Peter Kosmala is a course developer and instructor at York University in Canada and leads its Information Privacy Program. Peter is a former marketer, technologist, lobbyist, and association leader and a current consultant, educator, and international speaker. He served the IAPP as Vice President and led the launch of the CIPP certification in the early 2000s.

As data privacy continues to evolve, privacy professionals need to stay sharp by reinforcing their foundational knowledge and refining their practical skills. It’s no longer enough to just understand and comply with regulatory requirements. Today’s privacy work also demands cultural awareness, ethical judgment, and the ability to apply privacy principles to real-world settings. How can privacy professionals expand their expertise and remain effective in an ever-changing environment?

Privacy professionals can’t rely on legal knowledge alone to stay ahead. Privacy frameworks like the Fair Information Practice Principles (FIPPs), OECD Guidelines, and others offer principles that help privacy pros navigate shifting global privacy laws and emerging technologies. Privacy pros should also deepen their cultural literacy, recognizing the societal and political drivers behind laws like GDPR to align privacy practices with public expectations. Hands-on operational experience is just as important. Conducting privacy impact assessments (PIAs), responding to data subject access requests (DSARs), and developing clear communications are just a few ways privacy pros can turn knowledge into practical applications.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Peter Kosmala, Course Developer and Instructor at York University, about how privacy professionals can future-proof their skills. Peter discusses the value of foundational privacy frameworks, the tension between personalization and privacy, the limits of law-based compliance, and the growing need for ethical data use. He also explains the importance of privacy certifications, hands-on learning, and principled thinking to build programs that work in the real world.

Amanda Moore is a seasoned leader with extensive experience in privacy strategy, technology, and operations. She currently serves as the Senior Director of Privacy at DIRECTV, where she oversees the company’s privacy program with respect to technology and operations. Prior to her role at DIRECTV, she held pivotal positions at CVS Health and AT&T leading technical and business teams. Her career started in information technology but shifted to privacy before the onset of CCPA. Amanda holds the CIPM certifications and is a OneTrust Fellow of Privacy Technology.

Many organizations invest in privacy technology expecting it to deliver instant compliance, only to find that it fails to integrate with existing tools or processes. Adoption often lags when internal teams see privacy as a barrier or when tools are implemented without clearly defined goals. Choosing privacy technology before businesses understand the specific problem they’re meant to solve leads to confusion, inefficiency, and low adoption.

One of the most effective ways to boost technology adoption is to start with a clear understanding of business processes and goals before introducing new privacy tech. Successful privacy programs start by mapping business processes and making small, non-disruptive backend adjustments that minimize disruption. Additionally, building internal awareness through roadshows, clear communication, and simplified privacy impact assessments helps shift perceptions and encourages teams to view privacy as a business enabler.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Amanda Moore, Senior Director of Privacy at DIRECTV, about integrating privacy technology into business operations. Amanda highlights how strong internal relationships help position privacy as a business enabler, why reframing communication to various business executives enhances support for privacy initiatives, and how measuring privacy program maturity with the use of technology provides more insight than surface-level metrics. She also discusses methods to increase adoption through internal awareness campaigns and simplified assessments, and the long-term value of reputation-building within organizations.

Brian Mullin is the CEO and Co-founder of Karlsgate. He is also a creator of Karlsgate Identity Exchange, a groundbreaking solution for zero-trust remote data matching and integration. Brian has over 30 years of experience in data privacy and security with leadership roles at companies across the data-driven marketing ecosystem.

Data is often viewed as binary and categorized as either public or private with the assumption that private data is secure and tightly protected. Companies often rely on firewalls, contracts, and policies to secure data, yet these measures don’t guarantee control once data is shared across multiple platforms and with third-party vendors. Every time data changes hands, the risk of exposure, misuse, or compliance failure increases. So, how can organizations securely share data while minimizing risks and protecting individual identities?

To address this challenge, companies can treat sensitive information as a “protected data” category where data is only shared under specific, controlled, and technology-enforced conditions. Rather than trusting third-party data clean rooms to match and analyze data sets, businesses can use Karlsgate’s peer-to-peer privacy-enhancing technology to prevent identity exposure altogether. This allows companies to reduce risk while eliminating the need for persistent IDs like cookies to ensure data set matching occurs without revealing personal information.

In this episode of the She Said Privacy/He Said Security Podcast, Jodi and Justin Daniels talk with Brian Mullin, CEO and Co-founder of Karlsgate, about how companies can rethink data sharing with privacy-first tools. Brian discusses the dangers of persistent identifiers and why protected pipelines offer a more scalable and secure solution than traditional data clean rooms. Brian also shares how Karlsgate enables secure data set matching between organizations while eliminating the need to hand over control and explains how organizations can adopt these technologies quickly without adding friction to existing workflows.

Farah Gasmi is the Co-founder and CPO of Dioptra, the accurate and customizable AI agent that drafts playbooks and consistently redlines contracts in Microsoft Word. Dioptra is trusted by some of the most innovative teams, like Y Combinator and Wilson Sonsini.

She has over 10 years of experience building AI products in healthcare, insurance, and tech for companies like Spotify. Farah is also an adjunct professor at Columbia Business School in NYC. She teaches a Product Management course with a focus on AI and data products.

Laurie Ehrlich is the Chief Legal Officer at Dioptra, a cutting-edge legal tech startup revolutionizing contract redlining and playbook generation with AI. With a background leading legal operations and commercial contracting at Datadog and Cognizant, Laurie has deep expertise in scaling legal functions to drive business impact. She began her career in intellectual property law at top firms and holds a JD from NYU School of Law and a BS from Cornell. Passionate about innovation and diversity in tech, Laurie has also been a champion for women in leadership throughout her career.

Contract review can be time-consuming and complex, especially when working with third-party agreements that use unfamiliar language and formats. Legal teams often rely on manual review processes that make it challenging to maintain consistency across contracts, contributing to inefficiencies and increased costs. That’s why businesses need an effective solution that reduces the burden of contract analysis while supporting legal and strategic decision-making.

Dioptra, a legal tech startup, helps solve these challenges by leveraging AI to automate first-pass contract reviews, redline contracts, and generate playbooks. The AI agent analyzes past agreements to identify patterns, standard language, and key risk areas, allowing teams to streamline the review process. It supports a range of use cases — from NDAs to real estate deals — while improving consistency and reducing review time. Dioptra also enhances post-execution analysis by enabling companies to assess past agreements for compliance and risk exposure.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Farah Gasmi, Co-founder and Chief Product Officer at Dioptra, and Laurie Ehrlich, the Chief Legal Officer at Dioptra, about how AI is used to streamline contract reviews. Together, they discuss how Dioptra accelerates contract reviews, supports security and privacy through strict data controls, and enables organizations to build smarter, more consistent contract processes — without removing the need for expert human judgment. Farah and Laurie also delve into the importance of AI-driven consistency in contract negotiation, vendor security evaluations, and how companies can safeguard sensitive data when using AI tools.

David Kennedy is the Founder and CEO of TrustedSec and Co-founder at Binary Defense. He is considered an industry leader in cybersecurity. As the former Chief Security Officer of Diebold, David has led global cybersecurity teams, testified before Congress, and continues to shape cybersecurity policy. He co-authored the Penetration Testing Execution Standard and is renowned in offensive security. A Marine with intelligence experience, he prioritizes family, fitness, and co-hosts the Hacking Your Health Podcast. He built a DeLorean time machine inspired by Back to the Future. David's life mission is to help others and to make the world a safer place in cybersecurity, which drives him every single day.

Cybersecurity threats are evolving at an alarming rate, and businesses face an uphill battle in protecting their data and systems. Ransomware attacks, supply chain vulnerabilities, and sophisticated social engineering tactics put organizations at constant risk. At the same time, companies face mounting pressure to protect customer data amid the growing influence of AI-driven misinformation, concerns surrounding platforms like TikTok, and other evolving cyber threats. How can businesses defend themselves proactively?

Building a strong cybersecurity program requires leadership, governance, and proactive risk management, not just technology. Many organizations struggle with detecting breaches in real time, making rapid threat detection and response essential. TrustedSec and Binary Defense are helping companies address these challenges by providing expert-led security consulting, penetration testing, and real-time threat monitoring. As cyber threats become more advanced, collaboration between security and privacy teams is essential to building a comprehensive defense strategy.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with David Kennedy, Founder and CEO of TrustedSec and Co-founder at Binary Defense, about evolving cybersecurity threats and how businesses can improve their security posture. David talks about the intersection of cybersecurity and privacy, the role of governance in building cybersecurity resilience and protecting data, how AI is shaping cyber threats, and the implications of cyber warfare. He also shares his experience testifying before Congress, explaining why lawmakers struggle to grasp cybersecurity issues. David provides advice on how companies can improve their threat detection and response capabilities and why social media presents a growing risk.

Jason Brenner is the RVP of Healthcare & Lifesciences at LiveRamp and has been working in the advertising and ad tech industries for over 20 years. He is leading efforts on building data connectivity solutions for the healthcare and life sciences industries. Prior to LiveRamp, Jason has held leadership positions at Placed, Verve, PayPal, Time Inc., The New York Times, and Condé Nast.

Companies in industries like healthcare and life sciences are leveraging data collaboration to collect valuable insights to drive innovation and improve customer experiences. However, for many organizations, balancing data collaboration with privacy, security, and regulatory compliance obligations remains a significant challenge. With consumer trust at stake, and the risks of improper data handling, how can companies balance innovation with responsible data use?

Data collaboration in healthcare presents both opportunities and challenges. Companies need to adopt privacy-by-design principles and engage legal and privacy teams early in the process. By implementing techniques such as data tokenization and de-identification, businesses can extract valuable insights while minimizing privacy and security risks. That's why companies like LiveRamp are making this process easier with a platform that transforms personally identifiable information into non-reversible tokens, allowing organizations to use data responsibly while minimizing privacy and security risks.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Jason Brenner, RVP of Healthcare and Life Sciences at LiveRamp, about the critical role of privacy and security in data collaboration. Jason shares insights on how organizations are navigating a complex and fragmented regulatory landscape, the importance of adopting privacy-by-design principles, and engaging legal and privacy teams early in the process. He also shares how businesses can minimize data retention risks, the role of de-identification and tokenization in protecting sensitive information, and the importance of building customer trust through responsible data practices.

Niel Harper is a Certified Director and ISACA Board Vice Chair. He is also the Chief Information Security Officer and Data Protection Officer at Doodle. Niel is based in Germany. He has more than 20 years of experience in IT risk management, cybersecurity, privacy, Internet governance and policy, and digital transformation.

Safia Kazi is the Privacy Professional Practices Principal at ISACA. She has worked at ISACA for just over a decade, initially working on ISACA’s periodicals and now serving as the Privacy Professional Practices Principal. She is based in Chicago. In 2021, she was a recipient of the AM&P Network’s Emerging Leader award, which recognizes innovative association publishing professionals under the age of 35.

ISACA’s State of Privacy 2025 survey reveals that privacy professionals are facing significant hurdles, including staffing shortages, budget cuts, and increasing demands for technical privacy expertise. Many organizations are shifting privacy responsibilities to legal and security teams, without additional resources or training. At the same time, AI adoption is increasing, introducing new complexities and risks. With privacy budgets under strain and teams expected to do more with less, how can businesses sustain effective privacy programs while navigating new challenges?

According to ISACA’s State of Privacy 2025 survey, one of the most pressing concerns for privacy teams is the growing demand for technical privacy expertise. Privacy by design also remains a challenge, with limited resources making it difficult for teams to embed privacy into product development from the outset. AI also plays a growing role in privacy operations, helping automate processes while raising concerns about data security, bias, and third-party risks. Despite these findings from ISACA’s survey, businesses can make privacy sustainable by fostering a culture of privacy awareness from the top down, ensuring leadership understands the value of privacy beyond compliance.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Niel Harper, Certified Director and Board Vice Chair at ISACA and CISO and DPO at Doodle, and Safia Kazi, Privacy Professional Practices Principal at ISACA, about the findings from ISACA’s State of Privacy 2025 survey. Safia explains how privacy professionals can adapt to changes by continuously learning and staying informed on emerging risks, while Niel highlights the need for board-level privacy advocacy. They also explore how organizations are adapting to staffing shortages and budget constraints, the impact of AI on privacy operations, and how organizations can effectively navigate emerging risks.

Stephen Bolinger, Chief Privacy Officer at Informa, has a career that spans three continents and more than two decades, with the last seventeen years devoted to privacy and data protection matters across a range of industries, including tech, medical devices, and financial services. Stephen produced a fascinating film called Privacy People.

As technology evolves and cultural perspectives shift, so does the debate over privacy. With each new tech innovation, from smartphones to AI, companies are collecting more personal information than ever, leading some to claim that privacy is dead. Meanwhile, businesses are navigating a fragmented regulatory landscape, particularly in the United States, where varying laws create compliance challenges. These growing concerns raise the question: is privacy dead, or is it just evolving?

Cultural perspectives on privacy differ significantly, influencing how laws are structured in regions like the U.S., Europe, and Australia. While some nations treat privacy as a human right, others see it as a consumer protection issue. To address these concerns, companies need to integrate privacy into their overall data governance strategies, ensuring responsible data collection and AI oversight. As privacy expectations shift, businesses need to adapt, recognizing that privacy is not disappearing — it is being redefined, reinforcing the need for dedicated privacy professionals.

In this episode of the She Said Privacy/He Said Security podcast, Jodi and Justin Daniels chat with Stephen Bolinger, Chief Privacy Officer at Informa, about the evolving role of privacy professionals and how cultural differences influence data protection expectations worldwide. Stephen discusses the challenges of navigating privacy laws across different countries, the increasing importance of data and AI governance, and why privacy professionals need to expand their expertise beyond compliance to address broader ethical implications and technological advancements. Stephen also highlights his latest project, a documentary film entitled Privacy People, which sheds light on the complexities of data privacy.

Dave Sampson is the Vice President of Cyber Risk & Strategy at Thrive. In his role, he heads Thrive’s Consulting Practice, where he and his team of experts join forces with clients to deliver strategic guidance on a range of topics, including cybersecurity, IT operations, Cloud, Microsoft 365, compliance, disaster recovery planning, and more. Over the course of his extensive career, Dave has taken up various influential positions in the industry. He served as a Senior Consulting Technical Solution Manager at IBM, was Executive Vice President and Chief Technology Officer at Itrica, founded and served as CEO of Cloud Provider USA, and held the position of Chief Technology Officer at ColoSpace. Dave holds an MBA from Northeastern University and a BS in Communication and Media Studies from Emerson College. He is a former elected official in his hometown of Sandwich, MA.

As the cyber threat landscape becomes more unpredictable, organizations often struggle with implementing and managing different security tools and ensuring systems communicate effectively to keep up with threats. Organizations can no longer afford to take a reactive approach. Without a clear strategy and proper proactive security measures, organizations face operational disruptions, increased vulnerability to attacks, and challenges in responding to security incidents. So, how can companies take a smarter, more proactive approach to cyber risk management?

A proactive cybersecurity strategy isn’t just about having the right tools — it’s about integrating these tools effectively and ensuring visibility across systems to detect risk and prepare for worst-case scenarios. Companies like Thrive are making this process more efficient with their security platform that combines industry leading security tools, real-time monitoring, and AI-driven automation into a cohesive, managed solution that helps companies optimize operations and mitigate cyber risks. Yet, beyond the technology, companies also need to establish a disaster recovery plan, maintain transparency with third-party vendors, and perform privacy and security risk assessments to further enhance security and privacy measures and incident preparedness.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Dave Sampson, VP of Cyber Risk & Strategy at Thrive, about the critical components of cyber risk management. Dave discusses the challenges of integrating security solutions, the lessons learned from the CrowdStrike incident, and how AI is both a threat and an advantage in cybersecurity. He shares insights on cybersecurity best practices and discusses the growing need for outsourcing cybersecurity expertise, the role of third-party risk management, and the importance of disaster recovery planning. Dave also offers practical tips for strengthening both personal and enterprise security, emphasizing the need for vigilance, adaptability, and a proactive security mindset.

Doug Miller is an Executive Coach at Doug Miller Strategies, a consultancy for privacy and compliance executives, professionals, and teams. Having been a Global Privacy Leader at AOL and Yahoo, he's faced the challenges of overburdened privacy teams firsthand.

Privacy professionals face unique challenges in their roles, often working across teams to implement privacy initiatives that might not always be a top priority for the broader organization. Many privacy professionals struggle with persuading stakeholders, managing heavy workloads, and effectively communicating risk across their organizations. This uphill battle requires confidence, strong leadership skills, and persuasive communication to effectively integrate privacy into business operations. How can privacy professionals develop these skills while building privacy programs and addressing burnout and career growth?

Executive coaching is a powerful tool for privacy professionals looking to improve their leadership skills and ability to influence decision-making. Mastering prioritization, cross-functional collaboration, and articulating the value of privacy programs are essential for long-term success in privacy roles. Practical strategies such as improving time management, refining persuasion techniques, and addressing burnout can help privacy professionals navigate their responsibilities more effectively. By focusing on behavioral shifts and mindset adjustments, privacy leaders can strengthen their influence, drive organizational change, and create sustainable privacy programs. Whether working solo or as part of a privacy team, patience, adaptability, and proactive engagement are critical for success. 

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Doug Miller, Executive Coach at Doug Miller Strategies, about how coaching can help privacy professionals refine their leadership skills to navigate challenges and lead their teams. Doug shares insights on the skills privacy professionals need to develop, how leaders can better support their teams, and why coaching can help professionals build resilience amid regulatory and organizational challenges. He offers strategies for preventing burnout and fostering cross-departmental collaboration to build effective privacy programs.