Security and privacy leaders are under pressure to sign off on AI, manage data risk, and answer regulators’ questions while the rules are still taking shape and the data keeps moving.

 On this episode of Ctrl + Alt + AI, host Dimitri Sirota sits down with Trevor Hughes, President & CEO of the IAPP, to unpack how decades of privacy practice can anchor AI governance, why the shift from consent to data stewardship changes the game, and what it really means to “know your AI” by knowing your data. 

Together, they break down how CISOs, privacy leaders, and risk teams can work from a shared playbook to assess AI risk, apply practical controls to data, and get ahead of emerging regulation without stalling progress.

In this episode, you’ll learn:

• Why privacy teams already have methods that can be adapted to oversee AI systems

• Boards and executives want simple, defensible stories about risk from AI use

• The strongest programs integrate privacy, security, and ethics into a single strategy

  
  

Things to listen for: 

(00:00) Meet Trevor Hughes

(01:39) The IAPP’s mission and global privacy community

(03:45) What AI governance means for security leaders

(05:56) Responsible AI and real-world risk tradeoffs

(08:47) Aligning privacy, security, and AI programs

(15:20) Early lessons from emerging AI regulations

(18:57) Know your AI by knowing your data

(22:13) Rethinking consent and data stewardship

(28:05) Vendor responsibility for AI and data risk

(31:26) Closing thoughts and how to find the IAPP