Podcasts about ccpa

It's not science fiction anymore; it's Agentic AI. We're moving past the era where AI just assists us.  Now, we're talking about a coworker that can run entire recruiting workflows from start to finish. Think of it like a Tesla: you set the destination, and it drives the car. But I don't want you to be left in the dust regarding what this looks like. We are talking about autonomous scoring, outreach, and screening that operates without human intervention so you can save your intervention for where it matters most. However, with great automation comes great responsibility. I know we are all feeling the pinch point of budget constraints and increased hiring needs , but you cannot build automation on top of chaos. If you don't have a strong foundation or good data, you're just going to automate chaos. We're going to discuss the critical guardrails you need - like human oversight on outreach and bias monitoring, because the human touch is going to be more valuable than it ever has been. So, where do you start? We'll look at finding your highest ROI pilots, like passive candidate sourcing or high-volume screening, and how to build a governance framework so candidates know they are interacting with AI. This isn't autopilot; it's assisted driving. Join me as we explore how to use these tools to elevate the human experience, not replace it. Stacie More episodes at StacieBaird.com. Basics on GDPR and CCPA

In this episode of The Founder's Sandbox, host Brenda McCabe sits down with Chris Daden, CTO of Criteria Corp, to explore what it takes to scale purpose-driven businesses in the era of Work 4.0. Chris shares his fascinating origin story—starting with a childhood shaped by tech-savvy parents and leading to multiple exits, international teams, and leadership at a global talent success platform. He breaks down how Criteria uses science and AI to remove bias from hiring, why soft skills matter more than ever, and how to future-proof your workforce in an AI-augmented world. Learn about his nonprofit, SoCal Tech Forum, and why building trust is essential for AI adoption at scale. transcript: 00:18 Welcome back to the Founder's Sandbox. The Founder's Sandbox is in its fourth season. I'm here, your host, Brenda McCabe, and I'm live this month's podcast is 00:31 from the Founders Space in Pasadena. And I'm joined with my guest, Chris Daden of Criteria Corp. um And a colleague of mine in the startup ecosystem. Welcome, Chris. Thanks for having me. I'm really excited to be here. So am I. So um I want to briefly give some background on the Founder Sandbox for those that are listening in today. um 00:56 Each episode features in-depth conversations with founders of small and mid-sized owner-operated companies and operators that support the ecosystem. And together, through storytelling, we explore how to build scalable, resilient, purpose-driven businesses with great corporate governance. And you're going to discover today with Chris, his origin story. I always like to start with how the person 01:24 that's a guest to my podcast, really started getting involved with the ecosystem of startups. And your story is quite fascinating. I'm gonna give a spoiler alert here. You and I met, I guess two years ago, at a Thai con event where you were on a panel. I was the MC em and we got to talking over dinner and just your origin story and the multiple exits you've had. 01:53 really um lit up a bulb in my mind. said, Chris, you have to be in my podcast. So it's two years later, and I'm so glad that we're making this happen. Lucky to be here. Thank you. forward to it. So this podcast, again, we're going to talk about a lot of things because Chris, not only are the CTO of Criteria Corp, a talent success company, where you help organizations meet objective evidence-based 02:23 talent decisions that both reduce the bias and drive better outcomes. But also, you're a two times 40 under 40. You've had multiple exits of prior companies. You're a speaker, a founder, a board member, and recently you started your own nonprofit in SoCal called the SoCal Tech Forum. 02:51 Oh, and I forgot you're a member of the Forbes Technology Council. we're going to have... Couldn't have said it better. Thank you, Brenda. So with that, again, my episodes on particularly Spotify, we have a title that's on each episode and we've chosen Scaling Work 4.0 for this month's podcast. Again, it's Chris Daden, CTO of Criteria. So let's start. What would you... 03:21 Call your tagline. Tell us about your origin here in Southern California. Sounds great. Well, just a little bit about myself personally. I've been in tech for ah quite a while now. It's really the only career I've ever had working in tech. So I started in my youth, frankly. My father was a member of the British Merchant Navy. you can imagine with that career involved, he traveled all around the world. uh 03:50 Also, of course, gave me lot of inspiration for the global companies that I run today and the teams that I've started around the world. So although my father wasn't directly in computer science, you know, that career of being in the merchant Navy definitely shaped my global perspective. when he stopped working in the merchant ship Navy as an officer, he started developing his own software for weather routing for large 04:21 merchant ships and container ships. So what was amazing about that was it was ran out of a spare bedroom in my parents' house just upstairs while I was growing up there. And uh we used to even have a rack of kind of four by four Dell just desktop computers that were stacked on top of each other with a switch to switch between them. And we're running the workload that my dad made with the software there on those computers. 04:51 It was very visible and evident in my childhood. My first kind of internship was maybe when I was 13 or so ah in the closet of that office. We pulled the doors off and put a desk in it and that was like my internship desk for the summer. started with programming in the dotnet ecosystem. So what year is that more or less? Yeah, it's probably like 2005, 2006. uh 05:21 So it uh was a great introductory language. Fun fact, there's a YouTube video online of me when I'm about that age doing a tutorial of how to make a calculator. So very few people have found that. I'll leave it to the public to find. But you can hear my very young 12-year-old voice in a YouTube video. it's still there. So anyway, that's part of my origin story for sure. That's what got me into computer science. 05:48 My first company, started my senior year of high school. I was aqua hired into an organization in Irvine. And then I got to join what I would call kind of a real company at that time. um One that had, you know, engineers around the globe working on solving problems and SAS for organizations of all kinds. So that's kind of where I kick started my career. I'm spending the next maybe eight to 10 years in Orange County building companies and 06:16 Now I find myself as the CTO of Criteria, which of course I'm not a founder of, but the energy that I like to bring to the team and the passion I have for what the next era of work has to offer gives me that founder-like energy. Yes. So um how long have you been with Criteria? Were you the first CTO? Were you an aqua hire? Tell us a little bit about that. Yeah, great question. So Criteria has a great history, almost 20 years of science and 06:46 um just developing a great core platform that's been used by thousands of customers around the world. I've been there as CTO for the last three and a half years. So when I joined, was right after acquisition of a couple companies in Australia that were great additions to our product portfolio. And one of my roles right away after joining was to help integrate those teams, finish retiring some of the technical debt that comes with acquisitions. um 07:15 really just all the excitement around building for the next chapter of criteria and making sure that I can contribute in my many ways to our success. So back to that tagline that due to your father's um origins in the Navy, m you have a wide global perspective. Tell me about those teams that you had in India before Criteria. 07:41 Yeah, look, I started doing business in India a little over 10 years ago. I was just reflecting on that last week. I had the luxury of visiting my team again. We also just created a new team for criteria. So I was able to go visit them. We all got together for the first time. It was a lot of fun. But about 10 years ago, I started in a city named Indore and that's in the state Madhya Pradesh. And when I started, it was a tier three city. And, you know, I really stumbled across 08:09 who is now my general manager for my last company. I stumbled across meeting him through like a development agency and we really hit it off and you know at the time I was 18 years old and you know was willing to take some risk I guess because I wanted to work with an engineer and had to build my product and company and you know what it's like being a scrappy founder and I just rolled the dice and said sure like 08:34 Why don't you come work for me full time? Let's find your friends as well and let's start a company together. And his name is Vikram. And to this day, he's still the general manager of my last company in automotive SaaS that I had recently exited in like 2021 timeframe. He's still operating that team. Company's going great. So that's been a lot of fun to see that success. But yeah, over a period of 10 years, it's become... 09:00 from a tier three to a tier two city. So things like basic infrastructure have been developed. So just so much fun and so much reflection there. I'm lucky to have, know, that's my, Criteria's new team is now my fourth India venture. So this is my fourth generation. Oh my goodness. It's a scaling work 4.0. So let's go back to Criteria. again, over dinner a couple years ago, 09:29 You started talking about how the science of finding talent is really the bedrock of criteria. And you've been there three and a half years. Talk to us about that, the talent and the science that is driving this company's technology and being used today in hiring across the world. Yeah, I think. 09:58 Hiring is one of those things that we don't always teach hiring managers or people in organizations. I think we were laughing about that. If you're, say, a great senior software engineer and you've been coding for 15 years or something, I think it's assumed that when you get promoted into, say, an engineering manager role, you're now going to be a great hiring manager. And I think hiring science is something that is often... 10:22 underappreciated in organizations, particularly startups and mid-market companies who may not have the resources, right? Because to be good at hiring science, you also have to invest resources in it, right? So really you don't see most really advanced hiring science or like, you know, psychology teams being involved in hiring until the enterprise level. for criteria, we're all about using technology to harness as many what we call talent signals as possible. So we have a 10:52 an assortment of assessment tests that can measure things like your cognitive ability, your adaptiveness, your personality fit to a job role. And we do that in rigorous and scientific ways. I think there are probably more ways to do hiring wrong than to do it correctly. And we take a lot of pride in making sure that our products are always designed to measure those talent signals and even compound them. So as you find 11:19 multiple talent signals across the life cycle of that pre-employment hiring engagement, you get a compounding, really almost like a talent blueprint of the person you're looking to hire, or maybe even like the candidate DNA of that person. And it gives you a depth of information and data about the likelihood they are to succeed for that specific job role you're hiring. And that's really, really valuable to us. And we can talk a bit about why 11:46 that matters more as we enter into this new era of work. Before we go there though, I'm fascinated. What types of talent can Criteria be used for in the hiring process? Is it across all verticals? mean, tell me a bit about that. Criteria is a pretty diverse company. So with 4,000 customers around the world, we are really present in maybe 20 different verticals. So that makes us pretty... 12:15 pretty broad in who can use us for hiring. So, you know, we joke around anything from, you know, hiring for truck drivers all the way to rocket scientists. Like there's customers across the whole spectrum in engineering, venture capital, uh you know, executive management, truck drivers for uh companies, uh frontline workers, all the way up to rocket scientists at companies. 12:45 So recently you were a keynote speaker in London and you provided your closing thoughts on AI in the workforce. So I'm going to steal your thunder right now because you gave this to me and set it up. So work 4.0 belongs to those who pair adaptive mindsets with distinctively, yeah, human skills. Workplace. 13:14 AI will be our most tireless colleague, but the future's real competitive edge is still human potential, continuously renewed. Wow, unpack that for my listeners. Because we're all getting a bit nervous about will we have job security, what do we need to do to retool, and is everybody suitable? Yeah, I think what's kind of amazing is 13:44 um You look at some reports from the World Economic Forum or other entities and they're saying things like by 2030, 39 % of skills related to kind of the current candidate applying in the workforce will be obsolete. Wow, that's a lot. That's a lot. It's almost half, right? And what's amazing about that is then what are we hiring for, right? Because the last few decades of us 14:12 hiring has been so focused on how many years of experience did you have, what degrees do you hold. And it doesn't mean for many people who, right, college is the best fit, getting a degree is the best fit for many people. But ah I think what it highlights is there's more to being workforce ready than only getting these static credentials. And for people like me, I've dropped out of college twice. Both times I had some... 14:41 transactional event with one of my businesses. And that was obviously the right choice for me, right? And I've reflected on that and I feel good about where I'm at and where I came from. But I think workforce readiness these days is going to continue to index on the more dynamic talent signals and the more dynamic credentials we have as opposed to static credentials. So what that means is my ability to think on my feet, critical thinking, adaptive reasoning. 15:11 Those are all things that we kind of measure, if at all, we measure them kind of secondarily in our current process. And these other core talents like digital fluency, AI literacy, self leadership, resilience, those are all things that are more of these dynamic credentials that we need to make sure we measure really, really well, because the reality is with the advent of AI in the work 15:40 place, hard skills are more immediately attainable. And what I mean by that is maybe if I'm hiring for an accountant role, I care more about is that accountant a strategic thinker? Do they understand the tax code to the right depth? Do they understand the strategy for valuation of the business? And then of course they have to click some buttons in QuickBooks or NetSuite or other systems. But I think AI is going to... 16:09 augment the hard skills of our workforce. And that's going to make us more index on the softer skills, emotional intelligence, the adaptability, right? Those dynamic credentials as opposed to how many years have you been clicking buttons in QuickBooks? And it will require, I guess, more critical thinking, right? True. Right? Because you will be your... uh 16:36 day-to-day job will be augmented by AI, leaving you time to upskill or to make those critical decisions, more, I don't know, avenues of strategic development in the company. that's right. Yeah, redeploy to higher value opportunities for sure. think if 30 to 40 % of your day is... 17:04 tasks that can be augmented with AI, then that 30 to 40 % of your human first excellence can be redeployed to other parts of the business. an example is at Criteria, we serve uh tens of millions of assessments, um about 10 to 12 million per year. And we have about five or six million candidates that come through that process. 17:31 when they need technical support or help with the software, they often reach out to our live chatbot. we at Criteria um want to make sure we prioritize a five-star candidate experience. So even though candidates aren't the ones paying for the service, our customers are, we know that our customer satisfaction is tightly linked to how satisfied our candidates are. Got it. uh 17:54 One of the things we had was thousands and thousands of tickets every month from those five million plus candidates coming into our support system. And what we were able to do was augment our support staff with uh AI chat bots that are trained on deep knowledge bases of criteria and past candidate issues and technical troubleshooting. we were able to achieve about a 94 % candidate ticket deflection, which is really, really massive. And it didn't mean that we 18:24 know, laid off half of our support team or something, it means that, you know, those support team members moved into other high value roles in the organization or were able to now redirect their energy to making long lasting materials like help docs and guides that can then further retrain the AI to make that even better. So that's just an example of augmentation of skill and then redeploying that human excellence to another part of the business to help you grow. So it has criteria use the same time. 18:54 methodology for their staff? For our staff, every single person at Criteria goes through our assessment products, of course. We drink our own champagne. I had to ask that question. I'm a little biased, but I think I didn't know about the category before joining Criteria. And again, with my origin story, I've hired hundreds of people around the world. And I will never run another team without using 19:22 a criteria talent success platform to hire those people. So I'm a firm believer and because I didn't know about it before and now I'm using it, it's a big gap in my knowledge. So I would say most of our market potential for criteria doesn't actually know that these tools exist. A lot of them have a retention challenge or they're having an issue hiring the right people and people like me before I joined criteria don't actually know that this tool set is available. part of my mission is to... 19:51 make sure that startups and founders and mid-market companies are aware that this is available because it solves a big problem for us building the best teams. so uh last plug for Criterion, then we're going to move on in the interview here. uh How do um customers experience Criterion? How do they uh get onboarded? mean, what is it, the HR department? Where does, where's the origin? Yeah, really great. So 20:19 We call ourselves a talent success platform because we help people pre-hire with our assessments and video interviewing products. And that's normally the HR talent acquisition leader. So someone who's in charge of recruitment for a company or essentially all the pre-employment functions. And then because we have this rich data set that comes from those pre-employment activities, we have a post-hire product that we call Develop by Criteria. And Develop is designed to use all of that psychometric data 20:48 weekly check-ins with your employees, uh frameworks for behavior to help grow those team members after they're hired using all of that data and science. So a lot of our customers experience criteria on the pre-employment side and then continue to follow through on the post-employment side with our develop product. Wow. Is there patent protection with all of the science that you have developed over the years? I think there's obviously copyright. 21:17 um of our assessment tests. think patents and software are inherently tricky, but we feel really good about the protection of our IP. Excellent, excellent. So let's switch gears. um I met you at the TICON. um You haven't been our keynote speaker yet, but you have moderated panels, and I've seen you in other events. Tell us about what do you enjoy, what do you like to talk about when you're keynote speaker? 21:47 For me, it's just such an honor to share my learnings as an entrepreneur, as an executive with the world. I still am in this phase where when I give a keynote or moderate a panel, it doesn't really feel like a real thing. It just feels like another discussion for me. That's just kind of my style. I just think that the world stays connected by sharing information like that. And for me, 22:16 I'm lucky to be at the convergence of 20 years of Criteria's product, helping people make hiring decisions and this once in a lifetime emergence of generative AI intersecting with our workforce skills. So I talk a lot about that. Of course, I'm building my own teams to build the Criteria software and platform. 22:42 So I'm also thinking about what is next for my team, how do I upscale and enable? And then of course I'm talking to our thousands of customers on a regular basis trying to make sure that we are leaders in the industry. those are areas I really love talking about. I'm an engineer at heart as well. So I tend to be quite good at bridging kind of the commercial and business side with like core engineering. So I have a deep background in 23:11 AI and ML um even more traditionally prior to the generative AI boom and now even more so post generative AI boom. We're applying generative AI in ways that um we are on the frontier fine tuning models for our uh really predictive models at criteria. So those are all areas I love to talk about and it's really an honor to be able to share that with people no matter the forum. Well maybe there'll be a podcast episode two with Chris on this. 23:41 What about, you you love to share, I don't know where you find the time. You've recently started a nonprofit, the SoCal Tech Forum. So share with my audience the types of activities, where's the venue, who is gathered, and what made you start a nonprofit, right? Yeah, it's a great question. I didn't know I would be starting a nonprofit either, but that tends to be how these things go. 24:11 It's been just a journey. ah We started off as a meetup group. my goal for the meetup group was in the Inland Empire specifically here in Southern California, we don't have many tech meetups. I'm of course networked well in Orange County and Los Angeles. And I think that particularly with these technologies that are 24:35 in our day-to-day life, it's very important that we build community around information and knowledge sharing so we can all learn and get up to speed on AI. A lot of business owners are going through transitions with their workforce, with their team that just were never really imagined. for us, we started this meetup group in the Inland Empire because there was definitely a market gap in getting together. I started off 25:02 paying for and hosting the events, breakfast, etc. And we had so much good interest. had sponsors that decided to volunteer to support, starting with a company called Clutch Coffee and Rancho Cucamonga, who has a deep history of roasting coffee and brewing technology in Rancho. And uh we've since got some other great partners to support us. And in just a little under two years, we've... 25:30 surpassed 750 members in the group. uh that was the reason once we started getting sponsors involved that it made sense to have a 501c3 nonprofit formed. And we have a leadership board now, which I'm really proud of. And we host an event at least once every month on the first Saturday of every month. And they're always technology or technology adjacent topics. They always involve. 25:56 technical and non-technical folks, business owners, entrepreneurs, startups. yeah, it's been really fun. Again, an opportunity to funnel and give back to the community and teach people about disruptive technologies. Well, you heard it here on the Founder's Sandbox, the SoCal Tech Forum. It will be in the show notes, all right, how to um get involved and perhaps attend one of those Saturday meetings. um I wanted to give you an opportunity. 26:25 to provide how people can best contact you, either for speaking opportunities, a CTO of Criteria, the nonprofit. How is it best to contact you, Chris? Yeah, I'd love to hear from you. So you can contact me on LinkedIn. So linkedin.com slash in slash Chris Dayden. All one word. And you can learn more about me as a speaker or CTO of Criteria at chrissdayden.com. excellent. 26:56 have that in the show notes. All right, I want to bring you back to the Founders Sandbox, all right, which is the platform and the podcast. I really get excited about um this part of the podcast. um I work with my clients on resiliency, um scalability, and purpose-driven, right? All with great corporate governance. I always like to ask my guests what... 27:24 the meaning of each of those three words has for them. And each of my guests has a different oh interpretation. And it's just a lot of fun to listen to what I resiliency, what's resiliency for you? I think it's appropriate that I answer that in light of kind of work 4.0. So for me, when it comes to resiliency in work 4.0, um it's about the art of constantly reinventing yourself. 27:53 but in faster cycles. And I think what's really important to everyone is that in Work 4.0, hard skills can become obsolete quicker than before. And that reinvention is critical to really being resilient in this new market. How about scalable? You've scaled a couple of companies, you've been an aqua hire. What does scalable mean to you, Chris? In Work 4.0, scalable will mean 28:22 adequately augmenting the talent you have in humans in your organization with the ability to harness the true power of AI and to do that without losing culture or trust. I think many organizations think of the first half of that. Very few of the organizations can execute on human plus agentic AI and also maintain trust. 28:51 and without losing culture. Have you seen any best practices? This is a little bit off script in terms of companies that have, or are scaling, right? Because this is just scaling pretty quickly in the last year or so. Sure. And are there any best practices out there in building that trust? Yeah, I think having a real holistic AI strategy is key. 29:18 One main component of a holistic AI strategy is how can you get tools to the fingertips of every staff member in your organization so that it's embedded in their workflow? Because a lot of the top-down AI strategy from organizations, like a CEO says, you must use AI and we must be 25 % more efficient, is really shallow when it comes to strategy. And it very rarely results in a culture 29:48 sustaining in a company for this AI growth and augmentation. So what I've been really impressed by is, you know, when I host things like AI monthly global office hours at Criteria, or I host one-on-one sessions with employees to learn about how they're using AI, because you're able to push those tools down to your team members and let them use it in a safe and comfortable area, it allows you to see what people creatively do with AI. And most of the time, 30:17 I could say there's probably 60 or 70 % of use cases that I would never have expected my staff to use AI for, and I would have been the bottleneck of creating if they were waiting for me to do it, and instead give them a safe experimentation zone. And I think that is key to a sustaining AI strategy for So your best practice is actually a criteria from what I'm hearing here. And it's very becoming because I'd like to talk about playfulness in the sandbox, right? 30:46 I read recently, was an EY um study, I think it was this last week, that about 40 % of employees that are forced to use AI tools give up after a month. They don't see the utility in their day-to-day tasks they're doing. So there is something to what you just said, building trust, but building it from the bottom up, right? Yeah, I resonate with that for sure. And I think the only way people break that barrier 31:16 is by seeing their colleagues successful with it. Very rarely is a demo from an executive leader going to be, I mean, it might be enough to begin a culture of AI. Like I had to do a lot of demos and show people kind of the art of the possible. And then as soon as I saw pockets of AI intelligence in the organization, the quicker you can elevate those people to lead and present their findings, the faster... 31:45 you build up kind of the natural human competition between your team and everybody all of a sudden will get more behind it. And that's really important. I think you've reached a point of success in your AI strategy when you were once leading the AI learning sessions and now you are not. How cool is that? You heard it here in the founder sandbox. All right. Purpose driven. What's a purpose driven enterprise for you? I think that 32:12 This is timely based on our discussion just now where organizations need to harness AI at the right times. think purpose for criteria, for example, means how do we measure talent signals that are able to give us the best candidate blueprint or the best candidate DNA possible? And for us, 32:40 every single day, regardless of the technology, what fuels us is having that purpose-driven statement of collecting talent signals around the world for any team. And you really do get lost in that sometimes, for good and for worse, when you're just trying to collect as many talent signals as you can. And being purpose-driven means always doing the right thing when it comes to that. 33:09 mission statement that you've set. And for us, it's collecting talent signals. I think that AI can do that well in a lot of areas, but AI can also be very dangerous in those areas. So when it comes to Work 4.0, having that purpose-driven enterprise statement is very, very important because it anchors us for our new product development. It anchors us for how we're using new technology to help people make the best teams. 33:39 Going back to that, to build the trust, we might clip this out, um does criteria maintain a group of scientists to actually peel back the layers and make meaning out of the signals that you are capturing to create new signals? That's one question. The second is, does criteria have an ethicist on board? 34:08 on call or how do you ensure there is guardrails around talent signals? Yeah, those are really great questions. think for criteria, when we say we're rooted in science, it wouldn't mean very much if it was just a bunch of engineers and product managers kind of deciding what science is, right? So for us, we take a lot of pride in our product IO psychology team. So a lot of them are 34:37 industrial organizational psychologists by trade that are working full time for criteria. And their role is assessment development, assessment validation. uh And particularly in the light of fine tuning AI models, they are very, very hands on in creation of those models, validating those models. There's a lot of legislation we have to comply with, not only the normal data privacy stuff like GDPR and CCPA, but also 35:07 industry specific laws like the New York bias laws and others that help protect uh candidates as they are applying for roles. So that is very, very near and dear to our heart. And also we conduct adverse impact studies and we do case studies with customers to make sure that the product is uh behaving the way that they intended to behave. 35:32 You know, we've got norms for all of our assessments and we adjust those norms based on massive populations of data. So all of that is how we ensure scientific signal. This is amazing. Last question. Did you have fun in the Founder Sandbox today, Chris? I had a lot of fun in the Founder Sandbox. Really a pleasure. Thank you for having me. Thank you, Chris. So to my listeners, if you like this episode with the CTO of Criteria, Chris Daden. 36:02 Sign up for the monthly release for more podcasts where I have business owners, professional service providers, and corporate board directors who are all working to build with strong governance, resilience, scalable, and purpose-driven companies. Thank you. Signing off.

California has taken a new approach to protecting minors online. Governor Gavin Newsom just signed the Digital Age Assurance Act, shifting responsibility for age assurance to app developers while leaving verification to self-reported age data at the operating system level. The law—backed by Big Tech and set to take effect in 2027—moves away from the stricter parental consent models in Utah and Texas and creates a new compliance landscape for developers under CCPA and COPPA. Hosted by Simone Roach. Based on a blog post by Alysa Z. Hutnik, Laura Riposo VanDruff, Alexander I. Schneider, and Salim Rashid.

California is once again leading the nation on privacy. Governor Gavin Newsom just signed three new laws that will reshape how businesses manage user data, account deletion, and browser-based opt-outs. Together, these laws—the Opt Me Out Act, expanded data broker disclosure requirements, and new social media deletion rules—signal where CCPA enforcement is headed next. Companies should start preparing now, as compliance deadlines are just around the corner. Hosted by Simone Roach. Based on a blog post by Aaron J. Burstein and Meaghan M. Donahue.

In this episode, Samuel Estreicher of the NYU School of Law and John Yoo of the UC Berkeley School of Law join to recap the oral arguments from the pair of challenges to President Trump's tariffs and discuss whether International Emergency Economic Powers Act (IEEPA) authorizes the president to impose extensive tariffs on nearly all goods imported into the United States. Jeffrey Rosen, president and CEO of the National Constitution Center, moderates.     Resources  Samuel Estreicher et al., “Brief of Professors of Administrative Law, Separation of Powers, Foreign Relations Law, Legislation and the Regulatory State, and Trade Law” (10/24/2025)  Sam Estreicher and Andrew Babbit, “The Case Against Unbounded Delegation in Trump v. VOS Selections,” Lawfare (10/30/2025) John Yoo, “What Could the Supreme Court Rule About Trump's Tariffs,” Civitas Institute (9/8/2025)  Biden v. Nebraska (2023)  Whitman v. American Trucking Associations, Inc. (2001)  Dames & Moore v. Regan (1981) Youngstown Sheet & Tube Co. v. Sawyer (1953)  United States v. Yoshida International, Inc. (CCPA, 1975) United States v. Curtiss-Wright Export Corp. (1936) Schechter Poultry Corp. v. United States (1935)    In our new podcast, Pursuit: The Founders' to Guide to Happiness Jeffrey Rosen explores the founders' lives with the historians who know them best. Plus, filmmaker Ken Burns shares his daily practice of self-reflection.    Listen to episodes of Pursuit on Apple Podcast and Spotify.  Stay Connected and Learn More Questions or comments about the show? Email us at ⁠⁠⁠⁠⁠⁠⁠⁠podcast@constitutioncenter.org⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Continue the conversation by following us on social media @ConstitutionCtr ⁠⁠⁠⁠⁠ Explore the⁠⁠⁠⁠⁠⁠⁠ ⁠America at 250 Civic Toolkit⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠Sign up⁠⁠⁠⁠⁠⁠⁠⁠ to receive Constitution Weekly, our email roundup of constitutional news and debate Follow, rate, and review wherever you listen Join us for an upcoming ⁠⁠⁠live program⁠⁠⁠⁠⁠⁠⁠⁠ or watch recordings on ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠YouTube⁠⁠⁠⁠⁠⁠⁠⁠ Support our important work:  ⁠⁠⁠⁠⁠⁠⁠⁠Donate⁠⁠

We recently hosted an insightful session on data privacy, cybersecurity compliance, and AI risks.Our expert panel — Maureen A., Prateek Tiwari, and Arianna Gonzalez, MBA — discussed evolving global privacy laws like the GDPR, CCPA, and India's DPDP Act, cross-border data transfers, and the challenges of AI-driven data processing.They also shared key takeaways on cybersecurity risk management, litigation trends, and proactive compliance strategies to help organizations strengthen their data protection programs in today's complex digital landscape.Listen In!

The California Privacy Protection Agency fined Tractor Supply $1.35 million for alleged violations of the CCPA, citing inadequate privacy notices, employee disclosures, opt-out mechanisms, and partner contracts. The settlement underscores California's growing enforcement focus on opt-out preference signals, contract compliance, and employee data rights. It also highlights how even consumer complaints can trigger wide-ranging investigations. Hosted by Simone Roach. Based on a blog post by Laura Riposo VanDruff and Meaghan M. Donahue

Even without new comprehensive privacy laws passed in 2025, regulators have kept busy. California finalized major CCPA updates—introducing risk assessments, cybersecurity audits, and automated decision-making rules—while amendments and new state laws in Maryland, Indiana, Kentucky, and Rhode Island take effect soon. Colorado also extended the deadline for its AI Act. This episode breaks down what's changing, when key obligations begin, and why businesses need to start mapping their compliance timelines now. Hosted by Simone Roach. Based on a blog post by Aaron J. Burstein, Alexander I. Schneider, and Meaghan M. Donahue

Nancy Steidl is an international business consultant and intellectual property (IP) specialist, Canadian-born and UK-based for 25 years. She runs The Business Mission and blends practical business structuring with deep IP expertise. She emphasizes education (two completed master's degrees—Business Law and an MBA—and a third in International IP Law) and has a forthcoming book titled The Art of Analogies in Business: How to Start a Business Using Layman's Terms (pre-order via her site), designed to make business concepts simple through analogies.For new entrepreneurs (e.g., a real estate agent in New York), Nancy's core playbook starts with a real business plan—turning ideas into a validated model with actual revenue. She urges early attention to IP—trademarks, patents, copyright, and trade secrets—because brand and know-how are central assets. Employment law and freelancer agreements matter, too; you must define wages/benefits compliantly and ensure contracts assign IP to the company.On AI and IP, Nancy notes the legal landscape is fast-moving and jurisdiction-specific. Patentability standards differ country-to-country, so founders should conduct prior-art searches and plan filings per jurisdiction (US, UK, Canada, etc.). Copyright is automatically granted upon original creation, but AI-generated content raises authenticity and ownership questions—and current doctrines don't allow robots to own IP. Trademarks remain human/company-owned, while trade secrets require strong confidentiality controls. Founders must also meet data-protection obligations like GDPR and CCPA .Trademarks take time: UK filings can complete in ~6 months, India can take ~3 years, and the US is heavily backlogged . You can usually use “TM” while an application is pending to build history—but there's risk if opposition arises. Because IP can dwarf all other assets, some larger companies park it in a separate holding entity (e.g., Nike/IKEA-style arrangements), depending on circumstances. Nancy shares cautionary tales—small firms forced to rebrand after conflicts with powerful rightsholders—underscoring why early trademark searches and filings are crucial.Philosophically, Nancy reframes “failures” as redirections. Her guidance: over-protect rather than under-protect contracts; ensure all employee/contractor IP is assigned to the company; and remember that brand (your name, marks, and story) is your moat. Couple a thoughtful plan with strong IP hygiene, respect for data/privacy rules, and cultural intelligence, and you dramatically improve a business's odds—from launch, through growth, to a valuable exit.Takeaways• A business needs to prove its model before it's classified as a business.• You must start with a business plan.• Intellectual property is a very big asset.• Understanding the logistics of any country is crucial for business.• Cultural aspects are important when starting a business in a new country.• You need to secure your IP rights to protect your business.• Business planning should include an exit strategy from the start.• AI innovations present new challenges for intellectual property laws.• Contracts should clearly define IP ownership to avoid disputes.• There are no failures, only redirections in business.Sound Bites• You must start with a business plan.• You need to give that time to grow.• You have to secure your IP rights.Listen & Subscribe for More:

In Episode 99, I do something a little different: I take you behind the scenes as I use ChatGPT in voice mode to design a real automation from start to finish. The goal? Build an internal chatbot for product and engineering that's trained on CX call transcripts stored in Gong, so teams can ask targeted questions (“What's frustrating customers in Module X?”) and get instant, concise answers with deep links back to the exact call moments.You'll hear how I frame the problem, push the model to avoid hallucinations, and pick a stack that balances speed, privacy, and scale: Gong → Airtable as the searchable store → a Zapier-hosted chatbot for querying. We also cover transcript hygiene (auto-removing small talk and personal details), vendor privacy considerations, and a simple habit hack: having AI remind you later to actually implement the ideas you generated while walking the dog.I'll link the step-by-step PDF I asked ChatGPT to generate in the show notes so you can follow along and adapt it to your environment.If this sparks ideas for your own digital CX programs, follow/subscribe and drop a review—it really helps more practitioners find the show.Support the show+++++++++++++++++Like/Subscribe/Review:If you are getting value from the show, please follow/subscribe so that you don't miss an episode and consider leaving us a review. Website:For more information about the show or to get in touch, visit DigitalCustomerSuccess.com. Buy Alex a Cup of Coffee:This show runs exclusively on caffeine - and lots of it. If you like what we're, consider supporting our habit by buying us a cup of coffee: https://bmc.link/dcspThank you for all of your support!The Digital Customer Success Podcast is hosted by Alex Turkovic

Mike Harbit is joined by cast members from the Community Council on the Performing Arts production of "Murder On the Nile" that will be presented October 2-5 at the Fox Playhouse in Nevada, MO.

For episode 606 of the BlockHash Podcast, host Brandon Zemp is joined by Patrick Moynihan, President and Co-founder of Tracer Labs.Tracer Labs is building the future of digital trust. As the parent company of Trust ID and a founding member of DCID, we create self-sovereign identity (SSI) and consent solutions where control follows the user and not the website.Patrick leads a team bringing privacy-first, quantum-resistant identity to Web3, where user consent and data aren't just protected, but unified across platforms. Tracer Labs has replaced invasive device tracking with patent pending tech that gives individuals one login, full control, and real-world rewards—think GDPR and CCPA compliance, higher business conversions, and verified zero-party data. Their aPaaS integrates seamlessly for instant impact, with paid rollouts underway and brand partnerships like Bass Pro Shops and Expedia already in progress. ⏳ Timestamps: (0:00) Introduction(1:17) Who is Patrick Moynihan?(16:16) How can Trust ID be used?(22:00) How are users incentivized to share data?(28:46) Online data protection for kids(33:47) Quantum resistant identity(41:36) Tracer Labs roadmap 

Christine Russo, host and creator of What Just Happened, sits with Ethan Chernofsky of Placer.ai.Placer.ai was built with privacy at its core. From its 2018 launch, the company avoided collecting personally identifiable information (PII), instead focusing on anonymized, aggregate data. This approach aligned with GDPR and CCPA regulations, allowing Placer to demonstrate that location intelligence can be both privacy-centric and commercially valuable. While this choice meant leaving some revenue opportunities (like hyper-targeted advertising) on the table, it reinforced trust, credibility, and long-term sustainability.Two major misconceptions surfaced in the discussion:Data replaces intuition. Many assumed that advanced analytics would replace industry experience and gut instinct. In reality, Placer frames data as an empowerment tool—complementary to human judgment, not a substitute.Visits equal transactions. A common misunderstanding is that foot traffic should directly correlate to sales. Instead, visits represent multiple forms of value: discovery, intent, pickup, consideration, and brand engagement. This broader view reframes physical stores as multi-purpose platforms for marketing, fulfillment, and consumer connection, not just sales points.The conversation emphasized how retail decision-making is evolving:From outdated tools to scalable intelligence. The industry shifted from handheld “clickers” and gut instinct toward data-driven decision frameworks that still honor human experience but make it actionable and scalable.The pandemic's unexpected boost. Rather than killing physical retail, COVID-19 ultimately strengthened it, highlighting the resilience and adaptability of brick-and-mortar models.Data as a universal language. Placer's insights became a common currency across verticals—real estate, retail, finance, CPG, and advertising—spurring new ways to measure impact, optimize inventory, and harmonize digital with physical.The future of insights in the AI era. With AI simplifying access to information, the differentiator won't just be data but the decisions leaders make. Trust, creativity, and the ability to “zag” when others “zig” will define competitive advantage.

Looking to build a career in data privacy? This InfosecTrain masterclass unpacks everything you need to know about becoming a Certified Data Protection Officer (DPO) in 2025. From mastering GDPR and India's DPDP Act to understanding global frameworks like CCPA, HIPAA, and ISO 27701, this episode gives you a clear roadmap to thrive in one of the most in-demand roles in cybersecurity and compliance.Whether you're in India, Europe, or any global enterprise, you'll gain insights into DPO responsibilities, essential skills, and strategies to elevate your career.

Nonprofits lean on outside platforms to save time and stretch budgets—but those relationships can quietly expose sensitive donor, client, and payment data. In this episode, Senior Cybersecurity Advisor Parker Brissette of Richey May explains how to recognize and manage third-party software risk before it becomes tomorrow's headline. He starts with a simple lens: follow the data. Where is it stored? Who can touch it—directly or indirectly? Many teams only think about contracted vendors, but Parker widens the aperture to “shadow IT” and consumer tools staff use without formal approval. As he puts it, “Third parties is really anybody that can touch the data at any point in your business, whether you have an agreement with them or maybe not.”From privacy regulations (GDPR, CCPA) to sector-specific rules (HIPAA, PCI), nonprofits carry legal and reputational exposure the moment personal information enters their systems. Parker offers practical steps: inventory paid tools via your accounting system; ask, “If this vendor vanished tomorrow, what would break?”; and press vendors for proof—SOC 2 reports, ISO 27001, or completed security questionnaires. For organizations without a CIO, he recommends clear contracts and one non-negotiable safeguard: “The biggest thing that I recommend in any third-party engagement is setting an expectation of having cyber insurance, because that's a big protection for you financially.”AI enters the picture with both promise and peril. Consumer AI tools can learn from and retain your uploads, potentially exposing proprietary or personal information. Enterprise agreements (e.g., Microsoft Copilot) can offer stronger data protections, but only if configured and used correctly. Parker's guidance is pragmatic: don't ban AI; set guardrails, choose vetted tools, and train teams.Finally, he urges preparation and transparency. Incidents can happen—even with good controls. Donors and corporate funders expect frank communication about what protections exist and what happens if data is exposed. Build trust now by documenting safeguards, validating vendors, and rehearsing your response.You don't have to be a security expert to make smart choices—but you do need a map: know your systems, test your assumptions, ask vendors for evidence, and write risk into your contracts and budgets. That approach turns anxiety into action—and preserves the trust your mission depends on.Find us Live daily on YouTube!Find us Live daily on LinkedIn!Find us Live daily on X: @Nonprofit_ShowOur national co-hosts and amazing guests discuss management, money and missions of nonprofits! 12:30pm ET 11:30am CT 10:30am MT 9:30am PTSend us your ideas for Show Guests or Topics: HelpDesk@AmericanNonprofitAcademy.comVisit us on the web:The Nonprofit Show

 ¿Cómo la Ley 102-2025 impacta a los CPA en Puerto Rico? En este episodio de Martes de Números, conversamos sobre esta Ley y las recomendaciones del CCPA para enmendarla. ¡No te lo pierdas!.▶️Disponible en

Daniel M. Goldberg is the Partner and Chair of the Data Strategy, Privacy & Security Group at Frankfurt Kurnit Klein & Selz PC. He advises on a wide range of privacy, security, and AI matters. His expertise spans from handling high-stakes regulatory enforcement actions to shaping the application of privacy and AI laws. Earlier this year, the California Privacy Lawyers Association named him the "California Privacy Lawyer of the Year." In this episode… California is reshaping privacy compliance with its latest updates to the California Consumer Privacy Act (CCPA). These sweeping changes introduce new obligations for businesses operating in California, notably in the areas of Automated Decision-Making Technology (ADMT), cybersecurity audits, and risk assessments. So, what can companies do now to get ahead?  Companies can prepare by understanding the scope of the new rules and whether or not they apply to their business, as the regulations are set to take effect on October 1, 2025, if they are filed with the Secretary of State by August 31. If that filing happens later, the next effective date will shift to January 1, 2026. The rules around ADMT are especially complex, with broad definitions that could apply to any tool or system that processes personal data to make significant decisions about consumers. Beyond ADMT, certain companies will also need to conduct comprehensive cybersecurity audits through an independent auditor, a process that may be challenging for smaller organizations. Risk assessments impose an additional obligation by requiring reviews of activities such as processing, selling, or sharing sensitive data, and using ADMT for significant decision-making, among others, with attestations submitted to regulators. The new rules make it clear that California regulators also expect companies to maintain detailed documentation and demonstrate accountability through governance. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Daniel Goldberg, Partner and Chair of the Data Strategy, Privacy & Security Group at Frankfurt Kurnit Klein & Selz PC, about how companies can navigate the CCPA's new requirements. From ADMT to mandatory cybersecurity audits and risk assessments, Daniel provides a detailed overview of the complex requirements, explaining the scope and its impact on companies. He also outlines how these new rules set the tone for future privacy and AI regulations, why documentation and governance are central to compliance, and shares practical tips on the importance of reviewing AI tool settings to ensure sensitive data and confidential information are not used for AI model training.

Questions Piotr addresses in this episode:What is FORMEL SKIN, and how does it solve dermatology's bottleneck in Germany?How did Piotr's career in analytics develop across multiple verticals?Why is ‘perfect data' a myth in mobile marketing?How do you responsibly track and aggregate users before registration?What's the difference between front-end and back-end behavioral data?How do device/user mismatches and changes create analytics headaches?What are the new challenges and gray areas in privacy (GDPR, CCPA, device fingerprinting)?Where does fraud hide in aggregated data, and how do you find it?Why does fraud persist, and what incentives make it so durable?How could success in mobile marketing be measured differently to promote collaboration and integrity?Timestamps(0:00) – Introducing FORMEL SKIN, Piotr's role, and Germany's digital dermatology(1:18) – Marketing analytics in dating, fintech, health(2:50) – Why ‘perfect data' is a myth(5:00) – Assigning pseudo-user IDs, device-based tracking(6:00) – Aggregated data, ‘chasing ghosts,' and its pitfalls(8:00) – Combining front-end and back-end data; challenges in stitching(9:36) – Device vs. user: confusion, mismatches, and noise(11:13) – Balancing privacy vs. marketing needs; legal and business conflicts(12:30) – Device fingerprinting: what's legal, what's risky, and why(14:22) – The end of one-to-one attribution; rise of aggregated, top-level analysis(16:05) – Marketing fraud: what's changed, sneaky affiliate/network tricks(19:08) – Incentives, alignment failures, and why fraud persists(21:40) – Filtering fraud: long onboarding, compliance, and technical vigilance(23:38) – ‘Success' in mobile marketing and why responsibility must be shared(32:08) – Wrap upQuotes(2:50)  “Don't expect perfect data – especially in marketing where different data sources are being combined.”(5:10)  “You try to anchor it to the device…within all the data security and the privacy setup and anchor it to this entity and create one entity.”(15:26) “We can use aggregated data for strategic decisions, like how to shift budgets from channel A to B.”Mentioned in This EpisodePiotr Prędkiewicz's LinkedinFORMEL SKIN

बीजेपी विधायक हरीश खुराना का आम आदमी पार्टी पर बड़ा आरोप, लोकसभा में 130वें संविधान संशोधन बिल का विरोध, राहुल गांधी और एम.के. स्टालिन ने बिल को लोकतंत्र पर हमला बताया, अखिलेश यादव ने चुनाव आयोग और प्रशासन पर बोला हमला, CCPA ने रैपिडो पर लगाया 10 लाख का जुर्माना, रूस ने भारत को तेल पर दी 5% छूट, विदेश मंत्री जयशंकर की रूस में अहम बैठक और बांग्लादेश की भारत में अवामी लीग को लेकर चिंता. सिर्फ 5 मिनट में सुनिए शाम 7 बजे तक की बड़ी ख़बरें.

En este Martes de Números, conversamos con el CPA Jaime Rivera sobre los momentos que han marcado su carrera profesional, las personas que lo han inspirado y su rol activo en los Capítulos del CCPA.

Aaron J. Burstein, Meaghan M. Donahue On July 1, 2025, California Attorney General Rob Bonta announced a $1.55 million proposed settlement order with Healthline Media – the largest California Consumer Privacy Act (CCPA) settlement to date. The proposed settlement resolves allegations that Healthline violated the CCPA by 1) failing to honor consumer requests to opt-out of the sale and sharing of personal information, 2) violating the CCPA's purpose limitation principle, and 3) failing to include required data protection provisions in contracts with service providers and third parties.

Visit: RadioLawTalk.com for information & full episodes! Follow us on Facebook: bit.ly/RLTFacebook Follow us on Twitter: bit.ly/RLTTwitter Follow us on Instagram: bit.ly/RLTInstagram Subscribe to our YouTube channel: www.youtube.com/channel/UC3Owf1BEB-klmtD_92-uqzg Your Radio Law Talk hosts are exceptional attorneys and love what they do! They take breaks from their day jobs and make time for Radio Law Talk so that the rest of the country can enjoy the law like they do. Follow Radio Law Talk on Youtube, Facebook, Twitter & Instagram!

Today, Jules takes another trip down memory lane, revisiting a gem from the Fearless Practice archives. In this encore episode, Jules talks to Michael Sorsdahl about the new CCPA revised ethics case book.  You can find the show notes to the original episode here. Connect with me: Instagram Website  Resources Mentioned and Useful Links: Liv Noël Dakkak: Niching With Your Passion in Private Practice | ep 171 Sign up for my free e-course on How to Start an Online Canadian Private Practice Learn more about the tools and deals that I love and use for my Canadian private practice Sign up for my free e-course on How to Start an Online Canadian Private Practice Jane App (use code FEARLESS for one month free) Get some help and freebies on your website with WordPress!  Rate, review, and subscribe to this podcast on Apple Podcasts, Spotify, Amazon, and TuneIn  

A recent Supreme Court decision is reshaping the landscape for fraud enforcement against government contractors, eliminating the need to show monetary loss when false statements are made during the bidding process. Mike Radak, Alliant Financial Institutions, and David Finz, Alliant Claims & Legal, break down the implications of Kousisis v. United States and discuss a pivotal California ruling that broadens the scope of the California Consumer Privacy Act beyond data breaches. Together, they explore how these developments could carry implications for contract compliance, DEI disclosures, cyber controls and privacy litigation moving forward.

Pixels attached to articles explaining a recent health diagnosis – without consent  – led Healthline to a record $1.55 million fine for violating CCPA. Plus: the new AI contract.

How do we move from mere words to actual baked-in privacy? Can built-in alerts, code scanning tools, or server-side auditing make life much easier for DPOs and legal teams?  We are joined by Vaibhav Antil in a new installment of our Privacy Tech series. Vaibhav is founder & CEO of Privado.ai. Before starting Privado.ai, Vaibhav led product management at a tech company and worked with the legal team on GDPR compliance. Vaibhav started Privado.ai to solve the language gap between legal, privacy, and product engineering teams. References: Vaibhav Antil on LinkedIn Privado: Evidence-based Privacy Bridge: Technical Privacy Summit (by Privado) CNIL: Use analytics on your websites and applications (how analytical cookies can be exempt from consent) Max Anderson (Ketch): Privacy Tech spotlight I – the future of CMPs, value vs. hype in privacy compliance SaaS (Masters of Privacy, April 2025) Daniel Barber (DataGrail): Privacy Tech spotlight II – widespread non-compliance, opt-out challenges, and shadow AI (Masters of Privacy, May 2025) Cillian Kieran (Ethyca): Privacy Tech spotlight III – compliance as an engineering challenge (Masters of Privacy, June 2025)

Send us a textCameron and Gabe dive into Healthline Media's record-breaking $1.55 million settlement for CCPA violations, examining whether such penalties are sufficient deterrents against improper sharing of sensitive health data.• Healthline violated CCPA by sharing sensitive user health data with advertisers without proper consent• First U.S. regulatory action against a company for disclosing "inferred sensitive data"• Violation included failing to provide mechanisms to opt out of sensitive data sharing• Discussion of whether fines proportional to company revenue would be more effective• Comparison of data brokers to other harmful entities in society• Brief preview of upcoming episode about a major data breach potentially larger than EquifaxStay safe this holiday weekend and don't put fireworks where they don't belong! Tune in next time for our breakdown of a massive data breach of "epic proportions." Support the show

John Pavolotsky is a partner at Stoel Rives in San Francisco. He is co-chair of the firm's AI, Privacy & Cybersecurity group and focuses his practice on data privacy, information security, and complex technology transactions. He has also been chair of the Intellectual Property Section of the California Lawyers Association.  John has taught Technology Transactions Law at the UC Davis School of Law and Comparative Privacy Law at the Santa Clara University School of Law. John has also guest lectured on technology and privacy law topics at the University of California, Berkeley, Haas School of Business; the University of San Francisco School of Management; and Stanford University. References: John Pavolotsky on LinkedIn John Pavolotksy at Stoel Rives Timeline of discussions (House, Senate) leading to a final decision on a 10-year moratorium on state-level AI laws (final deadline: July 4, 2025), Techcrunch Texas Legislature Passes House Bill 149 to Regulate AI Use (Nelson Mullins) Colorado AI Act California Privacy Protection Agency: Draft Automated Decision-making Technology Regulations California Gov. Newsom vetoes AI safety bill that divided Silicon Valley (September 2024), NPR Poland puts pausing enforcement of the AI Act on EU ministers' table (June 2025, MLex - paywalled) A Brief Overview of the Federal Trade Commission's Investigative, Law Enforcement, and Rulemaking Authority (FTC)

¿Cómo podemos encontrar un equilibrio entre el hambre de datos personales y su protección en el seno de una FinTech californiana?  Diana Bergano lidera la práctica de protección de datos personales y la estrategia de data privacy en Earnin (Palo Alto, California). Como parte de su trabajo asesora a diferentes equipos sobre estrategias de privacidad desde el diseño, adecuación de actividades de marketing, uso de datos y desarrollo de soluciones de inteligencia artificial. Anteriormente ha sido Legal Counsel en Yapstone, Patelco y Blackhawk Network, y también ha pasado por Cisco Systems. Diana es Licenciada en Derecho por la Universidad de La Sabana (Colombia).  Referencias: Diana Bergano en LinkedIn Gramm-Leach-Bliley Act (GLBA - web de la FTC) CFPB: Oficina para la Protección Financiera del Consumidor de EE.UU California's Invasion of Privacy Act (CIPA): A New Frontier for Website Tracking Litigation (ABA) Cookie cutter solution? Senate Bill 690's “commercial business purpose exemption” could crumble CIPA lawsuits (Lexology) FTC Issues Opinion Finding that TurboTax Maker Intuit Inc. Engaged in Deceptive Practices

Merry Marwig is the VP Global Communications & Advocacy at Privacy4Cars. Merry is a pro-consumer, pro-business privacy advocate who is optimistic about what data privacy rights mean for everyday people — and for the companies they do business with. At Privacy4Cars, she helps protect drivers' and passengers' personal data while creating business opportunities for automotive companies. In this episode… Modern cars are like computers on wheels, collecting and storing data just like smartphones or laptops. Unlike those devices, however, vehicle data is often left unencrypted and persists long after a car is sold, rented, or reassigned. This is especially problematic for businesses that use corporate cars, rental vehicles, fleet vehicles, or personal vehicles for work purposes. Sensitive information such as contact lists, text messages, navigation history, and even security credentials can remain stored in vehicles long after they change hands, posing significant privacy, security, and even physical safety risks. To take control of sensitive data, companies need to establish data deletion policies for all vehicles used in a business context. This includes requiring rental agencies and fleet management providers to delete stored data and offer certificates of deletion when cars are returned or decommissioned. Companies should also require automotive providers to provide VIN-specific data disclosures so drivers understand what data the vehicle collects and how it's used and shared. Additionally, companies need to consider how privacy regulations like GDPR and CCPA apply to vehicle data collection and use it to inform their internal policies and third-party contracts. In today's episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Merry Marwig, VP Global Communications & Advocacy at Privacy4Cars, about the privacy and security risks of data collected and stored in vehicles. Merry explains how cars used for work, whether rental, fleet, or personal, retain unencrypted personal and company data that can be exploited when vehicles change ownership or are decommissioned. She shares real-world case studies involving sensitive information left behind in cars, including banking credentials, contact lists, and patient health records. Merry also outlines how data deletion policies and VIN-specific disclosures, required through contracts with automotive providers, help companies reduce privacy and security risks.

Subscribe to DTC Newsletter - https://dtcnews.link/signupIn this episode of All Killer, No Filler DTC Podcast, host Eric Dyck talks with Pilothouse's Technical Manager Richard about the expanding impact of California's CCPA/CPRA and evolving privacy laws across North America.Key moments to listen for:CCPA/CPRA 101 & penalties – Up to $7.5K per violation, private-data breach lawsuits, and agency enforcement Thresholds that trigger compliance – Revenue over $25M, 100K+ Californians' data, or data‑sale revenue ≥50%Multi‑state comparison – VA, CO, CT, and others have their own compliance standardsCompliance tooling deep dive – Shopify solutions (ConsentMo, Pandectis, SecurePrivacy) for banners, data access, and opt‑outsTracking vs. consent – Even server‑side tracking must respect opt‑outsCase study – A client lost 58% of Analytics data but only 4% of purchases after adding full compliance toolsFuture of data consent – How PIPEDA, GDPR-like shifts, and AI‑driven consent profiles are shaping privacyThis episode is essential listening for ecommerce and tech managers who need to navigate privacy law demands without compromising growth and analytics integrity.Did you know that 98% of your website visitors are anonymous? Instant powers next-level retention by identifying who they are and converting them into loyal shoppers. Sign up for a quick demo today to get 50% off and unlock a guaranteed 4x+ ROI: instant.one/dtcTimestamps00:00 – Why eCommerce brands should care about CCPA02:55 – Overview of CCPA and CPRA regulations05:10 – Penalties for non-compliance with California privacy laws08:30 – Thresholds that trigger CCPA enforcement11:05 – What personal data qualifies under CCPA14:00 – Which US states have privacy laws beyond California17:00 – How to make your Shopify store CCPA compliant20:15 – Server-side tracking and compliance limitations23:30 – Real client example: Data loss vs purchase impact27:50 – Impact of consent banners on analytics and conversions31:10 – Managing existing customer data for compliance34:10 – The future of personal data and AI-managed privacyHashtags#consumerprivacy#ccpa#ecommercelaw#dataprotection#cpra#shopifycompliance#usprivacylaws#servertracking#retargeting#googleanalytics Subscribe to DTC Newsletter - https://dtcnews.link/signupAdvertise on DTC - https://dtcnews.link/advertiseWork with Pilothouse - https://dtcnews.link/pilothouseFollow us on Instagram & Twitter - @dtcnewsletter

Ha llegado la hora de ponernos al día en las cinco áreas de siempre: ePrivacy y marco regulatorio; MarTech y AdTech; IA, competencia y mercados digitales; PETs y Zero-Party Data; Futuro de los medios.  Hemos añadido todas las referencias relevantes a la entrada de este episodio en nuestro blog: mastersofprivacy.com. Voces complementarias creadas por ElevenLabs.  

It is time for a seasonal update at the intersection of Marketing, Data, Privacy and Technology. We are today covering the first four of our usual five blocks: ePrivacy & regulatory updates; MarTech & AdTech; AI, Competition and Digital Markets; PETs and Zero-Party Data.  All references and links can be found in this episode's blog post: Masters of Privacy. Allow us to thank two people in advance for their routine work in breaking down the news across some of the topics and jurisdictions covered here: Robert Bateman and his Privacy Corner and Federico Marengo with his Privacy and AI newsletter. Also, an important disclaimer: the voice that joins me today is a text-to-speech output generated with Eleven Labs.

Aaron J. Burstein, Alexander I. Schneider On May 6, the California Privacy Protection Agency (CPPA) announced a settlement with Todd Snyder, Inc. over allegations that the men's retail brand violated CCPA rules on submission and fulfillment of privacy rights requests. Todd Snyder agreed to pay $345,178 and to modify its CCPA compliance program to resolve the case.

Imagine if the tiny tracking code behind personalized ads and website recommendations were suddenly considered unlawful.   That's exactly what's happening in the growing legal battle over cookies and tracking pixels across the country with new fronts opening.   In this episode of The Data Chronicles, we examine plaintiffs' efforts to expand the web tracking litigation battleground by claiming that unconsented use of web trackers constitutes a data breach under the California Consumer Privacy Act (“CCPA”), which entitles comes with statutory damages and a private right of action.   Scott Loughlin is joined by Hogan Lovells litigators Aidan Coleman and Jay Ettinger to break down the legal implications of new case law on this issue and discuss what's at stake for the internet as we know it.

Next in Media spoke with Tim Vanderhook and Chris Vanderhook, co-Founders of Viant Technologies. The CEO and COO of the ad tech firm talked about their Trade Desk rivalry, whether a Google breakup will be good for their business and the open web, and why CTV offers a chance for fewer monopolies.

Recent data breaches have had significant impacts. WorkComposer, an employee monitoring app, exposed over 21 million sensitive employee screenshots due to a misconfigured cloud storage bucket. This breach compromised data such as emails, internal chats, and login credentials, leading to risks like phishing attacks, identity theft, corporate espionage, and legal consequences under GDPR and CCPA. In a separate incident, Oracle engineers caused a multi-day outage at U.S. hospitals by disrupting electronic health record systems, forcing hospitals to revert to paper-based systems. This highlighted vulnerabilities in critical healthcare infrastructure due to human error.The rise of Artificial Intelligence (AI) is reshaping both cybersecurity and the workforce. AI-powered virtual employees, expected soon, pose security risks, such as account misuse and rogue behavior. At the same time, malicious actors are using AI tools like the Darcula phishing-as-a-service kit to launch sophisticated, multilingual phishing campaigns. This kit exploits messaging protocols like RCS and iMessage, making phishing attacks harder to detect. In the tech workforce, employees without AI expertise are facing heavier workloads, stagnant pay, and job insecurity amid restructuring, while AI specialists command higher salaries.Phishing attacks are becoming more advanced, thanks to tools like Darcula. This phishing kit allows criminals to easily create convincing fake websites and bypass security filters. The kit uses AI to generate multilingual scam pages and exploits messaging protocols like RCS and iMessage, which are more difficult to monitor than traditional SMS, making phishing attacks more sophisticated and challenging to detect.Nation-states continue to be significant players in cyberattacks, particularly through zero-day vulnerabilities. Google's research reveals that government-backed hacking groups were behind most zero-day exploits used in real-world cyberattacks last year, with China and North Korea responsible for many of these attacks. These state-sponsored actors exploit undiscovered vulnerabilities to achieve strategic goals, highlighting the ongoing threat posed by nation-state cyberattacks.Connected vehicles and subscription-based features are raising privacy concerns. Automakers are increasingly collecting data through connected features like heated seats and advanced driving assistance. Law enforcement is training to access this data, including location history and driving habits, raising privacy risks. Even when drivers decline subscription services, pre-installed devices with cellular connections can still collect data, potentially increasing surveillance.Employee monitoring software, like WorkComposer, can pose security risks if not properly secured. The breach at WorkComposer exposed sensitive data, such as internal communications and login credentials. When employee data is not adequately protected, it becomes a target for cybercriminals, leading to identity theft, corporate espionage, and reputational damage. This emphasizes the need for strong security practices when using such tools.The tech workforce is facing significant challenges, including job insecurity, stagnant pay, and increased workloads. After a period of rapid growth, companies like Meta and Salesforce have implemented mass layoffs, leading employees to take on the responsibilities of former colleagues. While AI specialists are in high demand, those without AI expertise struggle to secure raises or better compensation, creating a divide in the workforce.Finally, targeted malicious activity has been observed in geopolitical contexts. For example, new Android spyware has been discovered targeting Russian military personnel. Hidden in a modified version of the Alpine Quest mapping app, the malware steals sensitive data like phone numbers, accounts, contacts, and geolocation information... Highlighting the increasing use of cyber tools in geopolitical conflicts.

The transition off of fossil fuels is important and needs to happen, but it will affect the livelihoods of oil and gas workers and those in fossil fuel dependent communities. How can we make sure the transition is just and people-centred? We spoke with Hadrian Mertins-Kirkwood, a senior researcher at the Canadian Centre for Policy Alternatives. Hadrian's work focuses on the social and economic dimensions of Canada's shift toward a zero-carbon economy, including the necessity of a just transition for vulnerable workers and communities across the country. He is a contributor to the CCPA's Trade and Investment Research Project and Alternative Federal Budget. Hadrian holds a MA in Political Economy from Carleton University. Hadrian explains the concept of a people-centred just transition and the challenges Canada will have to overcome to move away from fossil fuels. We also discussed the policies that are needed to help workers transition into new industries, including the need for green industrial policy.   Pullback is a proud member of the Harbinger Media Network Enjoy our work? Support us on Patreon!

ST. PETERSBURG, FL - April 2025 - As the cloud communications sector embraces artificial intelligence (AI), BroadSource is stepping forward with a practical message for resellers: You can profit from AI — if you first help your customers solve data privacy challenges. Speaking with Technology Reseller News at the Cloud Communications Alliance's Cloud Connections 2025 event, Bill Placke, President of Americas for BroadSource, outlined how the company's SecureCall platform helps overcome a critical barrier to AI adoption. “Legal and compliance concerns around collecting personal data are slowing AI deployment,” said Placke. “Our SecureCall solution removes sensitive personal information like credit card or Social Security numbers at the time of collection — enabling safe and compliant AI use.” BroadSource's SecureCall product, which earned Cisco's Top 3 Global Innovation Award, enables secure data input during phone-based customer interactions. Customers input card details or other personal information directly, while the merchant remains on the call without hearing sensitive tones. Data is transmitted securely for processing, bypassing the merchant's internal systems and eliminating storage liability. With new PCI DSS 4.0 standards taking effect and global regulations such as GDPR and CCPA evolving, businesses face growing risks for non-compliance. Placke noted that SecureCall removes this burden from the enterprise. “Companies can rely on BroadSource's own PCI certification for compliance,” he said. “That means fewer headaches for IT and finance leaders — and real value for the reseller who delivers the solution.” BroadSource is expanding SecureCall's capabilities under the SecurePII brand to address broader categories of personal data. The goal is to create a foundation of data minimization, enabling enterprises to leverage AI and LLMs (large language models) without running afoul of data protection laws. Placke likens the opportunity to the 1840s Gold Rush: “AI is the gold. BroadSource is the pickaxe and blue jeans — the tools every prospector needs to get started.” For resellers navigating the fast-moving AI landscape, Placke advises aligning with customer priorities. “Cybersecurity is the top concern for IT leaders,” he said. “Look at breach points like passwords and explore solutions that offer more secure alternatives. When you bring customers practical AI tools with compliance built in, you're not just selling a service — you're building trust.” BroadSource also offers EMU CAPP, a behavioral analytics product that uses AI to monitor user behavior on BroadWorks platforms and detect anomalies, helping prevent toll fraud. “Resellers should lean in,” Placke concluded. “There's a real opportunity to lead by helping your customers adopt AI safely.” For more information, visit broadsource.com or secure-pii.com.

In January 2024, shortly after workers in their Laval location had unionized, Amazon announced the closure of its facilities in Quebec. In a most egregious union busting moves, Amazon left 2,000 people out of work and walked away from significant investments in infrastructure to make sure workers wouldn't get a say in their conditions.Jon Milton, Senior Communications Specialist with the Canadian Centre for Policy Alternatives, shares some of the ways Labour, the community and municipalities are fighting back against Amazon. Jon also has some tactics not yet deployed to 'bring down' this corporate giant AND its exploitive business model.Hosted by: Jessa McLeanCall to Action: Boycott Amazon CanadaRelated Episodes: CUPW Right to Strike was recorded immediately after Canada Post workers were ordered back to work. Its a candid discussion on the state of what's often touted as Canada's strongest union. Another guest from the CCPA, Richard Tranjan, with a discussion on The Tenant ClassMore Resources: Supreme Court Rules Walmart Broke QC Law - Global NewsUnion says Amazon closures in Quebec are an attack on unionization - rabble.caAmazon's Quebec closures are a wake-up call for Canada's labour movement - CCPAHow Quebec and Canada can make Amazon pay for union-busting - CCPAAll of our content is free - made possible by the generous sponsorships of our Patrons. If you would like to support our work through monthly contributions: PatreonFollow us on Instagram or on Bluesky

What is the practical case for combining CMPs and DSAR automation under a single technical solution or software provider? What do DPOs and CPOs struggle the most with when implementing effective privacy programs? Which Privacy Tech features are overvalued or undervalued? Max Anderson is a seasoned product executive with a proven track record of bringing successful technology products to market in the consumer privacy, data management, and marketing space. Prior to Ketch, Max was the Director of Product Management at Krux. After joining Salesforce as part of the Krux acquisition, he ran data privacy and consumer identity products at Salesforce, including the rollout of their industry-leading GDPR solution set. Prior to Krux, Max was a Product Manager at IPG Mediabrands, where he was responsible for multiple successful advertising measurement products. Max holds a BS in Chinese Literature from the University of Colorado. References: Maxwell Anderson on LinkedIn Max Anderson, The liability in your privacy program: incomplete opt-out compliance (Ketch) GPC: Global Privacy Control Max Anderson, Dirty Data, Broken AI—The hidden threat derailing your competitive edge (Ketch) Andy Dale: DPO vs. CPO, present and future value of Privacy Tech, and the new US administration's impact on the regulatory landscape (Masters of Privacy) Monica Meiterman-Rodriguez: automation, data minimization and comparative law in DSRs (Masters of Privacy) Sergio Maldonado, Some takeaways from PEPR'24 (USENIX Conference on Privacy Engineering Practice and Respect 2024)  

Amanda Moore is a seasoned leader with extensive experience in privacy strategy, technology, and operations. She currently serves as the Senior Director of Privacy at DIRECTV, where she oversees the company's privacy program with respect to technology and operations. Prior to her role at DIRECTV, she held pivotal positions at CVS Health and AT&T leading technical and business teams. Her career started in information technology but shifted to privacy before the onset of CCPA. Amanda holds the CIPM certifications and is a OneTrust Fellow of Privacy Technology. In this episode… Many organizations invest in privacy technology expecting it to deliver instant compliance, only to find that it fails to integrate with existing tools or processes. Adoption often lags when internal teams see privacy as a barrier or when tools are implemented without clearly defined goals. Choosing privacy technology before businesses understand the specific problem they're meant to solve leads to confusion, inefficiency, and low adoption. One of the most effective ways to boost technology adoption is to start with a clear understanding of business processes and goals before introducing new privacy tech. Successful privacy programs start by mapping business processes and making small, non-disruptive backend adjustments that minimize disruption. Additionally, building internal awareness through roadshows, clear communication, and simplified privacy impact assessments helps shift perceptions and encourages teams to view privacy as a business enabler. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Amanda Moore, Senior Director of Privacy at DIRECTV, about integrating privacy technology into business operations. Amanda highlights how strong internal relationships help position privacy as a business enabler, why reframing communication to various business executives enhances support for privacy initiatives, and how measuring privacy program maturity with the use of technology provides more insight than surface-level metrics. She also discusses methods to increase adoption through internal awareness campaigns and simplified assessments, and the long-term value of reputation-building within organizations.

Watch on YouTubeTedd Huff & John Gordon, CEO of ValidiFI, explore key shifts in Fintech and focus on Account Validation Technology. The focus is on account validation, fraud detection, and customer risk. With over 25 years in financial services, Gordon shares insights from his work at TransUnion and ValidiFI. He explains how behavioral signals like multiple emails, landlines, or shared accounts—can trigger higher risk. Gordon also breaks down why ACH transactions remain dominant, and how high-risk accounts show 11.5x more return failures. The episode covers challenges with virtual bank accounts, especially from neo banks, and how lenders can better identify stable users.John highlights how linking emails, phone types, and account behavior to reduce fraud and improve onboarding. He shares how AI and alternative data fill gaps left by outdated credit models, especially for BNPL users or consumers without full credit files.He predicts a rise in consumer control over financial data and warns that limited access may hurt repayment assessments. For fintech founders, his advice is clear: look at the full data picture account history, contact info, and usage to make better, faster decisions.Key Highlights

There is a push and pull between an advertiser's desire to attribute advertisement spending to lead generation and their responsibility to respect consumer privacy. In this episode, Raj Sudra, the Chief Technology Officer at Gannett, joins me to discuss his role and the intricacies of digital marketing attribution. He explains the technology and systems used, such as LocaliQ's proprietary Capture technology, pixel tracking, and the importance of compliance and data privacy. The conversation emphasizes the balance between collecting meaningful data for effective marketing and adhering to privacy legislation like GDPR and CCPA. Raj also talks about what's changing in advertising platforms like Google and Facebook. He touches on why publishers prioritize first-party data as cookies become less reliable to them and how evolving technology such as AI enhances digital marketing strategies.What you will learn:What pixel tracking really means The impact of a cookie.Why data privacy and marketing don't have to work against each other.The importance of evaluating, storing, and tracking data ethically.The technical side of how leads are generated during visits to your websiteThanks for listening!Connect with GradComm:Instagram:@gradcommunicationsFacebook:@GradCommunicationsLinkedIn:@gradcommSend us a message: GradComm.com

In a world where data is more important than ever, understanding how it is acquired, shared, and misused is critical. Data brokers work behind the scenes, amassing enormous amounts of personal information from online activity, loyalty programs, and even public records, often without the users' knowledge. This data powers targeted marketing, scams, and even identity theft. But what can be done to regain control of personal privacy? Today we're diving deep into this topic with cybersecurity expert Darius Belejevas, who has spent years assisting folks in removing their data from these digital marketplaces. He is the head of Incogni and Surfshark.  In this chat, Darius is going to share how these sneaky data brokers operate. He'll break down why it's such a big deal when our data gets out there for all to see, and he'll arm us with some solid strategies to keep our privacy intact. We'll also look at practical tactics that everyone can apply to limit their exposure to hackers. We'll discuss data sharing, using privacy-focused products, and understanding legislation like GDPR and CCPA. We also dive into the shifting landscape of digital security, the role of AI in data collection and fraud, and what the future of online privacy may look like.  Show Notes: [01:01] We learn about Darius's background. [02:16] We learn about the creation of Incogni.  [04:04] Data brokers are businesses who collect data and sell it to other businesses. One problem can be lack of transparency of what is happening to your data.  [07:19] There are probably a few thousand data brokers. [09:36] Does removing your data get you out of a breach? [10:48] Limiting what we share. Prevention, consequences, and clean up. [12:22] When giving identifiers like your phone number, stop and ask if you really need to do that. [14:10] Some brokers make it way more difficult to remove data. [20:13] We talk about privacy regulations and how they can help you or make things more difficult. [22:12] How AI will make malicious activities easier to scale. [23:41] Have people given up on privacy? At the end of the day, it's about personal comfort.  [25:00] Privacy laws are helping with data broker issues.  [26:59] Being mindful about what you post online. Many people don't want to share too much. [29:56] Physical junk mail has decreased.  [30:52] What to do today. Think about what you want to share. Do you really need to subscribe? [32:21] Use a service like Incogni to help you protect your data. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Incogni Surfshark Darius Belejevas on Facebook Darius Belejevas on LinkedIn

Hosted by Simone Roach from a blog post from Aaron J. Burstein, Alysa Z. Hutnik, Alexander I. Schneider, and Meaghan M. Donahue On March 12, 2025, the California Privacy Protection Agency (CPPA) announced a settlement with American Honda Motor Co., resolving allegations that the company violated the California Consumer Privacy Act (CCPA) and requiring Honda to pay a $632,500 fine. The announcement marks the Agency's most far-reaching enforcement action, and the first to stem from the CPPA's July 2023 announcement that it was reviewing the data privacy practices of connected vehicle manufacturers and related technologies.

Cloud Connections 2025 Preview: BroadSource's SecurePII Takes Center Stage March 2025 – Technology Reseller News – BroadSource has officially launched SecurePII, a cutting-edge real-time redaction platform designed to protect Personally Identifiable Information (PII) in telecommunications networks. In a special Cloud Communications Alliance (CCA) podcast, Haydn Faltyn and Bill Placke from BroadSource joined Doug Green to discuss the technology, its market impact, and why service providers should take notice. The Growing Need for Real-Time PII Protection BroadSource has long been a leader in delivering technology solutions to cloud communications providers. With SecurePII, they are addressing a critical issue in telecommunications: how to protect PII that traverses carrier networks. The demand for real-time data redaction has surged due to increasing regulatory requirements, including CCPA, GDPR, HIPAA, and the evolving PCI DSS 4.0 standard. Faltyn explains: “We launched SecureCall as a PCI-compliant platform for credit card redaction last year. But service providers and enterprises alike need more—protection beyond just payment information. SecurePII extends our technology to safeguard all forms of personal data in voice communications.” Shifting the Compliance Conversation Placke highlights the legal and compliance challenges that enterprises face, as regulators worldwide introduce stricter measures around data privacy. “Legal teams are often forced to say ‘no' to new initiatives because of concerns over PII exposure. SecurePII flips the script—by redacting sensitive data in real time, businesses can fully leverage AI, analytics, and automation without compliance roadblocks.” A Game Changer for AI-Driven Business Communications The rise of AI and large language models (LLMs) has created a data dilemma for enterprises: how can they safely utilize voice data for AI applications, customer analytics, and automation without violating data privacy laws? With SecurePII, BroadSource provides a solution that allows organizations to extract value from their data without storing or processing sensitive customer information. By removing PII in real-time, businesses can: Enhance AI training models without compliance risks Increase customer trust by ensuring privacy protection Reduce operational risks and costs associated with data breaches and regulatory fines Impact on Contact Centers and CX A core use case for SecurePII is contact centers, where credit card details, account numbers, and personal information are frequently exchanged over voice channels. The platform ensures: Seamless transactions without the risk of human agents being exposed to sensitive data A frictionless customer experience that retains the personal touch while safeguarding information Higher revenue retention—BroadSource has observed a 9% increase in revenue when businesses implement SecurePII in customer interactions BroadSource's SecurePII Roadmap and Upcoming Events The launch of SecurePII marks a new strategic direction for BroadSource, emphasizing data security as a core value for service providers. Faltyn and Placke will be presenting SecurePII at: Cavell's Summit Europe 2025 – A premier event for cloud communications leaders Cloud Connections 2025 (CCA Conference, St. Petersburg, FL) – Where BroadSource will showcase SecurePII's capabilities to global service providers Where to Learn More SecurePII is now live, and service providers can integrate it into their networks today. BroadSource has also launched a dedicated website for SecurePII, providing resources, case studies, and implementation details. Visit: www.securepii.cloud BroadSource's mission is clear—to empower service providers with the tools to protect their networks, comply with global regulations, and enable the future of AI-driven business communications. With SecurePII,

Episode SummaryIn this episode of The Secure Developer, Danny Allan, CTO of Snyk, sits down with Wayne Chang, Founder and CEO of SpruceID, to explore the evolving landscape of digital identity and security. From self-sovereign identity to the role of AI in authentication, they discuss the future of identity management, the risks of centralized systems, and the benefits of decentralized approaches. They also dive into how policy, compliance, and emerging technologies like passkeys and zero-knowledge proofs are shaping the security ecosystem.Show NotesThe world of digital identity is changing fast, and in this episode of The Secure Developer, we explore how security professionals and developers can navigate this evolving space. Host Danny Allan is joined by Wayne Chang, Founder and CEO of SpruceID, to discuss key trends and challenges in identity management.Topics Discussed:Wayne's Background: From health tech to digital identity, how Wayne's early struggles with integrating health records led to his passion for self-sovereign identity.The Evolution of Digital Identity: Why usernames and passwords are no longer the gold standard, and how newer methods like passkeys and cryptographic credentials improve security.Decentralization vs. Centralization: The trade-offs between federated identity systems (like OAuth and SSO) and self-hosted identity wallets.The Role of AI in Identity Security: How AI is both a tool for improving security and a threat vector for identity fraud.Privacy and Compliance: How regulations like GDPR, CCPA, and emerging state-level laws influence digital identity strategies.The Future of Authentication: The move from multi-factor authentication to "myriad factor authentication," leveraging multiple signals for seamless and secure access.Wayne and Danny also discuss real-world use cases, including the development of mobile driver's licenses, emerging digital identity wallets, and the challenges of ensuring privacy and security while maintaining usability. The conversation highlights how organizations can stay ahead with better authentication practices and privacy-preserving architectures as fraud becomes more sophisticated.LinksSpruceID - Identity infrastructure for the digital worldNIST - The National Institute of Standards and TechnologyNIST SP 800-63 - Digital Identity GuidelinesACLU Digital ID State Legislative RecommendationsSnyk - The Developer Security Company Follow UsOur WebsiteOur LinkedIn