Future of Data Security

Drawing from his diverse background in both private and public sectors, Chris Pahl, CPO of the County Executive Office of the County of Santa Clara, tells Jean how organizations can transform privacy from a compliance burden into a strategic asset on this episode of The Future of Data Security Show. 
 
Chris’s "U R IT" framework emphasizes the crucial role of employees in data protection, and his practical approach to managing AI risks and surveillance technologies offers a blueprint for modern privacy leadership. He demonstrates how to build privacy programs from the ground up, foster cross-departmental collaboration, and navigate the evolving landscape of data governance in an AI-driven world, all while maintaining a human-centric approach that puts trust and transparency first. 
 
Topics discussed:
Building trust in public sector privacy while balancing transparency with data protection requirements
Transforming privacy from a cost center into a strategic partner that enhances organizational mission
Managing the emerging risks of generative AI while enabling innovation and efficiency for employees
Implementing effective employee surveillance through transparency and clear communication
Evolution of the Chief Privacy Officer role toward holistic data governance and technical expertise
Strategies for measuring privacy program success through integration and cultural adoption
Importance of proactive relationship building and avoiding the "department of no" mentality
Developing privacy programs incrementally while building cross-functional partnerships

In this episode of The Future of Data Security Show, Jean speaks with Orrie Dinstein, Global Chief Privacy Officer at Marsh McLennan. Orrie shares his extensive experience in data privacy, highlighting the shift from compliance-focused programs to a more integrated approach that encompasses information governance. 
 
Orrie also sheds light on the misconception of data ownership among executives, the complexities of navigating global privacy laws, and the critical need for collaboration between privacy and security teams. He also offers his strategies for how organizations can effectively manage data protection while fostering innovation. 
 
Topics discussed:
 
The shift in data privacy from a compliance-focused approach to a more integrated information governance strategy that encompasses various data types and uses.  
The misconception among executives that they own the data, when in reality, they are custodians responsible for managing it ethically and legally.  
Navigating diverse global privacy laws, which often have different definitions and requirements, making compliance a challenging endeavor for organizations.  
The importance of understanding high-level principles of data protection rather than getting lost in the specific legal nuances of various jurisdictions.  
The critical need for collaboration between Chief Privacy Officers and Chief Information Security Officers to effectively manage data risks and security measures.  
The role of privacy by design in ensuring compliance while allowing organizations to innovate and leverage data effectively for business growth.  
The challenges posed by artificial intelligence and data minimization principles, which can conflict with the need for larger datasets to improve AI models.  
The evolving responsibilities of privacy professionals, who must now focus on data governance and monetization in addition to traditional privacy concerns.  
Fostering a culture of transparency and awareness within organizations to encourage reporting of data breaches and privacy concerns.  
The necessity of continuous dialogue between privacy and technology teams to bridge communication gaps and enhance understanding of each other's objectives and challenges.

In this episode of The Future of Data Security Show, Jean speaks with Hugo Teufel, VP; Deputy General Counsel for Cyber, Privacy, Records; & Chief Privacy Officer at Lumen Technologies. Hugo shares his expertise on the evolving landscape of data privacy and security, such as the significant impact of AI on data security, emphasizing the need for organizations to understand various AI use cases and implement robust governance frameworks. 
 
Hugo also highlights the importance of employee training in mitigating risks, noting that human error remains a critical vulnerability. Additionally, he explores the complexities of navigating global data privacy regulations and the necessity of aligning privacy strategies with organizational risk appetites. Tune in for valuable insights! 
 
Topics discussed:
The evolution of data privacy and security in the context of an increasingly digital and interconnected global marketplace.  
The significance of understanding AI use cases within organizations to effectively manage data security risks and compliance.  
The role of employee training in preventing data breaches and enhancing overall cybersecurity awareness among staff members.  
The challenges of navigating international data privacy regulations and the importance of a principles-based framework for compliance.  
The impact of cultural differences on data privacy perceptions and practices across various regions and jurisdictions.  
The necessity of aligning privacy strategies with the risk appetite of leadership to maintain credibility and effectiveness.  
The importance of incorporating privacy by design in product development to address privacy implications early in the process.  
The potential risks associated with shadow AI and the need for organizations to maintain visibility over AI usage.  
The implications of the NIST AI Risk Management Framework for organizations looking to adopt AI technologies responsibly.  
The future of data security in an AI-driven era and the ongoing challenges posed by cybercriminals and threat actors. 
 

In this episode of The Future of Data Security Show, Jean speaks with Sylvia Klasovec Kingsmill, Senior Fellow, Future of Privacy Forum and Founder of Trusteva. They explore the critical distinctions between data privacy and data security, emphasizing their complementary roles in protecting individual rights and safeguarding data. 
Sylvia also addresses the complexities AI introduces to privacy regulations, particularly around consent and data scraping. Additionally, she highlights the importance of adopting a "privacy by design" philosophy, urging organizations to proactively integrate privacy measures into their systems. 
 
Topics discussed:
The distinction between data privacy and data security, highlighting how they are complementary yet fundamentally different disciplines in protecting individual rights and data integrity.
The importance of consent in data privacy, particularly in the context of AI and machine learning, and the challenges posed by data scraping practices.
The evolving regulatory landscape for data privacy, including the complexities faced by organizations trying to comply with various laws across different jurisdictions.
The role of privacy by design as a proactive approach to integrating privacy measures into systems and processes from the outset.
The significance of a risk-based approach to compliance, allowing organizations to prioritize their privacy efforts based on the most significant risks.
The need for harmonization among global privacy regulations, especially as organizations expand their operations across different jurisdictions with varying laws.
The impact of AI on traditional privacy principles, and the necessity for regulators to adopt flexible interpretations to support innovation while ensuring compliance.
The importance of multidisciplinary collaboration among privacy professionals, cybersecurity experts, and legal teams to effectively address complex data challenges.
The growing demand for privacy-enhancing technologies and how organizations can leverage them to ensure ethical and responsible data use.
The future of data privacy as a dynamic field, emphasizing the need for professionals to continuously upskill and adapt to emerging technologies and regulations. 

In this episode of The Future of Data Security Show, Jean speaks with Martin Dinel, Assistant Deputy Minister & CISO, Cybersecurity Division of the Government of Alberta. Martin uses his extensive experience in cybersecurity and the evolving landscape of data protection to explore the significant impact of AI on enhancing data security measures, emphasizing a risk-based approach to adopting new technologies. 
 
Martin also delves into the challenges and strategies of cloud adoption in the public sector, highlighting how centralized data management can improve security. Additionally, he addresses the importance of collaboration among government entities to strengthen cybersecurity efforts across Alberta. 
Topics discussed:
 
The evolution of the data security landscape in the public sector and how it has changed since the early days of cloud adoption.  
The role of AI in enhancing cybersecurity measures, including user behavior analysis and incident management for quicker response times.  
The importance of a risk-based approach to cybersecurity, balancing security needs with business objectives and organizational goals.  
Strategies for cloud adoption in the public sector, focusing on centralized data management and leveraging vendor expertise to improve security.  
The challenges of increasing attack surfaces when moving data to the cloud and how to mitigate associated risks effectively.  
The significance of collaboration among government entities to strengthen cybersecurity efforts and share valuable insights and lessons learned.  
The potential risks associated with generative AI tools and the importance of implementing guidelines for safe usage within organizations.  
The impact of legacy systems on current cybersecurity strategies and the need to address vulnerabilities in older applications.  
The necessity for cybersecurity professionals to maintain close communication with senior management to ensure informed decision-making regarding security measures.  
The ongoing talent challenges in the public sector and how engaging projects can attract and retain skilled cybersecurity professionals.   

In this episode of The Future of Data Security Show, Jean speaks with Ward Balcerzak, AVP and Director of Data Security & Insider Risk at Fidelity National Financial, who shares his expertise on the evolving challenges of data security in today’s cloud-first landscape. Ward discusses the critical importance of establishing a comprehensive data inventory and discovery process to effectively manage sensitive information. 
 
Ward also offers his insights into the implications of generative AI on data protection, highlighting the need for robust governance strategies to mitigate risks. With a focus on collaboration across departments, this episode offers valuable insights for organizations looking to enhance their data security practices in an increasingly complex environment.
 
Topics discussed:
 
The shift from traditional data security to cloud-first strategies and the challenges that come with managing sensitive data in a decentralized environment.  
The unique data protection challenges faced by organizations in the financial services and real estate sectors, particularly regarding title services and sensitive information.  
The complexities of managing structured versus unstructured data and the importance of understanding data types for effective protection and compliance.  
The role of generative AI in transforming data security practices and the need for organizations to adapt their strategies accordingly.  
The significance of building a comprehensive data inventory and discovery process to identify and protect sensitive information across various platforms.  
The importance of collaboration between departments, such as IT, HR, and legal, to gain a holistic view of data security needs.  
Strategies for implementing effective governance processes around AI usage to ensure sensitive data is not inadvertently exposed or mishandled.  
The challenges of data loss prevention technologies and how they can be used to mitigate risks associated with new AI tools.  
The necessity of having well-defined policies and enforcement mechanisms to support data security efforts and prevent user pushback.  

In this episode of The Future of Data Security podcast, Jean speaks with Terry Ray, SVP of Data Security GTM & Field CTO at Imperva, who shares his extensive experience in the field of data security. He discusses the evolving landscape of cybersecurity, particularly the challenges posed by generative AI and its implications for data protection. 
 
Terry emphasizes the importance of understanding data usage and implementing robust monitoring practices to mitigate risks. He also highlights the need for clear communication within organizations to enhance security efforts. He also shares his invaluable insights on how to navigate the complexities of data security in today’s digital environment and ensure your organization stays protected. 
Topics discussed:
How the data security landscape has transformed over the past two decades, particularly with the rise of cloud technologies.
The implications of generative AI on data security and the need for organizations to understand its risks and benefits.
The various ways individuals can access sensitive data and the importance of monitoring and controlling these access points effectively.
The necessity for organizations to allocate appropriate budgets for data security measures, especially during audits and regulatory assessments.
Common gaps in data access reporting, and how organizations can improve their reporting mechanisms to ensure compliance and security.
The challenges of protecting unstructured data, which remains a significant risk area for many organizations today.
The need for cybersecurity professionals to effectively communicate risks and metrics to executives and boards to secure necessary funding.
Best practices for data protection, including understanding data types and implementing comprehensive security measures across all data assets.
The importance of communication skills for technical professionals, highlighting how effective storytelling can enhance understanding and collaboration.

In this episode of The Future of Data Security podcast, Michael Sheron, Director of Privacy and GRC at the University of Kentucky, shares his journey into data privacy and the challenges faced in managing sensitive information within a large academic institution. 
 
He emphasizes the importance of establishing solid privacy policies and fostering a culture of cybersecurity awareness among staff. Michael also discusses the unique data management challenges posed by high student turnover and the need for collaboration across departments to ensure effective data stewardship. 
Topics discussed:
 
The challenges of managing data due to the influx of over 6,000 new students each year and its implications for data security.
The process of developing policies and practices to handle sensitive data effectively within a large university setting.
The importance of working with various university departments to ensure everyone understands their role in data protection.
The necessity of training staff and students to recognize and respond to potential data security threats.
The complexities of managing unstructured data and the insider knowledge required to secure it effectively within the university.
How to measure success in data security and privacy initiatives, including the importance of community engagement and inquiries.
The need to stay updated on new regulations and laws affecting data privacy and how they impact university operations.
The importance of ongoing education in the field of data privacy and the value of asking questions.

In the very first episode of The Future of Data Security podcast, our host, Co-Founder and CEO of Qohash, Jean Le Bouthillier, speaks with Pilar Garcia, Director of Privacy and Security at Help Scout. Pilar shares her journey into data privacy and security, emphasizing the significance of a people-centric approach to building robust security teams. 
She discusses the delicate balance between innovation and risk, highlighting the importance of effective communication within organizations. Pilar also touches on the evolving challenges posed by AI in the security landscape, particularly with phishing. 
Topics discussed:
Transitioning from a background in physics to a career in data privacy and security.
The importance of empowering teams with the knowledge and tools needed to foster a proactive data privacy and security culture.
How effective communication within a company is crucial for balancing innovation with the risks associated with data security.
The future challenges posed by AI, particularly in the context of phishing and other security threats.
How to build a strong data privacy and security team that can adapt to ever-changing tech landscapes.
How proper security training is essential, moving beyond just checking a box to truly educating employees on best practices.
The need to communicate technical risks in a way that business teams can easily understand.
The pitfalls of implementing security measures that look good on paper but are not effective in practice.
The value of mentorship and shares personal experiences with mentors who have guided her in the field.