Podcast

U.S. National Privacy Legislation Podcast

U.S. National Privacy and Cybersecurity Podcast

Will the United States, the largest economy in the world, enact national privacy and data protection legislation? Or will privacy regulation be left to the 50 states and other countries. The borderless nature of the Internet seems to call for a uniform legislation, but enactment is uncertain. This series of podcasts will explore:

What would national legislation look like? On what principles would it be based?

What are the arguments for and against a preemptive national standard?

What Federal agency or agencies should be charged with implementing a national privacy law?

What role would be left to the states if a national policy were to be adopted?

How is Congressional debate likely to unfold?

What role will the Executive Branch play in this debate?

Will the United States, where the digital economy was born, cede leadership on data protection regulation to other countries?

How would a US national privacy law relate to the EU General Data Protection Regulation (GDPR)?

What domestic and international competitive issues are in play?

Jerry Buckley, a founding partner of the national financial services law firm, Buckley LLP, and Jody Westby, a prominent consultant on data security, will interview a wide range of privacy policy players: legal experts, consumer privacy advocates, business representatives, academics and state and federal officials.

Data is the lifeblood of our economy and the economic competitiveness issues, domestically and internationally, loom large in this debate, The objective of these podcasts is to hear all points of view on what promises to be one of the most momentous public policy debates of the next decade.

HOSTS

Jerry Buckley, founder of Buckley LLP, a national financial services law firm, has taken a lead role in promoting national data protection standards. Described by Chambers as “a recognized dean of the consumer financial services bar,” Jerry serves as adviser to the Financial Services Trade Associations Data Protection Working Group, an informal alliance of national financial trade associations responding to fast changing legislative and regulatory developments related to privacy and data security.

Jody Westby is the CEO of Global Cyber Risk and also serves as Adjunct Professor at Georgia Institute of Technology’s School of Computer Science. Ms. Westby chairs the American Bar Association’s Privacy & Computer Crime Committee, is co-chair of the ABA’s Cybercrime Committee, and is an appointed member to the ABA President’s Cybersecurity Task Force. She is a professional blogger for Forbes and authors a regular column on cybersecurity issues for Leader’s Edge magazine. Ms. Westby is the author of several books and articles on cybersecurity, cyber conflict, and enterprise security programs.

EPISODES

OctoBER 20, 2021

52 | Privacy, Cybersecurity, and Corporate Boards (with CE Andrews)

We are joined by CE Andrews to get a board member’s perspective on the strategies companies need to adopt to deal with the rapidly changing cyber threat environment as well as evolving compliance and enforcement expectations and a spate of new laws and regulations. CE Andrews serves on multiple boards including a Fortune 100 company, a community bank, a construction company, an education company, and a charity board as well.

OctoBER 13, 2021

51 | Pondering Privacy with FTC Commissioner (with Christine Wilson)

This week, we are joined by FTC Commissioner Christine Wilson to discuss FTC privacy enforcement, the need for national privacy legislation, and state preemption and private right of action. Commissioner Wilson shares her passion for personal privacy and the depth and breadth of her background enable her to provide views that have been well considered. Commissioner Wilson previously served at the FTC as Chairman Tim Muris’ Chief of Staff during the George W. Bush Administration. She has practiced competition and consumer protection law both at law firms and as in-house counsel. When nominated, Wilson was serving as Senior Vice President — Legal, Regulatory & International for Delta Air Lines.

OctoBER 6, 2021

50 | Cybersecurity: The Threat Environment & What to Do (with Tom Kellermann)

Jerry and Jody are joined by Tom Kellermann, Head of Cybersecurity Strategy for VMware, Inc., to discuss the current threat environment, how attacks are being conducted, and actions companies, the Government, and Congress should consider taking to turn the tide. Tom is one of the most respected professionals in the cybersecurity arena and currently serves on the Cyber Investigations Advisory Board for the U.S. Secret Service and is a Wilson Center Global Fellow for Cyber Policy.

SEPTEMBER 29, 2021

49 | Hearing the Views of the CISO Community (with Bill Sieglein)

We’re joined by Bill Sieglein, Founder of the CISO Executive Network, to discuss the perspective of CISOs on the threat environment, what policy or legislative actions might help advance cybersecurity, and reporting structures for CISOs. The CISO Executive Network comprises more than 2,000 CISOs in 23 chapters across the United States. Listen to this week’s episode for an insider view into cybersecurity from the CISO’s viewpoint.

SEPTEMBER 22, 2021

48 | Cybersecurity Aspects of Election Security (with Harri Hursti)

This week, we’re joined by Harri Hursti to discuss cybersecurity aspects of election security, the role of the private sector, and what can be done at the federal level to address these issues. Harri is one of the world’s foremost experts on election security, is the founder of DefCon’s Voting Village, and is an accomplished technologist and security expert. Harri’s work was featured in the recent HBO movie, Kill Chain: The Cyber War on America’s Election, which is nominated for an Emmy for Outstanding Investigative Documentary.

SEPTEMBER 15, 2021

47 | New Wave of SEC Enforcement on Cybersecurity (with John Reed Stark)

We’re joined by John Reed Stark, founder of John Reed Stark Consulting and former Chief of the SEC Office of Internet Enforcement, to discuss recent SEC regulatory actions regarding cybersecurity management. After a three-year hiatus, the SEC recently filed actions against Pearson PLC and First American Financial Corporation. It also charged eight SEC-registered advisory firms. As President of John Reed Stark Consulting LLC, Mr. Stark’s work emphasizes quarterbacking teams of technical, compliance and legal experts in data breach, cyber-incident response, digital forensics, security science, cyber risk resilience and investigations for a broad range of public and private companies. He currently teaches a cyber law course at Duke University Law School and previously served as a managing director at Stroz Friedberg.

SEPTEMBER 9, 2021

46 | Data Protection and Remote Online Notarization (with Gary Weingarden)

Jerry and Jody discuss the challenges involved in providing security for personal identification data collected and stored for transaction verification purposes. Our guest, Gary Weingarden, Counsel and Data Protection Officer at Notarize, joins us to talk about issues involved in protecting the privacy rights of signers in the notarization process as required by state laws as well as the complexity that will arise from a series of different state privacy enactments.

SEPTEMBER 1, 2021

45 | Exploring Cyberattack Policy and Legal Issues (with Gary Corn)

This week, we’re joined by Gary Corn, Program Director at American University Washington College of Laws Tech, Law & Security program, to discuss U.S. and international legal and policy issues associated with cyberattacks, especially those involving nation states or which may require U.S. government assistance.

AUGUST 26, 2021

44 | Exploring Compliance with Evolving Privacy Requirements (with Sherry-Maria Safchuk)

We’re joined by Buckley LLP Counsel Sherry-Maria Safchuk to discuss the complexities companies face to maintain compliance with multiple and ever-changing state and federal privacy requirements, including data breach notifications and preparations that companies are making for compliance with the California Privacy Rights Act as well as Virginia and Colorado laws just enacted. Buckley LLP developed Winnow, proprietary software designed to ease business compliance.

AUGUST 18, 2021

43 | New Imperatives for Cyber Governance

Jerry and Jody discuss Jody’s recently released book, D&O Guide to Cyber Governance: Fiduciary Duties in the Digital Age, and the drivers that are making cyber governance a top agenda item for boards and C-suites: changes in Delaware case law, information security standards and best practices, new laws and regulations requiring specific governance actions, and cyber-event litigation following major cyberattacks.

AUGUST 11, 2021

42 | Perspectives from Corporate Privacy Counsel (with Courtney Barton)

We’re joined by Courtney Barton to discuss national privacy legislation from the corporate perspective and explores cross-border data flows, possible state and federal sharing of privacy regulatory responsibilities, which privacy provisions are most expensive for companies, and whether a new Privacy Shield program might give Congress a reason to punt on a national privacy law.

AUGUST 4, 2021

41 | Pegasus and Privacy

This week, Jody and Jerry discuss recent revelations regarding the use of Pegasus spyware and the implications for privacy. The privacy implications of the Pegasus Project reports have raised serious concerns in the media and governments around the globe, including the EU and U.S. Congress. What role these reports might play in raising awareness of privacy issues in Congress or causing it to focus on the need to develop a national data privacy and security law remains to be seen, but they clearly highlight the privacy dangers in the digital age and the need for government oversight.

JULY 29, 2021

40 | The Fintech Perspective on National Privacy Legislation (with Nat Hoopes)

We’re joined by Upstart’s Nat Hoopes to explore the perspective of a leading fintech industry advocate on the prospects for national privacy legislation and related regulatory developments. Jerry and Jody talk with Nat about the impact of a patchwork of state privacy laws, reasons why national privacy legislation is so slow in coming in the U.S. vs. quicker adoption in the EU, how to protect consumers from unfair outcomes in the use of AI, and the implications of data portability provided for in the Dodd-Frank bill.

JULY 21, 2021

39 | A Valued Perspective on Privacy Legislation (with Marc Rotenberg)

We’re joined by Marc Rotenberg, president and founder of the Center for AI and Digital Policy, to discuss important influences and issues regarding national privacy legislation. We’ll discuss cross-border data flows and government surveillance, FTC enforcement, the likelihood of another Privacy Shield, actions in the EU that could influence Congress, and consumer protection.

JULY 14, 2021

38 | The Role Tech Solutions Can Play in Shaping National Privacy Legislation (with Riddhiman Das)

We interview Riddhiman Das, CEO and co-founder of Triple Blind, about the role that tech solutions might play in protecting privacy, while simultaneously facilitating the use and sharing of data for business and research purposes, and how advanced encryption technologies can enable the policy objectives that legislators and regulators are driving toward.

JULY 7, 2021

37 | The Financial Consumer's Perspective (with Dan Murphy)

We’re joined by Dan Murphy, Policy Manager of the Financial Health Network, to discuss the recently released “Financial Data: The Consumer Perspective.” The report is based on an extensive survey and finds 80-90% bipartisan support among consumers for data minimization and an opt-in requirement before a financial institution shares consumer data.

JUNE 30, 2021

36 | A Forensic Investigator’s View of Privacy (with Sherri Davidoff)

We’re joined by Sherri Davidoff, Founder and CEO of LMG Security, to discuss privacy considerations from the perspective of a highly experienced forensic investigator. They explore the use of personal data found on the dark web and privacy issues that arise during forensic investigations, including the new technique of Triple Extortion, and talk about what Congress can or should do about it.

JUNE 23, 2021

35 | A New Approach to Data Protection: Quantum Secure Data (with Rick Bueno)

We’re joined by Rick Bueno, the founder and CEO of Cyber Reliant Corporation, to discuss the implications of new data protection technology that builds security into the data itself using data encryption and data shredding. The quantum secure data platform developed by Cyber Reliant offers a way to frustrate cyber criminals, who may break through perimeter defenses but will be unable to access data in the files they obtain, maintaining its privacy.

JUNE 16, 2021

34 | The Business Perspective on National Privacy Legislation (with Shoshana Rosenberg)

This week, we’re joined by Shoshana Rosenberg, CEO of SafePorter and former global CPO, to give us some “boots on the ground” experiences and insights into what national privacy legislation in the U.S. should look like. Shoshana draws on her global expertise to discuss the role of privacy principles, data minimization, verification of consumer requests, data transfer adequacy, and more.

JUNE 9, 2021

33 | The Journey of Privacy in the U.S. (with Bruce Schneier)

We’re joined by Bruce Schneier, a self-described “public-interest technologist,” to discuss the journey of privacy in the U.S. and how government actions impact it, exploring the concept that data is toxic and companies are “punch drunk” on data, storing too much, and bringing risk to their organizations.

JUNE 2, 2021

32 | Looking Around the Corner: The What, How, When (and If) of National Privacy and Data Protection

We’re joined by thought leader Tom Vartanian to discuss his recent article in The Hill: “It’s Time for a New Secure Internet,” and the enormous vulnerabilities and risks that an insecure internet creates for people’s privacy and for our economy.

MAY 26, 2021

31 | Looking Around the Corner: The What, How, When (and If) of National Privacy and Data Protection

Jerry and Jody take a look around the corner at what lies ahead for privacy and data protection in the U.S., exploring what needs to be done to protect data and speculating on why there is not more urgency in addressing this issue. Why, in the face of increasing cyber threats and proliferating state privacy laws, is there no coherent national legislation?

MAY 19, 2021

30 | The Indissoluble Link Between Privacy and Cybersecurity

Jody and Jerry discuss the implications of rampant cyberattacks and ransomware demands for both privacy and national security. We answer questions regarding privacy and national security implications of escalating ransomware and other cyberattacks, exemplified by the recent Colonial Pipeline incident.

MAY 12, 2021

29 | Exploring Data Ownership and the Role of Privacy Enhancing Technologies (with Robert E. Grant)

We’re joined by Robert E. Grant, Founder, Chairman, and CEO of Crown Sterling Limited LLC, to discuss the concept of data ownership, the monetization of personal data, and the role these might play in national privacy debates as alternatives to consent and opt-in/opt-out.

MAY 5, 2021

28 | The Perspective of NCUA Board Member Rodney Hood

We’re joined by National Credit Union Administration Board Member Rodney Hood, who chaired the NCUA Board until early 2021. He made cybersecurity and data protection at credit unions a priority when he became NCUA Chairman in 2019 and has spoken frequently about the challenges that credit unions face in coping with privacy law requirements and cyber threats.

APR 28, 2021

27 | Rep. Suzan DelBene (D-WA) Discusses the Information Transparency and Personal Data Control Act

We’re joined by Representative Suzan DelBene (D-WA) discussing the first major privacy bill introduced in the House in the 117th Congress, the Information Transparency and Personal Data Control Act (HR 1816).

APR 21, 2021

26 | The Proposed EU ePrivacy Regulation and its Implications for U.S. Privacy Legislation

Jerry and Jody examine the proposed EU ePrivacy Regulation, which was approved by the Council of the European Union on February 10, 2021. We discuss the scope of the proposed Regulation, which covers both consumer and corporate electronic communications and would replace the current ePrivacy Directive, commonly known as the “EU Cookie Law.”

APR 14, 2021

25 | Privacy Policy and Financial Inclusion, A National and International Perspective (with Kabir Kumar‪)‬

We talk with Kabir Kumar, a Director at Flourish Ventures, an investment fund with a focus on promoting financial inclusion, domestically and internationally, exploring the empowerment that he believes can be achieved by giving individuals greater access to and control over the uses of their personal data.

APR 7, 2021

24 | The Intersection of Technology and Privacy (with Chet Hosmer)

We’re joined by University of Arizona professor Chet Hosmer to explore how technology can undermine or support privacy and data security. We also discuss vulnerabilities in security protocols and what can be done to enhance them.

MAR 31, 2021

23 | The "Private Right of Action" Question (with Mark Rasch)

We have a discussion with Mark Rasch, a recognized authority on cyber and privacy related litigation, regarding the issues surrounding individual enforcement of privacy rights and the concept of a new Private Right of Action in a legislative context. Provision for a Private Right of Action, or the absence thereof, has been identified as a point of contention among those advocating national privacy legislation.

MAR 24, 2021

22 | Taking a Look at State Privacy Efforts: Can They Guide Federal Legislation? (with Michael Aisenberg‪)‬

We’re joined by Michael Aisenberg, Chair of the ABA’s Information Security Committee and ABA Observer to the ULC project on Collection and Use of Personally Identifiable Data (CUPID) to discuss whether the CUPID effort or the Privacy Act of 1974 might help shape national privacy legislation and whether we need a national privacy law to resolve cross-border data flows issues with the EU.

MAR 17, 2021

21 | Cross-Border Data Flows: Will the Schrems II Ruling Help Advance National Privacy Legislation? (with Scott Giordano)

We’re joined by Scott Giordano, Senior Counsel – Privacy & Compliance at Spirion, to discuss the CJEU Schrems II decision, which invalidated the U.S. Privacy Shield Program and left companies uncertain about how to continue cross-border data flows.

MAR 10, 2021

20 | The Solarium Commission Report (with Cory Simpson)

Jerry and Jody are joined by Cory Simpson, who served as a Senior Director and lead for the U.S. Cyberspace Solarium Commission, to explore the objectives of the Commission and its principle recommendations.

MAR 3, 2021

19 | National Privacy Legislation Viewed through a Wider Lens (with Carlos Solari‪)‬

We’re joined by Carlos Solari, a thought leader in data protection for decades, to take a “look around the corner” at the ways data analytics are evolving and the implications for individuals to control the way data will define them in the age of advanced AI and the Internet of Things.

FEB 24, 2021

18 | A Consumer Advocate's View (with India McKinney‪)‬

Jerry and Jody are joined by leading consumer advocate, India McKinney, to explore the increasingly important voice that consumers and their advocates have in shaping the debate about the content of legislation at both the state and federal levels.

FEB 17, 2021

17 | The Nexus Between Privacy and Cybersecurity (with Jody Westby and Jerry Buckley)

Hosts Jody Westby and Jerry Buckley explore the nexus between privacy and cybersecurity and how these issues may play into the national legislative response to privacy and data protection challenges.

FEB 10, 2021

16 | The Potential Role of Financial Regulators in Showing the Path Forward for National Privacy Legislation (with David Cotney‪)

We’re joined by David Cotney, Senior Advisor at FS Vector, who shares some ideas about how the FFIEC could play a role in shaping national privacy policy by publishing privacy guidance for banks similar to their Cybersecurity Guidance.

FEB 3, 2021

15 | The Evolution of Privacy Principles and Practice in the Public and Private Sectors (with Jamie Danker)

We’re joined by Jamie Danker, VP of Privacy at Easy Dynamics Corporation, to discuss how principles long accepted in the federal agency context might have applicability in the private sector or could be used as guideposts for national legislation.

JAN 27, 2021

14 | The Impact of Schrems II and Threat of Data Localization (with Peter Swire)

We’re joined again by Georgia Tech Professor and Alston & Bird LLP Senior Counsel Peter Swire to discuss the implications of the Schrems II decision by the CJEU and its interpretation and implementation by the European Data Protection Board.

JAN 20, 2021

13 | Strategies for Readiness and Compliance in a Fast Changing Data Protection Landscape (with Jill Reber)

We’re joined by Jill Reber, General Manager – Data Privacy at Logic20/20, who discusses the strategies companies are adopting as they seek to operationalize data protection in a rapidly changing environment.

JAN 13, 2021

12 | Former FCC Commissioner Calls for a Presidential Commission on the Future of the Internet (with Michael Copps)

We’re joined by Michael Copps, former Commissioner and Acting Chairman of the FCC, who now serves as Special Advisor on Media and Democracy Reform at Common Cause. Copps has called on the new Biden administration to establish a Presidential Commission on the Future of the Internet.

JAN 6, 2021

11 | Pondering Preemption of State Privacy Laws (with Peter Swire)

We’re joined by Georgia Tech Scheller College of Business professor Peter Swire, who explains issues and obstacles regarding federal preemption of state privacy laws and discusses a potential approach to a federal privacy law.

DEC 16, 2020

10 | Data Governance: EU Moves While U.S. is Stalled (with Jody Westby and Jerry Buckley)

The EU has launched a series of data regulation initiatives designed to make Europe the “Data Continent” while the U.S. has yet to adopt national data governance rules and lacks an authoritative voice in international data policy discussions.

DEC 9, 2020

9 | Pros and Cons of National Privacy Legislation (with Jurgen Van Staden)

We discuss the complexities and trade-offs involved in the various types of data used by businesses and the pros and cons of national legislation with Jurgen Van Staden, Associate General Counsel for Privacy and Technology at Verizon Media.

DEC 2, 2020

8 | EU Offers Valuable Insights for U.S. National Privacy Debate (with Maarten Stassen)

We talk with Maarten Stassen, a partner in the Brussels office of Crowell & Moring LLP, about how cross-border data protection standards are playing out in practice in the EU.

NOV 18, 2020

7 | EU Data Protection: Any Lessons for U.S.? (with John Bowman)

We explore the rationale that led to adoption of the GDPR, as well as what has worked and what hasn’t, with John Bowman, Senior Principal at Promontory and the U.K. government’s lead GDPR negotiator.

NOV 11, 2020

6 | NIST Privacy Framework Plays Role in National Privacy Discussion (with Naomi Lefkovitz and Dylan Gilbert)

In January 2020, NIST released a voluntary Privacy Framework – we discuss the framework with two NIST advisors who helped lead its development.

NOV 4, 2020

5 | San Francisco Fed Report Looks at National Privacy Policy (with Kaitlin Asrow)

We interview Kaitlin Asrow, author of San Francisco Fed report, “The Role of Individuals in the Data Ecosystem,” a must-hear for anyone seriously interested in understanding the way forward in privacy and data protection policy.

oct 28, 2020

4 | Nicole Booth & Elizabeth Young LaBerge

We will explore the data protection issues the financial services industry is grappling with at the state level and the prospects for national privacy legislation.

oct 21, 2020

3 | Kate Flocken & Tyler Griffin

The legislative landscape on Capitol Hill is fluid and the results of the election will have a big impact on what way Congress decides to go with a national privacy regime.

oct 14, 2020

2 | Daniel Solove

This week, we’re talking with Daniel Solove, law professor at the George Washington University and founder of TeachPrivacy.