Podcasts about Chief privacy officer

In this week's special episode of Great Women in Compliance, Hemma interviews Ellen Hunt, a seasoned compliance professional and recent recipient of the Compliance Week Lifetime Achievement in Compliance Award. Ellen shares her journey from law to compliance, emphasizing the importance of organizational justice, psychological safety, and ethical decision-making. Listeners will gain insights into Ellen's approach to fostering a values-driven culture, her experiences and advice on ensuring transparency, the role of conflict in cultivating psychological safety, and her commitment to nurturing the compliance community. Highlights include:  Ellen Hunt's Career Journey and Recent Lifetime Achievement Award Organizational Justice and Compliance The Evolution of Ethics and Compliance The Role of Psychological Safety Ellen's Legacy in Elevating a Compliance Community Biography: Ellen is a lawyer, ethics and compliance professional, audit executive, and chief privacy officer. Before joining Spark Compliance Consulting, A Diligent Brand, Ellen was the Vice President of Compliance Program Operations, Chief Privacy Officer for LifePoint Health, and Senior Vice President of Audit, Ethics, and Compliance Officer for AARP. Ellen was named “Mentor of the Year” by Compliance Week in 2021 and the 2019 Not-For-Profit Compliance Officer of the Year by Women In Compliance. She received the Trust Across America Top Thought Leaders Lifetime Achievement Award in 2019 and was named a Top Mind by Compliance Week in 2016. Most recently, in April 2025, she was awarded a Lifetime Award for Compliance by Compliance Week. Ellen is an adjunct professor with the Fordham University School of Law, Program for Corporate Ethics and Compliance, teaching the Introduction to Compliance, Capstone, and Crisis Management courses. Ellen serves on the Advisory Boards for the Notre Dame Deloitte Center for Ethical Leadership, Loyola University Chicago School of Law-Compliance Studies, Compliance Week, and the Quorum Initiative. She is the co-founder of The Seven Elements Book Club, a book club devoted to ethics and compliance authors, and winner of the 2022 award for “Best New Idea” by the Great Women in Compliance podcast.

As chief privacy officer of the biggest city in the United States, it's safe to say that Michael Fitzpatrick doesn't have your normal, run-of-the-mill job. As part of New York's Office of Technology and Innovation, the Office of Information Privacy provides guidance to more than 175 agency privacy officers across the city. It also works closely with the city's Cyber Command and has partnered with the Cities Coalition for Digital Rights and the Biometrics Institute. IAPP Editorial Director Jedidiah Bracy caught up with Fitzpatrick to learn more about his work as CPO of New York City, how his office works across government and what he sees as some of the biggest challenges in privacy and cybersecurity.

Two Major ALM Conferences back-to-back … they said it couldn't be done.  Legal Speak believed it … and went there to see it for themselves. For over 20 years, the General Counsel Conference Midwest has been the premier event in the industry.  Delivering key insights and practical solutions that today's general counsel need to manage and better leverage C-Suite relationships, successfully overcome a litigation crisis and do more with fewer resources just to name a few.  For the 2nd year, Legal Speak was there live to bring you interviews with interesting attendees as well as moderators and speakers from various panels from this year's event in Chicago. In this episode, host Patrick Smith is joined by 3-time returning guest John Meyer, General Counsel and Chief Privacy Officer at Zeem Solutions.   Host: Patrick Smith Guest: John Meyer Producer: Charles Garnar  

In Episode 3, host Jordan L. Fischer, Esq. interviews Corey Dennis, Chief Privacy Officer & Assistant General Counsel at Legend Biotech, where he leads the global privacy, cybersecurity, and artificial intelligence legal programs. In this episode, Jordan and Corey walk through two recent developments that are impacting data strategies in the healthcare and life sciences industry: the EU NIS2 Directive and the Department of Justice ("DOJ") Final Rule on the bulk transfer of sensitive data to “countries of concern” or “persons of concern.” Corey provides practical insights into the way that both of these new requirements are impacting businesses, as well as considerations for businesses who are required to comply with these changes. For more information on Corey Dennis, visit: https://www.linkedin.com/in/corey-m-dennis-cipp/. To contact our host, Jordan L. Fischer, Esq., regarding this podcast or to inquire into becoming a guest, please contact Ms. Fischer at jordan@jordanfischer.me.

Today we are taking a look at the difference between DPO and CPO roles in the US, the present and future impact of Privacy Tech in the management of privacy programs, the evolution of privacy regulation under the new US administration, and a potential Schrems III scenario.  Andy Dale serves as General Counsel and Chief Privacy Officer at OpenAP and holds the position of Executive Board Member at The L Suite (TechGC). With extensive experience as an advisor to various companies, Andy previously worked as General Counsel and Chief Privacy Officer at Alyce, a company acquired by Sendoso in 2024, and as General Counsel and VP of Global Data Privacy at SessionM, which was acquired by Mastercard in 2019. Andy Dale earned a JD in Law from the University of Baltimore School of Law (2003-2006) and a degree from Colgate University (1996-2000). References:  Andy Dale on LinkedIn The Data Protection Breakfast Club podcast on Spotify Brian Focht: Can the American Privacy Rights Act find a path to survival? (Masters of Privacy) Amy Worley on the American Privacy Rights Act (Masters of Privacy) Molly Martinson on state-level comprehensive privacy laws (Masters of Privacy)

In this episode of 'The Wisdom Of' Show, host Simon Bowen speaks with Sheila FitzPatrick, a leading international employment and data protection attorney, recognized for her expertise in privacy and security. The conversation covers Sheila's journey from employment law to becoming an influential figure in data privacy, her role in shaping international privacy laws, including the GDPR, and her insights on the burgeoning field of AI and its implications for data privacy. Sheila discusses the critical differences between privacy and security, the importance of data minimization, and how businesses can turn privacy into a competitive advantage. The episode also touches on the ethical considerations of AI, the transparency required in privacy policies, and practical steps businesses can take to ensure compliance with global privacy regulations.Ready to elevate your business approach? Join Simon's exclusive masterclass on The Models Method. Learn how to articulate your unique value and create scalable impact: https://thesimonbowen.com/masterclassEpisode Breakdown00:00 Meet Sheila FitzPatrick: Privacy and Security Expert03:21 The Journey into Data Privacy05:57 The Impact of GDPR and Privacy Laws14:57 Global Privacy Strategies for Businesses23:53 Marketing and Data Privacy Challenges29:20 Turning Data Privacy into a Competitive Advantage30:34 Leveraging Data Privacy as a Competitive Advantage31:16 The Growing Importance of Privacy in Contract Negotiations32:44 AI and Data Privacy Concerns35:34 Ethical and Legal Considerations in AI41:11 Challenges for Small and Large Companies in Data Privacy43:33 The Intersection of Ethics, Law, and Technology46:02 Advice for Aspiring Data Privacy Professionals55:43 The Importance of Passion in Data Privacy56:38 Final Thoughts on Data Privacy and AIAbout Sheila FitzPatrickSheila FitzPatrick is a world-renowned authority in data privacy, protection, and sovereignty, with a career spanning more than 38 years. As the Chief Privacy Officer for numerous multinational corporations, she has pioneered global compliance strategies that align legal, ethical, and operational frameworks across more than 160 countries.Sheila's work has had a far-reaching impact—collaborating with the U.S. Government, the Council of the European Union, and data protection authorities across Europe, Asia-Pacific, and the Americas. She has served as a trusted intermediary between corporate leadership and Works Councils, drafting over 550 model contracts and bargaining agreements and securing Binding Corporate Rules (BCRs) approvals for six global organizations.Her expertise spans GDPR, CCPA, data sovereignty, AI regulations, cloud computing, cybersecurity, and breach management. Sheila has helped over 500 multinational companies achieve full data protection compliance, navigating the ever-evolving regulatory landscape with precision and foresight.Connect with Sheila FitzPatrickLinkedIn: https://www.linkedin.com/in/sheila-fitzpatrick-4b458/Twitter: https://x.com/sheilafitzpAbout Simon BowenSimon has spent over two decades working with influential leaders across complex industries. His focus is on elevating thinking in organizations, recognizing that success is directly proportional to the quality of thinking and ideas within a business. Simon leads the renaissance of thinking through his work with global leaders and...

In this episode of The Ethics Experts, Nick welcomes Steven Robinson. Steven Robinson (CIPP/US, CIPP/E, CIPT, FIP, AI Security & Governance) is the former Chief Privacy Officer and Associate General Counsel at Ricoh USA, Inc., where he led technology transactions teams and supported U.S.-based technology development, privacy, security, and compliance teams. In that role, he spearheaded AI, privacy, and compliance policy development and provided comprehensive legal support for new technology initiatives. Mr. Robinson came to Ricoh as the Chief Legal Officer of mindSHIFT Technologies, Inc., when Ricoh acquired it. He began his career as an Assistant District Attorney in the Manhattan DA's Office. https://www.linkedin.com/in/stevenhrobinson/ https://stevenhrobinson.substack.com/

AI and legal tech vendors are selling a new world where lawyers' work will be streamlined, more efficient, and more productive while also cutting down on legal fees. Most tools for in-house lawyers focus on improving workflows, contract review, and other transactional tasks.In litigation, news reports highlight the latest embarrassments—or even sanctions—of lawyers who relied on AI bots to write briefs with hallucinated, made-up cases. In this episode, Alex Alben, a two-time tech GC and the former Chief Privacy Officer of the state of Washington, helps us understand how AI tools can be used responsibly in litigation. He also shares how in-house counsel can ensure law firms are using them appropriately and provides clues for identifying AI-generated content before it's filed.Alex also discusses how law firms can use their own data to evaluate performance in different courts, assess the effectiveness of arguments, and more. He suggests firms "mine their own data" and consider hiring a data scientist to access this untapped resource.Tune in to hear about the potential for AI to improve litigation outcomes.

Stephen Bolinger, Chief Privacy Officer at Informa, has a career that spans three continents and more than two decades, with the last seventeen years devoted to privacy and data protection matters across a range of industries, including tech, medical devices, and financial services. Stephen produced a fascinating film called Privacy People. In this episode… As technology evolves and cultural perspectives shift, so does the debate over privacy. With each new tech innovation, from smartphones to AI, companies are collecting more personal information than ever, leading some to claim that privacy is dead. Meanwhile, businesses are navigating a fragmented regulatory landscape, particularly in the United States, where varying laws create compliance challenges. These growing concerns raise the question: is privacy dead, or is it just evolving? Cultural perspectives on privacy differ significantly, influencing how laws are structured in regions like the U.S., Europe, and Australia. While some nations treat privacy as a human right, others see it as a consumer protection issue. To address these concerns, companies need to integrate privacy into their overall data governance strategies, ensuring responsible data collection and AI oversight. As privacy expectations shift, businesses need to adapt, recognizing that privacy is not disappearing — it is being redefined, reinforcing the need for dedicated privacy professionals. In this episode of the She Said Privacy/He Said Security podcast, Jodi and Justin Daniels chat with Stephen Bolinger, Chief Privacy Officer at Informa, about the evolving role of privacy professionals and how cultural differences influence data protection expectations worldwide. Stephen discusses the challenges of navigating privacy laws across different countries, the increasing importance of data and AI governance, and why privacy professionals need to expand their expertise beyond compliance to address broader ethical implications and technological advancements. Stephen also highlights his latest project, a documentary film entitled Privacy People, which sheds light on the complexities of data privacy.

Sutter Health's integration efforts extend far beyond standard IT system mergers. Jacki Monson, SVP, Chief Integration Officer & Chief Privacy Officer at Sutter Health, focuses on holistic transformation—aligning people, processes, and technology across mergers and acquisitions. “We're not just integrating applications,” Monson said. “We're integrating the entire ecosystem to function as one seamless operation.” Scroll […] Source: Driving Towards Systemness: How Sutter Health Integrates Technology, People & Process on healthsystemcio.com - healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.

In this episode ofDebugged, host Medha Gupta sits down with Juliana Spofford, Chief Privacy Officer and General Counsel at Aidentified, to explore the evolving landscape of data privacy. With over 30 years of legal experience in data services, Juliana shares how she stumbled into the world of privacy law, the growing importance of data security across industries, and the global impact of regulations like the EU's GDPR. She also discusses why the U.S. still lacks a federal privacy law and how students—whether aspiring lawyers or engineers—can build careers in data privacy. Tune in for expert insights on one of tech's most pressing issues!

Send us a textOn this week of Serious Privacy, Paul Breitbarth, Ralph O'Brien, and Dr. K Royal ring in the new year with Val Ilchenko, General Counsel and Chief Privacy Officer of TrustArc. No topic was off limits! We discussed the ghosts of Privacy past, now, and future. Tune in to hear all about it as we kick off the new year on #GlobalDataPrivacyday / #GlobalDataProtectionDay 2025!Please follow and set to auto-downloads in your favorite podcast app - sharing is caring!  With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe. With TrustArc's Privacy Studio and Governance Suite, you can automate cookie compliance, streamline data subject rights, and centralize your privacy tasks—all while reducing compliance costs. Visit TrustArc.com/serious-privacy.Powered by TrustArcSeamlessly manage your privacy program, assess risks, and stay up to date on laws across the globe.If you have comments or questions, find us on LinkedIn and Instagram @seriousprivacy, and on BlueSky under @seriousprivacy.eu, @europaulb.seriousprivacy.eu, @heartofprivacy.bsky.app and @igrobrien.seriousprivacy.eu, and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Nobody Knows Privacy Like the Privacy Pros.Learn more at https://trustarc.com/serious-privacy/ From Season 6, our episodes are edited by Fey O'Brien. Our intro and exit music is Channel Intro 24 by Sascha Ende, licensed under CC BY 4.0. #heartofprivacy #europaulb #igrobrien #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews CISA Chief Privacy Officer James Burd about data privacy and protection. Topics include how CISA protects agencies and critical infrastructure, how they responded to a recent data attack, and what risk professionals and data privacy professionals can work together to ensure their organization is resistant to data breaches.   Listen for actionable ideas to improve the cyber security at your organization. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:32] About this episode. We will discuss data privacy with James Burd, the Chief Privacy Officer of The Cyber Infrastructure Security Agency (CISA) here in the U.S. [:58] RIMS-CRMP Workshops! On February 19th and 20th, a two-day virtual workshop for the RIMS-CRMP will be led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:20] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:36] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:59] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:22] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:34] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:51] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! It is Data Privacy Week here in the U.S., through January 31st. This is an annual effort to promote data privacy awareness and education. Its events are sponsored by the National Cybersecurity Alliance. This week's theme is Take Control of Your Data. [3:23] Here to discuss how to take control of your data, and the best practices that risk professionals and business leaders need to know, is Chief Privacy Officer of CISA, James Burd. [3:36] James is the senior agency leader responsible for managing and overseeing CISA's privacy, external civil rights, civil liberties, and transparency programs. [3:46] We're going to talk about some of the big events that made headlines in late December and early January around cybersecurity and data privacy and the frameworks and strategies that risk professionals can implement to take control of their data. [4:02] CISA Chief Privacy Officer James Burd, welcome to RIMScast! [4:18] James has a fantastic team of privacy, transparency, and access professionals who provide transparency to the American public while integrating full privacy rights, liberties, and protections into the management of a safe, secure, and resilient infrastructure. [4:48] As Chief Privacy Officer, James Burd's primary responsibility is to ensure that privacy is at the forefront and integrated into every initiative, program, and policy CISA undertakes, regardless of whether it's by policy, process, or technical solutions. [5:00] This includes ensuring compliance with Federal privacy laws and embedding privacy considerations in the agency's operations and partnerships. [5:08] Protecting critical infrastructure inherently involves safeguarding sensitive and critical information that any organization holds, whether it's CISA or any of the many stakeholders of CISA. Privacy and cybersecurity are inherently interconnected. [5:21] CISA ensures its cybersecurity programs focus on protecting systems, networks, and data from unauthorized access while the privacy portion ensures that personal and sensitive data are handled responsibly, ethically, and securely. [5:39] What are the keys to a strong cybersecurity strategy? [5:52] The work CISA does in the privacy world is to ensure that the information CISA is holding is secure and safeguarded and also to tell the public how exactly they do that. [6:14] In the early days of CISA, it was a Computer Emergency Readiness Team (CERT). CERTs respond to major cybersecurity incidents at a state, local, national, or international level. A cybersecurity incident in the U.S. is similar to a cybersecurity incident in any nation. [6:50] All nations are facing the same cybersecurity issues. CISA's international work is about information sharing and helping each other understand what threats we all face. [7:19] Integrating privacy into risk management frameworks is a core consideration. A lot of the privacy work CISA does with risk managers is for ERM, identifying privacy risks and impacts and ensuring that mitigation strategies align with goals. [7:42] Risk managers are key partners in implementing strong data governance practices. CISA works with them to establish policies for data handling, access, and usage that align with the security needs and privacy protection of an agency or organization. [7:56] Risk managers have the opportunity to help privacy officers identify a privacy problem or privacy risk all across the organization. That's part of the risk manager's job as a point person. [9:13] CISA wants to do this privacy protection work with organizations before a breach. Many privacy professionals have learned the hard way that if you don't collaborate up front, you have to collaborate later, as a result of your emergency. That's not a great day. [9:29] Risk professionals have different viewpoints to consider. They may see that some privacy risks overlap with some financial risks, depending on the risk owner's point of view. It doesn't make sense to solve the same problem in 10 different ways. [10:30] The National Institute of Standards and Technology (NIST) is a valuable partner of CISA's. NIST can see what works or doesn't work as a conceptual or technical framework. NIST studies a problem from several angles and gives CISA an effective solution for the framework. [11:23] Daniel Elliott of NIST has been on RIMScast. James has collaborated with Daniel. [11:49] CISA is a collaborative agency. It does not exist without its partners and stakeholders. When NIST facilitates conversations between CISA and other stakeholders, it helps CISA figure out, of all the problems in the world, which critical problem we need to solve right now. [12:17] CISA has Cyber Performance Goals or CPGs, which are a subset of the NIST Cybersecurity Framework. CISA will tell a small business that they should start with the CPG and get it right, and then expand to everything else. [12:38] CPGs are not a substitute for a risk management framework, but they are a starting point. The CPGs would not exist if not for the work NIST had done in talking to small, medium, and large businesses and figuring out all the different issues they face. [13:08] In December, Chinese cyber attackers infiltrated U.S. agencies. When there is a major incident like that, there is a whole-government response. CISA plays an important role in that response, like a firefighter. Law enforcement plays the role of investigator. [14:16] CISA and its interagency partners are heavily involved in responding to recent Chinese activity associated with both Salt Typhoon and Volt Typhoon. They've been working very closely with the Treasury Department to understand and mitigate the impacts of the recent incident.  [14:35] There's no indication that any other Federal agency has been impacted by the incident but CISA continues to monitor the situation and coordinate with other authorities, like the FBI, to ensure that there's a comprehensive response. [14:50] The security of federal systems and data is of critical importance to national security. CISA is working aggressively to safeguard any further impacts. The People's Republic of China is a persistent threat, specifically, the GRC and related entities, who perform these activities. [15:12] They're one of the most persistent and strategically sophisticated adversaries we face in cyberspace today. The PRC has decades of experience in conducting rampant cyber espionage against U.S. businesses and critical infrastructure. [15:26] CISA has become increasingly concerned over the last year that the PRC is not just doing espionage but is trying to burrow into the critical infrastructure for a rainy day. These state-sponsored activities are coming from campaigns like Volt Typhoon and Salt Typhoon. [15:45] What happened to Treasury provides a stark example of these types of tactics. These tactics target critical infrastructure such as telecommunications, aviation, water, and energy. [15:56] Their goal, as far as we can tell, is not to cause immediate damage but to gain persistent access to those systems and remain undetected until they want to do something. [16:08] CISA has been very involved, not just responding to these incidents, but deeply studying these incidents to understand what is happening and what we need to do as a government and nation to protect ourselves from these burrowing activities. [16:27] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:39] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:55] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:07] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:20] Let's Return to My Interview with James Burd of the Cyber Infrastructure Security Agency!   [17:42] Whether talking about AI, IoT, or 5G, the issues are hardware problems and software problems. [18:02] The issues of the 1970s are similar to the issues of the 2020s, regarding vulnerabilities, exposure, and unsafe practices when developing software and hardware. [18:20] What we're seeing in the emerging technology space with AI, IoT, and 5G is an increase in the volume and velocity of data. The improvement of technology in this space is based on power and efficiency. Software improvement is based on the reach of interconnectivity. [18:34] Privacy and cybersecurity risks do not just appear. We're seeing existing risks and issues increasing in size and complexity. What we previously thought of as a perceived risk is now a real risk, thanks to advances in computational power and the amount of data available. [18:54] It's always been a risk but it was less likely to occur until this point where there's more data, more volume, and more complexity. AI systems rely on a vast amount of personal data, raising concerns about data security, algorithmic bias, and a lack of transparency. [19:11] We've heard about these risks with machine learning and big data databases. They require governance frameworks that address how data is collected, stored, and used in systems, or, in this case, AI models. [19:28] Those frameworks should be familiar to anyone working in the data protection space or the risk management space for the last three decades. Insurers getting into the cybersecurity space have been paying stark attention to this. [19:58] We've found out that IoT devices are probably the easiest and most risky entrance points within networks into homes and critical infrastructure devices. The biggest risks they create are unauthorized access, data breaches, and potential surveillance. [20:19] These are not new risks. They're existing risks that are promulgated because of the new avenue to get in. It used to be that the worst thing that could happen to an IoT device like a router is that it gets compromised and becomes part of a botnet to take down websites. [20:38] Today, that still happens, but that IoT device is looked at as the back door for entering someone's network if it's not properly secured. [20:49] In itself, 5G is awesome. There are fantastic things to do with increased data flow. With increased speed and connectivity come the ability to move more data at a time and we're facing data being transferred in an insecure manner. People don't know what data they're sharing. [21:15] We're running into the same classic issues but they're exacerbated by something we view as a major success, access. Access should be celebrated but we shouldn't open doors because we can open them. We need to be able to make sure those doors are secured. [21:48] James paraphrases Mark Groman, a privacy expert formerly with the FTC. “Privacy and cybersecurity are sometimes viewed as competing priorities. They are two sides of the same coin. I refuse to live in a world where you compromise security for privacy or vice versa.” [22:11] We live in a world where you can have both. The great thing about advancing technologies is that we can do both. Both cybersecurity and privacy aim to protect sensitive data and systems, just from slightly different angles and for different reasons. [22:31] There has to be a collaborative approach between cybersecurity and privacy. An intermediary like a risk professional can help cybersecurity and privacy teams work together. [22:41] By leveraging things privacy-preserving technologies and designing privacy into cybersecurity measures, organizations can bridge the gap and achieve harmony between the two essential functions. This strengthens the organization and its overall risk management. [22:58] When a risk is realized in one area, it's common for it to be a harmonious risk with another risk in a different area. In the privacy and cybersecurity space, risks overlap often. Conflicts between cybersecurity and privacy are easily bridged. [23:24] Cybersecurity professionals want to collect more data; privacy professionals want you to minimize the amount of data you collect. [23:34] Cybersecurity relies on extensive data collection to detect, monitor, and respond to threats. Privacy wants to collect only what's necessary and maintain it for a minimum time. [23:46] Security monitoring tools like intrusion detection systems may gather logs or metadata that could include personal data, creating potential privacy risks, especially for an insider threat. [24:00] Organizations can implement privacy-aware cybersecurity solutions that anonymize or pseudo-anonymize data where possible, allowing cybersecurity professionals to get to the root of the problem they're trying to solve while masking sensitive data. [24:13] If you're investigating an insider threat, you can unmask the data. Do you need that data to do the job that you're tasked to do? If not, why run the risk of inappropriately accessing it? [24:53] Privacy frameworks will always encourage transparency about data usage and sharing, especially by private entities doing consumer business and handling personal information. [25:07] The public needs to know what you are collecting from them, how you are using it, and whether are you sharing it. They need to know if you are handling their data securely. [25:38] James would tell cybersecurity professionals that if they think obscurity is security, they should find another job. Obscurity is typically the worst way to secure things. [25:51] There are ways to describe how data is being held or secured by an organization without compromising the cybersecurity tools or techniques used to monitor or look for vulnerabilities. [26:03] Transparency can be maintained without compromising security and can be used in a way to assure the public that an organization is keeping serious security techniques in mind when handling the public's data. James tells how to share that message with the public. [27:08] When James opens software, he reads the Third Party Agreements. He knows most people don't. Government agencies include a plain language version of the agreement. Some private companies are doing the same to help people understand how their data is being used. [28:40] Quick Break for RIMS Plugs! The first of hopefully many RIMS Texas Regional Conferences will be held in San Antonio from August 4th through August 6th, 2025. [28:58] This groundbreaking event is set to unite the Texas RIMS Chapters and welcome risk management professionals from around the world! Also known as the Risk Management Roundup in San Antonio, you can join as a speaker!  [29:11] The Conference planning committee is interested in submissions that explore technology and cyber risk, workforce protection and advancement, energy and sustainability, extreme weather, construction, restaurant, retail, hospitality, and other trending now sessions. [29:28] The deadline to submit your proposal is Monday, February 24th. The link to the event and the submission process is in this episode's show notes. Go check it out! [29:39] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [29:58] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [30:20] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [30:30] Let's Return to the Conclusion of My Interview with the Chief Privacy Officer of CISA, James Burd! [31:00] A lot of ERM frameworks exist because they were required by regulation or law. [31:10] Privacy professionals are starting to see the same risks that risk management and compliance professionals have been dealing with for decades. The big tools that privacy professionals use are called Data Privacy Impact Assessments (DPIA). [31:29] DPIAs vary, depending on the regulatory framework or law. DPIAs do two things: they identify what data assets you have and they examine the risks that are associated with the handling of those data assets and what mitigations must be in place to buy down those risks. [31:48] That assessment can populate half of an ERM framework's register. Getting involved with your privacy program manager as they do these DPIAs may first cause the privacy program manager to resist your risk assessment, but a risk in one space is a risk in another space. [32:21] The DPIA is a valuable source of information for a risk manager. You can see the risks earlier. You can identify with the privacy program manager what some of the major risks might become. That means both realized and unrealized risks, which are equally important. [33:06] A privacy program manager will be preoccupied with a lot of the perceived risks. A risk manager wants to know which risks are more likely and identify them early. [33:40] A likelihood assessment will help the privacy officer identify how many “calories” to spend on this risk. The risk manager and privacy manager have a mutually beneficial relationship. They help each other. [34:17] CISA provides cybersecurity education, news on vulnerabilities and cyber threats, threat intelligence, and service to critical infrastructure providers once there is an incident of some sort. The CISA website shows cyber threat indicators of what a compromise might look like. [35:40] CISA has found novel patterns on networks that make it hard to tell that your network has been compromised. CISA calls those things “Left of Doom.” On the “RIght of Doom,” CISA prioritizes the incidents that it responds to. [36:02] CISA focuses primarily on critical infrastructure. If you have a situation CISA cannot respond to, they will assist you by a local field office to find the people to help you, whether it's law enforcement, local cyber security service providers, or a local Emergency Response Team. [37:03] Companies are involved in the California wildfires. Could an incident like that distract them that they might become susceptible to data breaches? James notes that you can't address every problem at the same time. Prioritize, rack, and stack. [37:17] Incidents are going to happen. CISA asks agencies and companies to take the time and spend the resources to knock out all the low-hanging fruit. The great majority of incidents CISA sees are bad actors exploiting very simple, easy-to-fix vulnerabilities. [37:55] It might be companies not using encrypted traffic, or only using a password to secure access to a server. The fix is relatively low cost or low impact. It takes time to figure out how to do the fix, but you'll be grateful that you took the time and spent the money to implement it. [38:24] The cost of a greater fix from the breach of a simple vulnerability will be far greater than the resources you'd spend to address it in the first place. Establishing that floor will help you focus on other “fires” that pop up while assuring you won't get “popped” for a silly reason. [38:49] If somebody's going to get you, make sure they've tried their hardest to get you. [38:58] It's Data Privacy Day today, as this episode is released! It's the start of Data Privacy Week! The theme is Take Control of Your Data!  [39:22] Robust privacy governance tips: Figure out where your data asset inventory is for your organization. Keep track of it and keep track of the risk associated with each data asset, Each data asset may have a different set of risks. [39:47] Every organization should maintain a comprehensive inventory of data assets, detailing what data is collected, where it is stored, who has access to it, and how it's used. [39:56] The risk professional probably isn't the one who takes the inventory, but they should have access to it and they should be evaluating that inventory.  [40:06] The risk professional can help the privacy manager by helping them establish clear policies and procedures for handling data, access control, and breach response, based on real risk. A privacy officer sometimes has difficulty identifying a real risk over a perceived risk. [40:23] By focusing on real risks, you avoid the problem where privacy officers spend too much energy coming up with solutions for the most unlikely scenarios, leaving organizations unprepared for what's likely to happen. [40:42] Special thanks again to James Burd of CISA for joining us here on RIMScast! There are lots of links about Data Privacy Day and Data Privacy Week in this episode's show notes. [40:54] Also see links to RIMS Risk Management magazine coverage of data privacy through the years and links to some RIMScast episodes that touch upon the topic. Be sure to tune into last week's episode with Tod Eberle of the Shadowserver Foundation on cyber risk trends of 2025! [41:18] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [41:47] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [42:05] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [42:23] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.  [42:39] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [42:53] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [43:00] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4-7. | Register today! RIMS Legislative Summit — March 19‒20, 2025 Cyber Infrastructure Security Agency National Cybersecurity Alliance | Data Privacy Week 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Texas Regional Conference 2025 | Submit an Educational Session by Feb. 24. RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP” | Presented by the RIMS Greater Bluegrass Chapter February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 | Instructor: Gail Kiyomura “Applying and Integrating ERM” | Feb. 26‒27, 2025 | Instructor: Elise Farnham “Managing Data for ERM” | March 12, 2025 | Instructor: Pat Saporito See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule   Related RIMScast Episodes: “Cyberrisk Trends in 2025 with Shadowserver Alliance Director Tod Eberle” “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024) “Cybersecurity and Insurance Outlook 2023 with Josephine Wolff”   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance”| Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail” | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: James Burd, Chief Privacy Officer, Cyber Infrastructure Security Agency (CISA)   Production and engineering provided by Podfly.  

How do you become a leader in the privacy space? Use video and content to make privacy and the profession more accessible? And define a whole new type of privacy role?Join Ron De Jesus, Field Chief Privacy Officer at Transcend, as he shares what it's like to be the first in the compliance industry to take on his innovative new role leading dialogues and creating spaces for discussion about the future of privacy. Pulling from his experience leading privacy at dating app companies like Grindr and Tinder and fashion houses like Tapestry and Coach, Ron leads with his extensive domain knowledge and first-hand understanding of privacy-related issues.Listen as Ron discusses how he conducts interviews with privacy regulators, politicians, and activists in his video series “Field Notes,” the future of the CPO role in the age of AI, managing corporate reputations after privacy complaints, how to break into privacy without a law degree, and much more.Read detailed summary: https://www.spotdraft.com/podcast/episode-80Topics: Introduction: 0:00What is a Field Chief Privacy Officer?: 1:50Producing a creative video webseries at Transcend: 6:54Experimenting with video content as a freelance privacy consultant: 12:05Coming into a role at a company dealing with privacy complaints: 15:50Managing privacy-related communications issues: 19:01Navigating a career break after alleging wrongful termination: 21:53Thinking about new consent frameworks in the privacy industry: 24:40How did you get your start in privacy?: 27:57What is the future of the CPO role?: 33:56Advice to young people who want to work in privacy: 36:19How to find Ron: 39:34Rapid-fire questions: 40:01Book Recommendations: 41:28What you wish you'd known as a young privacy professional: 42:42Connect with us:Ron De Jesus - https://www.linkedin.com/in/rondejesus/Tyler Finn - https://www.linkedin.com/in/tylerhfinnSpotDraft - https://www.linkedin.com/company/spotdraftSpotDraft is a leading contract lifecycle management platform that solves your end-to-end contract management issues. Visit https://www.spotdraft.com to learn more.

The Department of Health and Human Services Office for Civil Rights (OCR) has made risk analysis a top priority in its enforcement of Health Insurance Portability and Accountability Act (HIPAA) compliance. Dawn Morgenstern, Senior Director of Consulting Services and Chief Privacy Officer, Clearwater, speaks with Betsy Hodge, Partner, Akerman LLP, about OCR's risk analysis enforcement initiative. They discuss what's driving the initiative, key enforcement actions, and steps health care organizations can take to ensure they meet regulatory requirements regarding risk analysis. From AHLA's Health Information and Technology Practice Group. Sponsored by Clearwater.AHLA's Health Law Daily Podcast Is Here! AHLA's popular Health Law Daily email newsletter is now a daily podcast, exclusively for AHLA Premium members. Get all your health law news from the major media outlets on this new podcast! To subscribe and add this private podcast feed to your podcast app, go to americanhealthlaw.org/dailypodcast.

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.   In this episode, Justin interviews Shadowserver Foundation Alliance Director Tod Eberle about cybersecurity. Tod tells how his background as a prosecutor led to his interest in cybersecurity, how he encountered the non-profit Shadowserver Foundation, and how he left the public sector to work with them. He explains how Shadowserver provides actionable data to alert network owners and law enforcement of network vulnerabilities that need to be mitigated. He discusses trends in malware attacks, especially in ransomware. He shares his thoughts on ransomware threats of 2025 and the years to come. He provides tips on preparing your network against ransomware.   Listen to how you can harden your organization's network against malware attacks. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:33] About this episode. We will discuss cybersecurity with Tod Eberle, the Alliance Director of the Shadowserver Foundation. [:55] RIMS-CRMP Workshops! On February 19th and 20th, there will be a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:18] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:34] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:58] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:20] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:31] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:49] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! Our guest Tod Eberle is the Alliance Director of the Shadowserver Foundation, a non-profit security organization working altruistically behind the scenes to make the internet more secure for everyone. [3:15] Tod Eberle is with us to discuss the cybersecurity trends on his risk radar and the threats he wants risk professionals to be aware of as 2025 kicks into high gear. Shadowserver Alliance Director, Tod Eberle, welcome to RIMScast! [3:41] Justin saw that Shadowserver Foundation was promoted by the National Cybersecurity Alliance and he thought it would be great to have a follow-up on his appearance there. [3:54] Tod says the National Cybersecurity Alliance is a great organization. After working together with them for a year, they invited Tod to do a webinar. It was a great experience. [4:28] Tod's background is as a career prosecutor, starting as a county prosecutor in Western Pennsylvania in 1997. In 2004, Tod became a Federal Prosecutor in Pittsburgh for the U.S. Department of Justice. [5:00] In 2014, He transitioned over to the National Security and Cybercrime section in Pittsburgh. Pittsburgh was at the forefront of cyber investigations by both the U.S. Attorney's Office and the FBI. Tod wanted to be a part of that. [5:34] The Pittsburgh office has run investigations and issued indictments against Chinese Military Intelligence officers and Russian GRU officers for hacking. In 2014, Pittsburgh had the first criminal indictment of nation-state threat actors. [6:00] In that case, Chinese Military Intelligence PLA officers hacked into Pittsburgh companies Westinghouse, ALCOA, U.S. Steel, and United Steel Workers. Some forward-thinking folks at the FBI and the U.S. Attorney's Office, particularly U.S. Attorney David Hickton, focused on cyber. [6:29] That continued over the years until the present. [6:46] To begin an investigation, the FBI and U.S. Attorney's Office in Pittsburgh, need to have some aspect of an organization's criminal activity touch that district, the Western District of Pennsylvania. A national ransomware case with one victim in Pittsburgh can be investigated. [7:16] In the investigation of Russian GRU actors responsible for the destructive NotPetya malware attack, a district hospital's network was attacked and destroyed. They expanded the investigation and charging documents to include other attacks around the country. [7:58] In 2015 Tod was a prosecutor working with the FBI on an investigation. He was at Europol at the Hague in the Netherlands, a center that brings together investigators and prosecutors from different countries who investigate the same threat group through Europol and Eurojust. [8:33] Tod met the Shadowserver Foundation non-profit group at the Hague in 2015. They were helping, through free technical support to the takedown operation, to dismantle the infrastructure of a crime group, using sinkholing and other security measures. [9:08] Tod Joined the Shadowserver Foundation in January of 2023. He is the Shadowserver Alliance Director. As a small non-profit, everyone wears many hats. The Shadowserver Foundation is a 501(c)(3) in the U.S. and a separate non-profit legal entity in the Netherlands. [9:47] The Shadowserver Foundation started about 2004. It celebrated its 20th anniversary in 2024. It began as a loose group of volunteers made up of cybersecurity researchers and technical experts who came together to help network owners and law enforcement. [10:15] Over the years they became more structured and became a non-profit organization. It's an unusual non-profit organization working 100% in operations. It works in three core areas. First, it's the world's largest provider of free, actionable cyber threat intelligence. [10:45] Second, the Shadowserver Foundation does cybersecurity capacity-building around the world. Third, it also provides free support to law enforcement investigations and disruption operations with technical support and expertise. Those three things are its core mission. [11:07] Justin notes commonalities between RIMS cyber risk reporting and the Shadowserver Foundation's work. Shadowserver collects a vast amount of threat data daily. What are the patterns it sees for 2025? [11:29] Shadowserver Foundation can help organizations mitigate risks. It collects cyber threat data at its data center in California through internet-wide scanning, honeypot sensors, sinkholing operations, and collecting and analyzing malware samples. [11:57] Every day for free the Shadowserver Foundation takes that data and provides it to over 9,000 organizations around the world and to 201 National C-CERTs that cover about 176 countries. [12:13] These reports identify exposed, misconfigured, vulnerable, compromised instances or devices on networks that need patching. [12:25] The organizations that get Shadowserver's data can be anything from banks to hospitals, universities, K-12 school districts, ISPs, local, state, and federal governments, small, medium, and large businesses, Fortune 500s, and NGOs; just about anyone can sign up. [12:46] The idea behind this is that cyber security should be available to everyone, regardless of the ability to pay. Organizations can sign up at the Shadowserver Foundation website, and provide their contact information and network information with IP ranges and ASNs. [13:12] The Shadowserver Foundation does its due diligence and if everything checks out, it automates those reports to go out to the organization daily. About 9,000 organizations sign up directly to receive daily reports. [13:22] The Shadowserver Foundation also sends out data for entire countries to the national C-CERT designated to handle that in those countries. In the U.S., CISA gets hundreds of millions of events from them every day for all the U.S. It is the same around the world. [13:52] Tod says that some things never change. Networks are breached primarily through phishing attacks, malicious links or attachments, and social engineering. [14:09] One trend is a focus on vulnerabilities. Criminals exploit vulnerabilities in the network that aren't timely patched and before they are patched. Shadowserver gives organizations an external snapshot view of their networks just as criminals are scanning for themselves. [14:52] Cybercriminal groups increasingly leverage zero-day vulnerabilities to breach a network. A zero-day vulnerability is a flaw in software or hardware that's unknown to the vendor and has no patch. The vendor has had zero days to fix the vulnerability after it has been discovered. [15:16] That was the case with the Clop ransomware gang. In 2024, they started exploiting zero-day vulnerabilities in Fortra's GoAnywhere software. That continued in May, with them exploiting Progress Software's MOVEit file transfer application. [15:38] Very recently, in December, the Clop Ransomware group claimed responsibility for using a zero-day vulnerability in Clio's file transfer platform that breached victims' networks. [15:49] Cyber criminals extort victims and steal data with ransomware attacks. Risk managers in cybersecurity need to stay on top of critical vulnerabilities that often go unpatched. Those are often the easiest gateway into a network. [16:26] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:38] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:54] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:06] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:17] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [17:35] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [17:58] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [18:08] Let's Return to the Conclusion of My Interview with Tod Eberle of Shadowserver! [18:49] Justin notes that In December of 2024, China attackers breached the Committee on Foreign Investment in the U.S. That is the government office that assesses foreign investments for national security risks. [18:58] China also targeted the Treasury's Sanctions Office after it sanctioned a Chinese company for its alleged role in cyberattacks. [19:14] Tod thinks we should acknowledge that this is nothing new and nothing we should be surprised about. It's been going on for many years and it's going to continue. Justin was in the Federal government in 2013 and 2014. [19:32] In 2015, it was announced that the U.S. Office of Personnel Management had been breached. Personal sensitive data for 42 million people were stolen. [19:44] In May 2014, five Chinese military officers were indicted for computer hacking and economic espionage against companies based in Pittsburgh. This is nothing out of the ordinary. Unfortunately, indictments don't seem to have a deterrent effect. [20:21] Countries can deny the charges of hacking even with strong evidence of their involvement. [20:37] There are different types of hacking, with different types of motivation. There is traditional espionage against U.S. government agencies. There is theft of intellectual property with nation-states trying to gain a commercial advantage in business. [21:23] There are destructive hacks by nation-state actors, like the NotPetya attack, or attacks on the Ukrainian power grid and banking systems in 2015 and 2016. [21:36] The Volt Typhoon threat actor group and its access to the U.S. critical infrastructure is one of the greatest national security concerns because of its potential to disrupt everything from water to power, to food, to transportation. [22:10] The ripple effect that can come from those disruptions would be enormous. The Colonial Pipeline ransomware attack of a few years ago affected fuel supplies, commerce, and the prices of goods. [22:31] Nation-state hacking is no longer just a concern for government agencies and companies that do business internationally, but it's now a concern for all of society. There's the potential to affect the daily lives of innocent civilians through attacks on critical infrastructure. [23:16] Tod mentions another 2014 indictment out of Pittsburgh, on the GameOver Zeus Botnet takedown. Part of that was a crypto locker ransomware disruption. This was in the infancy of ransomware, for $300 ransoms. Now ransom demands are in the tens of millions of dollars. [23:53] We have seen a huge evolution in ransomware. It's not going away. One thing we're seeing is bypassing data encryption and focusing on data theft. It's easier and less time-consuming for the threat actors because they don't have to map out the network. [24:41] If a victim company had good backups and easy restoration, that was an issue ransomware actors had to deal with, so why would the threat actors bother with that? They just focus on easy data theft and extortion of ransom for the data. [25:04] Tod thinks we will continue to see extortion. Ransomware continues to be the greatest concern for companies. The use of AI has been increasing both for defenders and attackers.  [25:14] A new ransomware group, FunkSec, is claiming large numbers of victims of extortion, encryption, and data theft. They seem to have ransom demands of less than $10,000. They have sold stolen data. Researchers think this is a less experienced group using AI to write code. [27:22] Shadowserver's very talented team collects the data. It's free. They want to get it into the hands of those who can use it. The reports identify things that are seen to be misconfigured or unnecessarily exposed to the internet. Sometimes they can show if something is compromised. [28:12] Shadowserver designates the events by severity level so the end user can prioritize their patching and address first the ones that are most critical and severe. The reports act both as an early warning system and a victim notification system if a device is seen to be compromised. [28:59] The network owner needs to remediate that and patch it before further exploitation like a ransomware attack can occur. [29:07] Shadowserver has two ways to detect that a device is compromised. The first is if they have indicators that tell them a device on the network is compromised. The second is with their support for law enforcement, law enforcement may share sensitive data with Shadowserve. [29:32] When law enforcement does a takedown and they get victim identification data like IP addresses, they must do victim notification. Law enforcement isn't scaled to do victim notification for hundreds of thousands of users. Shadowserver helps them with notifications. [30:48] Shadowserver is very careful to share data responsibly. Company A will get the data they have for Company A and it won't be shared with Company B and vice versa. Shadowserver views the data as belonging to that network owner. [31:08] If a company authorizes Shadowserver and wants them to share their data with a third party, Shadowserver will happily do it. There are several companies with MSSPs to manage their security. If the company asks, Shadowserver will send the data to their MSSP. [31:43] As a small, non-profit organization, not everyone has heard of the Shadowserver Foundation. They want people to know they have this data and they want to share it. It could be relevant for cyber insurance companies' due diligence, with the insurance applicant's consent. [32:20] It's important because those reports can show whether a network has remained healthy and secure over time. Tod would love to see Shadowserver be able to help more in the risk mitigation areas. [32:56] Special thanks again to Shadowserver Foundation's Tod Eberle for joining us here on RIMScast! Check out this episode's show notes for links to the Shadowserver reports we mentioned. [33:07] Be sure to tune in next week for Data Privacy Day! We've got a special episode with James Burd, Chief Privacy Officer of the Cybersecurity and Infrastructure Security Agency (CISA). That's going to be a good one! [33:22] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [33:50] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [34:07] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [34:25] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.  [34:41] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [34:55] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [35:03] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!   Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4‒7 | Register today! RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy Shadowserver Foundation National Cybersecurity Alliance RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops   Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule   Related RIMScast Episodes: “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024)   Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail' | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response   RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla!   RIMS Events, Education, and Services: RIMS Risk Maturity Model®   Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information.   Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts.   Have a question or suggestion? Email: Content@rims.org.   Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn.   About our guest: Tod Eberle, Shadowserver Foundation   Production and engineering provided by Podfly.  

Ben Chapman is the General Counsel and Chief Privacy Officer at Swoop. Prior to Swoop, Ben was the Deputy General Counsel for Real Chemistry. He has nearly 10 years of experience in ad tech, data, and privacy matters. In this episode… Companies that operate in the healthcare marketing space, like Swoop, approach privacy by emphasizing transparency, ethical practices, and building trusted partnerships. To remain compliant, businesses need to thoroughly understand their data handling processes and regularly assess their partners. By asking detailed, factual questions, companies can make informed decisions about their partners' practices and ultimately strengthen their privacy programs. Additionally, adopting a consumer- or patient-centric perspective helps businesses navigate the complexities of privacy laws while aligning with regulatory requirements and ethical standards. A proactive and well-informed approach to privacy strengthens compliance efforts and builds trust. Healthcare marketing faces new challenges as privacy laws evolve and health data definitions expand. Laws like the Washington My Health My Data Act broaden the scope of what constitutes health data, requiring organizations to reevaluate how they handle consumer data. Navigating this complex regulatory landscape requires companies to ensure compliance with state privacy laws and federal regulations like HIPAA, all while maintaining trust and transparency with consumers. How can companies ensure ethical and privacy-friendly marketing practices? In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Ben Chapman, General Counsel and Chief Privacy Officer at Swoop, about the intersection of privacy and healthcare marketing. They discuss how state privacy laws redefine health data, the importance of ethical data practices, and strategies for evaluating partners. Ben shares his insights on building privacy programs, fostering collaboration, and navigating the nuances of healthcare marketing in a highly regulated environment. He also highlights the importance of continuous learning and collaboration within the privacy community to stay ahead in the ever-changing regulatory environment.

Privacy and IT security need to be working in lock step, and doing so gets a lot easier when they're led by the same person. That's exactly what happened at UChicago Medicine in September when Chief Privacy Officer Karen Habercoss assumed the additional role of CISO. Scroll down to watch or listen to the full […] Source: Getting Privacy & Security on Same Page is Key in Today's Fast Changing Regulatory & Risk Environment, Says UChicago Medicine CISO & Chief Privacy Officer Karen Habercoss on healthsystemcio.com - healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.

FEATURING:* Ginger Armbruster, Chief Privacy Officer, City of Seattle IT* Ed Odom, Race and Social Justice Lead, City of Seattle IT* Ana LaNasa-Selvidge, Organizational Change Management Lead, City of Seattle IT* Greg Smith, Chief Information Security Officer, City of Seattle IT* Michael Cruz, Director of Data and AI, SLED, MicrosoftIN THIS EPISODE, YOU'LL LEARN:* How the City of Seattle is approaching AI adoption with a focus on responsible use, data privacy, and equity.* The unique privacy challenges AI poses for city governments, especially concerning data protection and maintaining public trust.* Why organizational change management is essential for the successful implementation of new technologies and securing employee buy-in.* Strategies for identifying and addressing potential biases in AI systems and guaranteeing equitable service delivery for all communities.* The importance of collaboration and transparent communication in navigating the complexities of AI and cybersecurity in the public sector.TIMESTAMPS* (00:00) Intro & Guest Introductions* (05:22) Cybersecurity Landscape and Vision for AI* (09:30) AI as a "Glitter Bomb" and Unique Privacy Challenges* (13:46) AI Solutions for City Governments & Lessons Learned* (18:32) Change Management for Successful Tech Adoption* (21:48) Ensuring All Voices are Heard and Included with AI* (27:22) AI and the Evolution of Cybersecurity* (30:48) The Importance of Data Stewardship for AI Initiatives* (32:32) Addressing Public Record Requests and Data Transparency with AI* (36:44) Strategies for Fostering Innovation and Adaptability in City Government* (40:48) Addressing Potential Biases in AI Systems & Ensuring EquityLINKS MENTIONED* Government AI Coalition* Department of Homeland Security's AI Safety and Security Board* Microsoft Copilot* City of Seattle Privacy Program* Seattle Race and Social Justice InitiativeWhenever you're ready, there are 4 ways you can connect with TechTables:1. The TechTables Newsletter: Join our thriving community of senior technology leaders by subscribing to the TechTables Newsletter. Gain early access to the latest episodes, industry insights, and exclusive event updates.2.

In this episode, Commissioner Patricia Kosseim delves into significant health privacy cases of 2024 with her colleagues from the IPC. The conversation highlights challenges, practical takeaways, and lessons learned from recent cases and investigations under Ontario's Personal Health Information Protection Act. Whether you're a health care provider, privacy professional, or legal expert, this episode is packed with actionable insights you won't want to miss.Episode Highlights:Ransomware attack on a medical imaging clinic and its implications for privacy and operations [2:28]LifeLabs cyber attack: joint investigations and key legal outcomes [8:55]Unauthorized access to patient files: training gaps and remedies [16:39]Abandoned health records: risks, regulatory actions, and preventative steps [26:02]Obligations under PHIPA when abandoned records are discovered [31:41]Key Lessons:Proactive approaches to data breaches, including secure backups and notification protocolsMonitoring dormant accounts and implementing least-privilege access policiesImportance of privacy training for all staff, including physicians, on an annual basisClear policies on patient privacy and deemed uses of personal health information Succession planning to ensure records aren't abandoned in events like closures or retirementsResources:PHIPA Decision 249PHIPA Decision 260PHIPA Decision 221PHIPA Decision 230LifeLabs 2020 Investigation ReportHow to Protect Against RansomwareResponding to a Health Privacy Breach: Guidelines for the Health SectorSuccession Planning to Help Prevent Abandoned RecordsStamping out snooping once and for all (blog)Artificial intelligence in health care: Balancing innovation with privacy (Info Matters podcast episode with Dr. Devin Singh)Unmasking digital threats: How to guard against cyber crime (Info Matters podcast episode with Jason Besner, Director of Partnerships at the Canadian Centre for Cyber Security)From the bedside to the board: Building a culture of privacy and security in health institutions (Info Matters podcast episode with The Ottawa Hospital's Chief Information Officer, Shafique Shamji, and Chief Privacy Officer, Nyranne Martin)IPC Strategic Priorities 2021-2025Info Matters is a podcast about people, privacy, and access to information hosted by Patricia Kosseim, Information and Privacy Commissioner of Ontario. We dive into conversations with people from all walks of life and hear stories about the access and privacy issues that matter most to them. If you enjoyed the podcast, leave us a rating or a review. Have an access to information or privacy topic you want to learn more about? Interested in being a guest on the show? Post @IPCinfoprivacy or email us at podcast@ipc.on.ca.  The information, opinions, and recommendations presented in this podcast are for general information only. It should not be relied upon as a substitute for legal advice. Unless specifically stated otherwise, the IPC does not endorse, approve, recommend, or certify any information, product, process, service, or organization presented or mentioned in this podcast, and information from this podcast should not be used or reproduced in any way to imply such approval or endorsement. None of the information, opinions and recommendations presented in this podcast bind the IPC's Tribunal that may be called upon to independently investigate and decide upon an individual complaint or appeal based on the specific facts and unique circumstances of a given case.

Julia Shullman is the General Counsel and Chief Privacy Officer at Telly, the world's first dual-screen smart TV fully paid for by advertising. Prior to Telly, Julia was General Counsel and Chief Privacy Officer at TripleLift, through its $1.4B acquisition by Vista Equity Partners. She also held various leadership positions, including Chief Privacy Counsel and Lead Attorney, Publisher Technology Group at AppNexus, through its $1.6B sale to AT&T. Before advertising, Julia spent a decade in mergers and acquisitions at both Latham & Watkins and UBM. She is recognized as an industry leader at the intersection of privacy, products, advertising, policy, and strategy. In this episode… Navigating the intersection of privacy, product, and advertising demands strategy. Companies need to view privacy as integral to their operations and growth, especially in highly regulated industries like AdTech. Without effective privacy programs, companies face potential deal disruptions, diminished valuations, and reputational damages. For early-stage companies in particular, failing to integrate privacy into their operations can hinder growth, derail funding opportunities, and even lead to regulatory scrutiny. How can organizations ensure that privacy is both a priority and an enabler of success? Developing effective privacy programs requires a tailored, pragmatic approach. Leaders need to educate their teams on privacy obligations and integrate privacy practices into business processes. This includes fostering collaboration among privacy experts and cross-functional departments, such as engineering and marketing, while adapting to industry-specific nuances. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Julia Shullman, General Counsel and Chief Privacy Officer at Telly, about building privacy programs that drive business success. Drawing from her extensive experience in M&A, privacy, and AdTech, Julia offers insights into balancing privacy with business monetization goals. She discusses the importance of understanding industry dynamics and the role of privacy in facilitating successful exits and partnerships. Julia emphasizes the value of cross-departmental collaboration and education in creating privacy solutions that resonate with a company's culture and business objectives. She also provides tips on how organizations can align their privacy programs with broader business strategies to build trust, ensure compliance, and drive innovation.

In law school, Val interned at Boston Scientific, His privacy career has been prolific. Val is general counsel at TrustArc, We will chat about how he's left his mark!

Matt Cohen welcomes Alex Alben, Co-Founder of Theo AI, to discuss his journey through media, law, tech policy, and AI, sharing insights into Theo AI's mission to predict legal case outcomes, the impact of AI on law, and the ethical challenges AI poses. Alben reflects on balancing innovation with regulation and emphasizes the importance of listening and understanding.About Alex Alben:Alex Alben is Co-Founder and Co-CEO of Theo AI, where he uses AI-driven analytics to assess legal case outcomes. With 20+ years in law, media, and technology, he also teaches Internet Law, Cybersecurity, and Privacy at UCLA. As Washington State's first Chief Privacy Officer, he developed data policies and helped guide strategies on emerging tech like drones and biometrics.Previously, Alex held executive roles at RealNetworks, where he pioneered digital music and streaming while addressing copyright challenges. As General Counsel at Starwave, he helped launch ESPN.com and ABCNEWS.com. His background includes advising public and private sectors on data protection, and co-chairing Washington's autonomous vehicle committee.Alex earned his A.B. in Political Science and J.D. in copyright and international law from Stanford University.In this conversation, we discuss:* (01:22) - Early Career at CBS: Working with Walter Cronkite, Alex describes how media responsibility and fact-checking shaped his approach to technology.* (09:30) - Real Networks: Alben reflects on pioneering media streaming, handling music piracy, and early digital media's regulatory hurdles.* (14:19) - TerraPower and Tech Regulation: Working with Bill Gates' TerraPower, Alex faced regulatory challenges in nuclear energy, shaping his perspective on tech regulation.* (16:38) - Washington Privacy Officer: As the first Chief Privacy Officer, he tackled privacy issues with drones and police body cameras, setting early standards.* (20:52) - AI and Regulation: Alex discusses parallels between regulating AI and earlier tech challenges, emphasizing the importance of thoughtful regulation.* (22:40) - Founding Theo AI: Theo AI's mission is to predict legal outcomes to aid litigation decisions, providing law firms with data-driven insights.* (34:10) - Use Cases for Theo AI: Potential applications in litigation finance and law, helping firms decide on case investments with greater accuracy.* (39:02) - Impact of AI on Law: Comparing AI's role in modernizing law with traditional practices, Alben highlights AI's efficiency in document and case management.* (42:46) - Final Thoughts on Technology and Listening: Alex closes with the importance of deep listening and understanding in an AI-driven world, and how podcasts foster meaningful connection.Fast Favorites* Podcast: Revolutions by Mike Duncan* Newsletter: Tech Policy Journal* Gadget: iPhone 11* Trend: Large language models (e.g., ChatGPT)* Book: Nine Stories by J.D. Salinger* Life Lesson: “Never wake a sleeping child” – and the value of listening deeply.Follow Matt Cohen and Tank Talks here!Podcast production support provided by Agentbee.ai This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit tanktalks.substack.com

On this week's show our host, Scott Brown, was delighted to welcome Mary Pothos, one of the leading voices in the Privacy space. Mary has held Chief Privacy Officer roles in some of the largest tech companies. Mary shares her career trajectory, starting from her days in-house in the financial services sector at Visa, and they discuss how she accidently pivoted into privacy!The Privacy Legal landscape has shifted significantly over the last two decades, so they dive into some of these changes and consider what the next 10 years might look like, as well as how top companies are currently navigating the risk.Mary walks us through her 3 lessons—the 'three Cs': Calmness, Curiosity, and Courage. If you like understanding what it's like working in a fast paced constantly changing legal landscape, don't miss this one!

Join Jules Polonetsky, CEO and Founder of the Future of Privacy Forum, as he shares lessons he learned from the front lines of ad tech starting in the early 1990s. Starting his career in politics as a New York assemblyman and working his way into consumer protection-focused public roles, he became one of the first chief privacy officers in the tech industry at companies like DoubleClick and AOL at a crucial moment in the history of online privacy. Now his think tank connects policymakers with corporations, and helps both sides answer tough questions about privacy and data.Join Jules Polonetsky, CEO and Founder of the Future of Privacy Forum, as he shares lessons he learned from the front lines of ad tech starting in the early 1990s. Starting his career in politics as a New York assemblyman and working his way into consumer protection-focused public roles, he became one of the first chief privacy officers in the tech industry at companies like DoubleClick and AOL at a crucial moment in the history of online privacy. Now his think tank connects policymakers with corporations and helps both sides answer tough questions about privacy and data.Listen as Jules discusses his uniquely-positioned understanding of privacy issues, the future of AI governance and the chief privacy officer role, advice to lawyers who want to move into the privacy space, and much more.Read detailed summary: https://www.spotdraft.com/podcast/episode-57Topics:Introduction: 0:00Getting a start in New York politics: 1:57Running for elected office: 11:46Taking one of the first Chief Privacy Officer roles in the industry at DoubleClick: 16:43Considering the necessary training to be successful in privacy: 24:28Founding the Future of Privacy Forum: 32:02Questioning the death of the Chief Privacy Officer role: 44:42Favorite part of your day-to-day work and professional pet peeves: 51:54Book recommendations: 56:41What you wish you'd known as a young lawyer: 1:00:01Connect with us:Jules Polonetsky: https://www.linkedin.com/in/julespolonetsky/Tyler Finn: https://www.linkedin.com/in/tylerhfinnSpotDraft: https://www.linkedin.com/company/spotdraftSpotDraft is a leading contract lifecycle management platform that solves your end-to-end contract management issues. Visit https://www.spotdraft.com to learn more.

In Part II of our conversation with Keith Enright, the outgoing Chief Privacy Officer of Google, Keith talks to host Arlo Gilbert about what it's really like to be in the hot seat of data privacy of one of the world's biggest tech companies: The good and the bad. You'll hear about the uniqueness of Google's approach to innovation and privacy, the complexities of being on regulators' radar, and the opportunities that led to world-changing outcomes and some of the most gratifying moments of his career.

In Part II of our conversation with Keith Enright, the outgoing Chief Privacy Officer of Google, Keith talks to host Arlo Gilbert about what it's really like to be in the hot seat of data privacy of one of the world's biggest tech companies: The good and the bad. You'll hear about the uniqueness of Google's approach to innovation and privacy, the complexities of being on regulators' radar, and the opportunities that led to world-changing outcomes and some of the most gratifying moments of his career.

Katy Ruckle, Chief Privacy Officer for the State of Washington and a Member of the State's Executive Committee for AI joins the show to discuss the privacy implications involving artificial intelligence in government. We also talk about the evolution of the Chief Privacy Officer role, her role on the AI executive order released by the State of Washington, and where she goes to stay on top of the latest trends and information on this evolving and dynamic technology.

In this episode of The Privacy Insider Podcast, Keith Enright, the outgoing Chief Privacy Officer at Google, joins host Arlo Gilbert to share what it's like to be at the privacy helm of one of the world's most influential–and most watched–companies. Part I of this conversation showcases Keith's unusual path to privacy and Google, the evolution of privacy under his watch, and where opportunities lie in privacy and technology today..

In this episode of The Privacy Insider Podcast, Keith Enright, the outgoing Chief Privacy Officer at Google, joins host Arlo Gilbert to share what it's like to be at the privacy helm of one of the world's most influential–and most watched–companies. Part I of this conversation showcases Keith's unusual path to privacy and Google, the evolution of privacy under his watch, and where opportunities lie in privacy and technology today..

Julie Rubash is the General Counsel and Chief Privacy Officer at Sourcepoint, a data privacy software company. She coordinates legal efforts for Sourcepoint and ensures that the product suite innovates and expands to meet the demands created by the ever-changing regulatory landscape. Julie brings over 15 years of legal experience and has worked at both law firms and as internal counsel in the media, technology, and advertising sectors. Prior to Sourcepoint, Julie served as the VP of Legal at the advertising platform Nativo. In this episode… As companies head towards a cookieless future, advertisers are devising clever ways to target consumers, some of which may risk infringing on privacy laws and privacy rights obligations. While companies are creating universal solutions to comply with evolving privacy laws, they may overlook nuanced targeting methods that use consumer data differently than cookies. The stakes are high for any company engaging in these emerging targeting methods, as businesses must recognize the privacy risks and carefully blend legal requirements with their marketing efforts to protect consumer data. Some of the most innovative companies have embraced privacy considerations as a marketing touchpoint, working with consumers to build trust and provide clear options to manage their preferences. Companies like Sourcepoint recognize this need and that privacy obligations and consent solutions are not one-size-fits-all, so they offer flexible privacy software solutions that allow companies to tailor privacy programs based on their unique business goals, circumstances, and legal requirements. In this week's episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Julie Rubash, the General Counsel and Chief Privacy Officer at Sourcepoint, about the ins and outs of managing consent as new targeting methods emerge. Julie stresses the need for customized consent solutions that align with company principles and privacy regulations while allowing consumers to manage their preferences. She also discusses how privacy professionals can recognize and mitigate the risks of new targeting methods, the importance of understanding the data you're collecting, and why combining marketing and privacy goals is paramount in this evolving ad tech landscape.

How can risk managers in higher education get a better understanding of how real-time perceptions of their institution by students, faculty, staff, and the public at large can inform their work? In this episode, we'll hear from Liz Gross, CEO of Campus Sonar and Rebecca Rapp, General Counsel and Chief Privacy Officer of Ascendium talk about three areas of risk where the concept of social intelligence can be another source of information when making assessments: workforce and employer reputation; overall institutional reputation or brand health; and high-publicity crises.Campus SonarLiz GrossRebecca RappRebuilding Public Trust in Higher EducationConnect with URMIA & URMIA with your network-Share /Tag in Social Media @urmianetwork-Not a member? Join ->www.urmia.org/join-Email | contactus@urmia.org Give URMIA Matters a boost:-Give the podcast a 5 star rating-Share the podcast - click that button!-Follow on your podcast platform - don't miss an episode!Thanks for listening to URMIA Matters!

Gretchen Herault is Chief Privacy Officer at Randstad USA and the global job board Monster.com. She has held several privacy leadership roles, including Chief Privacy Officer at Haven Healthcare, HIPAA Privacy Officer at GE Healthcare, and Chief Privacy Officer of Nuance Communications. In this episode… Since the introduction of CCPA and as of this recording there are just under two dozen privacy laws either signed or about to be, altering how companies manage consumer data.As compliance becomes increasingly urgent, how can businesses structure their privacy programs around these laws? Gretchen Herault manages Randstad USA's privacy program, collaborating with a cross-functional team of legal and business professionals to develop comprehensive strategies and operational solutions. As a result, Randstad's privacy program takes a proactive approach and adapts to new regulations by aligning with California's strict privacy standards. This simplifies compliance efforts and prepares the company for upcoming laws. In today's She Said Privacy/He Said Security episode, Jodi and Justin Daniels engage in a thought-provoking conversation with Gretchen Herault, the Chief Privacy Officer of Randstad USA and Monster.com, about building and operationalizing privacy programs. They discuss how to develop privacy programs under a growing number of privacy laws, regulating company AI use, and Gretchen's advice for evaluating and building privacy teams.

Michael Moore is the Chief Privacy Officer at Lacework, handling privacy and cybersecurity, product counseling, transactions, intellectual property strategy, and open-source software. He holds the IAPP privacy qualifications of CIPP-US, CIPP-E, CIPP-C, CIPM, and CIPT. Michael is also an inventor on 10 patents and author of over 20 published articles. In this episode… Cloud solutions are immensely helpful and strategic tools for companies, offering ubiquitous and immediate access to stored data. The benefits are abundant, but so are the dangers. Cloud software's vulnerabilities stem from the same features that make it valuable, making it a prime target for privacy and security threats in a centralized space. That's why companies like Lacework are tackling this issue with a tile-based cloud security platform that detects data and identity risks to protect against both known and unknown threats. How can your company amplify its cloud security to stay ahead in the evolving threat landscape? In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels are joined by Michael Moore, the Chief Privacy Officer at Lacework, to discuss security and privacy for the cloud. They discuss the modern concerns, how Lacework helps companies, the increasing threats companies face, and Michael's personal privacy tips for anyone and everyone.

When it comes to data privacy, the legal and regulatory environment is changing faster than ever. While in the United States, no federal privacy law exists, there's a growing sentiment from those who are watching closely that things are about to change. In this episode of Privacy Files, we talk to privacy law attorney Alan Chapell. Alan is the Founder of Chapell & Associates, a legal consulting firm that helps digital media companies navigate the challenges associated with regulations, public policy and the overall marketplace as it relates to privacy. From serving as Chief Privacy Officer for startups to transitioning into a general counsel role for more established organizations, Alan's primary goal is to help companies maximize opportunities while avoiding the major pitfalls. Alan is also the Chief Analyst and Publisher of The Chapell Report, a monthly research report focusing on the most important topics pertaining to digital media and privacy. To learn more about The Chapell Report: https://thisischapell.com/wp-content/uploads/2021/12/The-Chapell-Report-one-page-description-041821.pdf In this interview, Alan reflects on the significant changes that have taken place over the last twenty years in the digital media industry. We talk about the impact that artificial intelligence (AI) is having on digital media and privacy. Alan has consulted in more than 25 bankruptcy cases, including General Motors, Chrysler, Eddie Bauer, Atari and St. Vincent's hospitals. Related to this topic, we discuss a little about the dangers involved with mergers and acquisitions and why it so critical for companies to conduct their due diligence before finalizing any agreements to ensure the company will be compliant with privacy laws and regulations. Alan is also a professional musician and talks about how his career in music inspired him to help the digital media industry raise its game in the privacy arena. To learn more about Alan's music: https://thisischapell.com/ To learn more about Chapell & Associates:k https://chapellassociates.com/ OUR SPONSORS: Anonyome Labs - Makers of MySudo and Sudo Platform. Take back control of your personal data. www.anonyome.com MySudo - The world's only all-in-one privacy app. Communicate and transact securely and privately. Talk, text, email, browse, shop and pay, all from one app. Stay private. www.mysudo.com MySudo VPN - No personal information required to sign up. You don't even need a username and password. Finally, a VPN that is actually private. https://mysudo.com/mysudo-vpn/ Sudo Platform - The cloud-based platform companies turn to for seamlessly integrating privacy solutions into their software. Easy-to-use SDKs and APIs for building out your own branded customer apps like password managers, virtual cards, private browsing, identity wallets (decentralized identity), and secure, encrypted communications (e.g., encrypted voice, video, email and messaging). www.sudoplatform.com

www.CPOPLAYBOOK.comEpisode TranscriptAboutThe podcast underscores the crucial role of Chief Information Security Officers (CISOs) in protecting organizations from cyber threats. Gary Hayslip, a seasoned CISO, emphasizes the evolving nature of the role from technical to strategic leadership. He highlights the importance of integrating CISOs into the executive team and discusses the ethical concerns surrounding their reporting structure.*Gary HaysllipGary Hayslip is an experienced Global CISO with repeated success delivering innovative security programs to safeguard enterprises at every touchpoint. An insightful thought leader with proven business acumen and commitment to organizational mission, values, and goals. Hayslip brings this wealth of information technology, security leadership, and risk management experience to his role as the CISO, for SoftBank Investment Advisers & SoftBank Group International. Hayslip's previous executive roles include multiple CISO, CIO, Deputy Director of IT, and Chief Privacy Officer roles for the U.S. Navy (Active Duty), the U.S. Navy (Federal Government employee), the City of San Diego California, and Webroot Software.Hayslip is a proven cybersecurity professional; he has established a reputation as a highly-skilled communicator, author, and keynote speaker. Hayslip co-authored the CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 & 2, The Executive Primer: An Executives Guide to Security Programs, and Developing your Cybersecurity Career Path. He also recently published The Essential Guide to Cybersecurity for SMBs. Hayslip serves as a director on several boards and is also a technology advisor for several others.*All media inquiries: media@cpoplaybook.com

Judy Titera is the owner of J Titera Solutions, where she provides privacy and security consulting services. She is also a faculty member of IANS Research and serves as Independent Director on the Mitsui Sumitomo Transverse Insurance board. Judy retired from USAA, where she served as the Chief Privacy Officer. She now spends her free time participating in professional and speaking engagements. In this episode… In a vacuum, privacy concerns are a simple matter of ethics and logistics. In reality, the structure of most businesses makes privacy a far more complex topic. With so many executives and experts involved in implementation, how can you communicate effectively? For companies with a board of directors, speaking with boardrooms is a key opportunity to make your voice heard. Talking with executive leadership requires tact, skill, and knowledge. If you learn from professionals who have been in the same situation, you can have an advantage in communicating. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels have an informative conversation with Judy Titera, Owner of J Titera Solutions, about privacy professionals in the boardroom. They discuss key strategies, why healthy working relationships are so vital, and what privacy success looks like. Judy discusses her career and explains how she was able to become involved with various boards of directors.

As a teenager, Robin was a figure skater, In college, she worked as a waiter. Robin's extensive privacy experience is not brief, She's now Skyflow's privacy chief!

For over 20 years, General Counsel Conference Midwest has been the premier event in the industry by delivering key insights and practical solutions that today's general counsel need to manage and better leverage C-Suite relationships, successfully overcome a litigation crisis, do more with fewer resources, and MUCH MORE.  But this year, the conference is experiencing a first … Legal Speak Live!  Hosts Cedra Mayfield and Patrick Smith are bringing you interviews with moderators and speakers from various panels at this year's event in Chicago.  In this episode, Patrick is joined by John Meyer the GC and Chief Privacy Officer at Zeem Solutions.

Amy Worley is Managing Director at BRG, a global leader in data protection, information security, and AI governance. A licensed attorney, certified privacy professional, and certified information systems security professional, Amy formerly served as the Chief Privacy Officer for a billion-dollar pharmaceutical and medical device company and now serves as a fractional Data Protection Officer for several multinational companies.  Amy's consulting practice is focused on helping clients implement sustainable programs that result in meaningful compliance with state, national, and regional laws and build corporate trust. She is passionate about the intersection of data, people, and power.   References: Amy Worley on LinkedIn BRG: Privacy and Data Protection services Draft: American Privacy Rights Act 2024 Dragos Tudorache: Dealing with foundation models, data protection, and copyright in the EU AI Act (Masters of Privacy) EDPB Guidelines 8/2020 on the targeting of social media users  

On this week of Serious Privacy, Dr. K Royal catches up with Val Ilchenko, General Counsel and Chief Privacy Officer of TrustArc. K and Val are both at the IAPP Global Privacy Summit in Dc and were able to catch up for a great conversation on how to design privacy software for both experienced privacy professionals and those who just need to take the first step.We also discussed his career trajectory, where AI should live, and myriad other topics so common to all of us. In addition, Val recommended two resources: You should look at the Sora video demos. It's OpenAI's video technology, S O R A. And then separately, there's a YouTube video where OpenAce technology is used with Figure, which is a robotics company.  If you have comments or questions, find us on LinkedIn and IG @seriousprivacy @podcastprivacy @euroPaulB @heartofprivacy and email podcast@seriousprivacy.eu. Rate and Review us! Proudly sponsored by TrustArc. Learn more about NymityAI at https://trustarc.com/nymityai-beta/ #heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO

If you struggle to stand your ground and make your voice heard, personal power may be the answer. Are you giving your power away? What does it mean to reclaim your power? Reclaiming your personal power is not just about asserting dominance; it's about harnessing your personal strength. Join our guest, Melissa Dill, Executive Director and Chief Privacy Officer at Kodiak Solutions. Melissa shares personal power examples and insights from her career. Tune in to this episode to discover: ✔️ How embracing personal power transforms your leadership and authenticity in the workplace. ✔️ How speaking up amplifies your personal power. ✔️ How your personal power helps you take more calculated risks with confidence. ✔️ Why not taking feedback personally helps you maintain your personal power and resilience. ✔️ Identify sources of personal power, what makes you feel powerful at work. ✔️ The wrong kind of personal power in leadership.   ✅ Follow our Melissa Dill on LinkedIn: https://www.linkedin.com/in/melissa-dill-5b55874   ✅ Request A Customized Workshop For Your Team And Company:  http://assertiveway.com/workshops   ✅ Order our book, ‘Unapologetic Voice: 101 Real-World Strategies for Brave Self Advocacy & Bold Leadership' where each strategy is also a real story: https://www.amazon.com/Unapologetic-Voice-Real-World-Strategies-Leadership-ebook/dp/B0CW2X4WWL/   ✅ Other Episodes You'll Like Take Control: How to Protect Your Personal Power at Work The Power of a Thick Skin: 10 Ways Assertive Communication Helps You Handle Difficult Workplace Situations How To Receive Feedback Gracefully (And What Not To Do) Amplify Your Voice, Amplify Your Impact: How to Speak Up and Make a Difference at Work Master the 5 Levels To Speak Your Mind Unapologetically: From Silence to Influence 32 Ways To Take Up More Space And Get Noticed At Work Speak Your Truth: 10 Tips to Becoming a Confident, Assertive Communicator   ✅ Free Resources FREE Training & presentation on How To Be Assertive Without Being Rude, Aggressive, or Offensive: https://assertiveway.aweb.page/assertivenotrude  Sign Up for Our Email Newsletter: https://assertiveway.com/newsletter/ From Rambling To Articulate PDF Guide: https://assertiveway.aweb.page/articulate Podcast episode lists by theme: https://assertiveway.aweb.page/speakyourmindunapologeticallytopics Women in Tech Leaders Podcast Interviews: https://assertiveway.com/womenintechpodcastguests/ Podcast Summaries & More Email Newsletter: https://assertiveway.com/newsletter Our Linkedin Blog Articles:  https://www.linkedin.com/newsletters/6863880009879306240/   TEDx Talk How To Speak Up Safely When It's Psychologically Unsafe: https://assertiveway.aweb.page/safespeak 10 Day free Assertive And Liked Challenge: https://assertiveway.aweb.page/beassertiveandliked Assertiveness free training: https://assertiveway.aweb.page/getahead Other Free resources: https://assertiveway.com/free/ Podcast page: https://assertiveway.com/podcast-speak-your-mind-unapologetically/   ✅ Follow Ivna Curi on LinkedIn: https://www.linkedin.com/in/ivna-curi-mba-67083b2/     ✅ Work With Us Workshops: http://assertiveway.com/workshops   Break The Silence: https://assertiveway.com/communicationculturetransformation/ Services: https://assertiveway.com/offerings Contact me: info@assertiveway.com or ivnacuri@assertiveway.com Contact me on Linkedin: https://www.linkedin.com/in/ivna-curi-mba-67083b2 Website: https://assertiveway.com   ✅ Support The Podcast Rate the podcast on apple: https://podcasts.apple.com/us/podcast/speak-your-mind-unapologetically-podcast/id1623647915 Ask me your question for the next episode: https://www.speakpipe.com/speakyourmindquestion

Dawn Morgenstern, Senior Director of Consulting Services and Chief Privacy Officer, Clearwater, speaks with Betsy Hodge, Partner, Akerman, and Gina Bertolini, Partner, K&L Gates, about the activities that are driving HHS/OCR health IT enforcement trends and what that means for the health care industry. They discuss the flurry of recent activity that appears to be setting the stage for major changes related to privacy and security, AHLA's recently updated HIT Enforcement Summary Tables, trends related to business associates, and how privacy officers can educate their organizations on these issues. From AHLA's Health Information and Technology Practice Group. Sponsored by Clearwater.To learn more about AHLA and the educational resources available to the health law community, visit americanhealthlaw.org.

In this episode, we dive into the world of data privacy with Keith Enright, the Chief Privacy Officer at Google. Keith's long-standing leadership in the privacy profession shines as we explore his calm and steady approach to handling the vast challenges that come his way. With a track record that includes leading privacy at Macy's and serving as a General Counsel, Keith is more than a leader; he's a visionary in the field. Discover how he guides Google's worldwide privacy team and how he plays a pivotal role in shaping responsible AI. Join us for an insightful conversation with one of the foremost voices in data privacy.

Harvey Jang, Vice President, Deputy General Counsel, and Chief Privacy Officer from Cisco, is sharing privacy concerns around Generative AI, trust challenges facing businesses and the attractive returns from privacy investment. Ben has the story of the FCC banning AI robocalls. Dave's got the story of efforts from the US to lead the way in global AI policy. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Links to the stories: F.C.C. Bans A.I.-Generated Robocalls The U.S. Plans to ‘Lead the Way' on Global AI Policy Caveat Briefing A companion weekly newsletter is available CyberWire Pro members on the CyberWire's website. If you are a member, make sure you subscribe to receive our weekly wrap-up of privacy, policy, and research news, focused on incidents, techniques, tips, compliance, rights, trends, threats, policy, and influence ops delivered to you inbox each Thursday. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Harvey Jang is the type of leader you want to work with. He is affable, open and leads with positive intent. In a world of constant change and at a company where IP and Innovation are literally the foundation, he leans into that dynamism and it makes him a compelling leader. In addition to Cisco, Harvey serves on the Board of Directors for the IAPP and is on the faculty for their privacy and AI governance certifications. Prior to that, he worked on legal/privacy teams @ intel, HP and Symantec. At Cisco Harvey leads a global team of privacy professionals, lawyers, and engineers in developing and operationalizing Cisco's privacy policies and standards, privacy by design, and accountability frameworks. He is also active in Cisco's AI, business and human rights, and DEI initiatives as well.

It's that time of year once again … LegalWeek!    ALM's LegalWeek is one week where thousands of legal professionals gather to network with their peers, dive deeper into their professional development, explore topics and strategies tailored specifically to their role, and gain the tools to get legal business done.  The LegalSpeak show has now become a regular staple at the conference as we talk to some of the leading legal minds across the industry.  In this episode, Zack and Alaina sit down with John Meyer, GC and Chief Privacy Officer at Zeem Solutions.

There's growing excitement that artificial intelligence can make health care better by speeding up care, improving diagnoses and easing the burden on a burned out workforce. But there are also concerns that these powerful new tools will perpetuate biases and inequities long baked into our health care system.In Part 2 of our special series on racial bias in health care AI, we dig into what the Biden administration is doing to keep biased algorithms from getting to the bedside.Guests:Emily Sterrett, MD, Associate Professor of Pediatrics, Director of Improvement Science, Duke University School of Medicine Department of PediatricsMark Sendak, MD, MPP, Population Health & Data Science Lead, Duke Institute for Health InnovationMinerva Tantoco, Chief AI Officer, New York University McSilver Institute for Poverty, Policy and ResearchCarmel Shachar, JD, MPH, Executive Director, Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law SchoolKathryn Marchesini, JD, Chief Privacy Officer, Office of the National Coordinator for Health Information TechnologyMelanie Fontes Rainer, JD, Director, HHS Office for Civil RightsLearn more and read a full transcript on our website.Dan Gorenstein will moderate three one-on-one discussions featuring industry leaders and top officials from ONC, FDA, and HHS' Office of Civil Rights over two plenary sessions, you can watch them here.Support this type of journalism today, with a gift, which for a limited time will be matched! Hosted on Acast. See acast.com/privacy for more information.

Privacy officers from Google, Microsoft, Meta and IBM discuss how they approach AI governance before a live audience at the general meeting of the IAPP (International Association of Privacy Professionals) on November 3, 2023 in Boston, Massachusetts.  We Meet: Julie Brill, Chief Privacy Officer, Corporate Vice President, Global Privacy & Regulatory Affairs, Microsoft Keith Enright, Global Chief Privacy Officer, Google Christina Montgomery, Chief Privacy and Trust Officer, IBM Rob Sherman, Vice President and Deputy Chief Privacy Officer, Policy, Meta Credits: SHIFT is produced by Jennifer Strong and Anthony Green, with help from Emma Cillekens. It's mixed by Garret Lang, with original music from him and Jacob Gorski.

Request A Customized Workshop For Your Company: https://www.americannegotiationinstitute.com/services/workshops/ In this episode, Andy Dale, General Counsel and Chief Privacy Officer at Alyce, offers negotiation advice for lowering the temperature of heated legal arguments. He also talks about books on leadership and negotiation that can help you become a better negotiator. Follow Andy Dale on LinkedIn https://www.linkedin.com/in/andy-dale-7705b83/ Liste to Data Protection Breakfast Club Podcast https://podcasts.apple.com/us/podcast/data-protection-breakfast-club-with-andy-pedro/id1559290322 Alyce Co. https://www.linkedin.com/company/alyce-co/ Contact ANI Request A Customized Workshop For Your Company: https://www.americannegotiationinstitute.com/services/workshops/ Follow Kwame Christian on LinkedIn: https://www.linkedin.com/in/kwamechristian/ The Ultimate Negotiation Guide: https://www.americannegotiationinstitute.com/guides/ultimate-negotiation-guide/ Click here to buy your copy of How To Have Difficult Conversations About Race!: https://www.amazon.com/Have-Difficult-Conversations-About-Race/dp/1637741308/ref=pd_%5B%E2%80%A6%5Df0bc9774-7975-448b-bde1-094cab455adb&pd_rd_i=1637741308&psc=1 Click here to buy your copy of Finding Confidence in Conflict: How to Negotiate Anything and Live Your Best Life!: https://www.amazon.com/Finding-Confidence-Conflict-Negotiate-Anything/dp/0578413736/ref=sr_1_1?crid=2PSW69L6ABTK&keywords=finding+confidence+in+conflict&qid=1667317257&qu=eyJxc2MiOiIwLjQyIiwicXNhIjoiMC4xNCIsInFzcCI6IjAuMjMifQ%3D%3D&sprefix=finding+confidence+in+conflic%2Caps%2C69&sr=8-1