What would national legislation look like? On what principles would it be based? What are the arguments for and against a preemptive national standard? What Federal agency or agencies should be charged with implementing a national privacy law? What role would be left to the states if a national policy were to be adopted? How is Congressional debate likely to unfold? What role will the Executive Branch play in this debate? Will the United States, where the digital economy was born, cede leadership on data protection regulation to other countries? How would a US national privacy law relate to the EU General Data Protection Regulation (GDPR)? What domestic and international competitive issues are in play? HOSTS
Jerry Buckley, founder of Buckley LLP, a national financial services law firm, has taken a lead role in promoting national data protection standards. Described by Chambers as “a recognized dean of the consumer financial services bar,” Jerry serves as adviser to the Financial Services Trade Associations Data Protection Working Group, an informal alliance of national financial trade associations responding to fast changing legislative and regulatory developments related to privacy and data security.
Jody Westby is the CEO of Global Cyber Risk and also serves as Adjunct Professor at Georgia Institute of Technology’s School of Computer Science. Ms. Westby chairs the American Bar Association’s Privacy & Computer Crime Committee, is co-chair of the ABA’s Cybercrime Committee, and is an appointed member to the ABA President’s Cybersecurity Task Force. She is a professional blogger for Forbes and authors a regular column on cybersecurity issues for Leader’s Edge magazine. Ms. Westby is the author of several books and articles on cybersecurity, cyber conflict, and enterprise security programs.
EPISODES
SEPTEMBER 15, 2021
47 | New Wave of SEC Enforcement on Cybersecurity (with John Reed Stark)
We’re joined by John Reed Stark, founder of John Reed Stark Consulting and former Chief of the SEC Office of Internet Enforcement, to discuss recent SEC regulatory actions regarding cybersecurity management. After a three-year hiatus, the SEC recently filed actions against Pearson PLC and First American Financial Corporation. It also charged eight SEC-registered advisory firms. As President of John Reed Stark Consulting LLC, Mr. Stark’s work emphasizes quarterbacking teams of technical, compliance and legal experts in data breach, cyber-incident response, digital forensics, security science, cyber risk resilience and investigations for a broad range of public and private companies. He currently teaches a cyber law course at Duke University Law School and previously served as a managing director at Stroz Friedberg.
SEPTEMBER 9, 2021
46 | Data Protection and Remote Online Notarization (with Gary Weingarden)
Jerry and Jody discuss the challenges involved in providing security for personal identification data collected and stored for transaction verification purposes. Our guest, Gary Weingarden, Counsel and Data Protection Officer at Notarize, joins us to talk about issues involved in protecting the privacy rights of signers in the notarization process as required by state laws as well as the complexity that will arise from a series of different state privacy enactments.
SEPTEMBER 1, 2021
45 | Exploring Cyberattack Policy and Legal Issues (with Gary Corn)
This week, we’re joined by Gary Corn, Program Director at American University Washington College of Laws Tech, Law & Security program, to discuss U.S. and international legal and policy issues associated with cyberattacks, especially those involving nation states or which may require U.S. government assistance.
AUGUST 26, 2021
44 | Exploring Compliance with Evolving Privacy Requirements (with Sherry-Maria Safchuk)
We’re joined by Buckley LLP Counsel Sherry-Maria Safchuk to discuss the complexities companies face to maintain compliance with multiple and ever-changing state and federal privacy requirements, including data breach notifications and preparations that companies are making for compliance with the California Privacy Rights Act as well as Virginia and Colorado laws just enacted. Buckley LLP developed Winnow, proprietary software designed to ease business compliance.
AUGUST 18, 2021
43 | New Imperatives for Cyber Governance
Jerry and Jody discuss Jody’s recently released book, D&O Guide to Cyber Governance: Fiduciary Duties in the Digital Age, and the drivers that are making cyber governance a top agenda item for boards and C-suites: changes in Delaware case law, information security standards and best practices, new laws and regulations requiring specific governance actions, and cyber-event litigation following major cyberattacks.
AUGUST 11, 2021
42 | Perspectives from Corporate Privacy Counsel (with Courtney Barton)
We’re joined by Courtney Barton to discuss national privacy legislation from the corporate perspective and explores cross-border data flows, possible state and federal sharing of privacy regulatory responsibilities, which privacy provisions are most expensive for companies, and whether a new Privacy Shield program might give Congress a reason to punt on a national privacy law.
AUGUST 4, 2021
41 | Pegasus and Privacy
This week, Jody and Jerry discuss recent revelations regarding the use of Pegasus spyware and the implications for privacy. The privacy implications of the Pegasus Project reports have raised serious concerns in the media and governments around the globe, including the EU and U.S. Congress. What role these reports might play in raising awareness of privacy issues in Congress or causing it to focus on the need to develop a national data privacy and security law remains to be seen, but they clearly highlight the privacy dangers in the digital age and the need for government oversight.
JULY 29, 2021
40 | The Fintech Perspective on National Privacy Legislation (with Nat Hoopes)
We’re joined by Upstart’s Nat Hoopes to explore the perspective of a leading fintech industry advocate on the prospects for national privacy legislation and related regulatory developments. Jerry and Jody talk with Nat about the impact of a patchwork of state privacy laws, reasons why national privacy legislation is so slow in coming in the U.S. vs. quicker adoption in the EU, how to protect consumers from unfair outcomes in the use of AI, and the implications of data portability provided for in the Dodd-Frank bill.
JULY 21, 2021
39 | A Valued Perspective on Privacy Legislation (with Marc Rotenberg)
We’re joined by Marc Rotenberg, president and founder of the Center for AI and Digital Policy, to discuss important influences and issues regarding national privacy legislation. We’ll discuss cross-border data flows and government surveillance, FTC enforcement, the likelihood of another Privacy Shield, actions in the EU that could influence Congress, and consumer protection.
JULY 14, 2021
38 | The Role Tech Solutions Can Play in Shaping National Privacy Legislation (with Riddhiman Das)
We interview Riddhiman Das, CEO and co-founder of Triple Blind, about the role that tech solutions might play in protecting privacy, while simultaneously facilitating the use and sharing of data for business and research purposes, and how advanced encryption technologies can enable the policy objectives that legislators and regulators are driving toward.
JULY 7, 2021
37 | The Financial Consumer's Perspective (with Dan Murphy)
We’re joined by Dan Murphy, Policy Manager of the Financial Health Network, to discuss the recently released “Financial Data: The Consumer Perspective.” The report is based on an extensive survey and finds 80-90% bipartisan support among consumers for data minimization and an opt-in requirement before a financial institution shares consumer data.
JUNE 30, 2021
36 | A Forensic Investigator’s View of Privacy (with Sherri Davidoff)
We’re joined by Sherri Davidoff, Founder and CEO of LMG Security, to discuss privacy considerations from the perspective of a highly experienced forensic investigator. They explore the use of personal data found on the dark web and privacy issues that arise during forensic investigations, including the new technique of Triple Extortion, and talk about what Congress can or should do about it.
JUNE 23, 2021
35 | A New Approach to Data Protection: Quantum Secure Data (with Rick Bueno)
We’re joined by Rick Bueno, the founder and CEO of Cyber Reliant Corporation, to discuss the implications of new data protection technology that builds security into the data itself using data encryption and data shredding. The quantum secure data platform developed by Cyber Reliant offers a way to frustrate cyber criminals, who may break through perimeter defenses but will be unable to access data in the files they obtain, maintaining its privacy.
JUNE 16, 2021
34 | The Business Perspective on National Privacy Legislation (with Shoshana Rosenberg)
This week, we’re joined by Shoshana Rosenberg, CEO of SafePorter and former global CPO, to give us some “boots on the ground” experiences and insights into what national privacy legislation in the U.S. should look like. Shoshana draws on her global expertise to discuss the role of privacy principles, data minimization, verification of consumer requests, data transfer adequacy, and more.
JUNE 9, 2021
33 | The Journey of Privacy in the U.S. (with Bruce Schneier)
We’re joined by Bruce Schneier, a self-described “public-interest technologist,” to discuss the journey of privacy in the U.S. and how government actions impact it, exploring the concept that data is toxic and companies are “punch drunk” on data, storing too much, and bringing risk to their organizations.
JUNE 2, 2021
32 | Looking Around the Corner: The What, How, When (and If) of National Privacy and Data Protection
We’re joined by thought leader Tom Vartanian to discuss his recent article in The Hill: “It’s Time for a New Secure Internet,” and the enormous vulnerabilities and risks that an insecure internet creates for people’s privacy and for our economy.
MAY 26, 2021
31 | Looking Around the Corner: The What, How, When (and If) of National Privacy and Data Protection
Jerry and Jody take a look around the corner at what lies ahead for privacy and data protection in the U.S., exploring what needs to be done to protect data and speculating on why there is not more urgency in addressing this issue. Why, in the face of increasing cyber threats and proliferating state privacy laws, is there no coherent national legislation?
MAY 19, 2021
30 | The Indissoluble Link Between Privacy and Cybersecurity
Jody and Jerry discuss the implications of rampant cyberattacks and ransomware demands for both privacy and national security. We answer questions regarding privacy and national security implications of escalating ransomware and other cyberattacks, exemplified by the recent Colonial Pipeline incident.
MAY 12, 2021
29 | Exploring Data Ownership and the Role of Privacy Enhancing Technologies (with Robert E. Grant)
We’re joined by Robert E. Grant, Founder, Chairman, and CEO of Crown Sterling Limited LLC, to discuss the concept of data ownership, the monetization of personal data, and the role these might play in national privacy debates as alternatives to consent and opt-in/opt-out.
MAY 5, 2021
28 | The Perspective of NCUA Board Member Rodney Hood
We’re joined by National Credit Union Administration Board Member Rodney Hood, who chaired the NCUA Board until early 2021. He made cybersecurity and data protection at credit unions a priority when he became NCUA Chairman in 2019 and has spoken frequently about the challenges that credit unions face in coping with privacy law requirements and cyber threats.
APR 28, 2021
27 | Rep. Suzan DelBene (D-WA) Discusses the Information Transparency and Personal Data Control Act
We’re joined by Representative Suzan DelBene (D-WA) discussing the first major privacy bill introduced in the House in the 117th Congress, the Information Transparency and Personal Data Control Act (HR 1816).
APR 21, 2021
26 | The Proposed EU ePrivacy Regulation and its Implications for U.S. Privacy Legislation
Jerry and Jody examine the proposed EU ePrivacy Regulation, which was approved by the Council of the European Union on February 10, 2021. We discuss the scope of the proposed Regulation, which covers both consumer and corporate electronic communications and would replace the current ePrivacy Directive, commonly known as the “EU Cookie Law.”
APR 14, 2021
25 | Privacy Policy and Financial Inclusion, A National and International Perspective (with Kabir Kumar)
We talk with Kabir Kumar, a Director at Flourish Ventures, an investment fund with a focus on promoting financial inclusion, domestically and internationally, exploring the empowerment that he believes can be achieved by giving individuals greater access to and control over the uses of their personal data.
APR 7, 2021
24 | The Intersection of Technology and Privacy (with Chet Hosmer)
We’re joined by University of Arizona professor Chet Hosmer to explore how technology can undermine or support privacy and data security. We also discuss vulnerabilities in security protocols and what can be done to enhance them.
MAR 31, 2021
23 | The "Private Right of Action" Question (with Mark Rasch)
We have a discussion with Mark Rasch, a recognized authority on cyber and privacy related litigation, regarding the issues surrounding individual enforcement of privacy rights and the concept of a new Private Right of Action in a legislative context. Provision for a Private Right of Action, or the absence thereof, has been identified as a point of contention among those advocating national privacy legislation.
MAR 24, 2021
22 | Taking a Look at State Privacy Efforts: Can They Guide Federal Legislation? (with Michael Aisenberg)
We’re joined by Michael Aisenberg, Chair of the ABA’s Information Security Committee and ABA Observer to the ULC project on Collection and Use of Personally Identifiable Data (CUPID) to discuss whether the CUPID effort or the Privacy Act of 1974 might help shape national privacy legislation and whether we need a national privacy law to resolve cross-border data flows issues with the EU.
MAR 17, 2021
21 | Cross-Border Data Flows: Will the Schrems II Ruling Help Advance National Privacy Legislation? (with Scott Giordano)
We’re joined by Scott Giordano, Senior Counsel – Privacy & Compliance at Spirion, to discuss the CJEU Schrems II decision, which invalidated the U.S. Privacy Shield Program and left companies uncertain about how to continue cross-border data flows.
MAR 10, 2021
20 | The Solarium Commission Report (with Cory Simpson)
Jerry and Jody are joined by Cory Simpson, who served as a Senior Director and lead for the U.S. Cyberspace Solarium Commission, to explore the objectives of the Commission and its principle recommendations.
MAR 3, 2021
19 | National Privacy Legislation Viewed through a Wider Lens (with Carlos Solari)
We’re joined by Carlos Solari, a thought leader in data protection for decades, to take a “look around the corner” at the ways data analytics are evolving and the implications for individuals to control the way data will define them in the age of advanced AI and the Internet of Things.
FEB 24, 2021
18 | A Consumer Advocate's View (with India McKinney)
Jerry and Jody are joined by leading consumer advocate, India McKinney, to explore the increasingly important voice that consumers and their advocates have in shaping the debate about the content of legislation at both the state and federal levels.
FEB 17, 2021
17 | The Nexus Between Privacy and Cybersecurity (with Jody Westby and Jerry Buckley)
Hosts Jody Westby and Jerry Buckley explore the nexus between privacy and cybersecurity and how these issues may play into the national legislative response to privacy and data protection challenges.
FEB 10, 2021
16 | The Potential Role of Financial Regulators in Showing the Path Forward for National Privacy Legislation (with David Cotney)
We’re joined by David Cotney, Senior Advisor at FS Vector, who shares some ideas about how the FFIEC could play a role in shaping national privacy policy by publishing privacy guidance for banks similar to their Cybersecurity Guidance.
FEB 3, 2021
15 | The Evolution of Privacy Principles and Practice in the Public and Private Sectors (with Jamie Danker)
We’re joined by Jamie Danker, VP of Privacy at Easy Dynamics Corporation, to discuss how principles long accepted in the federal agency context might have applicability in the private sector or could be used as guideposts for national legislation.
JAN 27, 2021
14 | The Impact of Schrems II and Threat of Data Localization (with Peter Swire)
We’re joined again by Georgia Tech Professor and Alston & Bird LLP Senior Counsel Peter Swire to discuss the implications of the Schrems II decision by the CJEU and its interpretation and implementation by the European Data Protection Board.
JAN 20, 2021
13 | Strategies for Readiness and Compliance in a Fast Changing Data Protection Landscape (with Jill Reber)
We’re joined by Jill Reber, General Manager – Data Privacy at Logic20/20, who discusses the strategies companies are adopting as they seek to operationalize data protection in a rapidly changing environment.
JAN 13, 2021
12 | Former FCC Commissioner Calls for a Presidential Commission on the Future of the Internet (with Michael Copps)
We’re joined by Michael Copps, former Commissioner and Acting Chairman of the FCC, who now serves as Special Advisor on Media and Democracy Reform at Common Cause. Copps has called on the new Biden administration to establish a Presidential Commission on the Future of the Internet.
JAN 6, 2021
11 | Pondering Preemption of State Privacy Laws (with Peter Swire)
We’re joined by Georgia Tech Scheller College of Business professor Peter Swire, who explains issues and obstacles regarding federal preemption of state privacy laws and discusses a potential approach to a federal privacy law.
DEC 16, 2020
10 | Data Governance: EU Moves While U.S. is Stalled (with Jody Westby and Jerry Buckley)
The EU has launched a series of data regulation initiatives designed to make Europe the “Data Continent” while the U.S. has yet to adopt national data governance rules and lacks an authoritative voice in international data policy discussions.
DEC 9, 2020
9 | Pros and Cons of National Privacy Legislation (with Jurgen Van Staden)
We discuss the complexities and trade-offs involved in the various types of data used by businesses and the pros and cons of national legislation with Jurgen Van Staden, Associate General Counsel for Privacy and Technology at Verizon Media.
DEC 2, 2020
8 | EU Offers Valuable Insights for U.S. National Privacy Debate (with Maarten Stassen)
We talk with Maarten Stassen, a partner in the Brussels office of Crowell & Moring LLP, about how cross-border data protection standards are playing out in practice in the EU.
NOV 18, 2020
7 | EU Data Protection: Any Lessons for U.S.? (with John Bowman)
We explore the rationale that led to adoption of the GDPR, as well as what has worked and what hasn’t, with John Bowman, Senior Principal at Promontory and the U.K. government’s lead GDPR negotiator.
NOV 11, 2020
6 | NIST Privacy Framework Plays Role in National Privacy Discussion (with Naomi Lefkovitz and Dylan Gilbert)
In January 2020, NIST released a voluntary Privacy Framework – we discuss the framework with two NIST advisors who helped lead its development.
NOV 4, 2020
5 | San Francisco Fed Report Looks at National Privacy Policy (with Kaitlin Asrow)
We interview Kaitlin Asrow, author of San Francisco Fed report, “The Role of Individuals in the Data Ecosystem,” a must-hear for anyone seriously interested in understanding the way forward in privacy and data protection policy.
oct 28, 2020
4 | Nicole Booth & Elizabeth Young LaBerge
We will explore the data protection issues the financial services industry is grappling with at the state level and the prospects for national privacy legislation.
oct 21, 2020
3 | Kate Flocken & Tyler Griffin
The legislative landscape on Capitol Hill is fluid and the results of the election will have a big impact on what way Congress decides to go with a national privacy regime.
oct 14, 2020
2 | Daniel Solove
This week, we’re talking with Daniel Solove, law professor at the George Washington University and founder of TeachPrivacy.
oct 14, 2020
1 | Jim Dempsey
Jim Dempsey is the Executive Director, Berkeley Center for Law and Technology and formerly held leadership roles at the Center for Democracy and Technology.
