the BBC World Service, and many others. For the past nine years, his focus at INVNT/IP has been on actively fighting nation-sponsored theft of intellectual property through a combination of political advocacy, private briefings, and public education in conjunction with top global companies; government representatives in intelligence, research, and policy; and top academic researchers.
Evan also serves as deputy director of Programs for the Future in Review (FiRe) conference. At Future in Review, Evan utilizes media and technology to affect positive global change, crafting and assisting with conference panels, the FiRe Action Tank, and other special projects dedicated to geopolitics, climate, and health, including battling the COVID-19 pandemic, and serves as an Executive Advisory Board Member at the Resilient Collective.
Additional Resources:
1. Strategic News Service: Global Report on Technology and The Economy
2. Future in Review Podcast w/ Berit Anderson by Berit Anderson
FEBRUARY 22, 2023
87 | Artificial Intelligence & Chatbots…Helpful or Harmful?
Heather West, Senior Director of Cybersecurity Services at Venable LLP joins us on Episode 87 to explore artificial intelligence (AI) and chatbots, such as ChatGPT, and discuss what these technologies can do, who will be early adopters and beneficiaries of AI, whether articles or answers generated by AI can be trusted, and look at some of the privacy and security risks associated with AI.
Heather West is a policy and tech translator, product consultant, and long-term internet strategist guiding the intersection of emerging technologies, culture, governments, and policy. Heather’s areas of focus include data governance, data security, digital identity, and privacy in the digital age. Prior to joining Venable, she served as the director of the privacy policy team at one of the world’s largest social technology companies, leading policy development around the company’s work to develop privacy-protective product experiences, building policy frameworks that create accountability, and promoting privacy-protective decision making across the company.
Heather regularly collaborates with stakeholders and policymakers in DC and with global product and policy teams. She helped found the public policy team at a website performance and security company, served as the global and federal privacy and security issue expert on a multinational technology company’s public policy team, and started her career working on government technology, privacy, and identity management at a public-interest group focused on the rights of individual users in relation to technical policy.
FEBRUARY 16, 2023
86 | Using Tools to Help Manage Incident Response
This podcast episode features Lauren Wallace, Chief Privacy Officer and General Counsel for RadarFirst, a leading tool for cyber incident management. Building off our last podcast with Violet Sullivan, we discuss how privacy and cybersecurity incidents are converging and the difficulty large companies are having in managing the vast array of data involved in incident response, especially as it relates to U.S. and global privacy and cybersecurity compliance requirements. We also delve into the complexity of notification requirements, involving law enforcement, consumer protection agencies, attorneys general, regulators, and victims and how incident response tools can help manage the notification process and decrease notification.
Lauren Wallace is a digital privacy subject matter expert, working at the intersection of technology and data subject rights. A senior privacy and technology counsel, Lauren has significant real-world experience in enterprise technology transactions, data protection, partnerships, and product.
FEBRUARY 8, 2023
85 | How Incident Response Has Changed
This week we are joined by Violet Sullivan, Vice President of Client Engagement for Redpoint Cybersecurity, and incident response expert. Violet discusses how incident response has changed over the past five years, how ransomware has changed IR plans and how companies respond to attacks, and how cyber insurance has pushed revisions to incident response. We also discuss the role incident response plays in litigation management, and what companies can do to improve their response and reduce risk.
Violet is an industry-leading cybersecurity and privacy attorney who has provided thousands of clients with pre- and post-incident services. Her expertise in preparing businesses for cyber incidents and managing scaled breach responses has made her a trusted authority for public and private sector clients, including many Fortune 100 companies. Violet also serves as a professor of Cybersecurity & Privacy Law for Baylor Law School’s LL.M. Program, where her focus on litigation management has made her course especially valuable to general counsels and leading law firms nationwide.
DECEMBER 16, 2022
84 | Internet Archive Project Related to Russia’s War with Ukraine
In this episode, Mark Graham, Director of the Wayback Machine of the Internet Archive discusses his work backing up the Internet, TV, radio, chats, etc. around the globe, and the role it plays in preserving not only data, but cultures of countries. Mark describes the value of having content preserved and accessible from a source where governments can’t take it down and discusses the Internet Archive’s project in backing up and scanning data important to Urkaine’s culture, which is getting destroyed in the Russia-Ukraine conflict. Archive.org and the Wayback Machine are live and freely accessible to research, journalism, academia, businesses, and ordinary people.
Mark has created and managed innovative online products and services since 1984. As Director of the Wayback Machine he is responsible for capturing, preserving and helping people discover and use, more than 1 billion new web archives every day. Prior to that he was Senior Vice President with NBC News Digital where he managed several business units including GardenWeb and Stringwire, a live, mobile, video platform for collaborative citizen reporting. Mark was Senior Vice President of Technology with iVillage, an early Internet company that focused on women and community. He co-founded Rojo Networks, one of the first large-scale feed aggregators and personalized blog readers (sold to sixapart.)
DECEMBER 7, 2022
83 | Geofence Warrants and January 6: Constitutional and Privacy Issues
In this episode, we are joined by Matthew Esworthy, partner at Bowie-Jensen LLC, to discuss geofence warrants and their use by law enforcement in investigating the January 6 insurrection. Geofence warrants involve court issued warrants for geolocation data from Google. These warrants were sealed and have only recently come to light through motions to suppress the evidence obtained from the geofence warrants. We explore Google’s process for responding to the 10,000 warrants it receives annually and the constitutional and legal issues swirling around them.
Matthew is a national expert in cybercrime and white-collar criminal defense, including defense against allegations of mail and wire fraud, bank fraud, antitrust, election fraud, and cybercrimes. Respected for his knowledge in this area, he holds several appointed positions with the American Bar Association’s Criminal Justice section and, since 2016, Matt has been selected to the annual list of Top 100 Maryland Super Lawyers and to the annual list of Best Lawyers in America in the field of Commercial Litigation.
Additional resource materials:
Mark Harris, “A Peek Inside the FBI’s Unprecedented January 6 Geofence Dragnet,” Nov. 28, 2022, https://www.wired.com/story/fbi-google-geofence-warrant-january-6/
Marcy Wheeler, Emptywheel, “1,500 Investigative Subjects: A Competent Google Geofence Motion to Suppress for January 6,” Oct. 18, 2022, https://www.emptywheel.net/2022/10/18/1500-investigative-subjects-a-competent-google-geofence-motion-to-suppress-for-january-6/
NOVEMBER 30, 2022
82 | A Look at the Consequences of the Uber and Twitter CISO Cases
This week we are joined by Ron Raether, co-lead of the Privacy + Cyber team at Troutman Pepper, and explore aspects of the recent criminal conviction of Uber’s former CISO and fallout from Twitter’s former CISO turning whistleblower. The “culture of fear” that has developed in CISO offices nationwide has dramatically increased risk for companies that have such a culture. Ron Raether discusses how organizations can better support their CISOs and how the general counsel and outside counsel can help influence change in organizations for better governance and cyber risk management. We also explore how CISOs can gain more C-suite visibility and board access.
Ron has assisted companies in navigating federal and state privacy laws for more than 20 years and he has successfully defended companies in more than 200 class actions. Balancing privacy, cyber security, and business functionality, Ron’s approach to data governance is uniquely designed with the industry in mind as it adapts to the ever-evolving technological and legal landscape.
NOVEMBER 17, 2022
81 | Looking at Cyber Leadership & Costly Mistakes
This week we are joined by Rachel Briggs and Richard Brinson from Savanti, a UK-based cybersecurity consulting entity. On this episode we discuss the cyber security leadership gap and some creative approaches to closing that gap.
Richard Brinson is CEO of Savanti, has been CISO at several large corporations, including Unilever and Sainsbury’s. He was named one of the top CISOs in the world and has over 20 years of experience in the field.
Rachel Briggs is an Executive Adviser to Savanti and a leading expert on security and regularly advises large multinationals and governments. She is an Associate Fellow and Chatam House and was awarded the OBE in 2014. Richard and Rachel have just authored The Future of Cyber Security Leadership Series and their first publication is “Cyber Security Leadership is Broken: Here’s how to fix it.”
NOVEMBER 10, 2022
80 | Cyber Command: Its role in Cybersecurity and National Security
In this episode, two incredible guests discuss Cyber Command, its role and jurisdiction, and what it can do in cyber conflict situations and how it may help the private sector when under nation state attacks.
Gary Corn is director of the Technology, Law & Security Program at American University’s Washington College of Law and former career military with his last position as the Staff Judge Advocate (General Counsel) to U.S. Cyber Command.
Jamil N. Jaffer is the Founder and Executive Director of the National Security Institute, and an Assistant Professor of Law and Director of the National Security Law & Policy Program and the nation’s first Cyber, Intelligence, and National Security LLM at the Antonin Scalia Law School at George Mason University. Jamil is also affiliated with Stanford University’s Center for International Security and Cooperation and served on the leadership teams of the Senate Foreign Relations Committee as Chief Counsel and Senior Advisor and as Senior Counsel to the House Permanent Select Committee on Intelligence.
SEPTEMBER 28, 2022
79 | Understanding 5G Cybersecurity Issues
This week we are joined by Carlos Solari, ADCG Advisory Board Member and VP of Product for SecureG, Inc., a company developing universal security technologies for 5G, industrial IoT and other critical infrastructure.
We discuss 5G availability, how an orchestrated 5G attack could occur, how to rethink the security problem with 5G, and how 5G is connected to national security.
Carlos was formerly with Bell Labs, CSC, and Comodo and on the government side, he served as White House CIO, was an FBI Senior Executive, and an Army officer. Carlos has his Masters in Systems Technologies from the Naval Postgraduate School.
SEPTEMBER 20, 2022
78 | The Nexus Between Privacy, Cybersecurity & National Security
This episode features Cory Simpson, Founder & CEO of Gray Space Strategies Inc., who discusses the relationship between privacy, cybersecurity, and national security.
He draws upon his experience as Senior Director and lead for the U.S. Cyberspace Solarium Commission and discusses whether the U.S. Government and private sector are prepared for conflict involving critical infrastructure. Cory also describes how national security has evolved over the past several decades and looks at how some privacy protections in the American Data Privacy & Protection Act may be important national security considerations.
Cory has more than twenty years of experience in government, the military, and the private sector. Cory spent most of his Army career supporting the special operations and airborne communities, including multiple combat tours He earned a Master of Laws, Military Law from The Judge Advocate General’s Legal Center and School; a Juris Doctorate from West Virginia University College of Law.
SEPTEMBER 3, 2022
77 | Privacy & Cybersecurity Whistleblowers: A New Trend?
This episode features Andrew Grosso, a tech lawyer whose practice focuses on whistleblower complaints. We take a look at the legal framework for whistleblowers and protections afforded them and then delve into the Twitter whistleblower case in which their former CISO handed over evidence to the DOJ, FTC, and SEC detailing gaps in Twitter’s cybersecurity practices. We discuss whether we are on the edge of a new trend…tech whistleblowers who will expose privacy and cybersecurity gaps within the companies they work for.
Andrew Grosso is a former Assistant U.S. Attorney who started his law practice in Washington, D.C. in 1994. He is a graduate of the law school of the University of Notre Dame, and holds master of science degrees in both physics and computer science from Rensselaer Polytechnic Institute. As an Assistant U.S. Attorney, he served from 1983 through 1994 in Tampa, in the Middle District of Florida, and in Boston, in the District of Massachusetts, concentrating in the criminal prosecution of government program fraud. He founded the Department of Justice’s first health care fraud task force, and was a founding member of the Department’s national Health Care Fraud Working Group.
Mr. Grosso’s practice includes the prosecution of False Claim Act whistleblower or “qui tam” cases; hi-tech commercial litigation; corporate compliance matters and internal investigations; Internet and privacy law; and cyber security and cyber litigation. He has acted as counsel to the Massachusetts Institute of Technology and co-authored the resulting “Report to the President: MIT and the Prosecution of Aaron Swartz.”
AUGUST 22, 2022
76 | Privacy Governance v. Cybersecurity Governance
In this episode we interview David Navetta, vice chair of Cooley LLP‘s cyber/data/privacy practice and a prominent leader in privacy, information security and technology law. We discuss the differences between cybersecurity governance and privacy governance, what are the critical activities in privacy governance, what actions are the hardest for organizations to implement, and how privacy governance will evolve in the future. David is a front runner in privacy and security and shares his decades of experience and insights into what lies ahead in these fields.
David has extensive experience counseling clients on novel and cutting edge data protection issues, including data breach response, cybersecurity risk management, consumer and employee privacy, incident response planning and preparedness, technology transactions, vendor management, board of director advice and consultation, regulatory investigations, litigation and due diligence in corporate transactions. David serves as a “breach coach” on an approved panel for numerous cyber insurance carriers and companies, and he has helped some of the world’s leading corporations to effectively respond to complex data security breaches and protect their enterprise. David’s clients range from startups to large Fortune 500 multinationals across a range of industries, including eCommerce, consumer products, name-brand traditional brick-and-mortar, hotels and hospitality, social media, technology, professional services, healthcare, financial institutions and energy.
David has served as a leader and integral member of a Chambers USA-ranked law firm he co-founded. He is known for his leadership and extensive experience in privacy and data protection law, and is recognized by Chambers USA as a leading lawyer for privacy & data security from 2020 – 2022, by Legal 500 USA as a leading lawyer for international litigation and data protection & privacy from 2016 – 2020, as well as by WWL:Data in the area of Information Technology and Data Privacy & Protection. He is also a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals.
AUGUST 10, 2022
75 | Cybersecurity and Cyber Insurance: Claims, Costs and Chaos
This week our guest is Peter Halprin, a partner in Pasich LLP’s New York office. Peter has helped clients pursue insurance coverage for a wide range of cyber incidents. We discuss the lack of standardized applications, premium hikes no matter how good your cybersecurity program is, nation state-sponsored cyber attacks and the war exclusion clause, and regulators running rampant. Learn insights from a master in the field!
Peter represents commercial policyholders in complex insurance coverage matters with a focus on recovery strategies in relation to cyber breaches and cyber crime, COVID-19 and natural disasters, professional services, regulatory investigations, and technology disputes. Over the course of his career, Peter has arbitrated, litigated, and mediated claims involving a broad range of insurance policies and recovered hundreds of millions of dollars in insurance proceeds for policyholders.
Peter has helped clients pursue insurance coverage for business e-mail compromise schemes, cyber crimes, data breaches, fraudulent e-mails, invoice manipulation schemes, phishing and whaling attacks, ransomware attacks, privacy and statutory liability, and technology E&O disputes. He is also a prolific author and speaker on insurance coverage for cyber risks.
AUGUST 4, 2022
74 | ADCG New Leadership: The Path Forward for Privacy, Cybersecurity & Governance
This week we are joined by ADCG’s new leaders, Patrick J. Kennedy, Jr. and Dub Sutherland of Kennedy Sutherland LLP to discuss the impact that privacy, cybersecurity, and governance issues are having on businesses in addition to the proposed federal regulations.
Patrick Kennedy and Dub Sutherland are lawyers with an entrepreneurial perspective who take a macro level view of the business challenges associated with current privacy laws, a looming cyber threat environment, and a lack of cyber governance by many boards and C-suites.
JULY 15, 2022
73 | Contract Management: The Privacy Tangle
This week we are joined by Keith Cheresko, Principal of Privacy Associates International LLC and former general counsel of the Ponemon Institute, a privacy research organization, to discuss the increasing tangle of contractual compliance obligations in privacy laws. From mandated contractual obligations to standard contract clauses for forward transfers, companies are finding it increasingly difficult to manage — and meet — contractual obligations associated with privacy laws and regulations.
Prior to his role with the Ponemon Institute, Mr. Cheresko was the primary privacy counsel and a de facto privacy leader at Ford Motor Company.During his 26-year tenure at Ford, he held an assortment of legal assignments supporting Ford’s diverse business activities. With the parent company these assignments included Trade Regulation, Diversified Products Operations, and Corporate Privacy Office departments of the Office of the General Counsel. He also served at Ford Motor Credit Company, Ford’s finance subsidiary, including Legal Office assignments in the International and North American Auto Finance sections. Mr. Cheresko played a key role in the development of financial privacy practices designed to meet federal Gramm Leach Bliley financial privacy requirements and was involved with a wide variety of e-commerce matters.
Mr. Cheresko is a Fellow of Information Privacy (FIP) in the International Association of Privacy Professionals (IAPP) and holds Certified Information Privacy Professional (CIPP/US), Certified Information Privacy Technologist (CIPT), and Certified Information Privacy Manager (CIPM) credentials. He is a former Co-Chair of the IAPP’s Detroit KnowledgeNet group.
JULY 5, 2022
72 | DeleteMe: Looking at Privacy Solutions for Individuals & Organizations
This week we are honored to have Rob Shavell, CEO and Co-Founder of Abine, Inc. (DeleteMe), join us to discuss the threat of publicly available PII to individuals and companies, the types of threats they are encountering, the need for companies to protect executives and employees, and how individuals and organizations can address these issues, using both technological and legal/policy approaches.
Rob is a privacy expert who has been quoted in The Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).
JUNE 24, 2022
71 | Incident Response: Gaps That Matter and Approaches That Work
This week we have Violet Sullivan, Vice President of Client Development for Redpoint Cybersecurity, as our guest to discuss incident response, gaps that are costly, using external resources, bottlenecks that can take time, interacting with vendors, and successful approaches to tabletops. On the podcast, Violet offers tips on incident response that can help organizations manage future litigation related to the incident.
Violet is an industry-leading cybersecurity and privacy attorney and Certified Information Privacy Professional (CIPP/US) who has provided thousands of clients with pre- and post-incident services. She serves Redpoint Cybersecurity as the Vice President of Client Engagement, managing the insurance channels, breach counsel relationships, and strategically positioning the DFIR team for growth. Her expertise in preparing businesses for cyber incidents and managing scaled breach responses has made her a trusted authority for public and private sector clients, including many Fortune 100 companies. She frequently facilitates customized tabletop simulations focused on “pressure-testing” an organization’s incident response procedures and she is an established speaker on cybersecurity awareness. Ms. Sullivan also serves as a professor of Cybersecurity & Privacy Law for Baylor Law School’s LL.M. Program, where her focus on litigation management has made her course especially valuable to general counsels and leading law firms nationwide.
JUNE 16, 2022
70 | Learning About Cyber Risk Management from a Risk Manager
This week we are joined by Leslie Lamb, Director of Global Risk Management for Flex, Inc. and former Head of Global Risk & Resiliency Management for Cisco, to discuss the current cyber insurance market, getting boards and C-suites engaged, working across the organization and with CISOs and CPOs, and developing a cyber resiliency plan.
Leslie has over 20 years’ experience as a Risk Manager leading enterprise level risks and developing global risk transfer and business resiliency strategies. Some of her more noteworthy projects included working with all business units to identify and mitigate risks and implement global financing strategies to address these risks. She also led the Business Resiliency team at Cisco and implemented global business continuity plans, including a specific pandemic plan to be utilized in the event of catastrophic business impacts.
Ms. Lamb has been active in professional risk organizations and served on the board of directors for RIMS (Risk and Insurance Managers Society) at the local level and national level. She has given many presentations on Enterprise Risk Management, Cyber Security, Supply Chain and Directors & Officers Liability. She was one of the leaders in TIRF (Technology Industry Risk Forum), a group of ~30 multinational high-tech companies who met annually to learn from each other.
JUNE 2, 2022
69 | DOJ Changes Policy on Computer Fraud & Abuse Act
This week we are joined by Mark Rasch, Adjunct Professor at George Washington University Law School and former DOJ prosecutor of cybercrimes, to discuss DOJ’s recent change to its policy for charging good faith security research cases under the Computer Fraud and Abuse Act. We discuss the types of actions that fall within the new policy and those that do not and linkages to the Register of Copyrights definition of “good faith research.” In addition, the episode weaves in a discussion of the recent Ninth Circuit opinion in HiQ v. LinkedIn and Supreme Court decision in Van Buren v. U.S.
Mark Rasch is a lawyer and computer security and privacy expert and a lawyer in Bethesda, Maryland and a Professor of Cyberlaw and Cyber-crime at George Washington University School of Law.
Rasch’s career spans more than 35 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris.
MAY 26, 2022
68 | Conversation with Jeff Jockisch about the Data Collaboration Alliance
This week we are joined by Jeff Jockisch, Data Privacy Researcher and founder of PrivacyPlan. We discuss the Data Collaboration Alliance, the concept of “zero copy integration,” data ownership, and the “Privacy Brain” that Jeff and others have under development. We also weave in a discussion of the recent Ninth Circuit opinion in HiQ v. LinkedIn and the impact that case could have on privacy and copying of data.
Jeff Jockisch is a data privacy researcher and the CEO of PrivacyPlan. He does original research, consults, advises privtech startups, and is the Lead Data Steward at the Data Collaboration Alliance helping build a Collaborative Privacy community.In addition to consulting and advising, Jeff creates and manages datasets about data privacy to gain insight into the privacy landscape. His research focuses on privacy-enhancing tech, privacy regulations, AI, and more.
Before focusing on privacy and certifying as a CIPP/US, Jeff studied Organizational Behavior at Cornell and spent 20+ years in tech startups, including building mortgage information systems and search engines. His understanding of data, data science, and data governance is academic and operational, deriving from experience designing knowledge graphs, working with big data, creating taxonomies and classifiers, managing data quality, and building content management systems.
MAY 19, 2022
67 | Crisis Communications Perspective on the SEC Cybersecurity Requirements (with guest Michael Robinson)
This week, we’re joined by Michael Robinson, Chairman & CEO of The Montgomery Strategies Group. We explore the new SEC cybersecurity requirements from the communications, brand, and regulatory management perspective and more.
As Chairman and CEO of The Montgomery Strategies Group, Michael W. Robinson draws on three-plus decades as a trusted counselor and strategist to a wide breadth of Wall Street, corporate, and government leaders to help them prepare for, and navigate through, complex Washington policy, crisis, and reputational challenges. The Montgomery Strategies Group is a full-service agency with broad expertise in reputation management, crisis and litigation communications, public affairs and regulatory advocacy, and financial communications and transactions. Michael has helped hundreds of companies, organizations, and trade associations achieve their business, reputational, and legislative-regulatory goals; counseled organizations and their leaders – including Boards of Directors – through challenging crisis situations of all kinds, including cyber, and driven a broad array of award-winning reputation campaigns.
MAY 12, 2022
66 | Understanding Digital Advertising and the Role of the NAI (with Anthony Matyjaszewski)
This week, we’re joined by Anthony Matyjaszewski, Vice President and Chief Compliance Officer of the Network Advertising Initiative. We explore the world of digital advertising, the impact of ad tech, how state privacy laws are impacting the use of digital data for advertising, and how the industry is adapting to advertising changes from companies like Apple and Google.
Anthony Matyjaszewski leads the NAI team in conducting the NAI’s annual compliance reviews of member companies, and manages the team in reviews and onboarding of new members. He also oversees the drafting of updates to the NAI Code of Conduct and Guidance Documents. Anthony is an attorney and CIPP.
APRIL 27, 2022
65 | Cybersecurity and the Mid-Sized Business Market(with Steven Francesco)
This week, we’re joined by Steven Francesco, Chairman and CEO of Cohere Cyber Secure, a managed service provider (MSP), managed security service provider (MSSP), and consultant to the small and mid-sized business market. We explore the IT and cybersecurity needs of mid-sized businesses, what motivates them, and how they manage privacy and cybersecurity compliance requirements. We also explore whether mid-sized companies leverage vendors better than big business.
Prior to founding Cohere, Steven was CEO of U.S. Operations and a member of the Board of Directors at China to Net. Before that, he served as Chairman and CEO of Netrix Corporation, rebranded it as Nx Networks and transformed it into an industry leader in the Internet-based voice communications market.
APRIL 19, 2022
64 | The FBI’s Novel Approach to Eradicating Malware: Search & Seizure on Company Computers (with Scott Giordano, John Bates, and John Bandler)
In our podcast episode this week, we will discuss how the FBI is obtaining court orders to enter companies’ computers and seize harmful malware — and take other actions — in a new approach to countering cybercrime. The FBI’s Cyber Division coordinated with the UK and private companies to disrupt a two-tiered global botnet of infected devices controlled by a cybercriminal aligned with the Russian Intelligence Unit GRU.
Scott M. Giordano, Esq., V.P., Corporate Privacy, and General Counsel, Spirion, with more than 20 years of legal, technology, and risk management consulting experience. Scott serves as Spirion’s subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management.
John G. Bates, JD, CIPP/US, CIPP/E, is currently a Manager within Ernst & Young’s Cyber Strategy, Assessment, and Compliance program. He has led legal, risk, IT security, data governance, and compliance programs and has successfully completed HITRUST and ISO 27001 certification projects.
John Bandler, founder, Bandler Law Firm PLLC, consultant, speaker, teacher, and author in the areas of cybersecurity, cybercrime, privacy, law, investigations, and more. He is also the founder of Bandler Group LLC, a legal and consulting practice that helps organizations and individuals with cybersecurity, the prevention and investigation of cybercrime, privacy, compliance, risk management, and governance.
APRIL 8, 2022
63 | The Hunt for Cybersecurity Personnel: A View from Inside (with Jamey Cummings)
In our podcast episode this week, we will discuss the hunt for cybersecurity personnel and give us his inside view of the cybersecurity job market, what companies need, and how new laws and regulations and global events are impacting the cybersecurity search market.
Jamey Cummings is a partner at JM Search and a member of the Firm’s Cybersecurity and IT Executive’s Practice. JM Search is the premier retained executive search firm for private equity firms, venture capital firms, portfolio companies, and the Fortune 1000.
MARCH 24, 2022
62 | SEC Reforms on Cybersecurity: The Financial Industry (with Frank Jones)
Welcome Back!
In our podcast episode today, we will discuss the new SEC proposed cybersecurity rules for registered advisers and funds, potential issues with the proposed rules and anticipated benefits. Our guest will be Frank Jones from Ariel Investments.
Frank Jones is the Vice President, Infrastructure and Information Security Officer for Ariel Investments. He leverages his experience in establishing cybersecurity programs and meeting financial industry compliance requirements in discussing the proposed SEC cybersecurity rules.
JANUARY 5, 2022
61 | Looking Ahead at Privacy and Cybersecurity (with Sherry-Maria Safchuk and Katherine Flocken)
In our podcast episode today, we will look ahead at the legislative and regulatory outlook for privacy and cybersecurity in 2022. We are joined by Sherry-Maria Safchuk of Buckley LLP and Kate Flocken of Allon Advocacy LLC.
Sherry-Maria Safchuk is counsel in the Los Angeles office of Buckley LLP, and assists clients on privacy and data security issues, including matters related to federal and state privacy and data security laws such as the GLBA, FCRA, Safeguards Rule, RFPA, CFIPA, and CCPA. She also represents clients in regulatory and compliance matters and provides support for complex litigation and government investigations involving the mortgage, consumer, and commercial lending industries.
Katherine Flocken, a former Senate staffer, is a senior policy adviser at Allon Advocacy LLC, where she helps fintech and financial services companies navigate complex policy issues.
DECEMBER 22, 2021
60 | Evolving Rules of Artificial Intelligence (with Carl Hahn)
Our guest for this episode is Carl Hahn, Vice President and Chief Compliance Officer of Northrup Grumman. We discuss with Carl the evolving rules regarding the appropriate use of Artificial Intelligence. We review how the Defense Department’s Ethical Principles for Artificial Intelligence are being implemented and explore how efforts to implement responsible AI are likely to play out across all sectors of the economy.
DECEMBER 16, 2021
59 | Taking a Look at the Department of Defense CMMC Framework (with Carter Schoenberg)
Jody and Jerry are joined by Carter Schoenberg, Vice President Cybersecurity & Chief Cybersecurity Officer for Soundway Consulting, to discuss the Department of Defense’s Cybersecurity Maturity Model Certification program, recent changes in the new CMMC 2.0 release, and benefits and concerns regarding CMMC requirements. Carter also discusses cybersecurity issues that the White House and Congress could help with.
Carter is a CISSP and has over 27 years of combined experience in criminal investigations, cyber threat intelligence, cyber security, risk management, and cyber law. He has worked closely with DoD officials and the contracting community on the CMMC framework for cybersecurity requirements for DoD contractors.
DECEMBER 9, 2021
58 | US Government Blacklists Israeli Spyware Company (with Jody Westby and Jerry Buckley)
This week co-hosts Jerry Buckley and Jody Westby discuss the U.S. Government’s recent action in blacklisting an Israeli spyware company, NSO Group. The move prohibits U.S. companies from selling technology to NSO Group and its subsidiaries. This was the first time the Administration has taken such action against an ally, claiming the company’s software violates human rights and U.S. national security interests. Listen to this episode to get Jody Westby’s analysis of the move and what it means for technology companies and diplomacy.
DECEMBER 1, 2021
57 | Looking at Federal Government Cybersecurity Requirements & Contracting (with Barbara George and Betsy Schmidt Chase)
This week, we’re joined by Barbara George and Betsy Schmidt Chase to discuss cybersecurity contracting opportunities within the federal government and cybersecurity requirements. This episode discusses the impact on small and mid-sized businesses, multiple award contracts, CMMC, what actions Congress and the Administration could consider.
Barbara George is Executive Director, Advisory Services for Fortalice Solutions and also serves as Executive Director of the Washington Cyber Roundtable. Betsy Schmidt Chase is Director of Business Development for Computer Access Technologies and formerly was a litigator. Both women have deep experience in the cybersecurity sector and provide an excellent analysis of the current cybersecurity contracting environment.
NOVEMBER 17, 2021
56 | Data Industry Leader Addresses Privacy and Cybersecurity Challenges (with Francis Creighton)
This week we explore what the changing landscape for privacy and cybersecurity means for credit reporting agencies such as Experian, Equifax and TransUnion. Our guest is Francis Creighton, President and CEO of the Consumer Data Industry Association (CDIA). We discuss with him the role that credit reporting agencies play in expanding credit opportunities and increasing regulatory expectations related to outcomes for different segments of society as a result of advanced credit analytics. We conclude the episode with steps the consumer data industry is taking to protect against data breaches and ransomware attacks and increasing federal and state regulatory expectations.
NOVEMBER 10, 2021
55 | NATO Expert Brings Emotional Intelligence to Cybersecurity (with Nadja El Fertasi)
This week’s episode features Nadja El Fertasi, CEO of Thrive With EQ. Nadja joins Jody and Jerry to discuss how to use emotional firewalls to counter cyber attacks. Nadja had a 20-year career with NATO and served as the co-chair of the Transatlantic Steering Committee for “Disruptive Dilemmas: Cyber Crisis Simulation Exercise.”
NOVEMBER 3, 2021
54 | A New Center & Global Thoughts on Privacy (with Jordan Fischer)
Jody and Jerry are joined this week by Jordan Fischer to discuss global privacy issues, the U.S. states’ trend toward GDPR, and the G7 Digital Trade Principles. We examine the intersection of law and technology, the voice of the consumer, and whether international tensions and economic pressures are enough to move the privacy needle in the US. Jordan Fischer is an international privacy attorney and Director of the Center for Law & Transformational Technology at Drexel University’s School of Law. Jordan clerked at the Court of Justice of the European Union and explores the implications of regional data protection regulations within a backdrop of the global economy.
OCTOBER 27, 2021
53 | Roles and Responsibilities of Bank Directors for Privacy and Cybersecurity (with David Baris)
This week, we are joined by David Baris, the President of the American Association of Bank Directors (AABD), to explore the roles and responsibilities of bank directors in dealing with cyber risk and assuring the protection of private customer data. The threat environment for banks and compliance expectations related to data governance is rapidly changing, and it is important to understand what role board members are expected to play in dealing with these challenges and what is the primary responsibility of bank management. We also discuss with David the developing legal framework of multiple state privacy rules, the advantages of a single federal law, and whether the Gramm Leach Bliley privacy provisions are likely to be subsumed in a more general law if and when national privacy legislation is enacted.
OCTOBER 20, 2021
52 | Privacy, Cybersecurity, and Corporate Boards (with CE Andrews)
We are joined by CE Andrews to get a board member’s perspective on the strategies companies need to adopt to deal with the rapidly changing cyber threat environment as well as evolving compliance and enforcement expectations and a spate of new laws and regulations. CE Andrews serves on multiple boards including a Fortune 100 company, a community bank, a construction company, an education company, and a charity board as well.
OCTOBER 13, 2021
51 | Pondering Privacy with FTC Commissioner (with Christine Wilson)
This week, we are joined by FTC Commissioner Christine Wilson to discuss FTC privacy enforcement, the need for national privacy legislation, and state preemption and private right of action. Commissioner Wilson shares her passion for personal privacy and the depth and breadth of her background enable her to provide views that have been well considered. Commissioner Wilson previously served at the FTC as Chairman Tim Muris’ Chief of Staff during the George W. Bush Administration. She has practiced competition and consumer protection law both at law firms and as in-house counsel. When nominated, Wilson was serving as Senior Vice President — Legal, Regulatory & International for Delta Air Lines.
OCTOBER 6, 2021
50 | Cybersecurity: The Threat Environment & What to Do (with Tom Kellermann)
Jerry and Jody are joined by Tom Kellermann, Head of Cybersecurity Strategy for VMware, Inc., to discuss the current threat environment, how attacks are being conducted, and actions companies, the Government, and Congress should consider taking to turn the tide. Tom is one of the most respected professionals in the cybersecurity arena and currently serves on the Cyber Investigations Advisory Board for the U.S. Secret Service and is a Wilson Center Global Fellow for Cyber Policy.
SEPTEMBER 29, 2021
49 | Hearing the Views of the CISO Community (with Bill Sieglein)
We’re joined by Bill Sieglein, Founder of the CISO Executive Network, to discuss the perspective of CISOs on the threat environment, what policy or legislative actions might help advance cybersecurity, and reporting structures for CISOs. The CISO Executive Network comprises more than 2,000 CISOs in 23 chapters across the United States. Listen to this week’s episode for an insider view into cybersecurity from the CISO’s viewpoint.
SEPTEMBER 22, 2021
48 | Cybersecurity Aspects of Election Security (with Harri Hursti)
This week, we’re joined by Harri Hursti to discuss cybersecurity aspects of election security, the role of the private sector, and what can be done at the federal level to address these issues. Harri is one of the world’s foremost experts on election security, is the founder of DefCon’s Voting Village, and is an accomplished technologist and security expert. Harri’s work was featured in the recent HBO movie, Kill Chain: The Cyber War on America’s Election, which is nominated for an Emmy for Outstanding Investigative Documentary.
SEPTEMBER 15, 2021
47 | New Wave of SEC Enforcement on Cybersecurity (with John Reed Stark)
We’re joined by John Reed Stark, founder of John Reed Stark Consulting and former Chief of the SEC Office of Internet Enforcement, to discuss recent SEC regulatory actions regarding cybersecurity management. After a three-year hiatus, the SEC recently filed actions against Pearson PLC and First American Financial Corporation. It also charged eight SEC-registered advisory firms. As President of John Reed Stark Consulting LLC, Mr. Stark’s work emphasizes quarterbacking teams of technical, compliance and legal experts in data breach, cyber-incident response, digital forensics, security science, cyber risk resilience and investigations for a broad range of public and private companies. He currently teaches a cyber law course at Duke University Law School and previously served as a managing director at Stroz Friedberg.
SEPTEMBER 9, 2021
46 | Data Protection and Remote Online Notarization (with Gary Weingarden)
Jerry and Jody discuss the challenges involved in providing security for personal identification data collected and stored for transaction verification purposes. Our guest, Gary Weingarden, Counsel and Data Protection Officer at Notarize, joins us to talk about issues involved in protecting the privacy rights of signers in the notarization process as required by state laws as well as the complexity that will arise from a series of different state privacy enactments.
SEPTEMBER 1, 2021
45 | Exploring Cyberattack Policy and Legal Issues (with Gary Corn)
This week, we’re joined by Gary Corn, Program Director at American University Washington College of Laws Tech, Law & Security program, to discuss U.S. and international legal and policy issues associated with cyberattacks, especially those involving nation states or which may require U.S. government assistance.
AUGUST 26, 2021
44 | Exploring Compliance with Evolving Privacy Requirements (with Sherry-Maria Safchuk)
We’re joined by Buckley LLP Counsel Sherry-Maria Safchuk to discuss the complexities companies face to maintain compliance with multiple and ever-changing state and federal privacy requirements, including data breach notifications and preparations that companies are making for compliance with the California Privacy Rights Act as well as Virginia and Colorado laws just enacted. Buckley LLP developed Winnow, proprietary software designed to ease business compliance.
AUGUST 18, 2021
43 | New Imperatives for Cyber Governance
Jerry and Jody discuss Jody’s recently released book, D&O Guide to Cyber Governance: Fiduciary Duties in the Digital Age, and the drivers that are making cyber governance a top agenda item for boards and C-suites: changes in Delaware case law, information security standards and best practices, new laws and regulations requiring specific governance actions, and cyber-event litigation following major cyberattacks.
AUGUST 11, 2021
42 | Perspectives from Corporate Privacy Counsel (with Courtney Barton)
We’re joined by Courtney Barton to discuss national privacy legislation from the corporate perspective and explores cross-border data flows, possible state and federal sharing of privacy regulatory responsibilities, which privacy provisions are most expensive for companies, and whether a new Privacy Shield program might give Congress a reason to punt on a national privacy law.
AUGUST 4, 2021
41 | Pegasus and Privacy
This week, Jody and Jerry discuss recent revelations regarding the use of Pegasus spyware and the implications for privacy. The privacy implications of the Pegasus Project reports have raised serious concerns in the media and governments around the globe, including the EU and U.S. Congress. What role these reports might play in raising awareness of privacy issues in Congress or causing it to focus on the need to develop a national data privacy and security law remains to be seen, but they clearly highlight the privacy dangers in the digital age and the need for government oversight.
JULY 29, 2021
40 | The Fintech Perspective on National Privacy Legislation (with Nat Hoopes)
We’re joined by Upstart’s Nat Hoopes to explore the perspective of a leading fintech industry advocate on the prospects for national privacy legislation and related regulatory developments. Jerry and Jody talk with Nat about the impact of a patchwork of state privacy laws, reasons why national privacy legislation is so slow in coming in the U.S. vs. quicker adoption in the EU, how to protect consumers from unfair outcomes in the use of AI, and the implications of data portability provided for in the Dodd-Frank bill.
JULY 21, 2021
39 | A Valued Perspective on Privacy Legislation (with Marc Rotenberg)
We’re joined by Marc Rotenberg, president and founder of the Center for AI and Digital Policy, to discuss important influences and issues regarding national privacy legislation. We’ll discuss cross-border data flows and government surveillance, FTC enforcement, the likelihood of another Privacy Shield, actions in the EU that could influence Congress, and consumer protection.
JULY 14, 2021
38 | The Role Tech Solutions Can Play in Shaping National Privacy Legislation (with Riddhiman Das)
We interview Riddhiman Das, CEO and co-founder of Triple Blind, about the role that tech solutions might play in protecting privacy, while simultaneously facilitating the use and sharing of data for business and research purposes, and how advanced encryption technologies can enable the policy objectives that legislators and regulators are driving toward.
JULY 7, 2021
37 | The Financial Consumer's Perspective (with Dan Murphy)
We’re joined by Dan Murphy, Policy Manager of the Financial Health Network, to discuss the recently released “Financial Data: The Consumer Perspective.” The report is based on an extensive survey and finds 80-90% bipartisan support among consumers for data minimization and an opt-in requirement before a financial institution shares consumer data.
JUNE 30, 2021
36 | A Forensic Investigator’s View of Privacy (with Sherri Davidoff)
We’re joined by Sherri Davidoff, Founder and CEO of LMG Security, to discuss privacy considerations from the perspective of a highly experienced forensic investigator. They explore the use of personal data found on the dark web and privacy issues that arise during forensic investigations, including the new technique of Triple Extortion, and talk about what Congress can or should do about it.
JUNE 23, 2021
35 | A New Approach to Data Protection: Quantum Secure Data (with Rick Bueno)
We’re joined by Rick Bueno, the founder and CEO of Cyber Reliant Corporation, to discuss the implications of new data protection technology that builds security into the data itself using data encryption and data shredding. The quantum secure data platform developed by Cyber Reliant offers a way to frustrate cyber criminals, who may break through perimeter defenses but will be unable to access data in the files they obtain, maintaining its privacy.
JUNE 16, 2021
34 | The Business Perspective on National Privacy Legislation (with Shoshana Rosenberg)
This week, we’re joined by Shoshana Rosenberg, CEO of SafePorter and former global CPO, to give us some “boots on the ground” experiences and insights into what national privacy legislation in the U.S. should look like. Shoshana draws on her global expertise to discuss the role of privacy principles, data minimization, verification of consumer requests, data transfer adequacy, and more.
JUNE 9, 2021
33 | The Journey of Privacy in the U.S. (with Bruce Schneier)
We’re joined by Bruce Schneier, a self-described “public-interest technologist,” to discuss the journey of privacy in the U.S. and how government actions impact it, exploring the concept that data is toxic and companies are “punch drunk” on data, storing too much, and bringing risk to their organizations.
JUNE 2, 2021
32 | Looking Around the Corner: The What, How, When (and If) of National Privacy and Data Protection
We’re joined by thought leader Tom Vartanian to discuss his recent article in The Hill: “It’s Time for a New Secure Internet,” and the enormous vulnerabilities and risks that an insecure internet creates for people’s privacy and for our economy.
MAY 26, 2021
31 | Looking Around the Corner: The What, How, When (and If) of National Privacy and Data Protection
Jerry and Jody take a look around the corner at what lies ahead for privacy and data protection in the U.S., exploring what needs to be done to protect data and speculating on why there is not more urgency in addressing this issue. Why, in the face of increasing cyber threats and proliferating state privacy laws, is there no coherent national legislation?
MAY 19, 2021
30 | The Indissoluble Link Between Privacy and Cybersecurity
Jody and Jerry discuss the implications of rampant cyberattacks and ransomware demands for both privacy and national security. We answer questions regarding privacy and national security implications of escalating ransomware and other cyberattacks, exemplified by the recent Colonial Pipeline incident.
MAY 12, 2021
29 | Exploring Data Ownership and the Role of Privacy Enhancing Technologies (with Robert E. Grant)
We’re joined by Robert E. Grant, Founder, Chairman, and CEO of Crown Sterling Limited LLC, to discuss the concept of data ownership, the monetization of personal data, and the role these might play in national privacy debates as alternatives to consent and opt-in/opt-out.
MAY 5, 2021
28 | The Perspective of NCUA Board Member Rodney Hood
We’re joined by National Credit Union Administration Board Member Rodney Hood, who chaired the NCUA Board until early 2021. He made cybersecurity and data protection at credit unions a priority when he became NCUA Chairman in 2019 and has spoken frequently about the challenges that credit unions face in coping with privacy law requirements and cyber threats.
APR 28, 2021
27 | Rep. Suzan DelBene (D-WA) Discusses the Information Transparency and Personal Data Control Act
We’re joined by Representative Suzan DelBene (D-WA) discussing the first major privacy bill introduced in the House in the 117th Congress, the Information Transparency and Personal Data Control Act (HR 1816).
APR 21, 2021
26 | The Proposed EU ePrivacy Regulation and its Implications for U.S. Privacy Legislation
Jerry and Jody examine the proposed EU ePrivacy Regulation, which was approved by the Council of the European Union on February 10, 2021. We discuss the scope of the proposed Regulation, which covers both consumer and corporate electronic communications and would replace the current ePrivacy Directive, commonly known as the “EU Cookie Law.”
APR 14, 2021
25 | Privacy Policy and Financial Inclusion, A National and International Perspective (with Kabir Kumar)
We talk with Kabir Kumar, a Director at Flourish Ventures, an investment fund with a focus on promoting financial inclusion, domestically and internationally, exploring the empowerment that he believes can be achieved by giving individuals greater access to and control over the uses of their personal data.
APR 7, 2021
24 | The Intersection of Technology and Privacy (with Chet Hosmer)
We’re joined by University of Arizona professor Chet Hosmer to explore how technology can undermine or support privacy and data security. We also discuss vulnerabilities in security protocols and what can be done to enhance them.
MAR 31, 2021
23 | The "Private Right of Action" Question (with Mark Rasch)
We have a discussion with Mark Rasch, a recognized authority on cyber and privacy related litigation, regarding the issues surrounding individual enforcement of privacy rights and the concept of a new Private Right of Action in a legislative context. Provision for a Private Right of Action, or the absence thereof, has been identified as a point of contention among those advocating national privacy legislation.
MAR 24, 2021
22 | Taking a Look at State Privacy Efforts: Can They Guide Federal Legislation? (with Michael Aisenberg)
We’re joined by Michael Aisenberg, Chair of the ABA’s Information Security Committee and ABA Observer to the ULC project on Collection and Use of Personally Identifiable Data (CUPID) to discuss whether the CUPID effort or the Privacy Act of 1974 might help shape national privacy legislation and whether we need a national privacy law to resolve cross-border data flows issues with the EU.
MAR 17, 2021
21 | Cross-Border Data Flows: Will the Schrems II Ruling Help Advance National Privacy Legislation? (with Scott Giordano)
We’re joined by Scott Giordano, Senior Counsel – Privacy & Compliance at Spirion, to discuss the CJEU Schrems II decision, which invalidated the U.S. Privacy Shield Program and left companies uncertain about how to continue cross-border data flows.
MAR 10, 2021
20 | The Solarium Commission Report (with Cory Simpson)
Jerry and Jody are joined by Cory Simpson, who served as a Senior Director and lead for the U.S. Cyberspace Solarium Commission, to explore the objectives of the Commission and its principle recommendations.
MAR 3, 2021
19 | National Privacy Legislation Viewed through a Wider Lens (with Carlos Solari)
We’re joined by Carlos Solari, a thought leader in data protection for decades, to take a “look around the corner” at the ways data analytics are evolving and the implications for individuals to control the way data will define them in the age of advanced AI and the Internet of Things.
FEB 24, 2021
18 | A Consumer Advocate's View (with India McKinney)
Jerry and Jody are joined by leading consumer advocate, India McKinney, to explore the increasingly important voice that consumers and their advocates have in shaping the debate about the content of legislation at both the state and federal levels.
FEB 17, 2021
17 | The Nexus Between Privacy and Cybersecurity (with Jody Westby and Jerry Buckley)
Hosts Jody Westby and Jerry Buckley explore the nexus between privacy and cybersecurity and how these issues may play into the national legislative response to privacy and data protection challenges.
FEB 10, 2021
16 | The Potential Role of Financial Regulators in Showing the Path Forward for National Privacy Legislation (with David Cotney)
We’re joined by David Cotney, Senior Advisor at FS Vector, who shares some ideas about how the FFIEC could play a role in shaping national privacy policy by publishing privacy guidance for banks similar to their Cybersecurity Guidance.
FEB 3, 2021
15 | The Evolution of Privacy Principles and Practice in the Public and Private Sectors (with Jamie Danker)
We’re joined by Jamie Danker, VP of Privacy at Easy Dynamics Corporation, to discuss how principles long accepted in the federal agency context might have applicability in the private sector or could be used as guideposts for national legislation.
Jan 27, 2021
14 | The Impact of Schrems II and Threat of Data Localization (with Peter Swire)
We’re joined again by Georgia Tech Professor and Alston & Bird LLP Senior Counsel Peter Swire to discuss the implications of the Schrems II decision by the CJEU and its interpretation and implementation by the European Data Protection Board.
Jan 20, 2021
13 | Strategies for Readiness and Compliance in a Fast Changing Data Protection Landscape (with Jill Reber)
We’re joined by Jill Reber, General Manager – Data Privacy at Logic20/20, who discusses the strategies companies are adopting as they seek to operationalize data protection in a rapidly changing environment.
Jan 13, 2021
12 | Former FCC Commissioner Calls for a Presidential Commission on the Future of the Internet (with Michael Copps)
We’re joined by Michael Copps, former Commissioner and Acting Chairman of the FCC, who now serves as Special Advisor on Media and Democracy Reform at Common Cause. Copps has called on the new Biden administration to establish a Presidential Commission on the Future of the Internet.
Jan 6, 2021
11 | Pondering Preemption of State Privacy Laws (with Peter Swire)
We’re joined by Georgia Tech Scheller College of Business professor Peter Swire, who explains issues and obstacles regarding federal preemption of state privacy laws and discusses a potential approach to a federal privacy law.
Dec 16, 2021
10 | Data Governance: EU Moves While U.S. is Stalled (with Jody Westby and Jerry Buckley)
The EU has launched a series of data regulation initiatives designed to make Europe the “Data Continent” while the U.S. has yet to adopt national data governance rules and lacks an authoritative voice in international data policy discussions.
Dec 9, 2021
9 | Pros and Cons of National Privacy Legislation (with Jurgen Van Staden)
We discuss the complexities and trade-offs involved in the various types of data used by businesses and the pros and cons of national legislation with Jurgen Van Staden, Associate General Counsel for Privacy and Technology at Verizon Media.
Dec 2, 2021
8 | EU Offers Valuable Insights for U.S. National Privacy Debate (with Maarten Stassen)
We talk with Maarten Stassen, a partner in the Brussels office of Crowell & Moring LLP, about how cross-border data protection standards are playing out in practice in the EU.
Nov 18, 2021
7 | EU Data Protection: Any Lessons for U.S.? (with John Bowman)
We explore the rationale that led to adoption of the GDPR, as well as what has worked and what hasn’t, with John Bowman, Senior Principal at Promontory and the U.K. government’s lead GDPR negotiator.
Nov 11, 2021
6 | NIST Privacy Framework Plays Role in National Privacy Discussion (with Naomi Lefkovitz and Dylan Gilbert)
In January 2020, NIST released a voluntary Privacy Framework – we discuss the framework with two NIST advisors who helped lead its development.
Nov 4, 2021
5 | San Francisco Fed Report Looks at National Privacy Policy (with Kaitlin Asrow)
We interview Kaitlin Asrow, author of San Francisco Fed report, “The Role of Individuals in the Data Ecosystem,” a must-hear for anyone seriously interested in understanding the way forward in privacy and data protection policy.
OCT 28, 2021
4 | Nicole Booth & Elizabeth Young LaBerge
We will explore the data protection issues the financial services industry is grappling with at the state level and the prospects for national privacy legislation.
OCT 21, 2021
3 | Kate Flocken & Tyler Griffin
The legislative landscape on Capitol Hill is fluid and the results of the election will have a big impact on what way Congress decides to go with a national privacy regime.
OCT 14, 2020
2 | Daniel Solove
This week, we’re talking with Daniel Solove, law professor at the George Washington University and founder of TeachPrivacy.
OCT 14, 2020
1 | Jim Dempsey
Jim Dempsey is the Executive Director, Berkeley Center for Law and Technology and formerly held leadership roles at the Center for Democracy and Technology.
OCT 7, 2020
Welcome to the U.S. National Privacy Legislation Podcast
Will the United States, the largest economy in the world, enact national privacy and data protection legislation? Or will privacy regulation be left to the 50 states and other countries. The borderless nature of the Internet seems to call for a uniform legislation, but enactment is uncertain.