She Said Privacy/He Said Security

Myles McNamara is Tarkenton's lead technical architect and full-stack developer, specializing in building secure, scalable software solutions. He oversees infrastructure, code, and system design, serving as the team's in-house expert. Previously, he worked with Fortune 500 government contractors and ran his own software and hosting companies. In this episode… Integrating responsible AI tools and systems into business operations depends less on the model itself and more on the privacy and security controls a company embeds around it. "We need AI" is often where the conversation starts, but turning that need into a safe and controlled environment requires a clear understanding of where data lives, who can access it, and what the AI system is allowed to do. Those considerations shape whether AI can support the business without creating unnecessary risks. How can organizations design and implement AI in a way that is secure and grounded in real business needs? Before companies implement a new AI system, they need to set guardrails around how it will operate in practice. Governance needs to be built into the system from the beginning, not left in a policy or bolted on later. Establishing clear data boundaries, access controls, and system-level permissions defines what the AI tool can access and which actions it can perform. Logging and audit trails give companies visibility into how the system is functioning, so if something goes wrong, they can understand what happened and why. AI will continue to evolve, and companies also need to ensure that their privacy and security controls keep pace through regular monitoring and continued improvements. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Myles McNamara, Principal Software Engineer at Tarkenton, about designing and implementing AI tools and systems responsibly. Myles shares what it takes to build AI agents and systems in a secure, controlled way, including how companies should think about whether AI is needed and how much autonomy it should have. He emphasizes the importance of integrating governance into system design and offers advice for safeguarding data. Myles also shares how engineering teams can balance business expectations with privacy and security concerns and discusses why AI governance might get overlooked in practice.

Max Anderson is a seasoned product executive with a proven track record of bringing successful technology products to market in the consumer privacy, data management, and marketing space. Prior to Ketch, Max was the Director of Product Management at Krux. After joining Salesforce as part of the Krux acquisition, Max ran data privacy and consumer identity products at Salesforce, including the rollout of their industry-leading GDPR solution set. Prior to Krux, Max was a Product Manager at IPG Mediabrands, where he was responsible for multiple successful advertising measurement products. In this episode… Getting consent and opt-out compliance right requires more than adding a cookie banner or standalone webform. It requires consent tools, consumer identifiers, and downstream third-party systems to work in concert. Regulators are looking closely at whether a consumer's choice follows them across devices, browsers, and the systems where their data is collected and used. When those pieces do not connect, an opt-out can be incomplete, putting companies at risk of regulatory enforcement. So, what does it take to build a complete and compliant consumer opt-out experience? Identity management is central to effective consent and opt-out compliance because consumer choices need to be honored at the person level, across devices and browsers. Privacy rights forms and consent tools also need to connect, so an opt-out request reaches the CMP controlling tag firing on the site. When data has moved to third-party advertising and marketing vendors, companies need to understand whether they can flow that opt-out downstream. Yet many third-party platforms do not provide privacy APIs or consent-related controls, and building integrations with them can be challenging. Companies should test the process by submitting an opt-out through the webform, returning to the website, and checking whether browser data collection events still happen that could facilitate cross-context behavioral advertising. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Max Anderson, Co-founder and Head of Product at Ketch, about navigating consent and opt-out compliance gaps. Max explains why identity management matters when honoring consumer choices across devices and browsers, and how disconnected privacy rights forms and consent tools can leave opt-outs incomplete. He also describes the challenges companies face when flowing opt-outs down to third-party advertising and marketing vendors and shares practical steps companies can take to assess vendor controls, cross-device exposure, and the areas that may create enforcement risk.

Monique Priestley is a Vermont State Representative focused on data privacy, AI, right to repair, and the future of work. Monique serves on the House Commerce & Economic Development Committee, Joint IT Oversight Committee, and multiple national tech policy task forces. She was named a 2024 EPIC Champion of Freedom. In this episode… State privacy laws are evolving faster than ever, yet the dynamics shaping them often remain out of view for most organizations. Technology shifts quickly, and the issues raised in proposed privacy and AI bills require far more research and preparation than the calendar allows. That's why lawmakers work year-round to understand these complex technologies and collaborate with their peers in other states to refine definitions and bill provisions, ensuring that appropriate privacy protections are in place. Many states entered 2025 with strong privacy bills on the table, yet progress slowed as industry counterproposals and competing drafts drew support away from stronger models, making it harder for legislators to keep consumer privacy protections intact. Vermont State Representative Monique Priestley has seen this firsthand and brings a unique lens to this dynamic, drawing on her discussions with the public and her collaborative work with lawmakers across the country. As public concerns about privacy and AI grow and privacy laws evolve, companies will need to be proactive about the steps they take to protect people's data and be clear about how those protections work. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Monique Priestley, Vermont State Representative, about the realities that shape state-level privacy and AI legislation. Monique discusses the behind-the-scenes work required to educate lawmakers and build strong, technology-informed privacy and AI bills, and what might change in the year ahead. She also shares insights into the public's rising concerns about how their data is used, highlighting the steps companies can take to build trust.

Khurram Chhipa currently serves as General Counsel at Halborn, a leading cybersecurity company in the Web3 space. With expertise spanning blockchain security, compliance, and digital risk management, he brings a unique perspective to the intersection of law and technology. Outside of work, Khurram enjoys spending time with family and friends. In this episode… Artificial intelligence is changing how cybersecurity teams detect and respond to threats. What once required manual monitoring has evolved into an adaptive solution that uses predictive modeling to identify risks sooner. While AI can strengthen security defenses, it also raises questions about accuracy and the need for human oversight. For legal and security teams working in fast-moving sectors like blockchain, AI offers efficiency yet also introduces new risks. Large language models (LLMs) can help general counsels generate contracts and prepare for negotiations, yet they require human oversight to spot and correct errors. That's why companies need to develop clear playbooks, train teams, and implement a continuous review process to ensure responsible AI use. For security teams, the same principle applies. While predictive AI tools can identify threats earlier, security teams should also test their incident response readiness through tabletop exercises and encourage employees to adopt a don't trust, verify" mindset to guard against threats like deepfakes. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Khurram Chhipa, General Counsel at Halborn, about how AI is transforming cybersecurity. Khurram explains how AI is reshaping threat detection, why human oversight is essential when using AI in legal and security contexts, and provides practical strategies for implementing safeguards. He also describes the growing AI arms race and its impact on cybersecurity, and he provides tips on how companies can mitigate AI deepfake threats through custom training and implementing advanced security measures.

Lane Blumenfeld is the Chief Legal Officer for Data Driven Holdings (DDH). Through its portfolio companies, headed by TEAM VELOCITY, DDH has become a market leader of data-powered technology and marketing solutions for the automotive industry. Lane was named a Top 50 Corporate Counsel by OnCon. Lane holds a JD from Yale Law School, an MA in international affairs from the Johns Hopkins University School of Advanced International Studies (SAIS), and a BA magna cum laude from Cornell University. In this episode… The pressure on companies to deliver faster, more personalized digital experiences often conflicts with their privacy and security obligations. General counsels sit at the center of this tension, balancing the business value of personal data with the need to protect it. That's why their involvement early in product development is essential. Working with product and engineering teams from the start allows legal teams to build safeguards into design, before products and services reach customers. So, how can companies find the right balance without compromising privacy and security? AI also adds a new layer of complexity. As companies use it to analyze data, refine customer targeting, and generate marketing content, legal teams and general counsels are adapting to evolving regulations. While clean, reliable data is essential, general counsels need to evaluate accuracy and bias to ensure responsible use. Even as AI advances, fundamental privacy and security principles still apply. That's why it's important for organizations to take ownership of their privacy practices, especially when it comes to privacy notices and vendor relationships. Companies shouldn't depend on generic privacy notices or third-party templates that fail to reflect their actual data handling practices. Vendor contracts need equal attention, with privacy and cybersecurity provisions that mirror company commitments to consumers, since one vendor's mistake can create significant risk. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Lane Blumenfeld, Chief Legal Officer at Data Driven Holdings, about how general counsels can balance innovation with privacy and security. Lane explains how early legal involvement helps embed privacy and security into product design. He emphasizes that clear, accurate privacy notices and well-structured vendor contracts are essential for reducing privacy and security risks and maintaining accountability. And, as AI reshapes compliance obligations, Lane highlights the need for defined ownership across legal, product, and vendor teams and why companies sometimes need to walk away from vendors that expose them to excessive risk.

Eric Greenberg is the Executive Vice President, General Counsel, and Corporate Secretary of Cox Media Group, a multi-platform media company based in Atlanta that serves major US media markets. CMG is a portfolio company of the private equity firm, Apollo Global Management. In this episode… AI is transforming how general counsels and legal teams approach their work, with efficiency being just the beginning. For general counsels, the real opportunity lies in using technology to strengthen strategic thinking and decision making, not replace it. Large language models enable lawyers to analyze complex issues and identify patterns across vast amounts of information, yet they still need to apply critical thinking to interpret the results. So, how can legal professionals leverage AI to elevate their roles without compromising the judgment that defines their value? Legal professionals should approach AI as a strategic collaborator rather than a simple efficiency tool. Prompt engineering is emerging as a critical skill that bridges tech-savvy younger lawyers with seasoned attorneys who bring deep judgment and experience. Together, they can build more collaborative, strategic teams. Inside companies, AI is changing how legal departments and outside counsel work together by enhancing efficiency and fostering opportunities for shared learning across systems. Embedding institutional knowledge into AI systems offers benefits for consistency and strategic alignment, yet it also carries risk if general counsel and legal teams rely too heavily on its static outputs instead of applying their own judgment. And as AI evolves, organizations need to also prepare for fast-moving threats like deepfakes, building plans that allow them to respond within minutes, not days. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Eric Greenberg, Executive Vice President, General Counsel, and Corporate Secretary of Cox Media Group, about how general counsels can effectively use AI. Eric discusses how AI tools are reshaping due diligence and decision-making, why developing strong prompt engineering skills can strengthen collaboration between junior and senior lawyers, and how in-house and outside counsel can work more effectively through interoperable AI systems. He shares insights from his Bloomberg Law article series on AI's impact, emphasizing the importance of continuous learning and staying open-minded as technology evolves. Eric also explains the benefits and risks of embedding institutional knowledge into AI systems and offers practical ways legal professionals can experiment with AI tools.

Andy Hepburn is the Co-founder of NEOLAW LLC and General Counsel at SafeGuard Privacy. He is a privacy lawyer with deep experience helping clients in the digital advertising industry navigate complex privacy laws. In this episode… Global Privacy Control (GPC) is transforming the way companies approach consumer consent. The rise of state privacy laws has fueled an explosion of cookie consent banners and other consent mechanisms that tend to confuse consumers about what they're agreeing to. GPC, also known as a universal opt-out mechanism, offers a simpler alternative by allowing consumers to set their privacy permissions once for electronic tracking at the browser level. Yet, its current all-or-nothing design raises the question: Does a single switch reflect what consumers really want? Some consumers want to block all digital tracking, while others are open to targeted ads in specific situations, like shopping for a car or clothing. Most consumers fall somewhere in between. Earlier attempts, like the Do Not Track initiative, received pushback from the advertising industry, which argued that a simple on/off switch was too limited in capturing the diversity of consumer privacy preferences. A more nuanced approach would let individuals accept targeted ads in some areas while blocking them in others. Industry standards, such as the Interactive Advertising Bureau's Global Privacy Platform and the Multi-State Privacy Agreement, are designed to help companies ensure that consumer privacy preferences are consistently applied across publishers, advertisers, and the numerous intermediaries in the ad ecosystem. As consumer pressure and regulatory enforcement actions intensify, this may accelerate the adoption of these standards across various industries. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Andy Hepburn, Co-founder of NEOLAW LLC and General Counsel at SafeGuard Privacy, about whether universal opt-out mechanisms meet the needs of today's consumers. Andy explains why a single opt-out switch falls short of consumer needs and what more flexible models could enable. He highlights how industry standards can help companies and their vendors transmit privacy preferences across the ad ecosystem and why adoption will depend on consumer pressure and regulatory enforcement actions. Andy also explores the challenges smaller companies face in meeting privacy compliance requirements and how cooperation among regulators could shape the next phase of privacy enforcement.

Jasson Casey is the CEO and Co-founder of Beyond Identity, the first and only identity security platform built to make identity-based attacks impossible. With over 20 years of experience in security and networking, Jasson has built enterprise solutions that protect global organizations from credential-based threats. In this episode… Identity system attacks are on the rise and continue to be a top source of security incidents. Threat actors are using AI deepfakes, stealing user credentials, and taking advantage of weaknesses in the devices people use to connect to company systems. As threat actors become more sophisticated, companies need to find new ways to prevent these incidents rather than just detecting and responding to them. So, what can companies do differently to protect their data and systems? Most authentication methods still rely on shared credentials like passwords or codes that travel across systems. Any data that moves can be intercepted and stolen by malicious actors. That's why companies like Beyond Identity are helping businesses strengthen their security posture with a platform that eliminates shared credentials by replacing them with device-bound, hardware-backed cryptography. By leveraging the same secure enclave technology used in mobile payment systems, the platform produces unique, unforgeable signatures tied to each user and device. This approach prevents AI impersonation attacks, phishing, and credential theft, whether users are on company devices or using Bring Your Own Devices (BYOD). In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels sit down with Jasson Casey, CEO and Co-founder of Beyond Identity, to discuss how businesses can prevent identity-based attacks. Jasson explains why chasing AI deepfake detection is less effective than verifying the user and device behind communications. He also shares how Beyond Identity's platform works with existing identity software, enables secure authentication, and provides companies with certainty about user access, including the device used and the conditions under which users log in. Additionally, Jasson highlights how cryptographic signing tools can verify the authenticity of emails, meetings, and other content, helping businesses defend against AI deepfakes.