Jerry Buckley, founder of Buckley LLP, a national financial services law firm, has taken a lead role in promoting national data protection standards. Described by Chambers as “a recognized dean of the consumer financial services bar,” Jerry serves as adviser to the Financial Services Trade Associations Data Protection Working Group, an informal alliance of national financial trade associations responding to fast changing legislative and regulatory developments related to privacy and data security.
Jody Westby is the CEO of Global Cyber Risk and also serves as Adjunct Professor at Georgia Institute of Technology’s School of Computer Science. Ms. Westby chairs the American Bar Association’s Privacy & Computer Crime Committee, is co-chair of the ABA’s Cybercrime Committee, and is an appointed member to the ABA President’s Cybersecurity Task Force. She is a professional blogger for Forbes and authors a regular column on cybersecurity issues for Leader’s Edge magazine. Ms. Westby is the author of several books and articles on cybersecurity, cyber conflict, and enterprise security programs.
We’re joined by Bill Sieglein, Founder of the CISO Executive Network, to discuss the perspective of CISOs on the threat environment, what policy or legislative actions might help advance cybersecurity, and reporting structures for CISOs. The CISO Executive Network comprises more than 2,000 CISOs in 23 chapters across the United States. Listen to this week’s episode for an insider view into cybersecurity from the CISO’s viewpoint.
This week, we’re joined by Harri Hursti to discuss cybersecurity aspects of election security, the role of the private sector, and what can be done at the federal level to address these issues. Harri is one of the world’s foremost experts on election security, is the founder of DefCon’s Voting Village, and is an accomplished technologist and security expert. Harri’s work was featured in the recent HBO movie, Kill Chain: The Cyber War on America’s Election, which is nominated for an Emmy for Outstanding Investigative Documentary.
We’re joined by John Reed Stark, founder of John Reed Stark Consulting and former Chief of the SEC Office of Internet Enforcement, to discuss recent SEC regulatory actions regarding cybersecurity management. After a three-year hiatus, the SEC recently filed actions against Pearson PLC and First American Financial Corporation. It also charged eight SEC-registered advisory firms. As President of John Reed Stark Consulting LLC, Mr. Stark’s work emphasizes quarterbacking teams of technical, compliance and legal experts in data breach, cyber-incident response, digital forensics, security science, cyber risk resilience and investigations for a broad range of public and private companies. He currently teaches a cyber law course at Duke University Law School and previously served as a managing director at Stroz Friedberg.
Jerry and Jody discuss the challenges involved in providing security for personal identification data collected and stored for transaction verification purposes. Our guest, Gary Weingarden, Counsel and Data Protection Officer at Notarize, joins us to talk about issues involved in protecting the privacy rights of signers in the notarization process as required by state laws as well as the complexity that will arise from a series of different state privacy enactments.
This week, we’re joined by Gary Corn, Program Director at American University Washington College of Laws Tech, Law & Security program, to discuss U.S. and international legal and policy issues associated with cyberattacks, especially those involving nation states or which may require U.S. government assistance.
We’re joined by Buckley LLP Counsel Sherry-Maria Safchuk to discuss the complexities companies face to maintain compliance with multiple and ever-changing state and federal privacy requirements, including data breach notifications and preparations that companies are making for compliance with the California Privacy Rights Act as well as Virginia and Colorado laws just enacted. Buckley LLP developed Winnow, proprietary software designed to ease business compliance.
Jerry and Jody discuss Jody’s recently released book, D&O Guide to Cyber Governance: Fiduciary Duties in the Digital Age, and the drivers that are making cyber governance a top agenda item for boards and C-suites: changes in Delaware case law, information security standards and best practices, new laws and regulations requiring specific governance actions, and cyber-event litigation following major cyberattacks.
We’re joined by Courtney Barton to discuss national privacy legislation from the corporate perspective and explores cross-border data flows, possible state and federal sharing of privacy regulatory responsibilities, which privacy provisions are most expensive for companies, and whether a new Privacy Shield program might give Congress a reason to punt on a national privacy law.
This week, Jody and Jerry discuss recent revelations regarding the use of Pegasus spyware and the implications for privacy. The privacy implications of the Pegasus Project reports have raised serious concerns in the media and governments around the globe, including the EU and U.S. Congress. What role these reports might play in raising awareness of privacy issues in Congress or causing it to focus on the need to develop a national data privacy and security law remains to be seen, but they clearly highlight the privacy dangers in the digital age and the need for government oversight.
We’re joined by Upstart’s Nat Hoopes to explore the perspective of a leading fintech industry advocate on the prospects for national privacy legislation and related regulatory developments. Jerry and Jody talk with Nat about the impact of a patchwork of state privacy laws, reasons why national privacy legislation is so slow in coming in the U.S. vs. quicker adoption in the EU, how to protect consumers from unfair outcomes in the use of AI, and the implications of data portability provided for in the Dodd-Frank bill.
We’re joined by Marc Rotenberg, president and founder of the Center for AI and Digital Policy, to discuss important influences and issues regarding national privacy legislation. We’ll discuss cross-border data flows and government surveillance, FTC enforcement, the likelihood of another Privacy Shield, actions in the EU that could influence Congress, and consumer protection.
We interview Riddhiman Das, CEO and co-founder of Triple Blind, about the role that tech solutions might play in protecting privacy, while simultaneously facilitating the use and sharing of data for business and research purposes, and how advanced encryption technologies can enable the policy objectives that legislators and regulators are driving toward.
We’re joined by Dan Murphy, Policy Manager of the Financial Health Network, to discuss the recently released “Financial Data: The Consumer Perspective.” The report is based on an extensive survey and finds 80-90% bipartisan support among consumers for data minimization and an opt-in requirement before a financial institution shares consumer data.
We’re joined by Sherri Davidoff, Founder and CEO of LMG Security, to discuss privacy considerations from the perspective of a highly experienced forensic investigator. They explore the use of personal data found on the dark web and privacy issues that arise during forensic investigations, including the new technique of Triple Extortion, and talk about what Congress can or should do about it.
We’re joined by Rick Bueno, the founder and CEO of Cyber Reliant Corporation, to discuss the implications of new data protection technology that builds security into the data itself using data encryption and data shredding. The quantum secure data platform developed by Cyber Reliant offers a way to frustrate cyber criminals, who may break through perimeter defenses but will be unable to access data in the files they obtain, maintaining its privacy.
This week, we’re joined by Shoshana Rosenberg, CEO of SafePorter and former global CPO, to give us some “boots on the ground” experiences and insights into what national privacy legislation in the U.S. should look like. Shoshana draws on her global expertise to discuss the role of privacy principles, data minimization, verification of consumer requests, data transfer adequacy, and more.
We’re joined by Bruce Schneier, a self-described “public-interest technologist,” to discuss the journey of privacy in the U.S. and how government actions impact it, exploring the concept that data is toxic and companies are “punch drunk” on data, storing too much, and bringing risk to their organizations.
We’re joined by thought leader Tom Vartanian to discuss his recent article in The Hill: “It’s Time for a New Secure Internet,” and the enormous vulnerabilities and risks that an insecure internet creates for people’s privacy and for our economy.
Jerry and Jody take a look around the corner at what lies ahead for privacy and data protection in the U.S., exploring what needs to be done to protect data and speculating on why there is not more urgency in addressing this issue. Why, in the face of increasing cyber threats and proliferating state privacy laws, is there no coherent national legislation?
Jody and Jerry discuss the implications of rampant cyberattacks and ransomware demands for both privacy and national security. We answer questions regarding privacy and national security implications of escalating ransomware and other cyberattacks, exemplified by the recent Colonial Pipeline incident.
We’re joined by Robert E. Grant, Founder, Chairman, and CEO of Crown Sterling Limited LLC, to discuss the concept of data ownership, the monetization of personal data, and the role these might play in national privacy debates as alternatives to consent and opt-in/opt-out.
We’re joined by National Credit Union Administration Board Member Rodney Hood, who chaired the NCUA Board until early 2021. He made cybersecurity and data protection at credit unions a priority when he became NCUA Chairman in 2019 and has spoken frequently about the challenges that credit unions face in coping with privacy law requirements and cyber threats.
We’re joined by Representative Suzan DelBene (D-WA) discussing the first major privacy bill introduced in the House in the 117th Congress, the Information Transparency and Personal Data Control Act (HR 1816).
Jerry and Jody examine the proposed EU ePrivacy Regulation, which was approved by the Council of the European Union on February 10, 2021. We discuss the scope of the proposed Regulation, which covers both consumer and corporate electronic communications and would replace the current ePrivacy Directive, commonly known as the “EU Cookie Law.”
We talk with Kabir Kumar, a Director at Flourish Ventures, an investment fund with a focus on promoting financial inclusion, domestically and internationally, exploring the empowerment that he believes can be achieved by giving individuals greater access to and control over the uses of their personal data.
We’re joined by University of Arizona professor Chet Hosmer to explore how technology can undermine or support privacy and data security. We also discuss vulnerabilities in security protocols and what can be done to enhance them.
We have a discussion with Mark Rasch, a recognized authority on cyber and privacy related litigation, regarding the issues surrounding individual enforcement of privacy rights and the concept of a new Private Right of Action in a legislative context. Provision for a Private Right of Action, or the absence thereof, has been identified as a point of contention among those advocating national privacy legislation.
We’re joined by Michael Aisenberg, Chair of the ABA’s Information Security Committee and ABA Observer to the ULC project on Collection and Use of Personally Identifiable Data (CUPID) to discuss whether the CUPID effort or the Privacy Act of 1974 might help shape national privacy legislation and whether we need a national privacy law to resolve cross-border data flows issues with the EU.
We’re joined by Scott Giordano, Senior Counsel – Privacy & Compliance at Spirion, to discuss the CJEU Schrems II decision, which invalidated the U.S. Privacy Shield Program and left companies uncertain about how to continue cross-border data flows.
Jerry and Jody are joined by Cory Simpson, who served as a Senior Director and lead for the U.S. Cyberspace Solarium Commission, to explore the objectives of the Commission and its principle recommendations.
We’re joined by Carlos Solari, a thought leader in data protection for decades, to take a “look around the corner” at the ways data analytics are evolving and the implications for individuals to control the way data will define them in the age of advanced AI and the Internet of Things.
Jerry and Jody are joined by leading consumer advocate, India McKinney, to explore the increasingly important voice that consumers and their advocates have in shaping the debate about the content of legislation at both the state and federal levels.
Hosts Jody Westby and Jerry Buckley explore the nexus between privacy and cybersecurity and how these issues may play into the national legislative response to privacy and data protection challenges.
We’re joined by Jamie Danker, VP of Privacy at Easy Dynamics Corporation, to discuss how principles long accepted in the federal agency context might have applicability in the private sector or could be used as guideposts for national legislation.
We’re joined again by Georgia Tech Professor and Alston & Bird LLP Senior Counsel Peter Swire to discuss the implications of the Schrems II decision by the CJEU and its interpretation and implementation by the European Data Protection Board.
We’re joined by Jill Reber, General Manager – Data Privacy at Logic20/20, who discusses the strategies companies are adopting as they seek to operationalize data protection in a rapidly changing environment.
We’re joined by Michael Copps, former Commissioner and Acting Chairman of the FCC, who now serves as Special Advisor on Media and Democracy Reform at Common Cause. Copps has called on the new Biden administration to establish a Presidential Commission on the Future of the Internet.
We’re joined by Georgia Tech Scheller College of Business professor Peter Swire, who explains issues and obstacles regarding federal preemption of state privacy laws and discusses a potential approach to a federal privacy law.
The EU has launched a series of data regulation initiatives designed to make Europe the “Data Continent” while the U.S. has yet to adopt national data governance rules and lacks an authoritative voice in international data policy discussions.
We discuss the complexities and trade-offs involved in the various types of data used by businesses and the pros and cons of national legislation with Jurgen Van Staden, Associate General Counsel for Privacy and Technology at Verizon Media.
We talk with Maarten Stassen, a partner in the Brussels office of Crowell & Moring LLP, about how cross-border data protection standards are playing out in practice in the EU.
We explore the rationale that led to adoption of the GDPR, as well as what has worked and what hasn’t, with John Bowman, Senior Principal at Promontory and the U.K. government’s lead GDPR negotiator.
In January 2020, NIST released a voluntary Privacy Framework – we discuss the framework with two NIST advisors who helped lead its development.
We interview Kaitlin Asrow, author of San Francisco Fed report, “The Role of Individuals in the Data Ecosystem,” a must-hear for anyone seriously interested in understanding the way forward in privacy and data protection policy.
We will explore the data protection issues the financial services industry is grappling with at the state level and the prospects for national privacy legislation.
The legislative landscape on Capitol Hill is fluid and the results of the election will have a big impact on what way Congress decides to go with a national privacy regime.
This week, we’re talking with Daniel Solove, law professor at the George Washington University and founder of TeachPrivacy.
Jim Dempsey is the Executive Director, Berkeley Center for Law and Technology and formerly held leadership roles at the Center for Democracy and Technology.