Aaron Alva is a Harvard Berkman Klein Center fellow and the Founder of Alva Strategy Center, advising organizations and enforcers on privacy, security, and AI governance. Previously, Aaron was a lead tech advisor at the FTC, where he was instrumental in driving the agency’s approach to privacy and security enforcement.
Here’s a glimpse of what you’ll learn:
- Aaron Alva shares his career journey from cybersecurity research to lead tech advisor at the FTC to Founder of Alva Strategy Center
- The role technologists play in helping enforcement agencies understand technically complex privacy issues during investigations
- What past FTC enforcement actions teach companies about consumer behavioral tracking and advertising data risks
- Lessons learned from the Facebook and Cambridge Analytica privacy matter about consumer expectations and privacy controls
- How FTC privacy remedies can change company conduct beyond monetary penalties
- Why privacy-enhancing defaults can be a powerful remedy for company products and platforms
- The privacy risks companies should consider when handling sensitive health data
- Best practices for managing consumer location data and reducing privacy risks
- Overview of the categories of sensitive data that companies should treat with care
- Core privacy and security lessons companies can take from recent enforcement trends
- Aaron’s personal privacy tip
In this episode…
Privacy risks often hide in how companies collect, use, and share personal information. Smart TVs, health-related websites, and location data have all drawn regulatory scrutiny when data is used in ways consumers did not reasonably expect. A decade of FTC privacy enforcement shows companies what regulators consider unfair or deceptive. So, what can companies learn from these cases to strengthen their privacy practices?
Reducing privacy risk starts when companies understand the data they collect, where it goes, why it’s being used, and whether that use is necessary in the first place. Companies should pay close attention to handling sensitive data with care, including health information, location data, children’s and teens’ data, and driver behavior data. Embedding stronger privacy practices often comes down to establishing clear purpose limitations, thoughtful data minimization measures, limited retention, and privacy-enhancing defaults. It also requires a regular and thorough review of AdTech tools, like pixels and tags. Getting these practices right can help companies reduce regulatory risk. Yet when companies fall short, the FTC and state privacy regulators can impose remedies that reach beyond fines, requiring companies to delete data, stop certain data uses, change platform default settings, or build a stronger privacy program.
In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Aaron Alva, Founder of Alva Strategy Center, about what companies can learn from a decade of FTC privacy enforcement. Aaron explains the role technologists play in helping enforcement agencies work through technically complex privacy issues during investigations. He delves into lessons from major enforcement actions involving smart TVs and social media platforms and shares insights on the FTC’s privacy remedies. Aaron also explains how companies can strengthen their privacy practices by setting clear limits on data use, treating sensitive data with care, and aligning privacy controls with consumer expectations.
Resources mentioned in this episode
- Jodi Daniels on LinkedIn
- Justin Daniels on LinkedIn
- Red Clover Advisors’ website
- Red Clover Advisors on LinkedIn
- Red Clover Advisors on Facebook
- Red Clover Advisors’ email: info@redcloveradvisors.com
- Data Reimagined: Building Trust One Byte at a Time by Jodi and Justin Daniels
- Aaron Alva on LinkedIn
- Alva Strategy Center
- Harvard Berkman Klein Center
- Federal Trade Commission (FTC)
Sponsor for this episode…
This episode is brought to you by Red Clover Advisors.
Red Clover Advisors uses data privacy to transform the way that companies do business together and create a future where there is greater trust between companies and consumers.
Founded by Jodi Daniels, Red Clover Advisors helps companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. They work with companies in a variety of fields, including technology, e-commerce, professional services, and digital media.
To learn more, and to check out their Wall Street Journal best-selling book, Data Reimagined: Building Trust One Byte At a Time, visit www.redcloveradvisors.com.
Powered by Rise25 Podcast Production Company
Intro 0:01
Welcome to the She Said Privacy/He Said Security podcast. Like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.
Jodi Daniels 0:21
Hi, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional, providing practical privacy advice to overwhelmed companies.
Justin Daniels 0:35
Hi, I am Justin Daniels. I am a shareholder and corporate M&A and tech transaction lawyer at the law firm Baker Donelson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cybersecurity risk, and when needed, I lead the legal cyber data breach response brigade.
Jodi Daniels 1:00
And this episode is brought to you by No One Can Hear the Weird Hand on the Head Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust, so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, e-commerce, professional services, and digital media. In short, we use data privacy to transform the way companies do business. Together, we’re creating a future where there’s greater trust between companies and consumers. To learn more and to check out our best-selling book, Data Reimagined: Building Trust One Byte at a Time, visit redcloveradvisors.com Do you remember we’re not doing pictures because we’re matching and blending? Our pictures would be so nice. I’m in light blue, you’re in dark navy, got like a little blue in my jacket,
Justin Daniels 1:45
that’s what I’m like. I walked upstairs, I’m like, what happened? You’re like all dressed up today.
Jodi Daniels 1:50
No, I have a jacket on, and
Justin Daniels 1:52
I know I was like, whoa, what happened here?
Jodi Daniels 1:54
I know fancy things are at play, and now we’re going to go into fancy people, because we have Aaron Alva, who is a Harvard Berkman Klein Center fellow and founder of Alva Strategy Center, advising organizations and enforcers on privacy, security, and AI governance. Previously, Aaron was a lead tech advisor at the FTC, where he was instrumental in driving the agency’s approach to privacy and security enforcement and Aaron, I can’t wait to dive into all of this FTC enforcement fund today.
Aaron Alva 2:27
Happy to be here.
Jodi Daniels 2:30
That’s your turn.
Justin Daniels 2:31
What,
Jodi Daniels 2:31
that’s your turn?
Justin Daniels 2:33
Oh, I’m supposed to talk now. So
Jodi Daniels 2:36
I ran out of cue cards.
Justin Daniels 2:39
So Aaron, why don’t you tell us a little bit about your career journey.
Aaron Alva 2:43
Sure. Well, thanks again for having me. My career journey started over 20 years ago. I was working in cybersecurity research at a US national laboratory, and often, oftentimes what was a cyber security research at issue had a technical response, as like how you fix things or how you make things more secure. Everything was technical in terms of how to fix or make things secure, and I was curious about, well, what are the law and policy levers that you can pull in order to also make things more secure or more private, and so I took that to doing a joint master’s in information management and law degree at the University of Washington, that was supported by the National Science Foundation, and then for 10 years I was at the FTC, as Jodi mentioned, as a technologist and tech advisor working on some of the biggest privacy and security, as well as AI cases out of the FTC, and now I’m recently left and started my own venture, and I’m excited to be out in the world to get to share my expertise and knowledge and help companies and enforcers really understand these really vexing and complex security and privacy and now AI challenges.
Jodi Daniels 4:15
Amazing. Well, let’s dive in, because you described yourself as a technologist, and we’ve talked about privacy enforcement. Can you share more about what that actually means and how that shows up in work?
Aaron Alva 4:28
Yeah, so the term technologist is is one that you know can means a lot of things in different areas, so I would say at the at the FTC a technologist in privacy enforcement meant that me and other technologists at the agency would get to sit alongside attorneys and describe these technically complex issues, and then help at every stage of the privacy investigation. And at the FTC, from understanding at the outset what potential cases that the FTC would open to helping write technically precise questions, asking asking the company questions about what the privacy issues were to describing to attorneys like what are potential harms, privacy harms, and how this impacted consumers all the way to, and we can get to this further. Some of the remedies that I would help develop and write alongside and negotiate alongside case teams,
Jodi Daniels 5:40
and I think most people know, but I think what’s also interesting is the idea of a technologist is popping up more and more in the state enforcement agencies like In Cal Privacy. They are very proud of their technologists that they have, and other states I think are following suit. So something that I think is important for people to remember, when they think, oh wait, do they actually know? Yes, they do.
Aaron Alva 6:08
Yes, yeah. And now that has been a definitely a growth area, especially the last six or seven years. For, for a while at the FTC, I was the only technologist that would work on both antitrust competition and consumer protection issues, and then in the later years of when I was there, the number of technologists had grown up to 13 or so, and you’re right, state AGs and state agencies are hiring in-house technologists now, which really gives attorneys the ability to kind of understand these complex issues much more efficiently and quickly now.
Justin Daniels 6:55
So, speaking of technology, when you think back to the earlier days of your work, what still feels really relevant even today?
Aaron Alva 7:06
Yeah, that’s a good question. One thing that feels relevant today is a lot of the privacy enforcement from that early decade, earlier decade that I was at the FTC. The earlier time then is still kind of popping up now. One case I worked on back in the earlier days of my time there was Visio, where Vizio was taking pixels on your smart TV and had their own database that identified what you were watching and were licensing that to advertising and analytics companies, that is relevant still today, like the Texas attorneys general just brought a number of cases against smart TV manufacturers for the same, the same conduct, the same sort of tracking from what the FTC said in Visio in 2017 was unfair, and, and what came out of the Vizio was sort of an early days imagining of some remedies, like Vizio had to delete all four years of TV viewing history, so they couldn’t benefit further from from that conduct that the FTC said was unfair at the time,
Jodi Daniels 8:26
I’m curious, as you think about the Visio case, and I was a Visio consumer, and remember that case vividly, to what you just described now, with what Texas is doing, are companies forgetting these cases, are the learnings just the technology’s changing, and they want to adopt the next technology? It feels like we’re repeating, in, I mean, that’s almost a 10 year period.
Aaron Alva 8:51
Yeah, no, it’s a, it’s, it’s, as a, you know, as a former enforcer, it’s, it’s a, it’s a hard thing to understand and grapple with, and figure out, is a lot of, you know, cases like Vizio and others like the FTC only has the authority to bring one case against one company, and that that company is then under a typically 20 year legal order to, you know, change their conduct, and the, you know, the theory from, like, Dan Solov and Woody Hertzog and others is that, you know, that creates a common law of privacy that informs other companies, like, like Vizio’s competitors that they should bring their practices to the level at which Visio now has to do under FTC order, but it’s using 110 year old law, it’s, it’s, it’s limited. We don’t have a comprehensive federal privacy legislation in the states, and so there’s not a technically specific. Require legal requirement for the, for you know, the other companies, you know, to have to follow the same letter of the law.
Jodi Daniels 10:10
That’s interesting. I’ve always gone with, I guess, that common law privacy concept, and many peers have as well. Yeah, we would always look to those cases. Here were the learnings. Don’t do that.
Aaron Alva 10:22
Yes, yes, yes. And I think that’s, I think that that’s my view. I think also a lot of the privacy cases I worked on were bipartisan. The privacy and security are still bipartisan issues. This current FTC is still bringing security and privacy cases, so I think that also bolsters the idea that you know what comes out of FTC is something that companies should take note of.
Justin Daniels 10:50
So you were right in the middle of the Facebook case. Is there anything that really stuck with you from that experience,
Aaron Alva 10:56
other than it being a wild time in my life, so so I was the, I was the sole technologist on the Facebook privacy matter after Cambridge Analytica, that resulted in the $5 billion penalty, and then, and then Facebook had certain 20 year order requirements to have to stand up a mandated privacy program, and so forth. One of the things that I think is that stood out to me then, that still, you know, continues to happen today, is that the cost of not aligning your, you know, your privacy controls with consumers’ expectations is still high. I mean, that is still also from a legal perspective, what is partly like what unfairness means. And so back then Facebook had, you know, they had a privacy setting that said, hey, yes, you get, you know, you can give away your friends’ data, but you know that went well beyond the expectations of what you know each individual thought was happening, or and became, you know, a scandal that hit the public attention and Congress’s attention that led to the Facebook case, and so that sort of lack of clarity and not aligning your expectations with what people consumers think is still, I think, super relevant now.
Jodi Daniels 12:28
Just, I know you have lots of thoughts about this case.
Justin Daniels 12:32
Well, look in our notes, Aaron. Repeat again, how much was the fine?
Aaron Alva 12:38
$5 billion
Justin Daniels 12:39
$5 billion So, what was today’s theme? And then we had our pod, our episode the other day, Jodi. So, why do you think most companies are like Vizio, or some of these other companies, ignore these FTC orders
Jodi Daniels 12:56
because they want to keep making money,
Justin Daniels 12:58
because they’re
Jodi Daniels 12:59
using the data,
Justin Daniels 13:00
right, because they’re so rich. A $5 billion settlement to them is just merely the cost of doing business. Now, if the FTC could haul some of these people and give them a little jail time, that would change things dramatically. So that’s my point.
Aaron Alva 13:20
That’s, I mean, it’s a, that’s a totally a fair point. I think that, you know, especially the last five years of work I did at the FTC was a lot on developing remedies that create bright line rules that actually prohibit conduct, right, and that, you know, versus a monetary fine, or needing to stand up a privacy program that has, that’s more process-based, the, you know, on a violation, go direct, and better help being prohibited from sharing, you know, health data for purposes. I think is a clearer line sort of remedy that actually cuts at the heart of the incentives of, you know, data use and data disclosure, and so forth.
Justin Daniels 14:07
I mean, I guess, Aaron, I know we’re gonna segue here into talking about remedies, because honestly, at the end of the day, that’s really what you do at the FTC, you identify problems and come up with remedies from your time there, and what you do now, but I guess, I guess my question around that is, when we talk about remedies, it seems to me another remedy you could have is, what if you had a rule that said the default privacy settings on all these different devices and apps had to be privacy enhancing, as opposed to what we have, whereas the default is you give everything away, unless you want to go through about six different screens. So, I’m just curious, you know, what do you think about things like that, or what are some of the themes you’ve seen, you know, still seeing today around remedies that actually have impact, because it’s clear five. Million dollars is not having enough impact.
Aaron Alva 15:03
Yeah, I think I think you’re right about the switching the defaults. I think that is a powerful kind of piece, where you know it still gives people the choice to change back to what you know, but it sets that baseline at, you know, a more privacy-preserving piece. One case where the FTC did this was in Epic Games, where, which was like a children’s children’s privacy case, where kids who were, or children who were on Epic, you know, on Epic Games’ platform were getting harassed, you know, verbally harassed at times while going through their game, and so the, the one of the remedies in Epic Games, other than the $500 million penalty was to switch the default for kids to saying the audio during gameplay is off by default,
Justin Daniels 16:12
you know, it’s interesting you say that, because I heard $500 million but I skipped right to switching the toggle differently, because now when I think about what Aaron’s talking about now, go to Open AI, or some of this artificial intelligence, and what are some of these impacts on kids? So, to your point, Jodi, there’s like this common law privacy idea around some of these rulings, which kind of set guardrails. Obviously, none of the AI companies are listening to any of those guardrails.
Jodi Daniels 16:44
It’s always been the challenge of, well, it happened to them, maybe it won’t happen to me, and is that really going to be what I have to worry about, or is it just them?
Aaron Alva 16:58
That is, that is always that is always going to be back and forth, and you know, and I know there’s a lot of AI laws that are out there that are being enacted, you know, in the states, and there’s the EU AI Act as well, like those are those are some of the constraints that were, that you know, we’re starting to see, but, but from existing laws on the books, you know that the FTC and state AG is saying this is deceptive or this is unfair is still, still applies to, you could say, all of commerce in America, it still applies to AI, you know, uses and situations
Jodi Daniels 17:40
we talked about smart TVs and data collection. We move in advertising. We had a big tech player advertising personal information, health, and pixel tracking was it seems like a multi year focus for the FTC, and then even, you know, some states and some other areas. So, can you talk a little bit about the health arena, and if a company is listening right now and they’re in the health space, what should they be thinking about?
Aaron Alva 18:17
Yeah, that so the health arena is one of those areas where, if you think of even back to the, you know, an earlier, I think, 2011 report, privacy report from the FTC that identified here are certain sensitive or high-risk categories of data. Health is quite prominent. It comes up, it’s pretty apparent that you know your own health condition or inferences made on about your health is really sensitive and personal, and so a lot of the FTC cases in the health pixel tracking arena involved, you know, going to say Good Rx or Better Help, and you know, say Goodrach, for instance, putting in your prescription that you’re that you want a coupon for, and putting in the amount and the drug dosage, and where you want the prescription served, but what Good Rx had was a Facebook pixel on their website that was sending this sensitive health information to Facebook for certain advertising purposes, and that is the, that is the piece that, through all these FTC cases and other actions, it has been the reinforcing, this is this is an unexpected use of your personal sensitive health information, and for purposes that you know the consumers didn’t know often know about or consent to, and that’s conduct that is when we talk about remedies prohibited. For these companies under order now,
Jodi Daniels 20:03
and if you were to think about one or two steps for a company listening, who might be in that house, what should they take from
Aaron Alva 20:10
this? I ad tech is a very complex dynamic space, but so sitting down and auditing and understanding what data is being sent to other players that you know to other entities like advertising entities I think is a really good step number one is sitting down and you know looking at your website identifying oh do I have an area where I’m collecting or asking for sensitive info, and now, like, what pixels do I have on this site? What’s happening to this on this site? What ad tags do I have on this site. Getting an understanding of where your data is going, or where your consumers’ data is going, is, I think, a critical first step, and then taking that next action, taking that action to say I need to limit this, I need to change my practices here. If it is sending sensitive info, and go through the, and then make it a repeatable part of your sort of marketing process.
Jodi Daniels 21:19
Those are good tips. Thank you for sharing. Someone needs to learn from these cases. I don’t want my prescription information shared anywhere,
Justin Daniels 21:28
but the fines don’t matter, don’t seem to deter anyone.
Jodi Daniels 21:31
Well, we’re here doing our part.
Justin Daniels 21:35
I see,
Aaron Alva 21:36
and again, these, these pixel cases are not just fines, they are guttor acts is prohibited from sharing sensitive health debt, you know, health info for advertising purposes, and then you have
Jodi Daniels 21:50
you have states that are looking at this, so now we have our state privacy laws, and these are some of the issues that they’re working in, and we are doing our part to remind people of these cases and remind them not to do it. So, what’s next? We have another goodie.
Justin Daniels 22:08
Location data.
Jodi Daniels 22:09
Location data.
Justin Daniels 22:10
Oh, so location data has been another big area. What should companies really understand about handling that can of worms?
Aaron Alva 22:20
Yeah, you know, very much like, you know, we talk about the sensitive or high-risk health, or you know, data buckets, you know, you think of health data, but you also think of location data, and the potential harms that that can cause for somebody knowing, you know, where you are, where you’ve been, and what that means for you, and so a lot, you know, for companies where location data is actually necessary to serve the service, then the takeaway is data minimization and use purpose limitations is only use the location data for the delivering of the service, but not also, and don’t use it also for other purposes that aren’t expected or consented to by by consumers, that I think is a key part, and there’s, there’s a number of technical ways to kind of deal with location data that you know manage the risk and lower the sensitivity, like coarsening the data, so that it’s not a precise data point, it’s, it’s more of like, here’s what happened in that kilometer, you know, mile or kilometer, there are other techniques as well to kind of consider as part of managing location data use,
Jodi Daniels 23:50
and location data is another really interesting one, because the definition of precise geolocation seems to differ depending on who you’re asking.
Aaron Alva 23:58
Yes, I spent a lot of time alongside case teams in the FTC location data orders, precisely defining location data, what it means, what is included, what’s not included, and so that, and I think that was a key role for a technologist, is getting those technical definitions right to be clear about, you know, what we’re talking about, those technical definitions in legal orders or in descriptions really matter a lot, and so there are some subtle differences in the definition location data, even across the four current, you know, FTC orders in market X mode, gravy analytics, and Mowala, but also it’s, it’s pretty clear that it, it’s not just GPS data that is considered location data, like if it’s precise about a consumer device, it’s. It is still location data, for instance, like your routers have, like, a unique identifier, and there’s a technique called Wi-Fi triangulation, where your phone can, you know, understand how far a certain number of unique routers are from your device, and that can be sometimes more precise than GPS data, and so that, that, and so include knowing that, and including that as part of the definition of location data, and working with those nuances is a lot of what I worked on in terms of helping case teams and providing clarity to companies about what’s included,
Jodi Daniels 25:48
well, we’ve talked about health and location, which are definitely considered sensitive data types amongst a lot of people, but there’s more. It’s not just those. Aaron, can you tell us what some of the other kinds of data that you are seeing that might also be considered sensitive data.
Aaron Alva 26:07
Yes, so based on, you know, FTC cases, the FTC has also taken action in browsing data as an as another kind of area where you know what, where you go on the web and what you navigate to and what you’re seeing and your, your, your internet browsing history is considered sensitive or high risk, that that came from the Avast case, children’s data. Obviously, we have, you know, a law on the books, COPPA children’s data is inherently sensitive as it relates to kids, and that, and that definition is not just kids, it’s increasingly from FTC orders expanding to teens in certain cases, driver behavior data. One of my last matters I worked on was the General Motors matter that deals with the sensitivity of driver behavior data, both location data coming from where you were driving your car and also, how you were driving your car, like, were you speeding, were you hard braking or hard cornering, that sort of thing, what you learn, what we, what you’re listening to on the radio in the car, that sort of thing, those are those are the main buckets, and then there are, you know, there have been past actions from the FTC around AI related to in high-risk situations like Rite Aid or or the recent OkCupid case about sharing photos and demographic and data for for that ended up being used for training facial recognition models by another company.
Jodi Daniels 28:05
Jess, I know you have some thoughts that you want to talk about in AI.
Justin Daniels 28:09
I’ve been enjoying the remedy conversation with the FTC.
Jodi Daniels 28:13
Oh, okay, I just wanted to make sure we, we covered all your fun.
Justin Daniels 28:17
No, no, we can take a day off from AI. I can’t remember the last episode where we didn’t discuss it, so Aaron, you know, after all the different topics we’ve covered, and we’ve covered a lot of ground here in the last 20 minutes, if we step back, you know, what do you think some of the biggest lessons companies should take away from what we’ve talked about,
Aaron Alva 28:42
yeah, the biggest lessons I think for Tate, you know, as takeaways, and they apply both to, you know, privacy and as well as to security, you know, these are not those are those are both both applicable here, one is how you know limiting, you know, having use purpose limitations are increasingly critical today, knowing as a company how you’re using the data, being narrow and clear about what you’re using the data for, and, and, and having that use purpose limitation that also is tied to how long you’re retaining the data, making sure you’re not using it for other uses. This is a kind of a reoccurring theme in a lot of the cases from the FTC, as well as some of the new legislation that’s coming out in terms of privacy, you know, new state privacy laws, and so forth. Another area is, as I mentioned, that data retention and minimization, and this is also particularly true for security, is if you, you know. Limiting the scope of a potential breach means limiting the amount of data you have on hand that that you that might be exposed, right, having those data retention and minimization kind of practices is critical part, I think, of some of the takeaways, sensitive data, like all the categories we talked about, so health, location, browsing, driver behavior, children, so forth, those all require I think heightened care, and the FTC has made that quite clear, and, and, and both in previous administrations and now that seems to be still quite relevant, and then I think finally, like technical details really matter, it’s really important, especially in not to bring up AI again, it’s important to have a clear scoped understanding of like what it is we’re talking about. What are the problems? What are the definitions? And I think that that translation and back and forth with attorneys and technologists about all getting on the same page of this is exactly what we’re talking about, or this is what you know health data means, or location data means that is, I think, critical to us having like a clear way to move forward and have a dialog and have clarity to the market about, you know, what it is, you know, enforcers and companies need to take, take note of, so those are those are my overalls,
Jodi Daniels 31:42
those are really good tips and themes and reminders, and given all you know about how technology works, especially in the privacy and security space, what best tip would you offer? I can only imagine the kinds of conversations you might have with, you know, with those around you,
Aaron Alva 32:03
to me the best tip I have to offer is, is changing up the emails that you use to sign up for marketing or loyalty programs is I often like to take, you know, even say my Gmail address and do a-plus sign, and then have another name to it, and and that gives me that does kind of two things, one, it it it throws the data brokers and ad tech ecosystem off, because oftentimes you know email addresses are unique identifiers where all of your activity is associated with an email address or a hashed email address, and then that all gets all put in one bucket and used to create inferences about you for ad targeting or whatnot, so by changing up the email address, it’s email still comes to you, but, but it really makes it harder to kind of piece all those information pieces together for for that ecosystem, so that I, that, that would be my personal tip.
Jodi Daniels 33:20
Thank you for sharing. We have heard that one a couple times. A lot of people who like that idea.
Justin Daniels 33:28
So, Aaron, what do you like to do for fun when you’re not doing all of this technologist stuff?
Aaron Alva 33:35
That’s a really hard question, though. I like to row, so I have the pleasure of living on an island, and so I get to go out in on the harbor in a row boat, whether it’s a quad or an eight, or even yesterday I was out on a single, which was somewhat terrifying, but it’s, it’s, it’s a beautiful, good workout and practice, and it’s, it’s one of the things that kind of gets me outside, and, and is really pleasant.
Jodi Daniels 34:14
That sounds so nice, and so peaceful. It
Justin Daniels 34:18
I don’t think you appreciate how fast he might be rowing.
Jodi Daniels 34:21
I didn’t say it wasn’t hard. I just said it might be nice, it might be peaceful, because I bet you he might be rowing in in his area without police boats coming at you, like what you did to me when I was in the Washington.
Justin Daniels 34:34
Oh, I did nothing like,
Jodi Daniels 34:36
yeah, it was great. But let’s get back to you, Aaron.
Justin Daniels 34:41
I want to hear this story at some point, it
Jodi Daniels 34:44
was lovely. We were in kayaks and in what I don’t remember which busy harbor, and there’s a police boat coming right at me in the direction that Justin House is going, and he’s off in another one, and I. Just looking at this police boat right over here, and that was not fun.
Justin Daniels 35:05
See, you still seem traumatized. I
Jodi Daniels 35:06
am still traumatized. I had one kid, another kid, and that was not nice. That is my story, everyone. But I do want to make sure that people here know how to connect with you, Aaron.
Aaron Alva 35:19
Yeah, so I am on LinkedIn, Aaron Alva, as well as my own personal site is strategycenter.tech, and all the rest of my contact detail details are on on the site directly.
Jodi Daniels 35:38
Amazing. Well, thank you so much for sharing an insider’s view from all these different FTC cases. We really appreciate it.
Aaron Alva 35:46
My pleasure. Thanks for having me.
Jodi Daniels 35:48
Thank you.
Outro 35:53
Thanks for listening to the She Said Privacy/He Said Security podcast. If you haven’t already, be sure to click subscribe to get future episodes, and check us out on LinkedIn. See you next time,
Privacy doesn’t have to be complicated.
As privacy experts passionate about trust, we help you define your goals and achieve them. We consider every factor of privacy that impacts your business so you can focus on what you do best.



