Click for Full Transcript

Intro 0:01

Welcome to the She Said Privacy/He Said Security podcast. Like any good marriage we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels 0:21

HI, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s owned privacy consultancy. I’m a privacy consultant and a certified informational privacy professional and I provide practical privacy advice to overwhelmed companies.

Justin Daniels 0:35

Hello, Justin Daniels here, I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback helping clients design and implement cyber plans as well as help them manage and recover from data breaches.

Jodi Daniels 0:54

And this episode is brought to you by whoa weird. Red Clover Advisors, we help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, SaaS, ecommerce, media agencies, professional and financial services. In short, we use data privacy to transform the way companies do business. Together, we’re creating a future where there’s greater trust between companies and consumers. To learn more, visit redcloveradvisors.com, and today, we’re gonna do something a little bit different. We are not bringing on a special guests, we are going to talk about our top five stories of 2021 so far,

Justin Daniels 1:37

and just like Red Clover transforms businesses, this will be a transformative episode,

Jodi Daniels 1:42

For sure, because we’re recording on a Sunday afternoon. And what else would we want to do on a Sunday afternoon except to record a podcast and try to stay out of trouble at home? Yeah, that person I can work out so. So to get us started, Justin, what is your number one favorite story of 2021. So far,

Justin Daniels 1:59

I think my favorite story of the year would have to be Colonial Pipeline and its aftermath. Because from my vantage point, I really think that that whole incident has really transformed the way that businesses look at cybersecurity,

Jodi Daniels 2:16

you really like that word transform. It’s Top of Mind, it’s like in my head. But why is it so transformational?

Justin Daniels 2:24

I think it’s transformational. Because once you brought a cyber incident into, hey, we’re about to not have gas at the pumps. Now you have a real world consequence that people can wrap their head around. And now they say, Hmm, this cybersecurity stuff is kind of important. And now you’re seeing litigation unfurl, where, you know, Mom and Pop gas stations want to sue Colonial Pipeline because they’re saying they were negligent in their cybersecurity hygiene. And it caused the gas stations to not have gas and lose profit

Jodi Daniels 2:56

was an interesting finding. Is there anything else you’d like to share about colonial pipeline? Before we move on to number two?

Justin Daniels 3:02

I think the last thing I’ll say is I’m just seeing now where when I start talking about cybersecurity issues with clients and prospects, it’s like I’m EF Hutton. Now from the 80s. People want to listen to what I have to say MFA is now becoming table stakes. Meaning if other businesses you’re going to contract with don’t use multi factor authentication, and I have clients now who say you know what, we’re not going to do business with you. I have now put actual cybersecurity loan covenants into a major loan agreement that basically says, Hey, borrower, you can’t borrow $40 million, unless you pay attention to cyber hygiene. And if you violate some of these covenants, we’re going to hold you personally responsible. Well,

Jodi Daniels 3:45

to move on to more privacy topic, one of my favorite and mine might not be stories that you’ve seen in the news, but just personal stories that we’ve experienced, because we’re always thinking about privacy. And often we will actually we were mattress shopping, and we went into a very popular mattress store, we’re not going to actually name the particular brand. And while we were shopping, we learned about all the smart features of this mattress. Nowhere in the process did the salesperson explain or was there any information in the store about the privacy or security of the data that they would be collecting from all of the people who purchased this mattress and use all of the technology the technology monitors things like how well life slept and how much I’ve tossed and turned I think it even had heart rate and a variety of all kinds of other information that was about us on an app. I it also had Wi Fi connected to my bed which I wasn’t totally comfortable with the Wi Fi part connected to my bed. I was told I could turn the Wi Fi part off but that was great. Well, we found it really interesting that the features were emphasized and at no point Point. Was there any discussion of how long they keep this data for? Do they keep it until I say please delete it? Do they use it for any other purpose? Do they aggregate it? Do they measure sleep trends? Do they share it with anybody else? Do they use it to build new technology? there? There was absolutely zero explanation. And Justin, I think you went home and then checked the privacy notice, because that’s what we do. And what did you find when you went look at the privacy, I

Justin Daniels 5:27

found some articles about this company, and there were some concerns about how their privacy policy read in terms of Jodi’s point what data you could share who you could share it with, but I guess it’s more important to talk about the fact that we were on a vacation, and we actually wanted to download a privacy notice, I’m not sure what it says about the two of us, I’ll leave it leave it up to our viewers to decide. But I think from my standpoint, what was fascinating is like, when I get a garage door, when they put one in our house, all the sales process does is focus, oh, you’re gonna love being able to open your garage door from wherever, oh, you’re gonna love all the data you get from your sleep app, but they don’t talk anything about the privacy or security of that data, it still continues to be an afterthought

Jodi Daniels 6:11

lesson is to all of our listeners and viewers, the next cool technology app to whatever connected item you’re trying to purchase, pay attention to the privacy and security notices. And if you are one of those companies, please create some privacy and security notices and explain them to your sales team. Justin, welcome. Number three.

Justin Daniels 6:28

Well, before we go to item number three, I want to add one other thing. Or if you want to be entertained, start asking privacy questions of the salesperson and just see how they react and see how crazy that they think you are. Yeah. All right. Let’s go number four. So number three, where do we want to go with number three? I guess this short episode? It’s a short episode. Fine. I can’t go on one of my long domains. I guess another thing that I find fascinating. And again, this is personal to me, because I know we have a bit of a drone following of our podcast and for me, is it seeing a lot of the drone technology starting be adopted? Like I’ve had a client were at our construction site, our contractor hired a drone pilot. And so they were flying over the site. And I said, Well, where’s your prior authorization because we’re in really restricted airspace because we’re near a major airport, that drone was immediately grounded. But my larger point is, when I’m looking at all the development of this particular technology, what is striking to me is there’s really not been enough discussion about the privacy and security that goes around drones. Whenever we have people come to our house, I love to take a photo of the people that come camera is so high resolution and all you have to do is combine it with a database of either license plate recognition or facial recognition. And it is literally a data surveillance collection machine. And I’m still not hearing the public the debate that I would like to hear about how we’re going to implement this particular technology and get a better balance between the innovation and the benefit and privacy and security.

Jodi Daniels 8:03

Number four, I am struggling with the balance that people have to have convenience versus privacy or security. So the story here is I was looking to buy something online. And with one of my credit cards, they have all types of special offers. And I love actually that they’re kind of tailored to me. And here’s a long list of 100 plus offers and you kind of pick the ones that you want. And if you go and buy something from this retailer, whether it’s online or not, you get $5 $10 15%, whatever the offer is kind of automatically back to your card. And I went ahead and was very interested in buying a particular item, it was on sale, and I thought this is great. I’m gonna get the sale price plus the special offer. When it came time to check out I had a choice. Do I want to give the company my credit card information online? Or do I want to use a digital wallet and I had a choice of Amazon pay PayPal Apple Pay, probably even Google pay, there were four or five options. I said, Oh, that’s great. You know what I’m gonna pick Amazon pay. So I proceed with Amazon pay transactions closed. And then I’m wondering, Well, where’s my offer, I normally get an email right away. Thanks so much for using your offer come to find out the offer only works if you give the direct credit card information. So as an individual, I chose to try and protect my data and limit how many places I gave my credit card number. And as a result of doing that I’m penalized by not being able to have the offer and the extra discount. If I want the extra discount. I have to give all of that information. And so to me, that’s a big disconnect when these types of programs are getting created. And we want people to use all of these digital wallets but yet we also won’t give them some of the extra special perks unless I’m giving more of that personal information. There’s to me there’s just a big disconnect. And I’m hopeful that companies will continue to hear this see it enough other people and privacy and security professionals will share and then Move, we’ll move forward. Isn’t that another way of really saying that the company has created their data collection policy to either box you in or really incentivize you to part with that personal information? And then as a consumer, you’re saying, Hey,

Justin Daniels 10:12

wait a second, why is it being rigged this way? Why don’t I have more of a choice isn’t that in effect, what the company is trying to do?

Jodi Daniels 10:19

Well, it appears to be the the website where I bought the item from the they don’t have too much control. So the option of being able to use the digital wallet is great. From their standpoint, it really is actually with a credit card information that is saying, if it comes through on the digital wallet, we won’t give you your offer. So it’s really to me the credit card company that is not encouraging me to have good, safe practice. That makes sense. What is your last favorite story of 2021? so far? I

Justin Daniels 10:46

think my last favorite story is in the realm blockchain. Yes. So I guess as we talk today, this week, there was legislation for the infrastructure bill. It’s like a $1 trillion bill. And there was a big fight over pass a part of the bill that dealt with cryptocurrency that the idea is the government wants more reporting of cryptocurrency transactions so they can be tracked so that people pay taxes so that they can use the proceeds from that to fund the infrastructure bill, which makes sense to me. What was interesting was watching the groundswell of the crypto industry because of course, the way the law was written didn’t really approximate how things work in the crypto industry. And so what was interesting to me is they proposed an amendment to clarify a definition that would have been more restrictive and not so expensive. And one senator who I think is like in his 80s richard shelby in Alabama, like every senator has to vote for a amendment and he said, No, I’m not voting for it unless I get 50 million more than a defense bill and then Bernie Sanders in Vermont said not not not going to agree to that and so the whole thing fell apart because one really old guy who doesn’t understand cryptocurrency to begin with says I won’t vote for this and the whole thing fell apart and I just thought that was an interesting way of using cryptocurrency to shine a light on the dysfunction that goes on when we try to pass federal legislation now it’s cryptocurrency it’s another thing Close To My Heart along with drones and autonomous vehicle

Jodi Daniels 12:16

Ah, so many things close to your heart. Well, we hope that our all of our listeners enjoyed a little bit of a different take on this. She Said Privacy/He Said Security podcast. If you want to learn more, make sure you visit redcloveradvisors.com/podcast and sign up to make sure you receive the weekly email with your favorite podcast and go and visit us over at Apple, iTunes and Spotify and wherever you listen to your favorite podcast. Well, God

Justin Daniels 12:41

before we go, don’t you have a really cool speaking engagement coming up here? Not before long? Sure.

Jodi Daniels 12:49

I do. I we are which one is the one in September is a really cool marketing conference one. Yes, I’d like to hear more. I think you’re just excited that I’m speaking at the same place where Martha Stewart and Snoop Dogg are speaking.

Justin Daniels 13:03

I just want to see the picture you get between Snoop Dogg and Martha Stewart. So it goes on the Red Clover website.

Jodi Daniels 13:10

There you go. So it’s called trafficking conversion for any marketers listening. It is a marketing focused conference. And many of you know I have a big passion for the intersection of marketing and privacy. And we’ll be talking about cookieless marketing at that particular conference. That sounds day two.

Outro 13:25

That sounds like can’t miss. Thank you. Thanks for listening to the She Said Privacy/He Said Security podcast. If you haven’t already, be sure to click subscribe to get future episodes and check us out on LinkedIn. See you next time.

Privacy doesn’t have to be complicated.