U.S. National Privacy Legislation Podcast

ADCG on Privacy & Cybersecurity Podcast

Join “ADCG on Privacy & Cybersecurity” podcast and hear leaders in the privacy and cybersecurity arenas discuss a wide range of issues.

Data is the lifeblood of the U.S. economy and economic competitiveness issues loom large. The objective of the podcast is to bring cutting-edge views and newsworthy information on privacy and cybersecurity to our listening audience.  The podcast series is global in scope, bringing in issues from the EU, UK, Russia, China, Australia, New Zealand, India, Canada, and around the world.

This series of podcasts will explore:

proposed federal and state legislation
cyber event-driven legal action
compliance with laws and regulations
policy proposals
regulatory actions
technical innovations
data analytics
cyberattacks
nation state cyber activities
best practices and standards
protection of critical infrastructure
whistleblowing on privacy & cybersecurity programs
and more…..

HOST

Jody Westby, a prominent consultant and attorney on privacy, cybersecurity, and cyber governance issues will interview industry leaders, policy players, legal experts, consumer privacy advocates, academicians, and state and federal officials and bring fresh insights into important privacy and cybersecurity issues.  Jody is CEO of Global Cyber Risk and is co-chair of the American Bar Association’s (ABA) Privacy & Computer Crime Committee and Cybercrime Committee. She is a professional blogger for Forbes and authors a regular column on privacy and cybersecurity issues for Leader’s Edge magazine.  Jody is the author of seven books on privacy, cybersecurity, and cybercrime, the latest being the D&O Guide to Cyber Governance, published by the ABA in 2021.

EPISODES

November 30, 2022

82 | A Look at the Consequences of the Uber and Twitter CISO Cases

This week we are joined by Ron Raether, co-lead of the Privacy + Cyber team at Troutman Pepper, and explore aspects of the recent criminal conviction of Uber’s former CISO and fallout from Twitter’s former CISO turning whistleblower.  The “culture of fear” that has developed in CISO offices nationwide has dramatically increased risk for companies that have such a culture.  Ron Raether discusses how organizations can better support their CISOs and how the general counsel and outside counsel can help influence change in organizations for better governance and cyber risk management.  We also explore how CISOs can gain more C-suite visibility and board access.  

Ron has assisted companies in navigating federal and state privacy laws for more than 20 years and he has successfully defended companies in more than 200 class actions. Balancing privacy, cyber security, and business functionality, Ron’s approach to data governance is uniquely designed with the industry in mind as it adapts to the ever-evolving technological and legal landscape.

November 17, 2022

81 | Looking at Cyber Leadership & Costly Mistakes

This week we are joined by Rachel Briggs and Richard Brinson from Savanti, a UK-based cybersecurity consulting entity. On this episode we discuss the cyber security leadership gap and some creative approaches to closing that gap.

Richard Brinson is CEO of Savanti, has been CISO at several large corporations, including Unilever and Sainsbury’s.  He was named one of the top CISOs in the world and has over 20 years of experience in the field. 

Rachel Briggs is an Executive Adviser to Savanti and a leading expert on security and regularly advises large multinationals and governments.  She is an Associate Fellow and Chatam House and was awarded the OBE in 2014. Richard and Rachel have just authored The Future of Cyber Security Leadership Series and their first publication is “Cyber Security Leadership is Broken: Here’s how to fix it.” 

November 10, 2022

80 | Cyber Command: Its role in Cybersecurity and National Security

In this episode, two incredible guests discuss Cyber Command, its role and jurisdiction, and what it can do in cyber conflict situations and how it may help the private sector when under nation state attacks.

Gary Corn is director of the Technology, Law & Security Program at American University’s Washington College of Law and former career military with his last position as the Staff Judge Advocate (General Counsel) to U.S. Cyber Command.

Jamil N. Jaffer is the Founder and Executive Director of the National Security Institute, and an Assistant Professor of Law and Director of the National Security Law & Policy Program and the nation’s first Cyber, Intelligence, and National Security LLM at the Antonin Scalia Law School at George Mason University. Jamil is also affiliated with Stanford University’s Center for International Security and Cooperation and served on the leadership teams of the Senate Foreign Relations Committee as Chief Counsel and Senior Advisor and as Senior Counsel to the House Permanent Select Committee on Intelligence.

September 28, 2022

79 | Understanding 5G Cybersecurity Issues

This week we are joined by Carlos Solari, ADCG Advisory Board Member and VP of Product for SecureG, Inc., a company developing universal security technologies for 5G, industrial IoT and other critical infrastructure.

We discuss 5G availability, how an orchestrated 5G attack could occur, how to rethink the security problem with 5G, and how 5G is connected to national security.  

Carlos was formerly with Bell Labs, CSC, and Comodo and on the government side, he served as White House CIO, was an FBI Senior Executive, and an Army officer.  Carlos has his Masters in Systems Technologies from the Naval Postgraduate School. 

Additional Resources:

 

September 20, 2022

78 | The Nexus Between Privacy, Cybersecurity & National Security

This episode features Cory Simpson, Founder & CEO of Gray Space Strategies Inc., who discusses the relationship between privacy, cybersecurity, and national security.

He draws upon his experience as Senior Director and lead for the U.S. Cyberspace Solarium Commission and discusses whether the U.S. Government and private sector are prepared for conflict involving critical infrastructure. Cory also describes how national security has evolved over the past several decades and looks at how some privacy protections in the American Data Privacy & Protection Act may be important national security considerations.  

Cory  has more than twenty years of experience in government, the military, and the private sector.  Cory spent most of his Army career supporting the special operations and airborne communities, including multiple combat tours  He earned a Master of Laws, Military Law from The Judge Advocate General’s Legal Center and School; a Juris Doctorate from West Virginia University College of Law.    

September 3, 2022

77 | Privacy & Cybersecurity Whistleblowers: A New Trend?

This episode features Andrew Grosso, a tech lawyer whose practice focuses on whistleblower complaints.  We take a look at the legal framework for whistleblowers and protections afforded them and then delve into the Twitter whistleblower case in which their former CISO handed over evidence to the DOJ, FTC, and SEC detailing gaps in Twitter’s cybersecurity practices.  We discuss whether we are on the edge of a new trend…tech whistleblowers who will expose privacy and cybersecurity gaps within the companies they work for. 

Andrew Grosso is a former Assistant U.S. Attorney who started his law practice in Washington, D.C. in 1994. He is a graduate of the law school of the University of Notre Dame, and holds master of science degrees in both physics and computer science from Rensselaer Polytechnic Institute. As an Assistant U.S. Attorney, he served from 1983 through 1994 in Tampa, in the Middle District of Florida, and in Boston, in the District of Massachusetts, concentrating in the criminal prosecution of government program fraud. He founded the Department of Justice’s first health care fraud task force, and was a founding member of the Department’s national Health Care Fraud Working Group.

Mr. Grosso’s practice includes the prosecution of False Claim Act whistleblower or “qui tam” cases; hi-tech commercial litigation; corporate compliance matters and internal investigations; Internet and privacy law; and cyber security and cyber litigation. He has acted as counsel to the Massachusetts Institute of Technology and co-authored the resulting “Report to the President: MIT and the Prosecution of Aaron Swartz.”

August 22, 2022

76 | Privacy Governance v. Cybersecurity Governance

In this episode we interview David Navetta, vice chair of Cooley LLP‘s cyber/data/privacy practice and a prominent leader in privacy, information security and technology law.  We discuss the differences between cybersecurity governance and privacy governance, what are the critical activities in privacy governance, what actions are the hardest for organizations to implement, and how privacy governance will evolve in the future.  David is a front runner in privacy and security and shares his decades of experience and insights into what lies ahead in these fields.

 David has extensive experience counseling clients on novel and cutting edge data protection issues, including data breach response, cybersecurity risk management, consumer and employee privacy, incident response planning and preparedness, technology transactions, vendor management, board of director advice and consultation, regulatory investigations, litigation and due diligence in corporate transactions. David serves as a “breach coach” on an approved panel for numerous cyber insurance carriers and companies, and he has helped some of the world’s leading corporations to effectively respond to complex data security breaches and protect their enterprise. David’s clients range from startups to large Fortune 500 multinationals across a range of industries, including eCommerce, consumer products, name-brand traditional brick-and-mortar, hotels and hospitality, social media, technology, professional services, healthcare, financial institutions and energy.

David has served as a leader and integral member of a Chambers USA-ranked law firm he co-founded. He is known for his leadership and extensive experience in privacy and data protection law, and is recognized by Chambers USA as a leading lawyer for privacy & data security from 2020 – 2022, by Legal 500 USA as a leading lawyer for international litigation and data protection & privacy from 2016 – 2020, as well as by WWL:Data in the area of Information Technology and Data Privacy & Protection. He is also a Certified Information Privacy Professional (CIPP/US) through the International Association of Privacy Professionals.

Additional Resources:

  1. https://cdp.cooley.com/companies-respond-to-secs-proposed-cybersecurity-disclosure-framework/
  2. https://www.securitymagazine.com/articles/94756-data-privacy-good-governance-and-controls

 

August 10, 2022

75 | Cybersecurity and Cyber Insurance: Claims, Costs and Chaos

This week our guest is Peter Halprin, a partner in Pasich LLP’s New York office. Peter has helped clients pursue insurance coverage for a wide range of cyber incidents.  We discuss the lack of standardized applications, premium hikes no matter how good your cybersecurity program is, nation state-sponsored cyber attacks and the war exclusion clause, and regulators running rampant.  Learn insights from a master in the field!   

Peter represents commercial policyholders in complex insurance coverage matters with a focus on recovery strategies in relation to cyber breaches and cyber crime, COVID-19 and natural disasters, professional services, regulatory investigations, and technology disputes.  Over the course of his career, Peter has arbitrated, litigated, and mediated claims involving a broad range of insurance policies and recovered hundreds of millions of dollars in insurance proceeds for policyholders.

Peter has helped clients pursue insurance coverage for business e-mail compromise schemes, cyber crimes, data breaches, fraudulent e-mails, invoice manipulation schemes, phishing and whaling attacks, ransomware attacks, privacy and statutory liability, and technology E&O disputes. He is also a prolific author and speaker on insurance coverage for cyber risks.

August 4, 2022

74 | ADCG New Leadership: The Path Forward for Privacy, Cybersecurity & Governance

This week we are joined by ADCG’s new leaders, Patrick J. Kennedy, Jr. and Dub Sutherland of Kennedy Sutherland LLP to discuss the impact that privacy, cybersecurity, and governance issues are having on businesses in addition to the proposed federal regulations.  

Patrick Kennedy and Dub Sutherland are lawyers with an entrepreneurial perspective who take a macro level view of the business challenges associated with current privacy laws, a looming cyber threat environment, and a lack of cyber governance by many boards and C-suites.  

July 15, 2022

73 | Contract Management: The Privacy Tangle

This week we are joined by Keith Cheresko, Principal of Privacy Associates International LLC and former general counsel of the Ponemon Institute, a privacy research organization, to discuss the increasing tangle of contractual compliance obligations in privacy laws. From mandated contractual obligations to standard contract clauses for forward transfers, companies are finding it increasingly difficult to manage — and meet — contractual obligations associated with privacy laws and regulations.

Prior to his role with the Ponemon Institute, Mr. Cheresko was the primary privacy counsel and a de facto privacy leader at Ford Motor Company.During his 26-year tenure at Ford, he held an assortment of legal assignments supporting Ford’s diverse business activities. With the parent company these assignments included Trade Regulation, Diversified Products Operations, and Corporate Privacy Office departments of the Office of the General Counsel. He also served at Ford Motor Credit Company, Ford’s finance subsidiary, including Legal Office assignments in the International and North American Auto Finance sections. Mr. Cheresko played a key role in the development of financial privacy practices designed to meet federal Gramm Leach Bliley financial privacy requirements and was involved with a wide variety of e-commerce matters.

Mr. Cheresko is a Fellow of Information Privacy (FIP) in the International Association of Privacy Professionals (IAPP) and holds Certified Information Privacy Professional (CIPP/US), Certified Information Privacy Technologist (CIPT), and Certified Information Privacy Manager (CIPM) credentials. He is a former Co-Chair of the IAPP’s Detroit KnowledgeNet group.

July 5, 2022

72 | DeleteMe: Looking at Privacy Solutions for Individuals & Organizations

This week we are honored to have Rob Shavell, CEO and Co-Founder of Abine, Inc. (DeleteMe), join us to discuss the threat of publicly available PII to individuals and companies, the types of threats they are encountering, the need for companies to protect executives and employees, and how individuals and organizations can address these issues, using both technological and legal/policy approaches.

Rob is a privacy expert who has been quoted in The Wall Street Journal, New York Times, The Telegraph, NPR, ABC, NBC, and Fox. Rob is a vocal proponent of privacy legislation reform, including the California Privacy Rights Act (CPRA).  

June 24, 2022

71 | Incident Response: Gaps That Matter and Approaches That Work

This week we have Violet Sullivan, Vice President of Client Development for Redpoint Cybersecurity, as our guest to discuss incident response, gaps that are costly, using external resources, bottlenecks that can take time, interacting with vendors, and successful approaches to tabletops.  On the podcast, Violet offers tips on incident response that can help organizations manage future litigation related to the incident.

Violet is an industry-leading cybersecurity and privacy attorney and Certified Information Privacy Professional (CIPP/US) who has provided thousands of clients with pre- and post-incident services.  She serves Redpoint Cybersecurity as the Vice President of Client Engagement, managing the insurance channels, breach counsel relationships, and strategically positioning the DFIR team for growth.   Her expertise in preparing businesses for cyber incidents and managing scaled breach responses has made her a trusted authority for public and private sector clients, including many Fortune 100 companies. She frequently facilitates customized tabletop simulations focused on “pressure-testing” an organization’s incident response procedures and she is an established speaker on cybersecurity awareness. Ms. Sullivan also serves as a professor of Cybersecurity & Privacy Law for Baylor Law School’s LL.M. Program, where her focus on litigation management has made her course especially valuable to general counsels and leading law firms nationwide.

June 16, 2022

70 | Learning About Cyber Risk Management from a Risk Manager

This week we are joined by Leslie Lamb, Director of Global Risk Management for Flex, Inc. and former Head of Global Risk & Resiliency Management for Cisco, to discuss the current cyber insurance market, getting boards and C-suites engaged, working across the organization and with CISOs and CPOs, and developing a cyber resiliency plan.

Leslie has over 20 years’ experience as a Risk Manager leading enterprise level risks and developing global risk transfer and business resiliency strategies. Some of her more noteworthy projects included working with all business units to identify and mitigate risks and implement global financing strategies to address these risks. She also led the Business Resiliency team at Cisco and implemented global business continuity plans, including a specific pandemic plan to be utilized in the event of catastrophic business impacts.

Ms. Lamb has been active in professional risk organizations and served on the board of directors for RIMS (Risk and Insurance Managers Society) at the local level and national level.  She has given many presentations on Enterprise Risk Management, Cyber Security, Supply Chain and Directors & Officers Liability.  She was one of the leaders in TIRF (Technology Industry Risk Forum), a group of ~30 multinational high-tech companies who met annually to learn from each other.

June 2, 2022

69 | DOJ Changes Policy on Computer Fraud & Abuse Act

This week we are joined by Mark Rasch, Adjunct Professor at George Washington University Law School and former DOJ prosecutor of cybercrimes, to discuss DOJ’s recent change to its policy for charging good faith security research cases under the Computer Fraud and Abuse Act.  We discuss the types of actions that fall within the new policy and those that do not and linkages to the Register of Copyrights definition of “good faith research.”  In addition, the episode weaves in a discussion of the recent Ninth Circuit opinion in HiQ v. LinkedIn and Supreme Court decision in Van Buren v. U.S.    

Mark Rasch is a lawyer and computer security and privacy expert and a lawyer in Bethesda, Maryland and a Professor of Cyberlaw and Cyber-crime at George Washington University School of Law.

Rasch’s career spans more than 35 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division.  He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris.

May 26, 2022

68 | Conversation with Jeff Jockisch about the Data Collaboration Alliance

This week we are joined by Jeff Jockisch, Data Privacy Researcher and founder of PrivacyPlan. We discuss the Data Collaboration Alliance, the concept of “zero copy integration,” data ownership, and the “Privacy Brain” that Jeff and others have under development. We also weave in a discussion of the recent Ninth Circuit opinion in HiQ v. LinkedIn and the impact that case could have on privacy and copying of data.

Jeff Jockisch is a data privacy researcher and the CEO of PrivacyPlan. He does original research, consults, advises privtech startups, and is the Lead Data Steward at the Data Collaboration Alliance helping build a Collaborative Privacy community.In addition to consulting and advising, Jeff creates and manages datasets about data privacy to gain insight into the privacy landscape. His research focuses on privacy-enhancing tech, privacy regulations, AI, and more.

Before focusing on privacy and certifying as a CIPP/US, Jeff studied Organizational Behavior at Cornell and spent 20+ years in tech startups, including building mortgage information systems and search engines. His understanding of data, data science, and data governance is academic and operational, deriving from experience designing knowledge graphs, working with big data, creating taxonomies and classifiers, managing data quality, and building content management systems.

May 19, 2022

67 | Crisis Communications Perspective on the SEC Cybersecurity Requirements (with guest Michael Robinson)

This week, we’re joined by Michael Robinson, Chairman & CEO of The Montgomery Strategies Group. We explore the new SEC cybersecurity requirements from the communications, brand, and regulatory management perspective and more.

As Chairman and CEO of The Montgomery Strategies Group, Michael W. Robinson draws on three-plus decades as a trusted counselor and strategist to a wide breadth of Wall Street, corporate, and government leaders to help them prepare for, and navigate through, complex Washington policy, crisis, and reputational challenges. The Montgomery Strategies Group is a full-service agency with broad expertise in reputation management, crisis and litigation communications, public affairs and regulatory advocacy, and financial communications and transactions. Michael has helped hundreds of companies, organizations, and trade associations achieve their business, reputational, and legislative-regulatory goals; counseled organizations and their leaders – including Boards of Directors – through challenging crisis situations of all kinds, including cyber, and driven a broad array of award-winning reputation campaigns.

May 19, 2022

67 | Crisis Communications Perspective on the SEC Cybersecurity Requirements (with guest Michael Robinson)

This week, we’re joined by Michael Robinson, Chairman & CEO of The Montgomery Strategies Group. We explore the new SEC cybersecurity requirements from the communications, brand, and regulatory management perspective and more.

As Chairman and CEO of The Montgomery Strategies Group, Michael W. Robinson draws on three-plus decades as a trusted counselor and strategist to a wide breadth of Wall Street, corporate, and government leaders to help them prepare for, and navigate through, complex Washington policy, crisis, and reputational challenges. The Montgomery Strategies Group is a full-service agency with broad expertise in reputation management, crisis and litigation communications, public affairs and regulatory advocacy, and financial communications and transactions. Michael has helped hundreds of companies, organizations, and trade associations achieve their business, reputational, and legislative-regulatory goals; counseled organizations and their leaders – including Boards of Directors – through challenging crisis situations of all kinds, including cyber, and driven a broad array of award-winning reputation campaigns.

May 12, 2022

66 | Understanding Digital Advertising and the Role of the NAI (with Anthony Matyjaszewski)

This week, we’re joined by Anthony Matyjaszewski, Vice President and Chief Compliance Officer of the Network Advertising Initiative.  We explore the world of digital advertising, the impact of ad tech, how state privacy laws are impacting the use of digital data for advertising, and how the industry is adapting to advertising changes from companies like Apple and Google.

Anthony Matyjaszewski leads the NAI team in conducting the NAI’s annual compliance reviews of member companies, and manages the team in reviews and onboarding of new members. He also oversees the drafting of updates to the NAI Code of Conduct and Guidance Documents.  Anthony is an attorney and CIPP.

April 27, 2022

65 | Cybersecurity and the Mid-Sized Business Market(with Steven Francesco)

This week, we’re joined by Steven Francesco, Chairman and CEO of Cohere Cyber Secure, a managed service provider (MSP), managed security service provider (MSSP), and consultant to the small and mid-sized business market.  We explore the IT and cybersecurity needs of mid-sized businesses, what motivates them, and how they manage privacy and cybersecurity compliance requirements. We also explore whether mid-sized companies leverage vendors better than big business.  

Prior to founding Cohere, Steven was CEO of U.S. Operations and a member of the Board of Directors at China to Net. Before that, he served as Chairman and CEO of Netrix Corporation, rebranded it as Nx Networks and transformed it into an industry leader in the Internet-based voice communications market.

April 19, 2022

64 | The FBI’s Novel Approach to Eradicating Malware: Search & Seizure on Company Computers (with Scott Giordano, John Bates, and John Bandler)

In our podcast episode this week, we will discuss how the FBI is obtaining court orders to enter companies’ computers and seize harmful malware — and take other actions — in a new approach to countering cybercrime.  The FBI’s Cyber Division coordinated with the UK and private companies to disrupt a two-tiered global botnet of infected devices controlled by a cybercriminal aligned with the Russian Intelligence Unit GRU.

Scott M. Giordano, Esq., V.P., Corporate Privacy, and General Counsel, Spirion, with more than 20 years of legal, technology, and risk management consulting experience.  Scott serves as Spirion’s subject matter expert on multinational data protection and its intersection with technology, export compliance, internal investigations, information governance, and risk management. 

John G. Bates, JD, CIPP/US, CIPP/E, is currently a Manager within Ernst & Young’s Cyber Strategy, Assessment, and Compliance program.  He has led legal, risk, IT security, data governance, and compliance programs and has successfully completed HITRUST and ISO 27001 certification projects.

John Bandler, founder, Bandler Law Firm PLLC, consultant, speaker, teacher, and author in the areas of cybersecurity, cybercrime, privacy, law, investigations, and more. He is also the founder of Bandler Group LLC, a legal and consulting practice that helps organizations and individuals with cybersecurity, the prevention and investigation of cybercrime, privacy, compliance, risk management, and governance.

April 8, 2022

63 | The Hunt for Cybersecurity Personnel: A View from Inside (with Jamey Cummings)

In our podcast episode this week, we will discuss the hunt for cybersecurity personnel and give us his inside view of the cybersecurity job market, what companies need, and how new laws and regulations and global events are impacting the cybersecurity search market.

Jamey Cummings is a partner at JM Search and a member of the Firm’s Cybersecurity and IT Executive’s Practice. JM Search is the premier retained executive search firm for private equity firms, venture capital firms, portfolio companies, and the Fortune 1000.

March 24, 2022

62 | SEC Reforms on Cybersecurity: The Financial Industry (with Frank Jones)

Welcome Back!

In our podcast episode today, we will discuss the new SEC proposed cybersecurity rules for registered advisers and funds, potential issues with the proposed rules and anticipated benefits. Our guest will be Frank Jones from Ariel Investments.

Frank Jones is the Vice President, Infrastructure and Information Security Officer for Ariel Investments. He leverages his experience in establishing cybersecurity programs and meeting financial industry compliance requirements in discussing the proposed SEC cybersecurity rules.

January 5, 2022

61 | Looking Ahead at Privacy and Cybersecurity (with Sherry-Maria Safchuk and Katherine Flocken)

In our podcast episode today, we will look ahead at the legislative and regulatory outlook for privacy and cybersecurity in 2022. We are joined by Sherry-Maria Safchuk of Buckley LLP and Kate Flocken of Allon Advocacy LLC.

Sherry-Maria Safchuk is counsel in the Los Angeles office of Buckley LLP, and assists clients on privacy and data security issues, including matters related to federal and state privacy and data security laws such as the GLBA, FCRA, Safeguards Rule, RFPA, CFIPA, and CCPA. She also represents clients in regulatory and compliance matters and provides support for complex litigation and government investigations involving the mortgage, consumer, and commercial lending industries.

Katherine Flocken, a former Senate staffer, is a senior policy adviser at Allon Advocacy LLC, where she helps fintech and financial services companies navigate complex policy issues.

December 22, 2021

60 | Evolving Rules of Artificial Intelligence (with Carl Hahn)

Our guest for this episode is Carl Hahn, Vice President and Chief Compliance Officer of Northrup Grumman. We discuss with Carl the evolving rules regarding the appropriate use of Artificial Intelligence. We review how the Defense Department’s Ethical Principles for Artificial Intelligence are being implemented and explore how efforts to implement responsible AI are likely to play out across all sectors of the economy.

December 16, 2021

59 | Taking a Look at the Department of Defense CMMC Framework (with Carter Schoenberg)

Jody and Jerry are joined by Carter Schoenberg, Vice President Cybersecurity & Chief Cybersecurity Officer for Soundway Consulting, to discuss the Department of Defense’s Cybersecurity Maturity Model Certification program, recent changes in the new CMMC 2.0 release, and benefits and concerns regarding CMMC requirements. Carter also discusses cybersecurity issues that the White House and Congress could help with.  

 

Carter is a CISSP and has over 27 years of combined experience in criminal investigations, cyber threat intelligence, cyber security, risk management, and cyber law.  He has worked closely with DoD officials and the contracting community on the CMMC framework for cybersecurity requirements for DoD contractors.

December 9, 2021

58 | US Government Blacklists Israeli Spyware Company (with Jody Westby and Jerry Buckley)

This week co-hosts Jerry Buckley and Jody Westby discuss the U.S. Government’s recent action in blacklisting an Israeli spyware company, NSO Group. The move prohibits U.S. companies from selling technology to NSO Group and its subsidiaries. This was the first time the Administration has taken such action against an ally, claiming the company’s software violates human rights and U.S. national security interests. Listen to this episode to get Jody Westby’s analysis of the move and what it means for technology companies and diplomacy.

December 1, 2021

57 | Looking at Federal Government Cybersecurity Requirements & Contracting (with Barbara George and Betsy Schmidt Chase)

This week, we’re joined by Barbara George and Betsy Schmidt Chase to discuss cybersecurity contracting opportunities within the federal government and cybersecurity requirements. This episode discusses the impact on small and mid-sized businesses, multiple award contracts, CMMC, what actions Congress and the Administration could consider. 

Barbara George is Executive Director, Advisory Services for Fortalice Solutions and also serves as Executive Director of the Washington Cyber Roundtable. Betsy Schmidt Chase is Director of Business Development for Computer Access Technologies and formerly was a litigator. Both women have deep experience in the cybersecurity sector and provide an excellent analysis of the current cybersecurity contracting environment.

November 17, 2021

56 | Data Industry Leader Addresses Privacy and Cybersecurity Challenges (with Francis Creighton)

This week we explore what the changing landscape for privacy and cybersecurity means for credit reporting agencies such as Experian, Equifax and TransUnion. Our guest is Francis Creighton, President and CEO of the Consumer Data Industry Association (CDIA). We discuss with him the role that credit reporting agencies play in expanding credit opportunities and increasing regulatory expectations related to outcomes for different segments of society as a result of advanced credit analytics. We conclude the episode with steps the consumer data industry is taking to protect against data breaches and ransomware attacks and increasing federal and state regulatory expectations.

November 10, 2021

55 | NATO Expert Brings Emotional Intelligence to Cybersecurity (with Nadja El Fertasi)

This week’s episode features Nadja El Fertasi, CEO of Thrive With EQ. Nadja joins Jody and Jerry to discuss how to use emotional firewalls to counter cyber attacks. Nadja had a 20-year career with NATO and served as the co-chair of the Transatlantic Steering Committee for “Disruptive Dilemmas: Cyber Crisis Simulation Exercise.” 

November 3, 2021

54 | A New Center & Global Thoughts on Privacy (with Jordan Fischer)

Jody and Jerry are joined this week by Jordan Fischer to discuss global privacy issues, the U.S. states’ trend toward GDPR, and the G7 Digital Trade Principles. We examine the intersection of law and technology, the voice of the consumer, and whether international tensions and economic pressures are enough to move the privacy needle in the US. Jordan Fischer is an international privacy attorney and Director of the Center for Law & Transformational Technology at Drexel University’s School of Law. Jordan clerked at the Court of Justice of the European Union and explores the implications of regional data protection regulations within a backdrop of the global economy. 

OctoBER 27, 2021

53 | Roles and Responsibilities of Bank Directors for Privacy and Cybersecurity (with David Baris)

This week, we are joined by David Baris, the President of the American Association of Bank Directors (AABD), to explore the roles and responsibilities of bank directors in dealing with cyber risk and assuring the protection of private customer data. The threat environment for banks and compliance expectations related to data governance is rapidly changing, and it is important to understand what role board members are expected to play in dealing with these challenges and what is the primary responsibility of bank management. We also discuss with David the developing legal framework of multiple state privacy rules, the advantages of a single federal law, and whether the  Gramm Leach Bliley privacy provisions are likely to be subsumed in a more general law if and when national privacy legislation is enacted.

OctoBER 20, 2021

52 | Privacy, Cybersecurity, and Corporate Boards (with CE Andrews)

We are joined by CE Andrews to get a board member’s perspective on the strategies companies need to adopt to deal with the rapidly changing cyber threat environment as well as evolving compliance and enforcement expectations and a spate of new laws and regulations. CE Andrews serves on multiple boards including a Fortune 100 company, a community bank, a construction company, an education company, and a charity board as well.

OctoBER 13, 2021

51 | Pondering Privacy with FTC Commissioner (with Christine Wilson)

This week, we are joined by FTC Commissioner Christine Wilson to discuss FTC privacy enforcement, the need for national privacy legislation, and state preemption and private right of action. Commissioner Wilson shares her passion for personal privacy and the depth and breadth of her background enable her to provide views that have been well considered. Commissioner Wilson previously served at the FTC as Chairman Tim Muris’ Chief of Staff during the George W. Bush Administration. She has practiced competition and consumer protection law both at law firms and as in-house counsel. When nominated, Wilson was serving as Senior Vice President — Legal, Regulatory & International for Delta Air Lines.

OctoBER 6, 2021

50 | Cybersecurity: The Threat Environment & What to Do (with Tom Kellermann)

Jerry and Jody are joined by Tom Kellermann, Head of Cybersecurity Strategy for VMware, Inc., to discuss the current threat environment, how attacks are being conducted, and actions companies, the Government, and Congress should consider taking to turn the tide. Tom is one of the most respected professionals in the cybersecurity arena and currently serves on the Cyber Investigations Advisory Board for the U.S. Secret Service and is a Wilson Center Global Fellow for Cyber Policy.

SEPTEMBER 29, 2021

49 | Hearing the Views of the CISO Community (with Bill Sieglein)

We’re joined by Bill Sieglein, Founder of the CISO Executive Network, to discuss the perspective of CISOs on the threat environment, what policy or legislative actions might help advance cybersecurity, and reporting structures for CISOs. The CISO Executive Network comprises more than 2,000 CISOs in 23 chapters across the United States. Listen to this week’s episode for an insider view into cybersecurity from the CISO’s viewpoint.

SEPTEMBER 22, 2021

48 | Cybersecurity Aspects of Election Security (with Harri Hursti)

This week, we’re joined by Harri Hursti to discuss cybersecurity aspects of election security, the role of the private sector, and what can be done at the federal level to address these issues. Harri is one of the world’s foremost experts on election security, is the founder of DefCon’s Voting Village, and is an accomplished technologist and security expert. Harri’s work was featured in the recent HBO movie, Kill Chain: The Cyber War on America’s Election, which is nominated for an Emmy for Outstanding Investigative Documentary.

SEPTEMBER 15, 2021

47 | New Wave of SEC Enforcement on Cybersecurity (with John Reed Stark)

We’re joined by John Reed Stark, founder of John Reed Stark Consulting and former Chief of the SEC Office of Internet Enforcement, to discuss recent SEC regulatory actions regarding cybersecurity management. After a three-year hiatus, the SEC recently filed actions against Pearson PLC and First American Financial Corporation. It also charged eight SEC-registered advisory firms. As President of John Reed Stark Consulting LLC, Mr. Stark’s work emphasizes quarterbacking teams of technical, compliance and legal experts in data breach, cyber-incident response, digital forensics, security science, cyber risk resilience and investigations for a broad range of public and private companies. He currently teaches a cyber law course at Duke University Law School and previously served as a managing director at Stroz Friedberg. 

SEPTEMBER 9, 2021

46 | Data Protection and Remote Online Notarization (with Gary Weingarden)

Jerry and Jody discuss the challenges involved in providing security for personal identification data collected and stored for transaction verification purposes. Our guest, Gary Weingarden, Counsel and Data Protection Officer at Notarize, joins us to talk about issues involved in protecting the privacy rights of signers in the notarization process as required by state laws as well as the complexity that will arise from a series of different state privacy enactments.

SEPTEMBER 1, 2021

45 | Exploring Cyberattack Policy and Legal Issues (with Gary Corn)

This week, we’re joined by Gary Corn, Program Director at American University Washington College of Laws Tech, Law & Security program, to discuss U.S. and international legal and policy issues associated with cyberattacks, especially those involving nation states or which may require U.S. government assistance. 

AUGUST 26, 2021

44 | Exploring Compliance with Evolving Privacy Requirements (with Sherry-Maria Safchuk)

We’re joined by Buckley LLP Counsel Sherry-Maria Safchuk to discuss the complexities companies face to maintain compliance with multiple and ever-changing state and federal privacy requirements, including data breach notifications and preparations that companies are making for compliance with the California Privacy Rights Act as well as Virginia and Colorado laws just enacted. Buckley LLP developed Winnow, proprietary software designed to ease business compliance.

AUGUST 18, 2021

43 | New Imperatives for Cyber Governance

Jerry and Jody discuss Jody’s recently released book, D&O Guide to Cyber Governance: Fiduciary Duties in the Digital Age, and the drivers that are making cyber governance a top agenda item for boards and C-suites: changes in Delaware case law, information security standards and best practices, new laws and regulations requiring specific governance actions, and cyber-event litigation following major cyberattacks.

AUGUST 11, 2021

42 | Perspectives from Corporate Privacy Counsel (with Courtney Barton)

We’re joined by Courtney Barton to discuss national privacy legislation from the corporate perspective and explores cross-border data flows, possible state and federal sharing of privacy regulatory responsibilities, which privacy provisions are most expensive for companies, and whether a new Privacy Shield program might give Congress a reason to punt on a national privacy law.

AUGUST 4, 2021

41 | Pegasus and Privacy

This week, Jody and Jerry discuss recent revelations regarding the use of Pegasus spyware and the implications for privacy. The privacy implications of the Pegasus Project reports have raised serious concerns in the media and governments around the globe, including the EU and U.S. Congress. What role these reports might play in raising awareness of privacy issues in Congress or causing it to focus on the need to develop a national data privacy and security law remains to be seen, but they clearly highlight the privacy dangers in the digital age and the need for government oversight. 

JULY 29, 2021

40 | The Fintech Perspective on National Privacy Legislation (with Nat Hoopes)

We’re joined by Upstart’s Nat Hoopes to explore the perspective of a leading fintech industry advocate on the prospects for national privacy legislation and related regulatory developments.  Jerry and Jody talk with Nat about the impact of a patchwork of state privacy laws, reasons why national privacy legislation is so slow in coming in the U.S. vs. quicker adoption in the EU, how to protect consumers from unfair outcomes in the use of AI, and the implications of data portability provided for in the Dodd-Frank bill. 

JULY 21, 2021

39 | A Valued Perspective on Privacy Legislation (with Marc Rotenberg)

We’re joined by Marc Rotenberg, president and founder of the Center for AI and Digital Policy, to discuss important influences and issues regarding national privacy legislation. We’ll discuss cross-border data flows and government surveillance, FTC enforcement, the likelihood of another Privacy Shield, actions in the EU that could influence Congress, and consumer protection.

JULY 14, 2021

38 | The Role Tech Solutions Can Play in Shaping National Privacy Legislation (with Riddhiman Das)

We interview Riddhiman Das, CEO and co-founder of Triple Blind, about the role that tech solutions might play in protecting privacy, while simultaneously facilitating the use and sharing of data for business and research purposes, and how advanced encryption technologies can enable the policy objectives that legislators and regulators are driving toward.

JULY 7, 2021

37 | The Financial Consumer's Perspective (with Dan Murphy)

We’re joined by Dan Murphy, Policy Manager of the Financial Health Network, to discuss the recently released “Financial Data: The Consumer Perspective.” The report is based on an extensive survey and finds 80-90% bipartisan support among consumers for data minimization and an opt-in requirement before a financial institution shares consumer data.

JUNE 30, 2021

36 | A Forensic Investigator’s View of Privacy (with Sherri Davidoff)

We’re joined by Sherri Davidoff, Founder and CEO of LMG Security, to discuss privacy considerations from the perspective of a highly experienced forensic investigator. They explore the use of personal data found on the dark web and privacy issues that arise during forensic investigations, including the new technique of Triple Extortion, and talk about what Congress can or should do about it.

JUNE 23, 2021

35 | A New Approach to Data Protection: Quantum Secure Data (with Rick Bueno)

We’re joined by Rick Bueno, the founder and CEO of Cyber Reliant Corporation, to discuss the implications of new data protection technology that builds security into the data itself using data encryption and data shredding. The quantum secure data platform developed by Cyber Reliant offers a way to frustrate cyber criminals, who may break through perimeter defenses but will be unable to access data in the files they obtain, maintaining its privacy.

JUNE 16, 2021

34 | The Business Perspective on National Privacy Legislation (with Shoshana Rosenberg)

This week, we’re joined by Shoshana Rosenberg, CEO of SafePorter and former global CPO, to give us some “boots on the ground” experiences and insights into what national privacy legislation in the U.S. should look like. Shoshana draws on her global expertise to discuss the role of privacy principles, data minimization, verification of consumer requests, data transfer adequacy, and more. 

JUNE 9, 2021

33 | The Journey of Privacy in the U.S. (with Bruce Schneier)

We’re joined by Bruce Schneier, a self-described “public-interest technologist,” to discuss the journey of privacy in the U.S. and how government actions impact it, exploring the concept that data is toxic and companies are “punch drunk” on data, storing too much, and bringing risk to their organizations. 

JUNE 2, 2021

32 | Looking Around the Corner: The What, How, When (and If) of National Privacy and Data Protection

We’re joined by thought leader Tom Vartanian to discuss his recent article in The Hill: “It’s Time for a New Secure Internet,” and the enormous vulnerabilities and risks that an insecure internet creates for people’s privacy and for our economy. 

MAY 26, 2021

31 | Looking Around the Corner: The What, How, When (and If) of National Privacy and Data Protection

Jerry and Jody take a look around the corner at what lies ahead for privacy and data protection in the U.S., exploring what needs to be done to protect data and speculating on why there is not more urgency in addressing this issue. Why, in the face of increasing cyber threats and proliferating state privacy laws, is there no coherent national legislation? 

MAY 19, 2021

30 | The Indissoluble Link Between Privacy and Cybersecurity

Jody and Jerry discuss the implications of rampant cyberattacks and ransomware demands for both privacy and national security. We answer questions regarding privacy and national security implications of escalating ransomware and other cyberattacks, exemplified by the recent Colonial Pipeline incident.

MAY 12, 2021

29 | Exploring Data Ownership and the Role of Privacy Enhancing Technologies (with Robert E. Grant)

We’re joined by Robert E. Grant, Founder, Chairman, and CEO of Crown Sterling Limited LLC, to discuss the concept of data ownership, the monetization of personal data, and the role these might play in national privacy debates as alternatives to consent and opt-in/opt-out.

MAY 5, 2021

28 | The Perspective of NCUA Board Member Rodney Hood

We’re joined by National Credit Union Administration Board Member Rodney Hood, who chaired the NCUA Board until early 2021. He made cybersecurity and data protection at credit unions a priority when he became NCUA Chairman in 2019 and has spoken frequently about the challenges that credit unions face in coping with privacy law requirements and cyber threats.

APR 28, 2021

27 | Rep. Suzan DelBene (D-WA) Discusses the Information Transparency and Personal Data Control Act​

We’re joined by Representative Suzan DelBene (D-WA) discussing the first major privacy bill introduced in the House in the 117th Congress, the Information Transparency and Personal Data Control Act (HR 1816).

APR 21, 2021

26 | The Proposed EU ePrivacy Regulation and its Implications for U.S. Privacy Legislation

Jerry and Jody examine the proposed EU ePrivacy Regulation, which was approved by the Council of the European Union on February 10, 2021. We discuss the scope of the proposed Regulation, which covers both consumer and corporate electronic communications and would replace the current ePrivacy Directive, commonly known as the “EU Cookie Law.”

APR 14, 2021

25 | Privacy Policy and Financial Inclusion, A National and International Perspective (with Kabir Kumar‪)‬

We talk with Kabir Kumar, a Director at Flourish Ventures, an investment fund with a focus on promoting financial inclusion, domestically and internationally, exploring the empowerment that he believes can be achieved by giving individuals greater access to and control over the uses of their personal data.

APR 7, 2021

24 | The Intersection of Technology and Privacy (with Chet Hosmer)

We’re joined by University of Arizona professor Chet Hosmer to explore how technology can undermine or support privacy and data security. We also discuss vulnerabilities in security protocols and what can be done to enhance them.

MAR 31, 2021

23 | The "Private Right of Action" Question (with Mark Rasch)

We have a discussion with Mark Rasch, a recognized authority on cyber and privacy related litigation, regarding the issues surrounding individual enforcement of privacy rights and the concept of a new Private Right of Action in a legislative context. Provision for a Private Right of Action, or the absence thereof, has been identified as a point of contention among those advocating national privacy legislation.

MAR 24, 2021

22 | Taking a Look at State Privacy Efforts: Can They Guide Federal Legislation? (with Michael Aisenberg‪)‬

We’re joined by Michael Aisenberg, Chair of the ABA’s Information Security Committee and ABA Observer to the ULC project on Collection and Use of Personally Identifiable Data (CUPID) to discuss whether the CUPID effort or the Privacy Act of 1974 might help shape national privacy legislation and whether we need a national privacy law to resolve cross-border data flows issues with the EU.

MAR 17, 2021

21 | Cross-Border Data Flows: Will the Schrems II Ruling Help Advance National Privacy Legislation? (with Scott Giordano)

We’re joined by Scott Giordano, Senior Counsel – Privacy & Compliance at Spirion, to discuss the CJEU Schrems II decision, which invalidated the U.S. Privacy Shield Program and left companies uncertain about how to continue cross-border data flows.

MAR 10, 2021

20 | The Solarium Commission Report (with Cory Simpson)

Jerry and Jody are joined by Cory Simpson, who served as a Senior Director and lead for the U.S. Cyberspace Solarium Commission, to explore the objectives of the Commission and its principle recommendations.

MAR 3, 2021

19 | National Privacy Legislation Viewed through a Wider Lens (with Carlos Solari‪)‬

We’re joined by Carlos Solari, a thought leader in data protection for decades, to take a “look around the corner” at the ways data analytics are evolving and the implications for individuals to control the way data will define them in the age of advanced AI and the Internet of Things.

FEB 24, 2021

18 | A Consumer Advocate's View (with India McKinney‪)‬

Jerry and Jody are joined by leading consumer advocate, India McKinney, to  explore the increasingly important voice that consumers and their advocates have in shaping the debate about the content of legislation at both the state and federal levels.

FEB 17, 2021

17 | The Nexus Between Privacy and Cybersecurity (with Jody Westby and Jerry Buckley)

Hosts Jody Westby and Jerry Buckley explore the nexus between privacy and cybersecurity and how these issues may play into the national legislative response to privacy and data protection challenges.

FEB 10, 2021

16 | The Potential Role of Financial Regulators in Showing the Path Forward for National Privacy Legislation (with David Cotney‪)

We’re joined by David Cotney, Senior Advisor at FS Vector, who shares some ideas about how the FFIEC could play a role in shaping national privacy policy by publishing privacy guidance for banks similar to their Cybersecurity Guidance.

FEB 3, 2021

15 | The Evolution of Privacy Principles and Practice in the Public and Private Sectors (with Jamie Danker)

We’re joined by Jamie Danker, VP of Privacy at Easy Dynamics Corporation, to discuss how principles long accepted in the federal agency context might have applicability in the private sector or could be used as guideposts for national legislation.

JAN 27, 2021

14 | The Impact of Schrems II and Threat of Data Localization (with Peter Swire)

We’re joined again by Georgia Tech Professor and Alston & Bird LLP Senior Counsel Peter Swire to discuss the implications of the Schrems II decision by the CJEU and its interpretation and implementation by the European Data Protection Board.

JAN 20, 2021

13 | Strategies for Readiness and Compliance in a Fast Changing Data Protection Landscape (with Jill Reber)

We’re joined by Jill Reber, General Manager – Data Privacy at Logic20/20, who discusses the strategies companies are adopting as they seek to operationalize data protection in a rapidly changing environment.

JAN 13, 2021

12 | Former FCC Commissioner Calls for a Presidential Commission on the Future of the Internet (with Michael Copps)

We’re joined by Michael Copps, former Commissioner and Acting Chairman of the FCC, who now serves as Special Advisor on Media and Democracy Reform at Common Cause. Copps has called on the new Biden administration to establish a Presidential Commission on the Future of the Internet.

JAN 6, 2021

11 | Pondering Preemption of State Privacy Laws (with Peter Swire)

We’re joined by Georgia Tech Scheller College of Business professor Peter Swire, who explains issues and obstacles regarding federal preemption of state privacy laws and discusses a potential approach to a federal privacy law.

DEC 16, 2020

10 | Data Governance: EU Moves While U.S. is Stalled (with Jody Westby and Jerry Buckley)

The EU has launched a series of data regulation initiatives designed to make Europe the “Data Continent” while the U.S. has yet to adopt national data governance rules and lacks an authoritative voice in international data policy discussions.

DEC 9, 2020

9 | Pros and Cons of National Privacy Legislation (with Jurgen Van Staden)

We discuss the complexities and trade-offs involved in the various types of data used by businesses and the pros and cons of national legislation with Jurgen Van Staden, Associate General Counsel for Privacy and Technology at Verizon Media.

DEC 2, 2020

8 | EU Offers Valuable Insights for U.S. National Privacy Debate (with Maarten Stassen)

We talk with Maarten Stassen, a partner in the Brussels office of Crowell & Moring LLP, about how cross-border data protection standards are playing out in practice in the EU.

NOV 18, 2020

7 | EU Data Protection: Any Lessons for U.S.? (with John Bowman)

We explore the rationale that led to adoption of the GDPR, as well as what has worked and what hasn’t, with John Bowman, Senior Principal at Promontory and the U.K. government’s lead GDPR negotiator.

NOV 11, 2020

6 | NIST Privacy Framework Plays Role in National Privacy Discussion (with Naomi Lefkovitz and Dylan Gilbert)

In January 2020, NIST released a voluntary Privacy Framework – we discuss the framework with two NIST advisors who helped lead its development.

NOV 4, 2020

5 | San Francisco Fed Report Looks at National Privacy Policy (with Kaitlin Asrow)

We interview Kaitlin Asrow, author of San Francisco Fed report, “The Role of Individuals in the Data Ecosystem,” a must-hear for anyone seriously interested in understanding the way forward in privacy and data protection policy.

oct 28, 2020

4 | Nicole Booth & Elizabeth Young LaBerge

We will explore the data protection issues the financial services industry is grappling with at the state level and the prospects for national privacy legislation.

oct 21, 2020

3 | Kate Flocken & Tyler Griffin

The legislative landscape on Capitol Hill is fluid and the results of the election will have a big impact on what way Congress decides to go with a national privacy regime.

oct 14, 2020

2 | Daniel Solove

This week, we’re talking with Daniel Solove, law professor at the George Washington University and founder of TeachPrivacy.

oct 14, 2020

1 | Jim Dempsey

Jim Dempsey is the Executive Director, Berkeley Center for Law and Technology and formerly held leadership roles at the Center for Democracy and Technology.

oct 7, 2020

Welcome to the U.S. National Privacy Legislation Podcast

Will the United States, the largest economy in the world, enact national privacy and data protection legislation? Or will privacy regulation be left to the 50 states and other countries. The borderless nature of the Internet seems to call for a uniform legislation, but enactment is uncertain.
Back To Top