Podcasts about ccpa

This episode covers the rising costs and restrictions surrounding AI agents, including token consumption, model access policies, and the growing dependence on AI tools for security work. The hosts discuss Troy Hunt's retrospective on Have I Been Pwned reaching its 1,000th tracked breach, examining why breach disclosures appear to be slowing and how GDPR and CCPA requirements affect notification practices. Additional topics include password and email hygiene, the value of breach-notification services, AI infrastructure and data center costs, and new research mapping AI-enabled cyber threats to the MITRE ATT&CK framework.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis

Industry experts estimate synthetic identity fraud costs the financial industry as high as $95 billion a year, and the most damaging attacks pass every verification check without triggering a single alert.Tedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential, brings 25 years of payments and fraud infrastructure experience to a direct conversation with Hal Lonas, Chief Technology Officer of Trulioo, the identity verification platform trusted by Google, JP Morgan Payments, Stripe, Airbnb, and Meta.Lonas explains why detection rates hide more than they reveal, how fraudsters now add intentional imperfections to AI-generated deepfakes to beat detection systems, and why agentic commerce requires an entirely new verification layer beyond KYC and KYB. The conversation covers Trulioo's Know Your Agent (KYA) framework, the Digital Agent Passport, Google's Agent Payments Protocol (AP2), and the privacy regulation debate most compliance teams have not fully worked through.Find out more1️⃣ Ask your identity vendor for their false negative rate, not just their detection rate, and demand specific numbers.2️⃣ Build continuous monitoring into your post-onboarding workflow so your system is still watching on day 30, 60, and 90.3️⃣ Audit every automated decision model in your stack and document the logic before your next regulatory exam.4️⃣ Map your verification flow and tier friction based on real-time risk signals instead of running flat checks on every customer.5️⃣ Get your compliance and growth teams in the same room with a shared dashboard showing fraud loss rates and abandonment rates side by side.Guest:Hal Lonas LinkedIn: https://www.linkedin.com/in/hal-lonas-4555b1Hal Lonas X: https://x.com/hal_lonasCompany:Trulioo: https://www.trulioo.comFintech Confidential:Podcast: https://fintechconfidential.com/listenNotifications: https://fintechconfidential.com/accessLinkedIn: https://www.linkedin.com/company/fintechconfidentialX: https://x.com/FTconfidentialInstagram: https://www.instagram.com/fintechconfidentialFacebook: https://www.facebook.com/fintechconfidentialSupporters:Under.io streamlines application and underwriting by digitizing PDFs for digital signature: under.io/FTCSkyflow is a zero trust data privacy vault delivered as an API, covering PCI, CCPA, GDPR, SOC 2, and beyond: skyflowsecure.comDFNS provides wallets as a service, API first, multi-chain, secured with MPC, used by Stripe, Fidelity, and others: fintechconfidential.com/dfnsHawk AI offers real-time payment screening, AML monitoring, and dynamic customer risk rating to reduce false positives: gethawk.comAbout:Hal Lonas is the Chief Technology Officer of Trulioo, where he leads technology strategy, product development, and engineering. He co-founded BrightCloud, a cloud-native threat intelligence company, and previously served as CTO at Webroot, Carbonite, and OpenText before joining Trulioo in 2021.Trulioo is a global identity verification platform operating across 195 countries, covering 14,000+ ID document types, 6,000+ watchlists, and 700 million business entities.Tedd Huff is CEO of Voalyre and founder of Fintech Confidential. The show is produced by DD3 Media and brings you the people, tech, and companies that change how you pay and get paid.Chapters: 00:00 Introduction01:28 Meet Trulioo CTO02:48 From Space to Security04:11 Dfns: Wallets as a Service (sponsor)05:32 Sleeper Accounts Explained08:33 False Negatives Metric11:43 Explainable Adaptive ML13:23 Deepfakes Raise Stakes15:03 Asymmetric Defense Signals17:51 Privacy Versus Safety21:25 Sky Flow: Building Fast and Secure (sponsor)22:27 Friction Based Risk24:16 Case Study ConsenSys26:04 Know Your Agent Future27:52 Agent Passport Checks32:43 Open Standards AP234:35 Are Defenders Losing36:05 Leader Advice Wrap40:37 Final Thoughts and Outro41:36 Hawk AI - Realtime Fraud Monitoring (sponsor)42:23 DisclaimerDisclaimer: The information provided in this episode is for informational purposes only and should not be considered financial, legal, or investment advice.#syntheticidentityfraud #identityverification #KYC #KYB #agenticcommerce #KnowYourAgent #deepfakedetection #fintechfraud #fraudprevention #AML #trulioo #AP2 #GoogleAP2 #AIfraud #fintechcompliance #fintechconfidential

The OCC's 376-page proposed rule under the GENIUS Act is converting stablecoin policy into binding compliance requirements with formal issuer categories. Paxos, BitGo, and Ripple all received OCC trust charter approvals, but a trust charter does not guarantee Fed payment rail access. Klarivis data shows deposit movement from stablecoin-adjacent products is already measurable at community banks. The 26-month application timeline puts anyone starting today against a potential administration change, and sponsor bank programs face new pressure from charter competition and yield-based products.Bank charter confusion, trust charter risks, and Fed Master Account access gaps are creating real problems for fintech operators, sponsor banks, and community bank executives right now. Tedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential, and co-host Steve Bishop sit down on Inside the Vault with three former and current regulatory insiders: Syed Raza, former Acting Chief Innovation Officer at the OCC and Managing Director at FTI Consulting; Michele Alt, Co-Founder and Managing Director at Klaros Group; and Ian Moloney, Chief Policy Officer at the American Fintech Council.Find out more1️⃣ Answer four questions before filing: who grants the charter, what powers it includes, what activities are limited, and who examines the institution.2️⃣ Start compliance documentation now; controls, funds flow maps, and exception handling should be ready before the examiner asks.3️⃣ Read the conditions attached to charter approvals; those conditions reveal what regulators did not trust in the application.4️⃣ Align cost sharing, control ownership, and data ownership with your partner before examination forces the conversation.5️⃣ Price the M&A path into your charter strategy; the 26-month timeline means the political window may close before your application clears.Guest LinksSyed RazaFTI ConsultingMichele AltKlaros GroupIan MoloneyAmerican Fintech CouncilSteve BishopFintech ConfidentialPodcast: https://fintechconfidential.com/listenNotifications: https://fintechconfidential.com/accessLinkedIn: https://www.linkedin.com/company/fintechconfidentialX: https://x.com/FTconfidentialInstagram: https://www.instagram.com/fintechconfidentialFacebook: https://www.facebook.com/fintechconfidentialSupportersUnder: Streamline your application and underwriting process by digitizing PDFs for digital signature. under.io/ftcSkyflow: Zero-trust data privacy vault delivered as an API covering PCI, CCPA, GDPR, and SOC 2 compliance. skyflowsecure.comHawk AI: Real-time payment screening, ML transaction monitoring, and dynamic customer risk rating to fight fraud and financial crime. gethawkai.comAbout the GuestsSyed Raza is a Managing Director at FTI Consulting with over 30 years in risk management and regulatory compliance. He previously served as Acting Chief Innovation Officer at the OCC, guiding regulatory policy for fintech licensing.Michele Alt is Co-Founder and Managing Director at Klaros Group. She spent 22 years in the OCC Law Department and advises banks and fintechs on charter applications, regulatory strategy, and bank design.Ian Moloney is Chief Policy Officer at the American Fintech Council. He previously led policy and regulatory affairs at Cross River and served as a Senior Analyst at the U.S. Government Accountability Office.About the Co-HostSteve Bishop is Founder and Chief Ally at amBaaSsador, an education and advisory platform focused on embedded finance and Banking-as-a-Service for financial institutions.About the HostTedd Huff, CEO of fintech advisory firm Voalyre and host of Fintech Confidential. Fintech Confidential is a production of DD3 Media, bringing you the people, tech, and companies that change how you pay and get paid.Chapters00:00 Episode Highlights00:36 Welcome to Fintech Confidential03:31 Sky Flow: Building Fast and Secure (Sponsor)04:33 What a Charter Means07:06 OCC Rules and Stablecoins09:43 Why Trust Charters Boom13:50 Under.io: AI-Powered Onboarding & Risk Verification (Sponsor)14:20 Fed Master Account Gap17:59 Sponsor Banking Under Pressure22:15 What to Watch Next25:28 Action Steps and Wrap27:50 Hawk.ai: AI-Driven Financial Crime Detection (Sponsor)28:36 Disclaimer#bankcharter #trustcharter #fintech #occ #stablecoin #geniusact #fedmasteraccount #sponsorbank #baas #fintechregulation #communitybank #bankingcompliance #fintechpolicy #occcharter #depositinsurance #stablecoinyield #bankholding

Crypto regulation in Q1 2026 reshaped the stablecoin and digital asset markets with the OCC's 376-page Genius Act proposed rule, the SEC's five-category crypto asset classification, and new AML data from FATF and Chainalysis. Tedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential, breaks it all down with Robert Musiala, Partner at Baker Hostetler and co-lead of their Web3 practice.The OCC introduced the PPSI framework that every future stablecoin issuer must follow, while at least 15 crypto-native companies raced to file trust charter applications. The SEC named 18 tokens as digital commodities, replaced the "decentralization" test with a central party control standard, and Chairman Atkins previewed up to three safe harbor proposals under a tentative Regulation CA. On the enforcement side, 84% of illicit crypto transactions in 2025 involved stablecoins, the DOJ seized $61 million in USDT, and North Korea expanded state-sponsored theft into remote IT worker schemes targeting US businesses.Find out more1️⃣ Map your Genius Act transition now; the 18-month implementation window is closing fast and companies that filed trust charters in late 2025 are already positioned.2️⃣ Vet every outsourced IT vendor accepting stablecoin payments for shell company ties to state-sponsored actors.3️⃣ Audit your tokens against the SEC's five-bucket test before the safe harbor proposals drop.4️⃣ Stress test your AML program against stablecoin-specific risks like peer-to-peer transfers, multi-hop wallet chains, and shell IT vendor payments flagged by the DOJ and FATF in Q1.5️⃣ Model your Q3 budget with and without yield revenue in case the OCC's related third-party restrictions survive.LINKSGuestRobert MusialaLinkedIn: https://www.linkedin.com/in/robert-musiala/Baker Hostetler: https://www.bakerlaw.com/people/robert-musialaBlockchain Monitor: https://www.blockchainmonitor.com/CompanyBaker HostetlerWebsite: https://www.bakerlaw.com/Web3 & Digital Assets Team: https://www.bakerlaw.com/practices/web3-digital-assetsLegal Resources: https://www.bakerlaw.com/insightsHostTedd Huff: https://www.linkedin.com/in/teddhuff/Linkedin: https://www.linkedin.com/company/fintechconfidentialFintech ConfidentialYoutube: https://youtube.com/@fintechconfidentialPodcast: https://fintechconfidential.com/listenNewsletter: https://fintechconfidential.com/accessLinkedIn: https://www.linkedin.com/company/fintechconfidentialX: https://x.com/FTconfidentialInstagram: https://www.instagram.com/fintechconfidentialFacebook: https://www.facebook.com/fintechconfidentialSUPPORTERSDFNS: Wallets as a service, API first, multi-chain, secured with MPC across 50+ blockchains - fintechconfidential.com/dfnsSkyflow: Zero trust data privacy vault for PCI, CCPA, GDPR, SOC 2 compliance - skyflowsecure.comHawk: AI tools for real-time payment screening and fraud prevention - gethawkai.comABOUTRobert Musiala is a Partner at Baker Hostetler where he co-leads the firm's Web3 practice. He authors The Blockchain Monitor, one of the longest-running legal blogs covering crypto regulation, enforcement, and policy developments. His practice spans both traditional financial institutions and crypto-native companies.Baker Hostetler is a national law firm with deep expertise in financial services, securities, and emerging technology law.Tedd Huff is the CEO of fintech advisory firm Voalyre and founder of Fintech Confidential. The show is produced by DD3 Media and brings you the people, tech, and companies that change how you pay and get paid.CHAPTERS00:00 Episode Highlights01:18 Welcome to Fintech Confidential01:27 Dfns: Wallets as a Service (sponsor)02:47 Show Intro And Guests05:30 Genius Act Rulebook07:38 Reserve Rules Explained13:08 Charter Rush Begins18:11 Banks Vs Crypto Score20:49 Deposit Flight And Yield25:58 Wyoming And SoFi Models29:38 SEC Five Bucket Guide32:49 Digital Commodities Line37:35 Munchee Vs Meg Prime39:21 Sky Flow: Building Fast and Secure (sponsor)40:23 Back To Atkins Agenda40:58 Atkins Next Moves43:21 Regulation CA Safe Harbors45:39 Stablecoins And Illicit Use50:25 Freezing Burning Reissuing54:13 Offshore Crackdown FATF56:24 North Korea Crypto Threats59:28 Q2 Watchlist OCC Yield01:05:11 Safe Harbor And CLARITY01:10:33 Advice For Builders Q201:13:20 Wrap Up And Sponsor01:14:08 Hawk AI - Realtime Fraud Monitoring (sponsor)01:14:53 Disclaimer

As Executive Director of CalPrivacy (California Privacy Protection Agency), Tom Kemp oversees the CPPA's mission to enforce and implement California's comprehensive privacy laws and ensure the public has a strong understanding of their rights. Tom has a deep understanding of privacy and cybersecurity, combined with his track record as an executive in the tech industry.References:* Breakfast Workshop: Santa Monica - Registration* Tom Kemp on LinkedIn* Daniel Solove: On Privacy and Technology (Masters of Privacy, March 2025)* CalPrivacy* DROP System* Data Broker Registry* California expands data broker registration requirements, SP 361 (Hunton Privacy Blog, October 2025)* Expanding Privacy Rights Act (SB 923, introduced on January 28, 2026)* California enacts first-in-nation law requiring web browser opt-out preference signal, AB 566 (Hunton Privacy Blog)* California Proposition 24, Consumer Personal Information Law and Agency Initiative (2020)* Data broker-provided customer properties in action - enriching first-party data sets for Conversion API uploads (Cognism)* California Privacy Protection Agency releases letter opposing the SECURE Data Act* SECURE Data Act (H.R. 8413, Introduced 04/21/2026)* Whistleblower Protection and Privacy Act (AB 2021), linking the California Whistleblower Protection Act's principles to the California Consumer Privacy Act (CCPA) to expose privacy violations hidden within corporate “black boxes”. This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe

Wed, 06 May 2026 10:21:00 +0000 https://jungeanleger.podigee.io/3100-wiener-borse-party-1149-atx-zum-35er-der-1-veroffentlichung-in-den-tageszeitungen-auf-rekordniveau-ccpa-chefs-gratulieren 13decaea4e6b2129ca2b095fe138e7d3 Die Wiener Börse Party ist ein Podcastprojekt für Audio-CD.at von Christian Drastil Comm.. Unter dem Motto „Market & Me“ berichtet Christian Drastil über das Tagesgeschehen an der Wiener Börse. Inhalte der Folge #1149: - ATX deutlich fester und auf Rekordkurs - FACC top - was hinter dem Faktor 2,481 steckt - PIR-News: Zahlen von FACC, Auftrag für Strabag, Reploid auf Messe, Research zu RBI, DO & CO - AT&S 100 - Kalina Jarova-Müller und Wolfgang Aubrunner läuten die Opening Bell für den 6. Mai, den 35. Jahrestag der ersten ATX-Veröffentlichung in den Tageszeitungen. Heute könnte es zum Jubiläum einen neuen Rekord geben und die beiden CCPA-Chefs haben stets für eine sichere und effiziente Abwicklung aller Börsegeschäfte gesorgt - Vintage zu u.a. Warimpex und Agrana - Börse Frankfurt ebenfalls deutlich stärker, DAX in Touch mit 25.000, MTU vorne - längere Version "Market & me" - mehr dazu im Podcast bzw. in einem Trial unter https://www.boerse-express.com/suche?search=drastil Links:  - Börsepeople heute: Daniela Klauser unter http://www.audio-cd.at/people - Stockpicking Österreich: https://www.wikifolio.com/de/at/w/wfdrastil1? - Austria 30 Private IR: https://www.wikifolio.com/de/at/w/wf00atat30 ATX aktuell: https://www.wienerborse.at/indizes/aktuelle-indexwerte/preise-mitglieder/??ISIN=AT0000999982&ID_NOTATION=92866&cHash=49b7ab71e783b5ef2864ad3c8a5cdbc1 Die täglichen Folgen der Wiener Börse Party (Co-verantwortlich Script: Christine Petzwinkler) sind 2026 präsentiert von der Deutsche Börse Xetra https://live.deutsche-boerse.com/xetraplus . Infos zum Jingle: https://audio-cd.at/page/podcast/7326 Risikohinweis: Die hier veröffentlichten Gedanken sind weder als Empfehlung noch als ein Angebot oder eine Aufforderung zum An- oder Verkauf von Finanzinstrumenten zu verstehen und sollen auch nicht so verstanden werden. Sie stellen lediglich die persönliche Meinung der Podcastmacher dar. Der Handel mit Finanzprodukten unterliegt einem Risiko. Sie können Ihr eingesetztes Kapital verlieren. Und: Bewertungen bei Apple (oder auch Spotify) machen mir Freude: http://www.audio-cd.at/spotify http://www.audio-cd.at/apple Du möchtest deine Werbung in diesem und vielen anderen Podcasts schalten? Kein Problem!Für deinen Zugang zu zielgerichteter Podcast-Werbung, klicke hier.Audiomarktplatz.de - Geschichten, die bleiben - überall und jederzeit! 3100 full no Christian Drastil Comm. (Agentur für Investor Relations und Podcasts)

My co-host Ken Suzan and I are welcoming you to episode 174 of our podcast IP Fridays! In today's interview, Ken Suzan interviews Brian McGinnis, partner at Barnes & Thornburg and co-chair of the firm’s data security and privacy practice, about why companies need to stop treating data privacy as a compliance burden and start treating it as a core business asset. McGinnis argues that data is either a managed asset or an unmanaged liability, with no middle ground. But before we jump into this interview, I have news for you! The EPO saw a Record Year with 200,000+ Patent Applications in 2025: German filings dropped 2.2% while China grew 9.7%, overtaking Japan for the first time. Germany remains Europe’s top patent nation but loses ground globally. SMEs and universities now account for nearly half of all Unitary Patents granted to European innovators. News from the UPC Court of Appeal: Non-Technical Features Count for Inventive Step. An April 17 ruling clarifies that all claim features must be evaluated in their combined effect, including non-technical ones. Companies with software-related or mixed-technology inventions pending at the EPO or UPC should reassess recent inventive step objections at the UPC in light of this decision. Nokia Withdraws UPC and Munich Suits After Global FRAND Settlement; Following a global FRAND rate-setting decision by the UK High Court, Nokia withdrew parallel suits against Warner Bros. and Paramount at the UPC and in Munich. One UK ruling resolved litigation spanning Germany, the UPC, the US, and Brazil simultaneously. China Abandons Anti-Suit Injunctions in SEP Disputes: After a WTO arbitration ruling from July 2025, China withdrew its practice of blocking SEP holders from filing suits abroad. The EU Commission continues monitoring compliance, since the former policy was largely informal rather than codified in statute. The Trump Administration has put 100% Tariffs on Imported Patented Pharmaceuticals: Based on Section 232, the Trump administration imposed 100% tariffs on patented drugs and biologics effective April 2, 2026, with a 120-day transition period until July 31. EU member states face a reduced rate of 15%. Generics and biosimilars are explicitly excluded. China Rejects 1.27 Million Trademark Applications in Three-Year Crackdown: China’s CNIPA rejected over 1.27 million trademark applications and invalidated more than 3,300 marks, targeting so-called edge-ball marks designed to mislead consumers about product quality or origin. The announcement was made at an official press conference on April 23, 2026. Now let's jump into the interview with Brian McGinnis! Brian McGinnis is a partner at Barnes & Thornburg and co-chair of the firm’s data security and privacy practice. In this episode of IP Fridays, he argues that companies treating data privacy as a compliance burden are missing the point entirely and leaving significant value on the table. Data Is Either an Asset or a Liability Most companies still treat their data as invisible and costless. They do not manage it the way they would manage a patent portfolio or a trademark. That, McGinnis argues, is a fundamental strategic error. Data is either a managed asset or an unmanaged liability. There is no middle ground. When companies invest in understanding what data they collect, how it is used, and who has access to it, they unlock opportunities to drive real revenue and growth. Done right, a data governance program is not a cost center. It is a foundation for trust, operational efficiency, and competitive advantage. One Program, Not Twenty With more than 20 US state privacy laws now in effect, and major economies worldwide introducing their own frameworks, building separate compliance programs for each jurisdiction is neither practical nor smart. McGinnis recommends a single, comprehensive governance framework designed around the core purpose and intent of privacy law, flexible enough to absorb new requirements as they emerge. Companies that threw together a quick program when California’s CCPA came into force in 2020 are now overdue for an upgrade. The goal is to move from reactive compliance to a mature, proactive program that positions the company ahead of the regulatory curve rather than perpetually catching up. Website Tracking Tools: An Underestimated Risk One of the fastest-growing areas of privacy litigation involves tracking technologies built into company websites: pixels, session replay tools, analytics scripts, and chat widgets. Legal teams are often entirely unaware of what IT or marketing has deployed. That gap is expensive. Plaintiffs’ attorneys are applying 1970s-era telephone wiretapping statutes, including the California Invasion of Privacy Act, to argue that collecting any personal information, including IP addresses, before a user has consented constitutes illegal interception. Demand letters are being sent at industrial scale, with settlements typically running between $10,000 and $20,000 per case. What makes this particularly difficult is that a company can be fully compliant with statutory privacy law and still face these wiretapping claims, because the legal theory turns on the timing of data collection rather than the existence of a privacy notice. Vendor Contracts: The Hidden Exposure Marketing and technology agreements are another major source of unmanaged data risk. When a company deploys a third-party tool that handles personal data, the underlying contract needs to define precisely who owns that data, what the vendor is permitted to do with it, and what obligations flow down to any sub-processors involved. McGinnis draws a direct parallel to IP licensing: owning valuable data and then handing it to a vendor under a poorly drafted agreement is the equivalent of signing a bad IP license. Data processing agreements need to cover ownership, use restrictions, sub-processor obligations, breach notification timelines, audit rights, and deletion obligations. Many companies simply do not have these terms in place. Without them, a vendor who suffers a breach of non-personal business information has no contractual obligation to disclose it. Consumer Rights Requests: Process Matters Privacy laws give individuals the right to access, correct, delete, and opt out of the use of their personal data. Responding to these requests effectively requires pre-built processes, trained staff, and the technical ability to locate and act on individual data across all systems and sub-processors. Most companies, before engaging in formal data mapping, are not in a position to do this reliably. Staff failing to recognize a deletion request as a legal data subject request and routing it through a standard customer service queue instead is one of the most common failures McGinnis sees. The consequences can include regulatory complaints and class action lawsuits, particularly when a company continues to send emails to someone who has already requested deletion of their data. A newer risk involves Global Privacy Controls: browser-level opt-out signals that regulators and courts are now treating as legally binding deletion and non-collection requests. Companies receiving these signals daily without acting on them face growing exposure under several state laws. AI Governance: Policy Before Tools Generative AI tools are now embedded across business functions, from contract review and customer service to content creation and internal search. McGinnis is direct: every company needs an AI acceptable-use policy, and the absence of one is not a neutral position. Without clear rules, employees will use unapproved or publicly available tools regardless, feeding proprietary and sensitive information into open models with no control over how that data is used or retained. He draws a precise parallel to patent law. Posting proprietary information into an open AI system carries the same risk as publishing it publicly, potentially destroying patentability. The distinction between closed, organization-specific AI systems and open, publicly accessible ones is something employees need to understand explicitly. Making compliance easier than non-compliance is the practical goal. The Regulatory Outlook: More Laws, More Enforcement McGinnis expects the regulatory landscape to continue expanding. The EU AI Act is already setting the direction, and several US states have introduced or are developing AI-specific legislation. The pattern mirrors what happened with data privacy: Europe leads, US states follow in a patchwork, and federal legislation remains uncertain. Enforcement of existing privacy laws is also intensifying. GDPR has been in force since 2018, CCPA since 2020, and regulators are now past the period of extended tolerance for companies that are still catching up. Companies with immature compliance programs should expect less patience from regulators going forward. McGinnis closes with a clear point of view: if you have to comply anyway, get credit for it. A well-built governance program is a trust signal to customers, a sales asset, and a foundation for responsible AI use. Compliance done right is not a tax. It is a differentiator. The Full Transcript: Ken Suzan: Our guest today on the IP Fridays podcast is Brian McGinnis. Brian is a partner with Barnes and Thornburg and a founding member and co-chair of the firm’s data security and privacy law practice group. Brian serves as a member of the intellectual property department and the internet and technology practice. Brian is a Chambers Global and national ranked privacy and data security attorney, a certified information privacy professional, and the firm’s chief privacy officer. Brian brings nearly two decades of experience at the intersection of law and technology. Brian advises on a wide range of technology-driven legal matters, including privacy and data security, intellectual property, artificial intelligence, corporate transactions, software, and internet law. His deep understanding of privacy and technology law enables him to guide clients through rapidly evolving regulatory and operational challenges. Welcome Brian to the IP Fridays podcast. Brian McGinnis: Hey, thanks Ken. I appreciate it. Great to be here and thanks for having me. Ken Suzan: Excellent. Brian, the C-suite tends to treat data privacy as a compliance tax, something to hand off to legal and forget about. But when you see how companies actually get into serious trouble, what’s really going on? Brian McGinnis: Yeah, well, it’s a great place to start Ken and looking forward to the conversation today covering some of these privacy issues and AI issues, which I found in my own practice is really bled into the straight privacy stuff. Companies can’t really handle these things in a silo anymore. It’s really about managing and coming together as a coherent program for governance for the organization. I think if you do that right, the good news is we can become revenue generators and show growth for the company and not just compliance centers and a compliance tax. But I think the core problem that we face in working with most companies is that a lot of companies still treat their data as invisible, costless. They don’t treat it, in other words, like they would a patent portfolio or trademark or other IP portfolio. It’s just not managed as an asset in the ways that we’ve seen more sophistication around IP. And it really should be. Data is either a managed asset for the company or it’s an unmanaged liability. There’s really not an in between. And so for those companies that haven’t gotten their arms around all this data and what can be done with it, I think they’re really missing an opportunity. Having an understanding of what data the organization is collecting, how it’s being used, and having the proper governance around it really unlocks a lot of opportunity for use of that data in new ways — ways that can drive revenue and growth for the company. So I approach privacy not just about compliance, not just about avoiding penalties or doing it because some law out there says that we have to do it. It’s really about knowing and controlling one of the company’s core assets. And if you’re not doing that, you’ve got unmanaged data that you’re not getting value out of and that potentially could be a huge liability for the company. Managed well, it really supports trust, efficiency, and growth of the organization. Otherwise, I think it’s a missed opportunity. Ken Suzan: Yes, well said. Now let’s talk about state laws. With 20-plus state privacy laws now in effect, how should companies build a program that actually works across the board without starting over every time a new state law kicks in? Brian McGinnis: Yeah, so the first answer is don’t build 20 separate programs. This really goes back to having a comprehensive, sophisticated, well thought out program that really takes into account not only the 20 state laws, but obviously we’ve got international exposure with laws like GDPR and upcoming privacy laws internationally. Most of the larger economies in the world have some form of laws around privacy and AI. So you can’t really anymore build programs that account for the one, two, three, four, five different laws that in the past we had experience with — where you could just treat California as its own thing, treat New York as something else, and treat Europe as something else. The laws and the pace of these have really forced companies into having comprehensive programs. I don’t expect to see fewer laws. You’re only looking at potentially additional state laws, additional federal laws here in the US, and then certainly additional laws throughout the world. So a lot of the strategy these days is not only where are we today with these laws, but how do we set up our governance program in a way that really cuts to the core of the purpose and intent behind these laws so that we can be better prepared when new laws come about in the future. Historically, at least in the US, most companies just haven’t had laws that force them into compliance postures. As these laws have started to come along, a lot of companies have been playing from behind and saying, oh, the California Consumer Privacy Act, I just read about it and it goes into effect next week — let’s throw something together and call that our compliance program. We’ve now got years of these laws being in place, CCPA came into effect in 2020, and what we’re seeing much more of are companies looking to get more sophisticated in their programs and stop feeling like they’re always rushing to catch up. The goal is to level up their program, going from level one — constantly playing from behind — to level two and then level three, so that they really feel like they’re on top of it and have a sophisticated program that not only accounts for all the various privacy requirements that come at them, but also positions them to take advantage of the data and all the things that come along with having a good governance program. Ken Suzan: Brian, there’s an explosion of litigation targeting something most companies barely think about — the tracking tools baked into their own websites: pixels, session replay tools, analytics scripts, chat widgets, the list goes on and on. What’s happening, Brian, and what should companies do? Brian McGinnis: Yeah, and I think a lot of companies — the executives, the business teams — don’t even realize a lot of these tools are on their sites. IT deployed them years ago, the web team deployed them, marketing teams are constantly using them and certainly have a good understanding of it. But in a lot of cases, legal has never touched them and has no idea what’s happening on the website. We also see a lot of cases of companies who, even if they’re generally aware these tools are in use, aren’t aware what other teams are putting on the site or what those pieces of technology are tracking. And that gap can be really expensive. What we’re seeing right now — and this has been a trend for a number of months now and is really continuing to pick up steam — is a series of what I call gotcha lawsuits, where you have some enterprising plaintiffs’ counsel who have taken a look at some 1970s-era telephone wiretapping laws, including a law called CIPA, the California Invasion of Privacy Act, passed in the 70s with the idea that you shouldn’t be able to wiretap people’s telephone conversations. They’ve taken that and applied that theory to the internet. The way it works is: if a website has some sort of cookie, pixel, or other tracking technology on it that collects personal information about an individual — and that can be as simple as an IP address and device ID — and if that collection occurs as soon as the individual shows up at the website, prior to them being able to have notice provided to them or opt in and consent to that collection, then the theory under these lawsuits is that it constitutes wiretapping. We see a lot of this with the Meta pixel, with LinkedIn pixels, and the like. What they’re doing is effectively showing up and suing, threatening to sue, trying to take you to arbitration, depending upon what’s included in the company’s existing privacy notice. If you don’t have a cookie banner, if you don’t have a cookie notice, if you’re not getting opt-in on these things, they’re leaning on those failures and effectively trying to force you into a position where you are forced to make a settlement. Because the cost to litigate one of these to their conclusion would be expensive, whereas a lot of these cases will settle for $10,000 to $15,000 somewhere in that range. They’ve got technology crawling the internet looking for websites that don’t have these risks covered, sending demand letters and then collecting settlements, $10,000 to $20,000 at a time. It’s been very profitable for them and a very dangerous thing for our clients. And it’s a bit unusual because you can be fully compliant with the statutory privacy laws that require notification of the use of tracking technologies and cookies and banners — and still be subject to these lawsuits because of the wiretapping arguments being made. The timing wherein the data is collected from the individual could still subject you to these lawsuits. So it’s a tricky problem, one that I hate seeing companies get hit with and one that we spend a lot of time helping companies avoid. Ken Suzan: Yes, let’s talk about contracts, Brian, because I know you work with contracts probably on a daily basis. A lot of data risk lives inside vendor and technology agreements — the contracts companies sign with marketing platforms, analytics providers, cloud infrastructure, and SaaS tools. What should those agreements actually contain? Brian McGinnis: Yeah, so there’s quite a lot of things. You’ve got a world where marketing is constantly under pressure to learn more about their customers. The way they can do that is through any number of different tools and data gathering techniques, and we have all this technology available to help marketing and sales do better at their jobs. But we, at least in this country, got to a position where people really felt like they lost control of their information and their data. And so these privacy laws came along and really started to provide more rights to individuals — to have an understanding of what data exists within various companies that they do business with, who they’re sharing it with, trading it with, selling it to for advertising purposes; to have the right to opt out; the right to delete their information. Not checking through the agreements by which these teams are implementing these tools is a huge issue for companies. As part of an overall compliance program, having some kind of process where people who are aware of the growing numbers of privacy laws are reviewing these marketing contracts to make sure they are aligned with that program and aligned with those laws is absolutely critical. To talk about IP, given the IP Fridays audience: it’s kind of the equivalent of having really bad IP licenses. In other words, you own and control this information and data, and you need to control what the other side can do with one of your most valuable assets — or you’ve effectively given it away. So thinking about it in that way could be useful. In terms of more specifics: a big one is ownership of the data. The agreement itself may or may not have anything that addresses data. If there’s personal information involved, you probably need what we call a data processing agreement or addendum — a DPA — that specifically controls what that third party is able to do with that data, how they’re able to use it, whether they’re able to share it, whether they’re able to get value out of it on their own, or if they’re only allowed to be what we call a service provider, just providing services to the business that hired them. There needs to be explicit prohibition on retaining, using, and disclosing personal information for any purpose other than performing the exact services in the contract. Whether or not they’re permitted to sell or share data under CCPA terms is another key point. Certification that the provider will comply with any restrictions and security requirements you have on your data, and making sure those obligations flow down to any sub-processors they might use. You hire Company A, but Company A works with Company B and C to provide parts of their service. You’re effectively responsible for the protection of personal information throughout its lifecycle. A couple of other key provisions: breach notification triggers and timeline. It’s very possible under a lot of agreements that one of your vendors can suffer the world’s worst hacker breach and have no legal obligation to tell the company that hired them about it — unless there’s personal information involved. State data breach laws apply to personal information, not to other types of sensitive business information. Unless you have a contract that explicitly requires notification, there’s a good chance that vendor may not want to disclose it. And then other things like audit rights and deletion obligations go in there as well. Ken Suzan: Certainly a lot to cover. Let’s talk about privacy laws and consumer rights. Privacy laws give consumers real rights — to access their data, correct it, delete it, and opt out of how it’s being used. Most companies have a process for this on paper. What does it actually take to get it right, and what happens when it breaks down? Brian McGinnis: Yeah, it takes pre-planning. It takes a process. Some companies receive many more of these requests than others — some B2B companies receive none or a couple per year, while companies heavily involved in marketing to consumers might receive tens or hundreds a day. To be able to respond to these effectively and efficiently requires some forethought. It requires policy and procedure internally to be set up, and it requires the education of the team. Some of the common ways we see this go wrong: staff isn’t trained to know the difference between what we call a DSR — data subject request — versus a regular customer service inquiry. Maybe somebody submits what would be construed by law to be a deletion request and you just put it into your normal customer service response flow — and then you’re potentially missing timelines and the like. There also need to be systems in place to respond in accordance with the individual’s rights. Somebody submits a request saying, you have my information — what information do you have about me? Can your company determine that right now? Can you look through all your systems and down the line to all the processors and sub-processors you’ve worked with and hired, and identify what information you have about that individual? Most companies, until they engage in a governance program and data mapping, are at a real disadvantage to be able to do that. Why is that a problem? Because two weeks from now your company could be sending emails to the individual who just told you to delete their data, and they get really upset. That’s when they go and complain to regulators or start class action lawsuits. The lack of planning can be really, really expensive for a lot of companies. Making sure you’ve got some kind of process to understand what’s coming in, that the people receiving those requests know the difference between a regular customer service request and a data subject request, and that it gets to the appropriate parties for action — all of that is really, really key. Another one that we’re seeing pop up is what we call GPC, or Global Privacy Controls. It used to be that people would say “do not track” in their browser and most companies would ignore those signals. Now we’ve got advancements in law and browser technology where the browser you’re using to visit a company’s website sends a signal saying, opt me out of this. Regulators and courts are construing those as deletion requests, as opt-out requests that companies are now required to respond to. If your company hasn’t gone through an exercise to understand that, and is probably receiving GPC opt-out requests on a daily basis without acting on them, there’s some exposure there. At the end of the day, a lot of this really is about getting the appropriate people from across the organization — really each department — around a table, figuring out what data you collect, how you use it, who you share it with, where it comes from. That starts the process of your data map. Then you set about mapping that to the various legal requirements and figuring out how to respond, how to make it easy for people to exercise their rights so they’re not complaining, not suing, not going to regulators. Letting these squeaky wheels out of the process — the ones who don’t want you to be processing their information any longer — is really key. Ken Suzan: Let’s switch gears a bit and talk about AI. I know we’re hearing about it every day. Generative AI tools are now embedded in how companies work — contract review, customer service, content creation, internal search. Before employees start using these tools with customer data, confidential business information, or proprietary content, what has to be in place first? Brian McGinnis: Yeah. I think we’re long past the days when companies provided individuals access to corporate technology — computers, devices, and the like — without having some kind of acceptable use policy that governs that. We don’t want you downloading stuff that could harm our network or create security issues. We don’t want you using our technology in certain ways, whether that’s a BYOD policy or just general use of company internet or company devices. An AI acceptable use policy is really a continuation of those. Every company needs to have an AI acceptable use policy. Period. In my opinion, things like that are as important as the fire escape policy out in the hallways for these companies. I can tell you with absolute certainty: if your organization has not provided rules to your employees and personnel about the use of AI, what they can and can’t use — or if you’ve said you can’t use any AI — the personnel is still using AI. They’re just not using any approved tools. They’re probably using their own private tools that they subscribe to, or even worse, tools they don’t pay for, in which case they’re putting company information into a wide open public model. The more companies can do to think through this ahead of time, reduce it to policy, and then train and educate people on that company’s particular policy, the better. You need to make it easier for people to comply than not comply. An acceptable use policy should talk about: here’s how we can and can’t use it, here’s the data that should and should not go into the system, here’s some proper uses of AI, here’s some data that’s on the fringe that we need to keep out — more sensitive information, proprietary information, etc. Making sure you’re funneling and educating people about the difference between closed systems and open systems. In other words, this is a tool that only looks at our organization, only uses the data within a certain box, and is not publicly available — the AI system is not training on our data. You have more leeway to put more sensitive information into those types of systems than you do with open systems which potentially lose control of your data. It’s almost like a patent consideration in terms of keeping information secret. If something potentially has some patentability that you want to seek to file in the future, you can’t just go out and post it publicly and use public search engines and all this other stuff at the risk of exposing it. Similar concepts here — really getting a handle and control over what tools people can use and providing some education to them about how the company wants to think about what’s acceptable and what’s not in those uses is really the key starting point. Ken Suzan: Very useful information. Indeed, we’re coming towards the end of today’s episode. One final question for you, Brian. Where do you think we’ll be two years from now in this developing field, and how best for companies to stay ahead of the curve? Brian McGinnis: Yeah, this kind of takes us full circle, Ken. I think it’s kind of back to the beginning comments about the privacy space — and we’ve only got more of these laws coming. It’s still a developing field. We’re still really in the early days of enforcement. I mean, GDPR has been around since 2018, CCPA in the US really kicked us off in about 2020, and so there’s been a settling-in period as companies adjust and get used to having these laws and get compliance programs in place at various levels — from not at all prepared to highly sophisticated. We’re still pretty early on in terms of enforcement of these things. We’re already starting to see enforcement of more egregious violations of these various laws, and we’ll only continue to see more enforcement as the laws exist currently and as they continue to come along. The days of not having to pay attention to this are kind of over. And I always tell clients: if you’re going to have to do these things, you’re going to have to be compliant — you might as well get credit for it. By which I mean, let’s put all the policies in place, let’s do all the compliance activities, let’s have a sophisticated governance program, but then let’s also use that as a sales tool, as a way to help grow the company, as a way to sell new products and gain trust and earn trust with our customers — so that they know when they’re doing business with us, or when they’re giving us information, or when they’re using our AI tool, that we respect that and are going to take care of their information and have the structure in place internally to be able to do that. With respect to AI, what I’m seeing is very similar to what we have seen with the growth of privacy law — again led by Europe, with the EU AI Act in this case. Now you’ve got a handful of states in the US that already have AI laws, and others that are interested in continuing to roll those out. There’s friction with the federal government around whether there’s going to be a comprehensive law there. Like the privacy space, you’ve got varying factions — some of which want to develop really quickly with very little guardrails, others which say we’re threatening the future of humanity if we don’t get those guardrails in place. I think ultimately, at least in the US, we’re going to end up with another patchwork of AI laws for the foreseeable future that we’ll have to navigate. So really having a company position, a company philosophy of how do we handle all these various laws, how do we treat people’s data, how do we get our arms around it, how do we respond to whatever legal rights they currently have, and what principles do we put in place so that we can adapt for the future — and then, once we’ve done those things, how do we actually get value out of this and move the business forward. So it’s not a compliance tax, but a benefit to the business. That’s the end goal here, and I think the North Star for us. Ken Suzan: Fantastic, Brian. This has certainly been a very comprehensive interview. Really appreciate you taking the time to talk about it with us here on the IP Fridays podcast. Brian McGinnis: Happy to do it, Ken. Thanks for asking me and good to see you. Thank you.

Open finance infrastructure, agentic banking, and cross-border payments converge as Prometeo connects 7,500+ financial institutions across Latin America and the US through a single API. Tedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential, sits down with Ximena Aleman, Co-Founder and Co-CEO of Prometeo, to unpack what it takes to standardize fragmented banking systems across 30 countries and bring that playbook to the American market.Tedd and Ximena cover why US banking infrastructure is more fragmented than most people realize, how Prometeo's account verification now covers 85% of US bank accounts, and what agentic banking looks like when AI agents operate real bank accounts with built-in compliance controls. The conversation also addresses the open banking pricing debate, CFPB 1033 as a US expansion accelerant, the Nacha preferred partner announcement, and why only 2 to 3% of VC funding reaches female-led startups.Find out more1️⃣ Disaggregate your payment stack layer by layer; calling it "mature" hides gaps that cost you money.2️⃣ Build infrastructure for corridors, not single countries, starting with the highest-volume trade routes your customers operate.3️⃣ Bring non-bankers onto your product team to challenge workflows that insiders have normalized for decades.4️⃣ Give smaller financial institutions a revenue stream tied to open banking adoption instead of pricing them out.5️⃣ Pitch the outcomes your infrastructure enables, not the technical specs of what you built.LINKSGuest:Ximena Aleman LinkedIn: https://www.linkedin.com/in/ximena-aleman-7913439a/Company:Prometeo Website: https://prometeoapi.comPrometeo LinkedIn: https://www.linkedin.com/company/prometeo-openbankingFintech Confidential:Podcast: https://fintechconfidential.com/listenNotifications: https://fintechconfidential.com/accessLinkedIn: https://www.linkedin.com/company/fintechconfidentialX: https://x.com/FTconfidentialInstagram: https://www.instagram.com/fintechconfidentialFacebook: https://www.facebook.com/fintechconfidentialSUPPORTERSUnder.io: Streamlines application and underwriting by digitizing PDFs for e-signature. under.io/FTCSkyflow: A zero-trust data privacy vault delivered as an API covering PCI, CCPA, GDPR, SOC 2, and beyond. skyflowsecure.comDFNS: Wallets as a service, API first, multi-chain, secured with MPC across 50+ blockchains. fintechconfidential.com/dfnsHawk AI: Real-time payment screening, AML transaction monitoring, and dynamic customer risk rating. gethawk.comABOUTGuest: Ximena Aleman is Co-Founder and Co-CEO of Prometeo. She started her career in journalism before moving into marketing and tech leadership, completing an MBA at Universidad ORT Uruguay. She was named one of the Top 100 Women in FinTech in 2024 and is a World Economic Forum Agenda Contributor.Company: Prometeo is an open finance infrastructure company providing a single API for cross-border banking, connecting 7,500+ financial institutions across Latin America and the US. The company is backed by PayPal Ventures, Samsung Next, and Antler.Host: Tedd Huff, CEO of fintech advisory firm Voalyre and host of Fintech Confidential. The show is produced by DD3 Media, delivering entertaining and informative content focused on the people, tech, and companies changing how you pay and get paid.DD3 Media is a multimedia and marketing agency founded by Tedd Huff specializing in content creation and production for the fintech and payments industry. As the production company behind Fintech Confidential, DD3 Media produces podcasts, live streams, video content, and onsite events for global audiences.CHAPTERS00:00 Episode Highlights00:54 Welcome to Fintech Confidential01:03 Dfns: Wallets as a Service (sponsor)02:25 Meet ProMateo Founder04:39 Outsiders Spot the Gap06:38 Infrastructure Before Open Banking10:21 Borderless Banking Explained16:21 Why US Banking Feels Messy18:56 Standardizing Fragmented Systems20:42 Agentic Banking Kickoff23:34 Limiting Agent Liability24:49 Compliance and B2B Accountability27:32 Monitoring Agents Like Card Rails30:07 Sky Flow: Building Fast and Secure (sponsor)30:30 Skyflow Privacy Vault31:10 AI Bookends And Middle32:01 US Credibility Milestones33:06 Account Verification Playbook35:56 FDATA Advocacy Meets Sales39:51 Crystal Ball Agentic Payments41:39 Open Banking Pricing Debate48:44 LatAm Vs US Open Finance51:27 Strategic Investors And Trust53:42 Women In Fintech Funding Gap55:36 Founder Advice And Farewell57:43 Show Wrap And Sponsor Reads58:29 Hawk AI - Realtime Fraud Monitoring (sponsor)59:15 DisclaimerThis has been a production of DD3 Media with all rights reserved. This content is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.© DD3 Media. All Rights Reserved.

El aumento del fraude a adultos mayores es una realidad. Hoy en #MartesDeNúmeros, el CPA Eduardo González Green, colaborador del #CCPA, junto a Shyline Santana, desarrolladora de negocios y analista de riesgo, discuten cómo identificarlo y prevenirlo.

Since time immemorial, the concept of sovereignty has defined control, whether for nations or legal authorities. Today, the rise of AI is forcing a global reckoning around one of the most important and misunderstood aspects of modern computing: data sovereignty. First there was GDPR, the Global Data Protection Regulation out of the European Union; then the CCPA, the California Consumer Privacy Act (CCPA); and now, there are nearly 150 countries around the world with related laws and regulations on the books. What's a data team to do? Register for this very special DM Radio to learn from several experts, including James Robson, former Chief Data Protection Officer for the United Kingdom's Labour Party; along with Floyd Christofferson and Seamus Matthews of Hammerspace, as they dive into the gritty details of what data sovereignty means, and how companies can achieve it. Attendees will learn: * Why data sovereignty is becoming a defining constraint, and opportunity, for enterprise AI * The infrastructure realities of managing data across borders, clouds, and jurisdictions * How global enterprises can balance compliance with performance and innovation * What emerging geopolitical dynamics mean for data strategy and governance moving forward

This bonus episode of Identity at the Center is brought to you with support from Elimity. Jeff and Jim sit down with Maarten Decat, co-founder and CEO of Elimity, to explore the emerging product category known as IVIP, Identity Visibility and Intelligence Platforms. Maarten explains how Elimity was built around a question every IAM practitioner eventually faces: who can actually do what within our organization? The conversation covers why IVIP is distinct from traditional IGA, how identity data graphs provide deeper visibility than flat entitlement lists, and what regulatory drivers like SOC 2, ISO 27001, and DORA are pushing organizations toward this space. They also discuss deployment patterns, integration approaches, ROI metrics for leadership, and what Maarten calls provable control. The episode closes with a memorable story about Elimity branded Belgian beer and a very formal legal letter. Learn more at elimity.com/idac.Connect with Maarten: https://www.linkedin.com/in/maartendecat/Learn more about Elimity: https://elimity.com/idacConnect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.comCHAPTER TIMESTAMPS00:00 Introduction and ax-throwing memories from EIC Berlin01:35 Introducing Maarten Decat, co-founder and CEO of Elimity01:57 How identity chose Maarten: from PhD to startup founder03:09 The Elimity origin story and the problem it set out to solve04:52 Defining IVIP: Identity Visibility and Intelligence Platforms05:31 Where did the name Elimity come from?06:57 Why identity visibility has become a security priority now09:02 What organizations were doing before IVIP existed11:16 Can IGA do what IVIP does? Addressing the skeptics14:20 The identity data graph: deeper and wider than IGA16:20 IVIP and IGA as complementary tools, not competitors16:49 What falls outside IVIP scope: automated provisioning18:01 IVIP as the intelligence layer in your IAM stack19:45 What data sources connect into an IVIP platform21:44 Extending visibility to non-human identities22:00 M&A use cases: gaining visibility across two organizations23:55 IVIP and the identity fabric concept25:18 Visibility, intelligence, and actions: building the right stack26:36 How deployments typically start and what early wins look like28:44 Integration approaches and realistic effort timelines32:00 What success looks like at six to twelve months36:07 Metrics and ROI: talking to leadership about identity risk38:14 Case studies and customer examples on the Elimity website38:58 What every IAM practitioner should know about IVIP40:12 Elimity's global reach: EU, US, and Middle East41:42 The Elimity branded beer story and a very formal legal letter46:43 Wrap-up and final thoughtsKEYWORDSIVIP, identity visibility and intelligence platforms, IGA, identity governance, access control, identity data graph, Elimity, Maarten Decat, non-human identities, access risk, provable control, SOC 2, ISO 27001, DORA, CCPA, cybersecurity, PAM, IAM, identity and access management, EIC, IDAC, Identity at the Center, Jeff Steadman, Jim McDonald

Website compliance, ADA accessibility lawsuits, and privacy law enforcement are creating real financial exposure for small and mid-sized businesses. Tedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential, sits down with Michael Williams, co-founder and CFO of Clym, to unpack the growing wave of website regulation hitting SMBs and why most operators have no idea they are at risk.Watch episode hereOver 5,100 federal ADA lawsuits were filed in 2025, up 30% from the prior year, with 78% targeting small businesses. Twenty US states now have active privacy laws, GDPR fines hit $1.2 billion globally, and California's CCPA issued a record $1.35 million penalty. Michael breaks down how enforcement works based on consumer location rather than business headquarters, why third-party scripts and chatbots create hidden liability, and how compliant websites saw roughly 30% more search visibility over the past year. New HHS enforcement requires healthcare organizations to meet elevated accessibility standards, with fines up to $150,000 per incident starting within weeks.Find out more1️⃣ Audit every third-party script, tracking pixel, and embedded tool on your website to identify consent gaps before a plaintiff's attorney does.2️⃣ Map your customer traffic by state and match it against the 20 active US privacy laws to build compliance around your actual footprint.3️⃣ Run accessibility and privacy fixes through your marketing budget since compliant sites rank higher and capture customers competitors are losing.4️⃣ Profile your own business first, including headcount, revenue, locations, and data collected, before evaluating any compliance vendor.5️⃣ Require audit-ready, timestamped consent records from day one so you have receipts when a regulator or attorney comes knocking.GUEST LINKSMichael Williams LinkedIn: https://www.linkedin.com/in/michael-williams-clym/COMPANY LINKSClym Website: https://www.clym.io/Clym LinkedIn: https://www.linkedin.com/company/clymLearn More: https://fintechconfidential.com/climbFINTECH CONFIDENTIALPodcast: https://fintechconfidential.com/listenNotifications: https://fintechconfidential.com/accessLinkedIn: https://www.linkedin.com/company/fintechconfidentialX: https://x.com/FTconfidentialInstagram: https://www.instagram.com/fintechconfidentialFacebook: https://www.facebook.com/fintechconfidentialSUPPORTERSUnder.io streamlines application and underwriting by digitizing PDFs for digital signature: under.io/FTCSkyflow is a zero trust data privacy vault delivered as an API, covering PCI, CCPA, GDPR, SOC 2, and beyond: skyflowsecure.comDFNS provides wallets as a service that is API first, multi-chain by design, and secured with MPC: fintechconfidential.com/dfnsHawk AI offers real-time payment screening, AML transaction monitoring, and dynamic customer risk rating: gethawk.comABOUT THE GUESTMichael Williams is the co-founder and CFO of Clym. He started his career as a state and local tax attorney at Ernst & Young before serving as CFO of a global travel management company, where a failed $100,000 GDPR consulting engagement inspired the creation of Clym in 2018. Michael holds a Juris Doctorate from the University of Connecticut School of Law.ABOUT CLYMClym is an all-in-one website compliance platform founded in 2018 that covers 160-plus regulations, catalogs over 1,200 third-party services, and integrates with WordPress, Shopify, Wix, Magento, and other major platforms.ABOUT THE HOSTTedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential. Produced by DD3 Media, Fintech Confidential brings you the people, tech, and companies that change how you pay and get paid.CHAPTERS00:00 Episode Highlights01:03 Welcome to Fintech Confidential01:12 DFNS: Wallets as a Service (sponsor)02:30 Meet Michael Williams and Clym03:41 Why Compliance Gets Ignored05:24 SMB Lawsuit Reality Check06:49 ADA CCPA and GDPR by the Numbers08:21 How Big Is the Problem Really09:13 Consumer Location Based Enforcement10:12 Third Party Script Risks11:55 Compliance as a Growth Lever14:19 Restaurant Menus Losing Customers15:16 New ADA Enforcement Wave17:27 Will Enforcement Follow FTC Pattern18:36 Why Clym Goes Broad20:25 Clym Origin Story22:52 Staying Ahead of 160 Regulations24:32 Beyond Basic Cookie Banners26:38 Skyflow: Zero Trust Privacy Vault (sponsor)27:40 Edge Cases and Flexibility28:38 Company Intake Profiling29:54 Five Minute Setup Promise30:52 Ecommerce Platform Gaps32:34 Vibe Coding Compliance Risks33:49 Why Copying Big Brands Fails35:42 Trusted Advisor Partnerships37:29 Compliance as a Service Response39:05 Lawsuit Economics and Dress Shop Story40:45 Audit Ready Litigation Support42:25 Shared Liability Hosted Pages43:28 Third Party Script Tracking45:51 Enforcement Trends Ahead47:45 Crystal Ball Future Outlook49:49 Browser Companies Wont Fix It51:01 Proactive Compliance Benefits52:49 Wrap Up and Resources54:19 Hawk AI: Realtime Fraud Monitoring (sponsor)55:05 Disclaimer

Bitcoin Lightning payments, self-custody yield, and stablecoin interoperability are converging on one infrastructure layer, and the companies building it are already seeing massive demand. Tedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential, sits down with Jesse Shrader, co-founder and CEO of Amboss Technologies, to break down how Lightning Network infrastructure is reshaping payment processing, treasury strategy, and compliance for fintech operators worldwide.Card networks charge 2% to 5% per transaction. Lightning brings that to 0.29%. Square just announced zero Bitcoin processing fees for its entire retailer network. The Genius Act is flooding the market with stablecoins, but those assets live on blockchains that do not talk to each other. Jesse explains how Taproot Assets on Lightning can unify fragmented stablecoin systems through cross-asset, in-flight currency exchange. He also walks through how Rails, a self-custodial Bitcoin yield product with over 2,600 on its waitlist, lets companies earn yield from payment routing without giving up custody. The conversation includes real founder lessons on fundraising, board strategy, and preparing for a future where AI systems pay each other.FIND OUT MORE1️⃣ Lightning payment processing at 0.29% is a 10x reduction from card network fees; run the math on what your business saves annually.2️⃣ Self-custody yield is now possible on Bitcoin without handing your asset to a third party; Rails automates the infrastructure so you do not need to be an expert.3️⃣ Build your board with the smartest people you have ever met, and replace anyone who is not fully invested in your success.4️⃣ Map your fiat compliance obligations into decentralized payment environments now, before a sanctions violation forces the conversation.5️⃣ Start designing guardrails for AI agents with spending authority; machine-to-machine payments are expected within three to five years.LINKSGuestJesse Shrader on LinkedIn: https://www.linkedin.com/in/shraderjesse/CompanyAmboss Technologies: https://amboss.tech/Amboss Space (Lightning Network Explorer): https://amboss.space/Rails: https://www.amboss.tech/railsAmboss on LinkedIn: https://www.linkedin.com/company/ambosstechFintech ConfidentialPodcast: https://fintechconfidential.com/listenNotifications: https://fintechconfidential.com/accessLinkedIn: https://www.linkedin.com/company/fintechconfidentialX: https://x.com/FTconfidentialInstagram: https://www.instagram.com/fintechconfidentialFacebook: https://www.facebook.com/fintechconfidentialSupportersDFNS provides wallets as a service that is API first, multi-chain by design, and secured with MPC so you can launch across over 50 blockchains without managing private keys. Request a demo at fintechconfidential.com/dfnsSkyflow is a zero trust data privacy vault delivered as an API that lets you collect, secure, and tokenize personal information with built-in features for PCI, CCPA, GDPR, and SOC 2 compliance. Visit skyflowsecure.comHawk AI provides AI tools for real-time payment screening, ML transaction monitoring, and dynamic customer risk rating to make compliance more effective and help fight fraud and financial crime. Visit gethawkai.comAboutJesse Shrader is the CEO and co-founder of Amboss Technologies. He holds a degree in Environmental Resources Engineering from Humboldt State University and previously worked in highway asset management at the Oregon Department of Transportation. His experience handling calls for class action lawsuits against banks exposed him to predatory overdraft practices and pushed him toward building decentralized payment infrastructure.Amboss Technologies is a payment infrastructure and data analytics company built on Bitcoin's Lightning Network, founded in 2021. Its products include Magma (liquidity marketplace), Rails (self-custodial yield), Reflex (compliance automation), and Amboss Space (network explorer).Tedd Huff, CEO of fintech advisory firm Voalyre and host of Fintech Confidential. Fintech Confidential is a production of DD3 Media, bringing you the people, tech, and companies that change how you pay and get paid.Chapters00:01:02 DFNS: Wallets as a Service (Sponsor)00:02:20 Welcome to Web3 with FTC00:02:51 Meet Jesse Shrader and Amboss00:05:32 Rails Launch and Bitcoin Yield Demand00:06:37 From Engineering to Bitcoin Infrastructure00:09:18 Stablecoins, Genius Act, and Interoperability00:12:39 Self-Custody Yield with Rails00:16:40 Why Lightning Over Layer One00:19:08 Amboss Product Suite00:21:45 Compliance, Sanctions, and Reflex00:24:15 Skyflow: Data Privacy Vault (Sponsor)00:25:17 How Rails Generates Yield00:29:31 Lower Fees and Merchant Adoption00:35:24 Founder Lessons and Fundraising00:39:30 Build Your Board Strategically00:41:50 Crystal Ball: AI Paying AI00:45:18 Voltage Partnership Announcement00:47:12 Hawk AI: Fighting Financial Crime (Sponsor)00:47:57 Disclaimer

What do California's latest privacy settlements tell us about where enforcement is headed next? In this episode, we unpack the California Privacy Protection Agency's newest CCPA actions against PlayOn Sports and Ford, which reinforce a clear message: opt-out rights must be easy to exercise, free of unnecessary friction, and fully effective in practice—from rejecting cookie banners with an “accept all” option but no equally simple “decline all” choice to prohibiting identity verification steps that can delay or derail opt-out requests. As the CPPA continues to zero in on dark patterns, opt-out preference signals, and real-world functionality, companies should be paying close attention to how their privacy choices are designed, disclosed, and implemented. Hosted by Simone Roach. Based on a blog post by Aaron J. Burstein, Alysa Z. Hutnik, and Meaghan M. Donahue.

Unified commerce and European payments are under pressure as merchants juggle fragmented vendors, local debit schemes, and country-by-country compliance. Tedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential, sits down with Niv Liran, Chief Product and Technology Officer at Unzer, to break down how one platform serves over 85,000 merchants across Germany, Austria, Switzerland, and Denmark.Niv explains how Unzer consolidated 13 acquired companies into a single system using a one-application-per-purpose rule, why local language sales and compliance expertise outperform global common-denominator approaches, and how open banking and the European Payments Initiative are creating new payment rails. The conversation gets specific on merchant migration tactics, daily workflow savings from eliminating multi-vendor reconciliation, and where AI-powered tools fit for small businesses within the next three to five years.FIND OUT MORE1️⃣ Gate your best features to the new platform so merchants have a reason to migrate without being forced.2️⃣ Ask prospects to walk through their daily actions before pitching; let the pain sell the solution.3️⃣ Set a one-app-per-purpose rule before consolidation starts to prevent political gridlock across acquired teams.4️⃣ Test every partnership against two filters: does it help the merchant, and will consumers actually adopt it.5️⃣ Connect directly to local accounting software in each market; it locks in retention and kills reconciliation overhead.GuestNiv Liran on LinkedIn: https://www.linkedin.com/in/nivliranUnzer: https://www.unzer.comFintech ConfidentialPodcast: https://fintechconfidential.com/listenNotifications: https://fintechconfidential.com/accessLinkedIn: https://www.linkedin.com/company/fintechconfidentialX: https://x.com/FTconfidentialInstagram: https://www.instagram.com/fintechconfidentialFacebook: https://www.facebook.com/fintechconfidentialSupporters of Fintech ConfidentialUnder.io: Streamlines application and underwriting by digitizing PDFs for e-signature. under.io/FTCSkyflow: A zero-trust data privacy vault delivered as an API covering PCI, CCPA, GDPR, SOC 2, and beyond. skyflowsecure.comDFNS: Wallets as a service, API first, multi-chain, secured with MPC across 50+ blockchains. fintechconfidential.com/dfnsHawk AI: Real-time payment screening, AML transaction monitoring, and dynamic customer risk rating. gethawk.comAbout the GuestNiv Liran is Chief Product and Technology Officer at Unzer. He entered fintech at Groupon in Berlin solving chargebacks on billions in monthly volume, then held leadership roles at Rocket Internet and AUTO1 Group, where he scaled the tech department from 5 to over 350 employees. He holds a B.Sc. in Computer Science and an MBA from INSEAD.About UnzerUnzer is a payments and commerce platform serving more than 85,000 merchants across Germany, Austria, Denmark, and Luxembourg with unified online, in-store, and back-office solutions through its UnzerOne platform.About the HostTedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential. Produced by DD3 Media, Fintech Confidential brings you the people, tech, and companies that change how you pay and get paid.Chapters00:00 Episode Highlights01:02 Welcome to Fintech Confidential01:10 DFNS: Wallets as a Service (sponsor)02:32 Meet Niv Inbar05:08 Why Unified Commerce Is Hard07:02 Falling Into Payments09:46 Unser vs Stripe Adyen11:30 Localizing Across Europe12:44 One Platform Consolidation15:12 Merchant Migration Playbook17:43 Merchant Day to Day Example20:21 Skyflow - Your Privacy API (sponsor)21:18 Taming Local Debit Schemes23:29 Selling ROI and Reducing Risk26:29 Partnerships Open Banking EPI29:20 EPI and Digital Wallet Future31:06 Market Consolidation Ahead32:27 Crystal Ball Unified Commerce35:26 AI Agents for Small Business37:32 One Sentence Founder Advice39:11 Wrap Up Key Takeaways41:03 Hawk AI - Realtime Fraud Monitoring (sponsor)41:47 Disclaimer

Ed is a BCACC registered, CCPA certified clinical counsellor, and BCACC Approved Clinical Supervisor. and the lead trainer at the DBT Centre of Greater Vancouver, and a senior clinician at the DBT Clinic of Greater Vancouver.Ed has extensive experience in delivering Dialectical Behavior Therapy to high-risk adults, youths and families experiencing concerns such as suicidality, self-harm, impulsivity, depression, anxiety, trauma, and addictions. Ed also has considerable background in DBT program development in government agencies, community services, and schools. Ed's DBT Program for Young Parents in Schools was recently nominated for a Premier's Award for innovation.In This EpisodeEd's websiteThis Is DBT PodcastTrainingBecome a supporter of this podcast: https://www.spreaker.com/podcast/the-trauma-therapist--5739761/support.You can learn more about what I do here:The Trauma Therapist Newsletter: celebrates the people and voices in the mental health profession. And it's free! Check it out here: https://bit.ly/4jGBeSa———If you'd like to support The Trauma Therapist Podcast and the work I do you can do that here with a monthly donation of $5, $7, or $10: Donate to The Trauma Therapist Podcast.Click here to join my email list and receive podcast updates and other news.Thank you to our Sponsors:Jane App - use code GUY1MO at https://jane.app

Crypto tax software flaws, IRS audit risk, and data manipulation are putting millions of investors in danger. Tedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential, sits down with Janna Scott, founder and CEO of DeFi Tax and an IRS Enrolled Agent, to break down why the tools crypto investors trust may fail them in an audit.Janna conducted forensic audits of 14 major crypto tax platforms and 53 firms claiming crypto tax expertise. The same 70 transactions produced a $99 gain on one platform, a $2,990 gain on another, and a $351 loss on a third. She explains how platforms allow users to edit immutable on-chain data like dates, currency types, and cost basis, making reports inadmissible in audits the same way the IRS rejects QuickBooks files. Her peer-reviewed research, published in Tax Notes, was shared with the IRS crypto division and SEC FinHub, and contributed to pausing IRS crypto audits. With enforcement expected to resume within months, this is a wake-up call for anyone holding or trading crypto.FIND OUT MORE1️⃣ Screenshot your crypto tax reports now; platforms have silently changed algorithms, producing 25-35% different results on the same historical data without notifying users.2️⃣ Never edit immutable transaction fields like dates, spot prices, fees, or cost basis; the IRS treats altered reports the same way it treats manipulated bank statements.3️⃣ Connect every wallet and exchange login you have ever used, including discontinued US exchanges, so transfers are not misclassified as taxable income.4️⃣ Run your transaction data through multiple products and compare results; if the numbers diverge significantly, get professional review before filing.5️⃣ Ask any firm claiming crypto tax expertise whether they can manually calculate your transactions and defend the work in front of the IRS before you pay them.Guest LinksJanna Scott | DeFi TaxWebsite: https://defitax.us/X: https://x.com/defitax_usFintech Confidential LinksPodcast: https://fintechconfidential.com/listenNotifications: https://fintechconfidential.com/accessLinkedIn: https://www.linkedin.com/company/fintechconfidentialX: https://x.com/FTconfidentialInstagram: https://www.instagram.com/fintechconfidentialFacebook: https://www.facebook.com/fintechconfidentialSupportersDFNS provides wallets as a service that is API first, multi-chain by design, and secured with MPC so you can launch across over 50 blockchains without managing private keys. Request a demo at fintechconfidential.com/dfnsSkyflow is a zero trust data privacy vault delivered as an API that lets you collect, secure, and tokenize personal information with built-in features for PCI, CCPA, GDPR, and SOC 2 compliance. Visit skyflowsecure.comHawk AI provides AI tools for real-time payment screening, ML transaction monitoring, and dynamic customer risk rating to make compliance more effective and help fight fraud and financial crime. Visit gethawkai.comAbout the GuestJanna Scott is the founder and CEO of DeFi Tax, an IRS Enrolled Agent, and an MBA with over 20 years of experience in tax compliance, financial analysis, and government finance. Her forensic research across 14 platforms and 53 firms was peer reviewed, published in Tax Notes, and shared with the IRS and SEC.About the CompanyDeFi Tax is a crypto tax compliance platform that calculates obligations using direct blockchain data, locks immutable transaction fields, traces NFT basis through the chain of custody, and supports users through audit and tax court.About the HostTedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential. Produced by DD3 Media, Fintech Confidential brings you the people, tech, and companies that change how you pay and get paid.Chapters00:00 Episode Highlights01:07 Welcome to Fintech Confidential01:15 Dfns: Wallets as a Service (sponsor)02:37 Show Intro and Guest06:13 Jana Origin Story09:15 Inside Government View11:38 John Doe Summonses15:43 Forensic Platform Audits22:05 Transfers and 1099 Traps24:41 Variance and Real Costs29:04 Taking Findings to Regulators32:16 Terms Changes and Report Drift34:07 Building It Yourself34:59 Why Reports Fail Audits35:39 Sky Flow: Building Fast and Secure (sponsor)36:41 Cryto Tax and Quickbooks38:46 Editing Breaks Credibility40:27 Defi Tax Guardrails42:24 Validator Income Burn Fees43:25 NFT Basis Tracing45:08 Pricing Sources Averaging46:29 Self Transfer Verification48:53 Audit Packets Evidence49:41 Silent Algorithm Changes54:00 Enforcement Crystal Ball56:05 Middle Class Snowball59:08 Practical Wallet Tracking01:02:05 Recap And Next Steps01:05:09 Show Wrap01:06:18 Hawk AI (sponsor)01:07:04 Disclaimer

Tom Kemp is the Executive Director of CalPrivacy. Previously, he was a Silicon Valley tech entrepreneur and CEO. He volunteered on the California Privacy Rights Act campaign and has advised on major tech policy legislation nationwide, including the Delete Act (SB 362) and AI Transparency Act (SB 942). He is the author of Containing Big Tech. In this episode… California's privacy law evolves once again as its new regulations push companies to move from policy to proof. Privacy risk assessments, cybersecurity audits, and automated decision-making technology requirements introduce new obligations for businesses that process personal information at certain thresholds. Alongside recent CCPA enforcement actions, these new rules reinforce the importance of establishing governance, ensuring technical compliance, and demonstrating accountability. So, what do businesses need to do to stay ahead?  CCPA enforcement actions do not happen in a vacuum. Consumer complaints, website and data flow reviews, and media reports influence investigations that can trigger enforcement actions. Tom Kemp, Executive Director of CalPrivacy, knows this firsthand as he oversees these efforts, along with the rollout of the new CCPA rules. Companies are being evaluated based on real-world user experience. That's why they need to establish governance and strong operational processes that ensure compliance as regulations and consumer expectations evolve. Companies also need to walk a mile in a consumer's shoes and test their websites and mobile applications to ensure they are free of dark patterns and that access, deletion, and opt-out rights function without friction. And when it comes to AI use, companies need to keep in mind that existing CCPA obligations still apply whenever personal information is involved. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Tom Kemp, Executive Director of CalPrivacy, about the new CCPA regulations, enforcement, and what's next for businesses. Tom explains why the California Privacy Protection Agency transitioned to the CalPrivacy name and how the agency focuses on raising privacy awareness and making it easier for consumers to operationalize their privacy rights. He outlines key timelines and thresholds tied to risk assessments, cybersecurity audits, and automated decision-making obligations and discusses how businesses can leverage existing processes to meet the new requirements. Tom also shares how California's collaboration with other state attorneys general and international regulators is shaping enforcement coordination and privacy oversight.

Open banking fees, stablecoin regulation, and AI-first payment systems are reshaping how money moves in the US. Tedd Huff, CEO of fintech advisory firm Voalyre and founder of Fintech Confidential, sits down with David Glaser, CEO of Dwolla, to unpack what's changing, what's breaking, and what smart operators are doing about it right now.Find out more JP Morgan's decision to charge for open banking access is forcing the entire industry to rethink how apps connect to bank account data. Real-time payment rails like RTP and FedNow are live but adoption is slow because not every use case needs instant settlement. Dwolla scaled without hiring a single net-new employee in two years by mapping every process into what can be automated and what still needs a human. This episode covers the frameworks, the data signals, and the strategy shifts that matter most if you're building or running anything in payments today.TAKEAWAYS1️⃣ Build with AI from day one and treat new hires as a last resort, not a first instinct.2️⃣ Rework your product fast because major AI releases absorb startup features every six months.3️⃣ Attack your biggest operational bottleneck first, even if you can only automate half of it.4️⃣ Track every internal handoff to find where delays, errors, and hidden costs are piling up.5️⃣ Set team values that reward discomfort so your people adopt new tools without waiting for a mandate.GUESTDavid Glaser: https://www.linkedin.com/in/daglaserCOMPANYDwolla: https://www.dwolla.comDwolla LinkedIn: https://www.linkedin.com/company/dwollaDwolla YouTube: https://www.youtube.com/c/dwollaplatformFINTECH CONFIDENTIALPodcast: https://fintechconfidential.com/listenNotifications: https://fintechconfidential.com/accessLinkedIn: https://www.linkedin.com/company/fintechconfidentialX: https://x.com/FTconfidentialInstagram: https://www.instagram.com/fintechconfidentialFacebook: https://www.facebook.com/fintechconfidentialSUPPORTERSUnder.io: Digitize your PDFs and streamline application and underwriting processes. Get started free at under.io/FTCSkyflow: A zero trust data privacy vault delivered as an API covering PCI, CCPA, GDPR, and SOC 2. Visit skyflowsecure.comDFNS: Wallets as a service, API first, multi-chain, secured with MPC across 50+ blockchains. Request a demo at fintechconfidential.com/dfnsHawk AI: Real-time payment screening and AML transaction monitoring to cut false positives. Sign up for a demo at gethawk.comABOUTGuestDavid Glaser is CEO of Dwolla with over 25 years of payments experience spanning global leadership roles at Mastercard, Worldpay, CyberSource, and Visa. He grew up in a small coal mining town south of Pittsburgh, originally planned to become a high school math teacher, and has since led teams through some of the industry's biggest deals including Worldpay's $10.4 billion merger with Vantiv. Outside of payments, he's completed multiple Ironman triathlons and 70.3 races.CompanyDwolla is a leader in account-to-account payments in the US, offering a full-service platform that replaces legacy technology with a unified solution supporting ACH, Same Day ACH, RTP, and FedNow. Over 500 businesses partner with Dwolla to improve payment security, data visibility, and cash flow.HostTedd Huff is CEO of fintech advisory firm Voalyre and founder of Fintech Confidential. With 25+ years in the industry, he brings entertaining and informative content focused on fintech insights, market trends, and stories from leaders, thinkers, and doers.DD3 MediaFintech Confidential is a production of DD3 Media. All rights reserved.CHAPTERS00:00 Highlights02:06 Under.io: Streamlining Application Processes02:35 Introduction to FinTech Leaders One-on-One02:48 Meet David Glaser, CEO of Dwolla05:29 Payment Industry Then vs. Now08:03 Open Banking and AI in Payments08:55 JP Morgan's Open Banking Fee Announcement14:06 Payment Methods and Account Access14:36 Scaling Operations at Dwolla15:03 Modernizing Homegrown Systems16:26 AI and Automation in Payments17:20 Skyflow: Your Privacy API18:31 Balancing Founder Mindset with Scale19:22 Automating Back Office Processes21:52 Identifying What to Systemize Next29:52 Economic Signals in Transaction Data31:01 Interest Rate Impact on Fintech32:43 Predicting Trends with Payment Data35:04 Centralizing Data for AI Readiness37:21 Account-to-Account and Real-Time Rails38:21 Real-Time Payment Use Cases41:00 DFNS: Wallets as a Service42:39 Choosing the Right Payment Method44:09 Orchestrating Across Multiple Rails46:58 Vertical SaaS and Embedded Payments48:37 The Future of Stablecoins50:23 AI and Stablecoins Together54:21 Advice for Fintech Founders58:07 Hawk AI: Real-Time Fraud Monitoring58:52 Disclaimer

In this second part of our conversation on hostile acquisitions and digital governance, we shift the focus toward regulatory compliance and its growing impact on multinational enterprises (MNEs). With Juan Camilo Bolívar Sánchez, we examine how evolving regulatory frameworks such as the GDPR in Europe and the CCPA in the United States are reshaping the operational strategies of global technology firms.Drawing from his experience at TikTok in France and Belgium, Bolívar explains the practical challenges of navigating regulatory fragmentation across jurisdictions and the commercial implications of managing data protection, contract negotiations, and compliance risks in different legal environments. We explore how regulatory divergence affects business models, operational costs, and competitive positioning, and what this means for the future of cross-border digital operations.Join us as we analyze how compliance is no longer just a legal requirement, but a strategic dimension of international business in the digital era.

Rob McDonald, SVP of Platform at Virtru joins the podcast to double-click into the privacy and data discussion. We explore subsidizing the pain of giving personal data in exchange for 'free' services, informed consent, regulation alone isn't a silver bullet, and what outcomes we could we drive when we combine user decisions with regulation. And he shares insights on behaviors that come with innovation, data as common denominator, regulations such as GDPR and CCPA as progress markers (and not the final destination), the criticality of the CIO/CISO as storyteller and recognizing our front line defenders are people (not robots!). Rob McDonald, SVP Plaftorm at Virtru Rob is the SVP of Platform and an advocate of safeguarding data across new applications and data-sharing workflows. Prior to Virtru, Rob was the CIO for several Acute Care facilities and Denovo Healthcare development teams. His significant expertise in the healthcare industry earned him a spot in Becker's Review as a 2013 and 2014 Top 100 Healthcare CIOs. Rob has also consulted with corporations to help them assess their current information security position and develop a plan to not only mitigate the discovered technical shortcomings but more critically to raise security awareness amongst their employees. Rob holds a Bachelor of Science degree in Computer Science from the University of Texas at Dallas and is a perpetual student of technology, information security, and privacy practices. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e374

On February 20, the Supreme Court ruled that the International Emergency Economic Powers Act, known as IEEPA, does not authorize President Trump's sweeping tariffs. In Learning Resources, Inc. v. Trump, and the consolidated case, the Court held that the statute does not grant the President the power to impose tariffs under a declaration of economic emergency.  In this episode, we explore what the Court held, why the Justices disagreed about the reasoning, and what this decision might tell us about the future of presidential emergency power. To help us explore these questions are two leading Court watchers and constitutional experts, Zachary Shemtob of SCOTUSblog and Ilya Somin of the George Mason University. Julie Silverbrook, vice president of civic education of the National Constitution Center, moderates.  Resources  Learning Resources, Inc. v. Trump (2026)  “Supreme Court strikes down tariffs,” SCOTUSblog (2/20/2026)  Ilya Somin, “How the Supreme Court Spared America,” The Atlantic (2/21/2026)  Ilya Somin, “The Supreme Court Spurns a Presidential Power Grab,” The Dispatch (2/23/2026)  Ilya Somin, “Trump's new tariffs are another dangerous presidential power grab,” Boston Globe (2/24/2026)  Ilya Somin, “Not Everything Is an Emergency,” The Dispatch (1/31/2025)  “Are Trump's Tariffs Lawful?,” We the People (11/06/2025)  Biden v. Nebraska (2023)  Whitman v. American Trucking Associations, Inc. (2001)  Dames & Moore v. Regan (1981)  Youngstown Sheet & Tube Co. v. Sawyer (1953)  United States v. Yoshida International, Inc. (CCPA, 1975)  United States v. Curtiss-Wright Export Corp. (1936)  Schechter Poultry Corp. v. United States (1935) Stay Connected and Learn More Questions or comments about the show? Email us at ⁠podcast@constitutioncenter.org⁠⁠ Continue the conversation by following us on social media @ConstitutionCtr Explore the ⁠⁠America at 250 Civic Toolkit⁠⁠ ⁠⁠Sign up⁠⁠ to receive Constitution Weekly, our email roundup of constitutional news and debate Subscribe, rate, and review wherever you listen Join us for an upcoming ⁠⁠live program⁠⁠ or watch recordings on ⁠⁠YouTube⁠⁠ Support our important work ⁠⁠Donate

 Andrew Longhurst is a senior researcher with the CCPA. Learn more about your ad choices. Visit megaphone.fm/adchoices

This episode is available in audio format on our Let's Talk Loyalty podcast and in video format on www.Loyalty.TV.We are breaking new ground today as we explore the retail Cannabis industry, one that is often discussed, but not very well understood.Marketing to customers in a regulated industry has complexities and my guest today is one of the most accomplished persons leading marketing innovation in the Cannabis industry. Courtney Zalewski is Chief Brand and Marketing Officer at Embarc, a modern, community-focused cannabis retailer in California with locations across the state. Courtney pioneered the launch of the Embarc Passport Club two years ago and we talk about the intersection of regulations in Cannabis retail with the most stringent consumer protection laws in the US (the CCPA), where the challenge of creating customer loyalty in the Cannabis industry might be the biggest in all of retail.Hosted by Bill Hanifin, CLMP™Show Notes : 1)Courtney Zalewski2) Embarc3) Embarc Passport Club5) Unresonable Hospitality - Book Recommendation

Tedd Huff, CEO of fintech advisory firm Voalyre and host of Fintech Confidential, sits down with Fintech Confidential CI, Robert Musiala, Partner at Baker Hostetler and co-leader of their Web3 and Digital Assets team, to break down what made 2025 the most consequential year in crypto regulation. The SEC reversed course, the Genius Act passed at lightning speed, and stablecoins exploded from $205 billion to $308 billion in market cap. This is the month-by-month breakdown of how regulatory clarity supercharged the entire industry.The SEC declared most crypto assets are not securities, dismantling years of legal uncertainty. Banks got the green light to offer crypto custody and exchange services. Circle's IPO validated stablecoins as core financial infrastructure. The Genius Act created the first federal stablecoin framework while banning yield payments and imposing strict reserve requirements. NFTs gained legal clarity, DeFi got legitimized, and crypto-native firms started filing for bank charters. If you're building in crypto, investing in blockchain, or trying to understand where regulation is headed in 2026, this breaks down the exact moves that matter.TAKEAWAYS:1️⃣ Genius Act created federal stablecoin operating rules2️⃣ Stables finally legal under federal framework3️⃣ IRS solves crypto tax confusion overnight4️⃣ Stablecoin yield payments now completely banned5️⃣ SEC stops lawsuits, issues guidance insteadLINKS:Guest: Robert MusialaLinkedIn: https://www.linkedin.com/in/robert-musiala/Baker Hostetler: https://www.bakerlaw.com/people/robert-musialaBlockchain Monitor: https://www.blockchainmonitor.com/Company: Baker HostetlerWebsite: https://www.bakerlaw.com/Web3 & Digital Assets: https://www.bakerlaw.com/practices/web3-digital-assetsFintech ConfidentialPodcast: https://fintechconfidential.com/listenNotifications: https://fintechconfidential.com/accessLinkedIn: https://www.linkedin.com/company/fintechconfidentialX: https://x.com/FTconfidentialSUPPORTERS:DFNS: Wallets as a service, API first, multi-chain, secured with MPC across 50+ blockchains - fintechconfidential.com/dfnsSkyflow: Zero trust data privacy vault for PCI, CCPA, GDPR, SOC 2 compliance - skyflowsecure.comHawk: AI tools for real-time payment screening and fraud prevention - gethawkai.comABOUT:Robert Musiala is Partner and co-leader of Baker Hostetler's Web3 and Digital Assets team, providing weekly analysis on the Blockchain Monitor blog. Baker Hostetler is a leading U.S. law firm with over 900 attorneys serving blockchain clients from startups to Fortune 500 companies.Tedd Huff is the Founder of Voalyre and Diamond D3, professional services consulting firms focused on global payments and marketing. He is also video podcast host and executive producer on the Fintech Confidential network. Over the past 25+ years, he has contributed to FinTech startups as an Advisory Board Member, Co-Founder, and Chief Experience Officer, providing strategic and tactical direction for global companies, focusing on growth while delivering process improvements and user experience-driven value to simplify the complexity of payments.CHAPTERS:00:00 Episode Highlights02:08 Dfns: Wallets as a Service (sponsor)04:01 2025 Regulatory Changes and Market Impact04:43 January: SEC's Tone Shift and Market...

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, we delve into the critical role of security governance in building secure organizations. Learn how governance frameworks—comprising policies, standards, procedures, and playbooks—transform strategic intent into consistent, auditable actions that both teams and auditors rely on. Whether you're preparing for your CompTIA exam or aiming to develop essential IT skills, understanding these governance principles is key to effective tech exam prep and technology education. Join us as we break down complex concepts in an easy-to-understand way, helping you succeed in your IT certification journey and beyond.We start with clear definitions that make exam questions and real-world decisions easier. Policies set high-level rules and expectations. Standards add measurable technical requirements like encryption strength and logging baselines. Procedures translate both into step-by-step action, and playbooks coordinate who does what, in what order, using which tools. Along the way, we compare external frameworks such as ISO 27001, NIST 800, PCI DSS, and FIPS with internal standards that tailor controls to your environment.Privacy law isn't a side quest; it shapes everything. We demystify GDPR, CCPA, FERPA, HIPAA, and COPPA, and clarify roles that exams love to test: the data owner who sets classification and usage, the data controller who defines purpose and lawful basis, the data processor who acts for the controller, and the data custodian who protects and maintains data without deciding how it's used. You'll learn practical cues to spot each role fast and avoid common pitfalls.Finally, we dig into change management as a risk control function. Its goal is to minimize risk while implementing changes, with impact analysis, approvals, testing, and rollback plans. Automation and orchestration can speed response and reduce error, but only when guided by policy and enforced by standards. Expect memorable exam tips, grounded examples, and a framework you can use right away on the job.If this helped sharpen your Security+ prep or your day-to-day practice, subscribe, share the show with a colleague, and leave a quick review. Your feedback helps more learners tap into technology with confidence.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

April co-founder and CEO Ben Borodach joins Fund/Build/Scale to break down how he built a compound startup in one of the hardest markets in fintech: U.S. taxes. We talk about why some problems can't be solved with a simple wedge product, how to sequence engineering, compliance, and distribution, and what it takes to operate inside complexity for years before the market catches up. Ben shares the early customer discovery work, the “science experiments” that shaped April's product, and the cultural frameworks he and his co-founder developed before they wrote any code. If you're an early-stage founder deciding what to build — or how to build it — this episode offers a clear playbook for choosing hard problems and de-risking them the right way. RUNTIME 48:00   EPISODE BREAKDOWN 01:08  How Ben and Daniel met + connecting over complex data problems 01:47  Ben's background: Deloitte, crypto infra, cyber, fintech 02:51  Why pick tax? Choosing a hard, high-impact market 03:44  Outdated incumbents + the opportunity hidden in “don't touch that” markets 04:57  Why tax innovation is so rare: regulatory hurdles and decades-old engines 05:29  Founder-market fit: complementary backgrounds + AI expertise 06:38  Translating congressional law into code + achieving 20× engineering leverage 07:25  The pseudo-manifesto: conflict resolution, culture, and founder alignment 08:40  What “compound startup” means and why narrow wedges don't work in B2B 09:57  Stitching data, workflows, and software into a flexible platform 10:39  Building for multiple configurations across financial institutions 11:26  How complexity becomes a moat 13:01  Why compound startups require longer gestation and patience 14:46  Sequencing layers: engine → coverage → interfaces → embedded infra 15:50  The rigid annual regulatory calendar and “Manhattan-style” planning 17:13  Serving customers early: friction with the market by design 18:46  Manual work vs. automation: the constant balancing act 19:27  The early KPI wasn't revenue  it was proving technical and trust viability 20:46  Running “science experiments” to de-risk assumptions 21:16  Investor expectations vs. seasonal learning cycles 22:47  Surviving four years of annual gauntlets before scale 23:02  Inside the regulatory maze: IRS approval, state forms, arbitrary specs 24:04  Data governance challenges: CCPA, IRS 7216, portability 25:20  Why April participates in the industry's private governance body 26:18  Why April chose embedded distribution over a consumer app 27:32  The crumbling moats of financial institutions 29:08  Tax as the missing data layer enabling personalization 30:47  How customer discovery differed across banking, wealth, and SMB 31:07  Thousands of conversations across dozens of institutions 32:51  What April had to prove at Seed, Series A, Series B 33:49  Why rigid VC benchmarks can be unhelpful for complex companies 37:02  Headcount growth: seed → A → B 38:20  Why Ben doesn't interview every employee anymore 39:48  Founder evolution: doing → delegating → maintaining quality 40:55  Resilience, wellbeing, and founder longevity 41:39  The mythology of 996 and why it's unsustainable 44:07  The most common mistakes first-time fintech founders make 46:14  The one question Ben would ask if he were interviewing a founder LINKS Ben Borodach April Daniel Marcous april Raises $38M Series B to Embed Tax into Every Financial Decision April Careers   SUBSCRIBE

professorjrod@gmail.comIn this episode of Technology Tap: CompTIA Study Guide, my students dive into the notorious Cambridge Analytica scandal and its profound impact on data privacy and technology ethics. Our students break down how seemingly harmless personality quizzes exploited Facebook data, creating psychological profiles that influenced elections worldwide. This discussion not only explores real-world technology applications but also enhances your understanding of data security—an essential topic for IT skills development and CompTIA exam prep. Tune in to expand your knowledge of technology education and the critical role of informed consent in today's digital landscape.We walk through the mechanics: the Open Graph loophole, the “This Is Your Digital Life” app, and the shift from demographic targeting to OCEAN-based psychographics that amplified fear, duty, or curiosity depending on your traits. The conversation connects the dots from early experiments with Ted Cruz to huge ad impression volumes tied to the 2016 cycle, explores coordination concerns with super PACs, and examines why these tactics made public debate harder and disinformation easier to spread. Along the way, our students highlight the whistleblowers who surfaced the practice and the global footprint that reached Brexit, the Caribbean, and beyond.The fallout mattered. Facebook faced FTC, SEC, and UK ICO actions; Cambridge Analytica went bankrupt; and Meta tightened API access to cut off friend data collection. We also dig into the privacy wave that followed—GDPR in Europe, CCPA in California—and what those laws do and don't fix. The core takeaway is clear: ethical data practices and transparent advertising aren't nice-to-haves; they're the guardrails for a healthy digital public square. If personal data can be turned into political power, then consent, purpose limits, and accountability must be visible and enforceable.Listen for a clear, step-by-step breakdown, plain-language answers to tough questions, and practical context you can use to evaluate political ads and platform policies. If this conversation sharpened your thinking, subscribe, share the show with a friend, and leave a review telling us how you protect your data online.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

It's been a busy year for ISO Standards, with that set to ramp up in 2026 thanks to upcoming Standard transitions. Before we dive into a new year, we'd like to take a step back and highlight some of the key ISO milestones from 2025.  In this episode, Steph Churchman, Communications Manager at Blackmores, looks back at the major Standard updates from 2025, including changes to existing Standards, new ISO's published and key upcoming changes you need to be aware of for 2026.   You'll learn ·      What ISO Standards have been updated in 2025? ·      What new ISO Standards were published in 2025? ·      What Standards are due to be published in 2026? ·      What ISO transitions do you need to be aware of in 2026? Resources ·      Isologyhub   In this episode, we talk about: [02:05] Episode Summary – Steph reviews major ISO Standard updates from 2025, including changes to existing ISO Standards, new Standards published and what you need to know going into 2026.   [02:34] What ISO Standards have been updated in 2025?: ISO 27701:2025: This is the Standard for Privacy Information Management and it recently received an update in October 2025. Key updates to this Standard include: ·      This is now a stand-alone Standard and can be implemented without an existing ISO 27001 ISMS in place. ·      The addition of further guidance for data processors and controllers. ·      Provides greater clarity on managing personal data within AI and digital ecosystems ·      More focus on organisational leadership involvement. ·      The update now aligns ISO 27701 more closely with global regulations such as GDPR, CCPA and LGPD. ISO 37001:2025, the Standard for Anti-bribery. This one was well overdue an update, with its last version being 2016! It's update arrived on 2nd Feb 2025, and included: - ·      Text harmonisation with the other ISO 37000 family of Standards, such as ISO 37301 (compliance management systems), ISO 37000 (governance of organisations) and ISO 37008 (internal investigations of organisations) to ensure consistency and easier integration. ·      The latest version now formally introduces the concept of anti-bribery culture and emphasises its importance for the effectiveness of the management system. ·      A greater emphasis on the role of top management and their involvement in overseeing the management system. ·      A new requirement has been added for awareness and training as fundamental asset for management system results. ·      It also receives the added climate change amendment, which many ISO's already embedded back in 2024 – learn more about that here. ·      And lastly, there's more comprehensive definitions of conflict-of-interest as well as procedures to raise awareness on reporting potential and actual conflicts. ISO 50002, the standard for energy audits. This isn't a certifiable standard, but rather a guidance document to support the energy management standard ISO 50001. The recent update has now split this Standard into 3 parts: ·      ISO 50002 part 1: General requirements with guidance for use. ·      ISO 50002 part 2: Guidance for conducting an energy audit in buildings. ·      ISO 50002 part 3: Guidance for conducting an energy audit in processes Most of the revisions focused on strengthening and adding further clarification to energy auditing principles such as Competency, Confidentiality, Objectivity, access to equipment, resources and information, Evidence-based approach and Risk-based approach Lastly, this update also clearly specifies the requirements for energy auditor competence. [07:10] What new ISO Standards were published in 2025? ISO 42006 - Requirements for bodies providing audit and certification of artificial intelligence management systems. This is a guidance Standard that actually relates to certification bodies rather than businesses choosing to implement ISO 42001. It builds on ISO 17021-1 and ensures that certification bodies operate with the competence and rigour necessary to assess organisations developing, deploying or offering AI systems. While one that you as a business may not have to worry about, it's a positive addition to the growing ISO 42000 family of Standards, which are currently the only global frameworks for best practice for AI Management. ISO 17298 Biodiversity - Considering biodiversity in the strategy and operations of organizations. ISO 17298 ultimately aims to help organizations of all types and sizes understand how they depend on and impact nature – and take concrete action to address it. It includes guidance to help you: ·      Understand your biodiversity impacts, dependencies and risks ·      Identify opportunities for green growth and nature-positive finance ·      And develop and implement a credible biodiversity action plan   [09:45] What new ISO Standards are due to be published in 2026? ISO 53001 management system requirements for the United Nations Sustainable Development Goals. Many businesses have already done the hard work behind aligning their ESG activities with the UN SDG's, and will soon be able to benefit from certification to an internationally recognised Standard to help manage and improve their performance against those SDG goals. The Standard provides a framework for an SDG management system that will: ·      Enhance the organization's SDG performance. ·      Fulfil compliance obligations. ·      Achieve selected SDG objectives. ·      Create trust and confidence to relevant existing and future stakeholders If you wanted to get a head-start, the guidance document ISO 53002: Guidelines for contributing to the United Nations Sustainable Development Goals is available to download for free right now. ISO 14060: Net Zero Aligned Organisations. This Standard details requirements for how any type of organization can demonstrate that their net zero strategy is achievable, and that they are making credible and verifiable progress towards contributing to global net zero in line with the Paris Agreement. There are a lot of country specific legislation and regulations now in effect, or soon to be in effect, but there is a lack of clarity around what it actually means to be Net Zero. This is where ISO 14060 comes in, to create a globally accepted definition of what it means for an organisation to be net zero. In addition, this Standard will also: ·      Define what constitutes a credible net zero strategy at an organisational level ·      Establish how targets should be set, measured and delivered ·      Require organisations to align with the goals of the Paris Agreement ·      Build on existing ISO standards such as ISO 14064 for GHG verification and ISO 14068-1 for Carbon Neutrality ·      Have a focus on organisational claims, not product or event-level claims ·      And lastly it will be globally applicable and adaptable across sectors. [12:50] What ISO Standard updates do you need to be aware of for 2026?: The anticipated update to the leading environmental management system Standard, ISO 14001, is expected to be published in Q1 of 2026. It doesn't appear to have many major changes, but rather just further guidance and clarification in a few areas, including: ·      Modernised terminology and harmonised structure that aligns with other ISO Standards ·      Stronger focus on environmental conditions ·      Clearer EMS scope with life-cycle perspective ·      Again, we see a greater focus on leadership accountability ·      Refined risk-based planning ·      Introduction of a new change-management clause ·      Extended operational control to suppliers ·      Restructured management review ·      And an expanded Annex A for explanatory notes ISO 9001 is also due a revision. It was expected out around a similar time as ISO 14001, but following its public comment round, it's gone back under revision to make more changes after that feedback. As a result, this has pushed the expected publication date to either Q3 or possibly even Q4 of 2026. Now despite it going back into revision following feedback, the changes are still expected to be minor. Some of the expected changes include: ·      Impact of digital transformation – such as AI ·      Improved supply chain resilience ·      Proactive risk management and risk-based thinking ·      Quality culture and awareness of ethical behaviors ·      And increased attention to customer satisfaction Looking even further forward, ISO 45001 will also be up for revision soon, though that isn't expected to be published until 2027. We'll give you more details as soon as a draft version has been made available. All of these transitions will include a 3-year grace period, so there's no need to panic. Over the next year, we'll cover these changes in more detail, and will provide a variety of ISO Support options to help you manage and complete your ISO transitions. That's it from us for 2025! We look forward to brining you more ISO knowledge in 2026

In this episode, hosts Kaylee Cox Bankston and Boris Segalis discuss their latest favorite uses of AI and the new CCPA developments before sitting down with Georgina Merhom, data scientist and founder of Solo, for the first installment of a two-part conversation exploring the foundations of trustworthy data and AI in financial services.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvWhat happens when cybersecurity meets the engine room of the business? We dig into the partnership between the CISO and COO and show how shared risk, clear language about money, and practical tabletop drills turn security into operational resilience. Ransomware, supply chain delays, and customer impact aren't just IT issues—they're revenue issues—so we map exactly how to build alignment before a crisis hits.We break down CISSP Domain 1.5 with a plain-English tour of law categories and the statutes you actually need to know: CFAA and NIIPA for unauthorized access and critical infrastructure, FISMA and the NIST standards for federal-grade security programs, and the federal modernization that centralized oversight under DHS. Then we go deeper into intellectual property: what copyrights, trademarks, patents, and trade secrets protect; how DMCA and AI complicate ownership; and how licensing and click-through terms can quietly put your data and code at risk if you don't read them with counsel.Cross-border data is now daily business, so we unpack export controls on chips and encryption, transborder data flow obligations, and privacy regimes that carry real teeth: GDPR's 72-hour notification, China's PIPL and local representation, and state laws like CCPA that mirror EU rights. The practical takeaway is a tighter incident playbook: define “breach” with evidence-based thresholds, pre-wire stakeholder communications, and use tabletop exercises to test both technical recovery and regulatory reporting.If you're studying for the CISSP or leading a security program, this is the legal-ops blueprint you can use today. Subscribe, share this with your ops and legal teams, and leave a review to tell us which regulation gives you the biggest headache—we'll tackle it next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Jennifer is the Director of DTC, Martech, and Digital Compliance at OLLY, a Unilever-owned vitamin/supplement brand, and a seasoned eCommerce veteran based in the Bay Area. She specializes in building digital marketing programs, profitable eCommerce stores, and seamless customer experiences. Her expertise includes advanced Martech ecosystems, customer data platforms (CDPs), marketing automation, and ensuring compliance with global privacy regulations like GDPR and CCPA. Jennifer's skills span web development, UX/UI design, inventory management, logistics, and omni-channel retailing. In This Conversation We Discuss:[00:00] Intro[00:39] Sponsor: Taboola[01:58] Solving customer needs with simplicity[04:05] Sponsor: Next Insurance[05:19] Leveraging cross-brand learnings for growth[08:37] Using D2C as a customer learning engine[12:00] Callouts[12:11] Evaluating tools that streamline operations[13:37] Reviving traditional marketing with modern tech[16:52] Sponsor: Electric Eye & Freight Fright[20:01] Testing unconventional marketing strategies[21:19] Balancing responsibility with limited control[24:58] Focusing on product value over flashy designResources:Subscribe to Honest Ecommerce on YoutubeOlly Vitamins and Supplements olly.com/Follow Jennifer Peters linkedin.com/in/jennifer-peters-3bbb6220Reach your best audience at the lowest cost! discover.taboola.com/honest/Easy, affordable coverage that grows with your business nextinsurance.com/honest/Schedule an intro call with one of our experts electriceye.io/connectTurn your domestic business into an international business freightright.com/honestIf you're enjoying the show, we'd love it if you left Honest Ecommerce a review on Apple Podcasts. It makes a huge impact on the success of the podcast, and we love reading every one of your reviews!

This week's Breaking News covers the wildest stories from mobile gaming, ad tech, privacy, and monetization. From brand-new global launches (Bleach, Resident Evil, Villains Robot) to Unity's new ad-tech push, to JamCity's $1.4M CCPA fine — Matej breaks it down with zero fluff.What you'll learn• Bleach: Soul Resonance launches with millions of preregs• Resident Evil Survival Unit hits 1M downloads in 48 hours + $150K/day• Real Farm Craft expansion (but almost no revenue)• Villains Robot BR + blockchain weirdness• Molang: Match & Munch launches (and makes $100/day)• Unity's “Vector” returns again + new ad ecosystem tools• Playable ads → the next $124B brand frontier• JamCity fined $1.4M for CCPA violations• Why e-commerce brands are now using playablesGet our MERCH NOW: 25gamers.com/shop--------------------------------------This is no BS gaming podcast 2.5 gamers session. Sharing actionable insights, dropping knowledge from our day-to-day User Acquisition, Game Design, and Ad monetization jobs. We are definitely not discussing the latest industry news, but having so much fun! Let's not forget this is a 4 a.m. conference discussion vibe, so let's not take it too seriously.Panelists: ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Jakub Remia⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠r,⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Felix Braberg, Matej Lancaric⁠Podcast: Join our slack channel here: https://join.slack.com/t/two-and-half-gamers/shared_invite/zt-2um8eguhf-c~H9idcxM271mnPzdWbipgChapters00:00 — Intro00:18 — Bleach: Soul Resonance launch01:00 — Real Farm Craft expansion01:38 — Villains Robot Battle Royale02:20 — Resident Evil Survival Unit hits 1M downloads03:10 — Molang Match & Munch release03:45 — Seven Deadly Sins Grand Cross update04:20 — Zombies, Run rights reacquired04:55 — Paysafe adds Brazil payments05:25 — DC Dark Legion Thanksgiving event05:55 — Solo Leveling Winter update06:30 — Unity ad-tech announcements07:35 — JamCity fined $1.4M08:55 — Playable ads become brand frontier09:40 — Apple pushes playables into e-commerce10:20 — Wrap-up---------------------------------------Matej LancaricUser Acquisition & Creatives Consultant⁠https://lancaric.meFelix BrabergAd monetization consultant⁠https://www.felixbraberg.comJakub RemiarGame design consultant⁠https://www.linkedin.com/in/jakubremiar---------------------------------------Please share the podcast with your industry friends, dogs & cats. Especially cats! They love it!Hit the Subscribe button on YouTube, Spotify, and Apple!Please share feedback and comments - matej@lancaric.me---------------------------------------If you are interested in getting UA tips every week on Monday, visit ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠lancaric.substack.com⁠⁠⁠⁠⁠⁠ & sign up for the Brutally Honest newsletter by Matej LancaricDo you have UA questions nobody can answer? Ask ⁠⁠⁠⁠⁠⁠⁠⁠Matej AI⁠⁠⁠⁠⁠⁠ - the First UA AI in the gaming industry! https://lancaric.me/matej-ai

In today's Tech3 from Moneycontrol, we break down why India's newest tech listings. Groww, Lenskart, Pine Labs and PhysicsWallah, saw their post-IPO shine fade quickly, slipping across the board. We also look at 26 major consumer apps declaring themselves dark-pattern-free to the CCPA, Paytm's slow but meaningful UPI recovery after a turbulent year, and BigBasket's Rs 200-crore debt raise to fuel its quick-commerce network.

It's not science fiction anymore; it's Agentic AI. We're moving past the era where AI just assists us.  Now, we're talking about a coworker that can run entire recruiting workflows from start to finish. Think of it like a Tesla: you set the destination, and it drives the car. But I don't want you to be left in the dust regarding what this looks like. We are talking about autonomous scoring, outreach, and screening that operates without human intervention so you can save your intervention for where it matters most. However, with great automation comes great responsibility. I know we are all feeling the pinch point of budget constraints and increased hiring needs , but you cannot build automation on top of chaos. If you don't have a strong foundation or good data, you're just going to automate chaos. We're going to discuss the critical guardrails you need - like human oversight on outreach and bias monitoring, because the human touch is going to be more valuable than it ever has been. So, where do you start? We'll look at finding your highest ROI pilots, like passive candidate sourcing or high-volume screening, and how to build a governance framework so candidates know they are interacting with AI. This isn't autopilot; it's assisted driving. Join me as we explore how to use these tools to elevate the human experience, not replace it. Stacie More episodes at StacieBaird.com. Basics on GDPR and CCPA

In this episode of The Founder's Sandbox, host Brenda McCabe sits down with Chris Daden, CTO of Criteria Corp, to explore what it takes to scale purpose-driven businesses in the era of Work 4.0. Chris shares his fascinating origin story—starting with a childhood shaped by tech-savvy parents and leading to multiple exits, international teams, and leadership at a global talent success platform. He breaks down how Criteria uses science and AI to remove bias from hiring, why soft skills matter more than ever, and how to future-proof your workforce in an AI-augmented world. Learn about his nonprofit, SoCal Tech Forum, and why building trust is essential for AI adoption at scale. transcript: 00:18 Welcome back to the Founder's Sandbox. The Founder's Sandbox is in its fourth season. I'm here, your host, Brenda McCabe, and I'm live this month's podcast is 00:31 from the Founders Space in Pasadena. And I'm joined with my guest, Chris Daden of Criteria Corp. um And a colleague of mine in the startup ecosystem. Welcome, Chris. Thanks for having me. I'm really excited to be here. So am I. So um I want to briefly give some background on the Founder Sandbox for those that are listening in today. um 00:56 Each episode features in-depth conversations with founders of small and mid-sized owner-operated companies and operators that support the ecosystem. And together, through storytelling, we explore how to build scalable, resilient, purpose-driven businesses with great corporate governance. And you're going to discover today with Chris, his origin story. I always like to start with how the person 01:24 that's a guest to my podcast, really started getting involved with the ecosystem of startups. And your story is quite fascinating. I'm gonna give a spoiler alert here. You and I met, I guess two years ago, at a Thai con event where you were on a panel. I was the MC em and we got to talking over dinner and just your origin story and the multiple exits you've had. 01:53 really um lit up a bulb in my mind. said, Chris, you have to be in my podcast. So it's two years later, and I'm so glad that we're making this happen. Lucky to be here. Thank you. forward to it. So this podcast, again, we're going to talk about a lot of things because Chris, not only are the CTO of Criteria Corp, a talent success company, where you help organizations meet objective evidence-based 02:23 talent decisions that both reduce the bias and drive better outcomes. But also, you're a two times 40 under 40. You've had multiple exits of prior companies. You're a speaker, a founder, a board member, and recently you started your own nonprofit in SoCal called the SoCal Tech Forum. 02:51 Oh, and I forgot you're a member of the Forbes Technology Council. we're going to have... Couldn't have said it better. Thank you, Brenda. So with that, again, my episodes on particularly Spotify, we have a title that's on each episode and we've chosen Scaling Work 4.0 for this month's podcast. Again, it's Chris Daden, CTO of Criteria. So let's start. What would you... 03:21 Call your tagline. Tell us about your origin here in Southern California. Sounds great. Well, just a little bit about myself personally. I've been in tech for ah quite a while now. It's really the only career I've ever had working in tech. So I started in my youth, frankly. My father was a member of the British Merchant Navy. you can imagine with that career involved, he traveled all around the world. uh 03:50 Also, of course, gave me lot of inspiration for the global companies that I run today and the teams that I've started around the world. So although my father wasn't directly in computer science, you know, that career of being in the merchant Navy definitely shaped my global perspective. when he stopped working in the merchant ship Navy as an officer, he started developing his own software for weather routing for large 04:21 merchant ships and container ships. So what was amazing about that was it was ran out of a spare bedroom in my parents' house just upstairs while I was growing up there. And uh we used to even have a rack of kind of four by four Dell just desktop computers that were stacked on top of each other with a switch to switch between them. And we're running the workload that my dad made with the software there on those computers. 04:51 It was very visible and evident in my childhood. My first kind of internship was maybe when I was 13 or so ah in the closet of that office. We pulled the doors off and put a desk in it and that was like my internship desk for the summer. started with programming in the dotnet ecosystem. So what year is that more or less? Yeah, it's probably like 2005, 2006. uh 05:21 So it uh was a great introductory language. Fun fact, there's a YouTube video online of me when I'm about that age doing a tutorial of how to make a calculator. So very few people have found that. I'll leave it to the public to find. But you can hear my very young 12-year-old voice in a YouTube video. it's still there. So anyway, that's part of my origin story for sure. That's what got me into computer science. 05:48 My first company, started my senior year of high school. I was aqua hired into an organization in Irvine. And then I got to join what I would call kind of a real company at that time. um One that had, you know, engineers around the globe working on solving problems and SAS for organizations of all kinds. So that's kind of where I kick started my career. I'm spending the next maybe eight to 10 years in Orange County building companies and 06:16 Now I find myself as the CTO of Criteria, which of course I'm not a founder of, but the energy that I like to bring to the team and the passion I have for what the next era of work has to offer gives me that founder-like energy. Yes. So um how long have you been with Criteria? Were you the first CTO? Were you an aqua hire? Tell us a little bit about that. Yeah, great question. So Criteria has a great history, almost 20 years of science and 06:46 um just developing a great core platform that's been used by thousands of customers around the world. I've been there as CTO for the last three and a half years. So when I joined, was right after acquisition of a couple companies in Australia that were great additions to our product portfolio. And one of my roles right away after joining was to help integrate those teams, finish retiring some of the technical debt that comes with acquisitions. um 07:15 really just all the excitement around building for the next chapter of criteria and making sure that I can contribute in my many ways to our success. So back to that tagline that due to your father's um origins in the Navy, m you have a wide global perspective. Tell me about those teams that you had in India before Criteria. 07:41 Yeah, look, I started doing business in India a little over 10 years ago. I was just reflecting on that last week. I had the luxury of visiting my team again. We also just created a new team for criteria. So I was able to go visit them. We all got together for the first time. It was a lot of fun. But about 10 years ago, I started in a city named Indore and that's in the state Madhya Pradesh. And when I started, it was a tier three city. And, you know, I really stumbled across 08:09 who is now my general manager for my last company. I stumbled across meeting him through like a development agency and we really hit it off and you know at the time I was 18 years old and you know was willing to take some risk I guess because I wanted to work with an engineer and had to build my product and company and you know what it's like being a scrappy founder and I just rolled the dice and said sure like 08:34 Why don't you come work for me full time? Let's find your friends as well and let's start a company together. And his name is Vikram. And to this day, he's still the general manager of my last company in automotive SaaS that I had recently exited in like 2021 timeframe. He's still operating that team. Company's going great. So that's been a lot of fun to see that success. But yeah, over a period of 10 years, it's become... 09:00 from a tier three to a tier two city. So things like basic infrastructure have been developed. So just so much fun and so much reflection there. I'm lucky to have, know, that's my, Criteria's new team is now my fourth India venture. So this is my fourth generation. Oh my goodness. It's a scaling work 4.0. So let's go back to Criteria. again, over dinner a couple years ago, 09:29 You started talking about how the science of finding talent is really the bedrock of criteria. And you've been there three and a half years. Talk to us about that, the talent and the science that is driving this company's technology and being used today in hiring across the world. Yeah, I think. 09:58 Hiring is one of those things that we don't always teach hiring managers or people in organizations. I think we were laughing about that. If you're, say, a great senior software engineer and you've been coding for 15 years or something, I think it's assumed that when you get promoted into, say, an engineering manager role, you're now going to be a great hiring manager. And I think hiring science is something that is often... 10:22 underappreciated in organizations, particularly startups and mid-market companies who may not have the resources, right? Because to be good at hiring science, you also have to invest resources in it, right? So really you don't see most really advanced hiring science or like, you know, psychology teams being involved in hiring until the enterprise level. for criteria, we're all about using technology to harness as many what we call talent signals as possible. So we have a 10:52 an assortment of assessment tests that can measure things like your cognitive ability, your adaptiveness, your personality fit to a job role. And we do that in rigorous and scientific ways. I think there are probably more ways to do hiring wrong than to do it correctly. And we take a lot of pride in making sure that our products are always designed to measure those talent signals and even compound them. So as you find 11:19 multiple talent signals across the life cycle of that pre-employment hiring engagement, you get a compounding, really almost like a talent blueprint of the person you're looking to hire, or maybe even like the candidate DNA of that person. And it gives you a depth of information and data about the likelihood they are to succeed for that specific job role you're hiring. And that's really, really valuable to us. And we can talk a bit about why 11:46 that matters more as we enter into this new era of work. Before we go there though, I'm fascinated. What types of talent can Criteria be used for in the hiring process? Is it across all verticals? mean, tell me a bit about that. Criteria is a pretty diverse company. So with 4,000 customers around the world, we are really present in maybe 20 different verticals. So that makes us pretty... 12:15 pretty broad in who can use us for hiring. So, you know, we joke around anything from, you know, hiring for truck drivers all the way to rocket scientists. Like there's customers across the whole spectrum in engineering, venture capital, uh you know, executive management, truck drivers for uh companies, uh frontline workers, all the way up to rocket scientists at companies. 12:45 So recently you were a keynote speaker in London and you provided your closing thoughts on AI in the workforce. So I'm going to steal your thunder right now because you gave this to me and set it up. So work 4.0 belongs to those who pair adaptive mindsets with distinctively, yeah, human skills. Workplace. 13:14 AI will be our most tireless colleague, but the future's real competitive edge is still human potential, continuously renewed. Wow, unpack that for my listeners. Because we're all getting a bit nervous about will we have job security, what do we need to do to retool, and is everybody suitable? Yeah, I think what's kind of amazing is 13:44 um You look at some reports from the World Economic Forum or other entities and they're saying things like by 2030, 39 % of skills related to kind of the current candidate applying in the workforce will be obsolete. Wow, that's a lot. That's a lot. It's almost half, right? And what's amazing about that is then what are we hiring for, right? Because the last few decades of us 14:12 hiring has been so focused on how many years of experience did you have, what degrees do you hold. And it doesn't mean for many people who, right, college is the best fit, getting a degree is the best fit for many people. But ah I think what it highlights is there's more to being workforce ready than only getting these static credentials. And for people like me, I've dropped out of college twice. Both times I had some... 14:41 transactional event with one of my businesses. And that was obviously the right choice for me, right? And I've reflected on that and I feel good about where I'm at and where I came from. But I think workforce readiness these days is going to continue to index on the more dynamic talent signals and the more dynamic credentials we have as opposed to static credentials. So what that means is my ability to think on my feet, critical thinking, adaptive reasoning. 15:11 Those are all things that we kind of measure, if at all, we measure them kind of secondarily in our current process. And these other core talents like digital fluency, AI literacy, self leadership, resilience, those are all things that are more of these dynamic credentials that we need to make sure we measure really, really well, because the reality is with the advent of AI in the work 15:40 place, hard skills are more immediately attainable. And what I mean by that is maybe if I'm hiring for an accountant role, I care more about is that accountant a strategic thinker? Do they understand the tax code to the right depth? Do they understand the strategy for valuation of the business? And then of course they have to click some buttons in QuickBooks or NetSuite or other systems. But I think AI is going to... 16:09 augment the hard skills of our workforce. And that's going to make us more index on the softer skills, emotional intelligence, the adaptability, right? Those dynamic credentials as opposed to how many years have you been clicking buttons in QuickBooks? And it will require, I guess, more critical thinking, right? True. Right? Because you will be your... uh 16:36 day-to-day job will be augmented by AI, leaving you time to upskill or to make those critical decisions, more, I don't know, avenues of strategic development in the company. that's right. Yeah, redeploy to higher value opportunities for sure. think if 30 to 40 % of your day is... 17:04 tasks that can be augmented with AI, then that 30 to 40 % of your human first excellence can be redeployed to other parts of the business. an example is at Criteria, we serve uh tens of millions of assessments, um about 10 to 12 million per year. And we have about five or six million candidates that come through that process. 17:31 when they need technical support or help with the software, they often reach out to our live chatbot. we at Criteria um want to make sure we prioritize a five-star candidate experience. So even though candidates aren't the ones paying for the service, our customers are, we know that our customer satisfaction is tightly linked to how satisfied our candidates are. Got it. uh 17:54 One of the things we had was thousands and thousands of tickets every month from those five million plus candidates coming into our support system. And what we were able to do was augment our support staff with uh AI chat bots that are trained on deep knowledge bases of criteria and past candidate issues and technical troubleshooting. we were able to achieve about a 94 % candidate ticket deflection, which is really, really massive. And it didn't mean that we 18:24 know, laid off half of our support team or something, it means that, you know, those support team members moved into other high value roles in the organization or were able to now redirect their energy to making long lasting materials like help docs and guides that can then further retrain the AI to make that even better. So that's just an example of augmentation of skill and then redeploying that human excellence to another part of the business to help you grow. So it has criteria use the same time. 18:54 methodology for their staff? For our staff, every single person at Criteria goes through our assessment products, of course. We drink our own champagne. I had to ask that question. I'm a little biased, but I think I didn't know about the category before joining Criteria. And again, with my origin story, I've hired hundreds of people around the world. And I will never run another team without using 19:22 a criteria talent success platform to hire those people. So I'm a firm believer and because I didn't know about it before and now I'm using it, it's a big gap in my knowledge. So I would say most of our market potential for criteria doesn't actually know that these tools exist. A lot of them have a retention challenge or they're having an issue hiring the right people and people like me before I joined criteria don't actually know that this tool set is available. part of my mission is to... 19:51 make sure that startups and founders and mid-market companies are aware that this is available because it solves a big problem for us building the best teams. so uh last plug for Criterion, then we're going to move on in the interview here. uh How do um customers experience Criterion? How do they uh get onboarded? mean, what is it, the HR department? Where does, where's the origin? Yeah, really great. So 20:19 We call ourselves a talent success platform because we help people pre-hire with our assessments and video interviewing products. And that's normally the HR talent acquisition leader. So someone who's in charge of recruitment for a company or essentially all the pre-employment functions. And then because we have this rich data set that comes from those pre-employment activities, we have a post-hire product that we call Develop by Criteria. And Develop is designed to use all of that psychometric data 20:48 weekly check-ins with your employees, uh frameworks for behavior to help grow those team members after they're hired using all of that data and science. So a lot of our customers experience criteria on the pre-employment side and then continue to follow through on the post-employment side with our develop product. Wow. Is there patent protection with all of the science that you have developed over the years? I think there's obviously copyright. 21:17 um of our assessment tests. think patents and software are inherently tricky, but we feel really good about the protection of our IP. Excellent, excellent. So let's switch gears. um I met you at the TICON. um You haven't been our keynote speaker yet, but you have moderated panels, and I've seen you in other events. Tell us about what do you enjoy, what do you like to talk about when you're keynote speaker? 21:47 For me, it's just such an honor to share my learnings as an entrepreneur, as an executive with the world. I still am in this phase where when I give a keynote or moderate a panel, it doesn't really feel like a real thing. It just feels like another discussion for me. That's just kind of my style. I just think that the world stays connected by sharing information like that. And for me, 22:16 I'm lucky to be at the convergence of 20 years of Criteria's product, helping people make hiring decisions and this once in a lifetime emergence of generative AI intersecting with our workforce skills. So I talk a lot about that. Of course, I'm building my own teams to build the Criteria software and platform. 22:42 So I'm also thinking about what is next for my team, how do I upscale and enable? And then of course I'm talking to our thousands of customers on a regular basis trying to make sure that we are leaders in the industry. those are areas I really love talking about. I'm an engineer at heart as well. So I tend to be quite good at bridging kind of the commercial and business side with like core engineering. So I have a deep background in 23:11 AI and ML um even more traditionally prior to the generative AI boom and now even more so post generative AI boom. We're applying generative AI in ways that um we are on the frontier fine tuning models for our uh really predictive models at criteria. So those are all areas I love to talk about and it's really an honor to be able to share that with people no matter the forum. Well maybe there'll be a podcast episode two with Chris on this. 23:41 What about, you you love to share, I don't know where you find the time. You've recently started a nonprofit, the SoCal Tech Forum. So share with my audience the types of activities, where's the venue, who is gathered, and what made you start a nonprofit, right? Yeah, it's a great question. I didn't know I would be starting a nonprofit either, but that tends to be how these things go. 24:11 It's been just a journey. ah We started off as a meetup group. my goal for the meetup group was in the Inland Empire specifically here in Southern California, we don't have many tech meetups. I'm of course networked well in Orange County and Los Angeles. And I think that particularly with these technologies that are 24:35 in our day-to-day life, it's very important that we build community around information and knowledge sharing so we can all learn and get up to speed on AI. A lot of business owners are going through transitions with their workforce, with their team that just were never really imagined. for us, we started this meetup group in the Inland Empire because there was definitely a market gap in getting together. I started off 25:02 paying for and hosting the events, breakfast, etc. And we had so much good interest. had sponsors that decided to volunteer to support, starting with a company called Clutch Coffee and Rancho Cucamonga, who has a deep history of roasting coffee and brewing technology in Rancho. And uh we've since got some other great partners to support us. And in just a little under two years, we've... 25:30 surpassed 750 members in the group. uh that was the reason once we started getting sponsors involved that it made sense to have a 501c3 nonprofit formed. And we have a leadership board now, which I'm really proud of. And we host an event at least once every month on the first Saturday of every month. And they're always technology or technology adjacent topics. They always involve. 25:56 technical and non-technical folks, business owners, entrepreneurs, startups. yeah, it's been really fun. Again, an opportunity to funnel and give back to the community and teach people about disruptive technologies. Well, you heard it here on the Founder's Sandbox, the SoCal Tech Forum. It will be in the show notes, all right, how to um get involved and perhaps attend one of those Saturday meetings. um I wanted to give you an opportunity. 26:25 to provide how people can best contact you, either for speaking opportunities, a CTO of Criteria, the nonprofit. How is it best to contact you, Chris? Yeah, I'd love to hear from you. So you can contact me on LinkedIn. So linkedin.com slash in slash Chris Dayden. All one word. And you can learn more about me as a speaker or CTO of Criteria at chrissdayden.com. excellent. 26:56 have that in the show notes. All right, I want to bring you back to the Founders Sandbox, all right, which is the platform and the podcast. I really get excited about um this part of the podcast. um I work with my clients on resiliency, um scalability, and purpose-driven, right? All with great corporate governance. I always like to ask my guests what... 27:24 the meaning of each of those three words has for them. And each of my guests has a different oh interpretation. And it's just a lot of fun to listen to what I resiliency, what's resiliency for you? I think it's appropriate that I answer that in light of kind of work 4.0. So for me, when it comes to resiliency in work 4.0, um it's about the art of constantly reinventing yourself. 27:53 but in faster cycles. And I think what's really important to everyone is that in Work 4.0, hard skills can become obsolete quicker than before. And that reinvention is critical to really being resilient in this new market. How about scalable? You've scaled a couple of companies, you've been an aqua hire. What does scalable mean to you, Chris? In Work 4.0, scalable will mean 28:22 adequately augmenting the talent you have in humans in your organization with the ability to harness the true power of AI and to do that without losing culture or trust. I think many organizations think of the first half of that. Very few of the organizations can execute on human plus agentic AI and also maintain trust. 28:51 and without losing culture. Have you seen any best practices? This is a little bit off script in terms of companies that have, or are scaling, right? Because this is just scaling pretty quickly in the last year or so. Sure. And are there any best practices out there in building that trust? Yeah, I think having a real holistic AI strategy is key. 29:18 One main component of a holistic AI strategy is how can you get tools to the fingertips of every staff member in your organization so that it's embedded in their workflow? Because a lot of the top-down AI strategy from organizations, like a CEO says, you must use AI and we must be 25 % more efficient, is really shallow when it comes to strategy. And it very rarely results in a culture 29:48 sustaining in a company for this AI growth and augmentation. So what I've been really impressed by is, you know, when I host things like AI monthly global office hours at Criteria, or I host one-on-one sessions with employees to learn about how they're using AI, because you're able to push those tools down to your team members and let them use it in a safe and comfortable area, it allows you to see what people creatively do with AI. And most of the time, 30:17 I could say there's probably 60 or 70 % of use cases that I would never have expected my staff to use AI for, and I would have been the bottleneck of creating if they were waiting for me to do it, and instead give them a safe experimentation zone. And I think that is key to a sustaining AI strategy for So your best practice is actually a criteria from what I'm hearing here. And it's very becoming because I'd like to talk about playfulness in the sandbox, right? 30:46 I read recently, was an EY um study, I think it was this last week, that about 40 % of employees that are forced to use AI tools give up after a month. They don't see the utility in their day-to-day tasks they're doing. So there is something to what you just said, building trust, but building it from the bottom up, right? Yeah, I resonate with that for sure. And I think the only way people break that barrier 31:16 is by seeing their colleagues successful with it. Very rarely is a demo from an executive leader going to be, I mean, it might be enough to begin a culture of AI. Like I had to do a lot of demos and show people kind of the art of the possible. And then as soon as I saw pockets of AI intelligence in the organization, the quicker you can elevate those people to lead and present their findings, the faster... 31:45 you build up kind of the natural human competition between your team and everybody all of a sudden will get more behind it. And that's really important. I think you've reached a point of success in your AI strategy when you were once leading the AI learning sessions and now you are not. How cool is that? You heard it here in the founder sandbox. All right. Purpose driven. What's a purpose driven enterprise for you? I think that 32:12 This is timely based on our discussion just now where organizations need to harness AI at the right times. think purpose for criteria, for example, means how do we measure talent signals that are able to give us the best candidate blueprint or the best candidate DNA possible? And for us, 32:40 every single day, regardless of the technology, what fuels us is having that purpose-driven statement of collecting talent signals around the world for any team. And you really do get lost in that sometimes, for good and for worse, when you're just trying to collect as many talent signals as you can. And being purpose-driven means always doing the right thing when it comes to that. 33:09 mission statement that you've set. And for us, it's collecting talent signals. I think that AI can do that well in a lot of areas, but AI can also be very dangerous in those areas. So when it comes to Work 4.0, having that purpose-driven enterprise statement is very, very important because it anchors us for our new product development. It anchors us for how we're using new technology to help people make the best teams. 33:39 Going back to that, to build the trust, we might clip this out, um does criteria maintain a group of scientists to actually peel back the layers and make meaning out of the signals that you are capturing to create new signals? That's one question. The second is, does criteria have an ethicist on board? 34:08 on call or how do you ensure there is guardrails around talent signals? Yeah, those are really great questions. think for criteria, when we say we're rooted in science, it wouldn't mean very much if it was just a bunch of engineers and product managers kind of deciding what science is, right? So for us, we take a lot of pride in our product IO psychology team. So a lot of them are 34:37 industrial organizational psychologists by trade that are working full time for criteria. And their role is assessment development, assessment validation. uh And particularly in the light of fine tuning AI models, they are very, very hands on in creation of those models, validating those models. There's a lot of legislation we have to comply with, not only the normal data privacy stuff like GDPR and CCPA, but also 35:07 industry specific laws like the New York bias laws and others that help protect uh candidates as they are applying for roles. So that is very, very near and dear to our heart. And also we conduct adverse impact studies and we do case studies with customers to make sure that the product is uh behaving the way that they intended to behave. 35:32 You know, we've got norms for all of our assessments and we adjust those norms based on massive populations of data. So all of that is how we ensure scientific signal. This is amazing. Last question. Did you have fun in the Founder Sandbox today, Chris? I had a lot of fun in the Founder Sandbox. Really a pleasure. Thank you for having me. Thank you, Chris. So to my listeners, if you like this episode with the CTO of Criteria, Chris Daden. 36:02 Sign up for the monthly release for more podcasts where I have business owners, professional service providers, and corporate board directors who are all working to build with strong governance, resilience, scalable, and purpose-driven companies. Thank you. Signing off.

California has taken a new approach to protecting minors online. Governor Gavin Newsom just signed the Digital Age Assurance Act, shifting responsibility for age assurance to app developers while leaving verification to self-reported age data at the operating system level. The law—backed by Big Tech and set to take effect in 2027—moves away from the stricter parental consent models in Utah and Texas and creates a new compliance landscape for developers under CCPA and COPPA. Hosted by Simone Roach. Based on a blog post by Alysa Z. Hutnik, Laura Riposo VanDruff, Alexander I. Schneider, and Salim Rashid.

California is once again leading the nation on privacy. Governor Gavin Newsom just signed three new laws that will reshape how businesses manage user data, account deletion, and browser-based opt-outs. Together, these laws—the Opt Me Out Act, expanded data broker disclosure requirements, and new social media deletion rules—signal where CCPA enforcement is headed next. Companies should start preparing now, as compliance deadlines are just around the corner. Hosted by Simone Roach. Based on a blog post by Aaron J. Burstein and Meaghan M. Donahue.

In this episode, Samuel Estreicher of the NYU School of Law and John Yoo of the UC Berkeley School of Law join to recap the oral arguments from the pair of challenges to President Trump's tariffs and discuss whether International Emergency Economic Powers Act (IEEPA) authorizes the president to impose extensive tariffs on nearly all goods imported into the United States. Jeffrey Rosen, president and CEO of the National Constitution Center, moderates.     Resources  Samuel Estreicher et al., “Brief of Professors of Administrative Law, Separation of Powers, Foreign Relations Law, Legislation and the Regulatory State, and Trade Law” (10/24/2025)  Sam Estreicher and Andrew Babbit, “The Case Against Unbounded Delegation in Trump v. VOS Selections,” Lawfare (10/30/2025) John Yoo, “What Could the Supreme Court Rule About Trump's Tariffs,” Civitas Institute (9/8/2025)  Biden v. Nebraska (2023)  Whitman v. American Trucking Associations, Inc. (2001)  Dames & Moore v. Regan (1981) Youngstown Sheet & Tube Co. v. Sawyer (1953)  United States v. Yoshida International, Inc. (CCPA, 1975) United States v. Curtiss-Wright Export Corp. (1936) Schechter Poultry Corp. v. United States (1935)    In our new podcast, Pursuit: The Founders' to Guide to Happiness Jeffrey Rosen explores the founders' lives with the historians who know them best. Plus, filmmaker Ken Burns shares his daily practice of self-reflection.    Listen to episodes of Pursuit on Apple Podcast and Spotify.  Stay Connected and Learn More Questions or comments about the show? Email us at ⁠⁠⁠⁠⁠⁠⁠⁠podcast@constitutioncenter.org⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Continue the conversation by following us on social media @ConstitutionCtr ⁠⁠⁠⁠⁠ Explore the⁠⁠⁠⁠⁠⁠⁠ ⁠America at 250 Civic Toolkit⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠Sign up⁠⁠⁠⁠⁠⁠⁠⁠ to receive Constitution Weekly, our email roundup of constitutional news and debate Follow, rate, and review wherever you listen Join us for an upcoming ⁠⁠⁠live program⁠⁠⁠⁠⁠⁠⁠⁠ or watch recordings on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠YouTube⁠⁠⁠⁠⁠⁠⁠⁠ Support our important work:  ⁠⁠⁠⁠⁠⁠⁠⁠Donate⁠⁠

We recently hosted an insightful session on data privacy, cybersecurity compliance, and AI risks.Our expert panel — Maureen A., Prateek Tiwari, and Arianna Gonzalez, MBA — discussed evolving global privacy laws like the GDPR, CCPA, and India's DPDP Act, cross-border data transfers, and the challenges of AI-driven data processing.They also shared key takeaways on cybersecurity risk management, litigation trends, and proactive compliance strategies to help organizations strengthen their data protection programs in today's complex digital landscape.Listen In!

The California Privacy Protection Agency fined Tractor Supply $1.35 million for alleged violations of the CCPA, citing inadequate privacy notices, employee disclosures, opt-out mechanisms, and partner contracts. The settlement underscores California's growing enforcement focus on opt-out preference signals, contract compliance, and employee data rights. It also highlights how even consumer complaints can trigger wide-ranging investigations. Hosted by Simone Roach. Based on a blog post by Laura Riposo VanDruff and Meaghan M. Donahue

Even without new comprehensive privacy laws passed in 2025, regulators have kept busy. California finalized major CCPA updates—introducing risk assessments, cybersecurity audits, and automated decision-making rules—while amendments and new state laws in Maryland, Indiana, Kentucky, and Rhode Island take effect soon. Colorado also extended the deadline for its AI Act. This episode breaks down what's changing, when key obligations begin, and why businesses need to start mapping their compliance timelines now. Hosted by Simone Roach. Based on a blog post by Aaron J. Burstein, Alexander I. Schneider, and Meaghan M. Donahue

In Episode 99, I do something a little different: I take you behind the scenes as I use ChatGPT in voice mode to design a real automation from start to finish. The goal? Build an internal chatbot for product and engineering that's trained on CX call transcripts stored in Gong, so teams can ask targeted questions (“What's frustrating customers in Module X?”) and get instant, concise answers with deep links back to the exact call moments.You'll hear how I frame the problem, push the model to avoid hallucinations, and pick a stack that balances speed, privacy, and scale: Gong → Airtable as the searchable store → a Zapier-hosted chatbot for querying. We also cover transcript hygiene (auto-removing small talk and personal details), vendor privacy considerations, and a simple habit hack: having AI remind you later to actually implement the ideas you generated while walking the dog.I'll link the step-by-step PDF I asked ChatGPT to generate in the show notes so you can follow along and adapt it to your environment.If this sparks ideas for your own digital CX programs, follow/subscribe and drop a review—it really helps more practitioners find the show.Support the show+++++++++++++++++Like/Subscribe/Review:If you are getting value from the show, please follow/subscribe so that you don't miss an episode and consider leaving us a review. Website:For more information about the show or to get in touch, visit DigitalCustomerSuccess.com. Buy Alex a Cup of Coffee:This show runs exclusively on caffeine - and lots of it. If you like what we're, consider supporting our habit by buying us a cup of coffee: https://bmc.link/dcspThank you for all of your support!The Digital Customer Success Podcast is hosted by Alex Turkovic

For episode 606 of the BlockHash Podcast, host Brandon Zemp is joined by Patrick Moynihan, President and Co-founder of Tracer Labs.Tracer Labs is building the future of digital trust. As the parent company of Trust ID and a founding member of DCID, we create self-sovereign identity (SSI) and consent solutions where control follows the user and not the website.Patrick leads a team bringing privacy-first, quantum-resistant identity to Web3, where user consent and data aren't just protected, but unified across platforms. Tracer Labs has replaced invasive device tracking with patent pending tech that gives individuals one login, full control, and real-world rewards—think GDPR and CCPA compliance, higher business conversions, and verified zero-party data. Their aPaaS integrates seamlessly for instant impact, with paid rollouts underway and brand partnerships like Bass Pro Shops and Expedia already in progress. ⏳ Timestamps: (0:00) Introduction(1:17) Who is Patrick Moynihan?(16:16) How can Trust ID be used?(22:00) How are users incentivized to share data?(28:46) Online data protection for kids(33:47) Quantum resistant identity(41:36) Tracer Labs roadmap 

Nonprofits lean on outside platforms to save time and stretch budgets—but those relationships can quietly expose sensitive donor, client, and payment data. In this episode, Senior Cybersecurity Advisor Parker Brissette of Richey May explains how to recognize and manage third-party software risk before it becomes tomorrow's headline. He starts with a simple lens: follow the data. Where is it stored? Who can touch it—directly or indirectly? Many teams only think about contracted vendors, but Parker widens the aperture to “shadow IT” and consumer tools staff use without formal approval. As he puts it, “Third parties is really anybody that can touch the data at any point in your business, whether you have an agreement with them or maybe not.”From privacy regulations (GDPR, CCPA) to sector-specific rules (HIPAA, PCI), nonprofits carry legal and reputational exposure the moment personal information enters their systems. Parker offers practical steps: inventory paid tools via your accounting system; ask, “If this vendor vanished tomorrow, what would break?”; and press vendors for proof—SOC 2 reports, ISO 27001, or completed security questionnaires. For organizations without a CIO, he recommends clear contracts and one non-negotiable safeguard: “The biggest thing that I recommend in any third-party engagement is setting an expectation of having cyber insurance, because that's a big protection for you financially.”AI enters the picture with both promise and peril. Consumer AI tools can learn from and retain your uploads, potentially exposing proprietary or personal information. Enterprise agreements (e.g., Microsoft Copilot) can offer stronger data protections, but only if configured and used correctly. Parker's guidance is pragmatic: don't ban AI; set guardrails, choose vetted tools, and train teams.Finally, he urges preparation and transparency. Incidents can happen—even with good controls. Donors and corporate funders expect frank communication about what protections exist and what happens if data is exposed. Build trust now by documenting safeguards, validating vendors, and rehearsing your response.You don't have to be a security expert to make smart choices—but you do need a map: know your systems, test your assumptions, ask vendors for evidence, and write risk into your contracts and budgets. That approach turns anxiety into action—and preserves the trust your mission depends on.Find us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show

Daniel M. Goldberg is the Partner and Chair of the Data Strategy, Privacy & Security Group at Frankfurt Kurnit Klein & Selz PC. He advises on a wide range of privacy, security, and AI matters. His expertise spans from handling high-stakes regulatory enforcement actions to shaping the application of privacy and AI laws. Earlier this year, the California Privacy Lawyers Association named him the "California Privacy Lawyer of the Year." In this episode… California is reshaping privacy compliance with its latest updates to the California Consumer Privacy Act (CCPA). These sweeping changes introduce new obligations for businesses operating in California, notably in the areas of Automated Decision-Making Technology (ADMT), cybersecurity audits, and risk assessments. So, what can companies do now to get ahead?  Companies can prepare by understanding the scope of the new rules and whether or not they apply to their business, as the regulations are set to take effect on October 1, 2025, if they are filed with the Secretary of State by August 31. If that filing happens later, the next effective date will shift to January 1, 2026. The rules around ADMT are especially complex, with broad definitions that could apply to any tool or system that processes personal data to make significant decisions about consumers. Beyond ADMT, certain companies will also need to conduct comprehensive cybersecurity audits through an independent auditor, a process that may be challenging for smaller organizations. Risk assessments impose an additional obligation by requiring reviews of activities such as processing, selling, or sharing sensitive data, and using ADMT for significant decision-making, among others, with attestations submitted to regulators. The new rules make it clear that California regulators also expect companies to maintain detailed documentation and demonstrate accountability through governance. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Daniel Goldberg, Partner and Chair of the Data Strategy, Privacy & Security Group at Frankfurt Kurnit Klein & Selz PC, about how companies can navigate the CCPA's new requirements. From ADMT to mandatory cybersecurity audits and risk assessments, Daniel provides a detailed overview of the complex requirements, explaining the scope and its impact on companies. He also outlines how these new rules set the tone for future privacy and AI regulations, why documentation and governance are central to compliance, and shares practical tips on the importance of reviewing AI tool settings to ensure sensitive data and confidential information are not used for AI model training.

Questions Piotr addresses in this episode:What is FORMEL SKIN, and how does it solve dermatology's bottleneck in Germany?How did Piotr's career in analytics develop across multiple verticals?Why is ‘perfect data' a myth in mobile marketing?How do you responsibly track and aggregate users before registration?What's the difference between front-end and back-end behavioral data?How do device/user mismatches and changes create analytics headaches?What are the new challenges and gray areas in privacy (GDPR, CCPA, device fingerprinting)?Where does fraud hide in aggregated data, and how do you find it?Why does fraud persist, and what incentives make it so durable?How could success in mobile marketing be measured differently to promote collaboration and integrity?Timestamps(0:00) – Introducing FORMEL SKIN, Piotr's role, and Germany's digital dermatology(1:18) – Marketing analytics in dating, fintech, health(2:50) – Why ‘perfect data' is a myth(5:00) – Assigning pseudo-user IDs, device-based tracking(6:00) – Aggregated data, ‘chasing ghosts,' and its pitfalls(8:00) – Combining front-end and back-end data; challenges in stitching(9:36) – Device vs. user: confusion, mismatches, and noise(11:13) – Balancing privacy vs. marketing needs; legal and business conflicts(12:30) – Device fingerprinting: what's legal, what's risky, and why(14:22) – The end of one-to-one attribution; rise of aggregated, top-level analysis(16:05) – Marketing fraud: what's changed, sneaky affiliate/network tricks(19:08) – Incentives, alignment failures, and why fraud persists(21:40) – Filtering fraud: long onboarding, compliance, and technical vigilance(23:38) – ‘Success' in mobile marketing and why responsibility must be shared(32:08) – Wrap upQuotes(2:50)  “Don't expect perfect data – especially in marketing where different data sources are being combined.”(5:10)  “You try to anchor it to the device…within all the data security and the privacy setup and anchor it to this entity and create one entity.”(15:26) “We can use aggregated data for strategic decisions, like how to shift budgets from channel A to B.”Mentioned in This EpisodePiotr Prędkiewicz's LinkedinFORMEL SKIN

Aaron J. Burstein, Meaghan M. Donahue On July 1, 2025, California Attorney General Rob Bonta announced a $1.55 million proposed settlement order with Healthline Media – the largest California Consumer Privacy Act (CCPA) settlement to date. The proposed settlement resolves allegations that Healthline violated the CCPA by 1) failing to honor consumer requests to opt-out of the sale and sharing of personal information, 2) violating the CCPA's purpose limitation principle, and 3) failing to include required data protection provisions in contracts with service providers and third parties.

Pixels attached to articles explaining a recent health diagnosis – without consent  – led Healthline to a record $1.55 million fine for violating CCPA. Plus: the new AI contract.

Send us a textCameron and Gabe dive into Healthline Media's record-breaking $1.55 million settlement for CCPA violations, examining whether such penalties are sufficient deterrents against improper sharing of sensitive health data.• Healthline violated CCPA by sharing sensitive user health data with advertisers without proper consent• First U.S. regulatory action against a company for disclosing "inferred sensitive data"• Violation included failing to provide mechanisms to opt out of sensitive data sharing• Discussion of whether fines proportional to company revenue would be more effective• Comparison of data brokers to other harmful entities in society• Brief preview of upcoming episode about a major data breach potentially larger than EquifaxStay safe this holiday weekend and don't put fireworks where they don't belong! Tune in next time for our breakdown of a massive data breach of "epic proportions." Support the show