Emphasizing Data Privacy and Security: Insights From Jodi and Justin Daniels

Intro  0:01  

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage we will debate, evaluate and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels  0:22  

Hi, Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant, and Certified Information Privacy professional, providing practical privacy advice to overwhelmed companies. Hello, Justin

Justin Daniels  0:39  

Daniels here I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback helping clients design and implement cyber plans as well as help them manage and recover from data breaches. And today, I have Chad Franzen here from Rise25, who has done hundreds of interviews with successful entrepreneurs, investors, and CEOs and today we have flipped the script and he’ll be interviewing us, Chad, take it away. Hey, thanks

Chad Franzen  1:12  

so much, Justin. And Jodi. Great to be here. Before we get started, I’ll let everybody know that this episode is brought to you by Red Clover Advisors. They help companies to comply with comply with data privacy laws and established customer trust so that they can grow and nurture integrity. Red Clover Advisors works with companies in a variety of fields, including b2b technology, e commerce and professional services. In short, they use data privacy to transform the way companies do business. When you work with Red Clover Advisors, you’re creating a future where there’s greater trust between companies and consumers. To learn more, go to redcloveradvisors.com, or email info@RedCloveradvisors.com. You can also go to their website, just go to redcloveradvisors.com Hey, Jodi, and Justin, thanks so much for having me today. How are you guys?

Jodi Daniels  1:57  

We’re good. Thanks for having us.

Chad Franzen  1:59  

Hey, you guys have recently written a book. Can you tell me the name of the book and why you guys felt like it was important to write it?

Jodi Daniels  2:08  

Well, it’s murky, you can go first.

Justin Daniels  2:12  

The name of our book is Data Reimagined: Building Trust One Byte At a Time. Why did we write the book? Because we were in Colorado? Who knows why we wrote the book because we felt that people should take privacy and security seriously, but really casting it in a whole new light of thinking as thinking of it as a premier business

Chad Franzen  2:39  

practice. Do you guys have different levels, different types of expertise? And how did you contribute each person’s expertise to the book.

Jodi Daniels  2:48  

The book is the evolution from the podcast which our podcast is called She Said Privacy/He Said Security. And I am a non attorney focused on privacy, lots of business experience. And Justin as an attorney with the expertise and security blended together, the focus of the book is really for the business executive who is working at a company they don’t have a big privacy and security team. And they need to understand why it’s so important. So we really tried to take a very practical approach blending all the experience that we have together.

Chad Franzen  3:27  

Great. Sounds great. So tell me up until recently, how has data been viewed by companies? You know, is it a commodity? Is it due to something else?

Jodi Daniels  3:36  

Well, I’ll start with this one, I literally just came off of a call where the company has a treasure trove of data and they want to leverage it to continue to monetize and, and follow users and and build targeted profiles. So I think data is it’s not a commodity, it’s still a very prized asset in companies. Some people see it as a revenue making operations. Some people see it as the lifeblood of their company. Some people see it as just, it’s just data. Just like any other data point.

Chad Franzen  4:12  

Would you say that the attitude towards data is shifting.

Justin Daniels  4:15  

I think the attitude towards data is shifting because I’m looking at the regulatory landscape. So we now have is it Jodi 5 Is Connecticut now the latest on your

Jodi Daniels  4:28  

good list? Connecticut is on the list of one of the state laws. It’s effective July of 2023.

Justin Daniels  4:37  

But my broader point is with what’s gone on with the 2016 election, Cambridge Analytica. What we’ve seen with Facebook and Google and others is that people are starting to wake up to the fact that your data is really in the 21st century identifies who you are on a very fundamental level and so you’re seeing seeing just a real change in how data is being perceived. And then of course, because data has become so important. It comes with a handmaiden. And I like to call her new cyber threat. And that’s really where I like to call privacy and cybersecurity the peanut butter and jelly because they’re not the same thing. But they’re very much interconnected. Much like the two of us.

Jodi Daniels  5:22  

A very nice being compared to peanut butter and jelly.

Justin Daniels  5:25  

Or you want to be peanut butter jelly, you pick

Jodi Daniels  5:29  

up an almond butter special and unique with a raspberry jam. Oh, wow,

Justin Daniels  5:33  

there it is Jodi Daniels peanut butter with flair.

Chad Franzen  5:37  

So So data is often highly valued. But would you say that companies view it also as equally as dangerous as it is valuable? At this point?

Jodi Daniels  5:49  

They do not. Yeah,

I don’t, I don’t think they appreciate. And that’s really the essence behind the books is getting to educate and explain why people should care from both a security perspective, which a lot of people think first, so I have to protect the data from bad people getting to it. There’s also the privacy side, which is I gave you the company data? How are you the company using my data? And when a company uses it in a way that it wasn’t anticipated? Then customers get kind of unhappy?

Chad Franzen  6:24  

So can you give me kind of a snapshot from both a security and a privacy perspective of what a reader would learn about the promises and the dangers of data?

Jodi Daniels  6:34  

Well, dare I’m gonna let security go first.

Justin Daniels  6:36  

I’ll give you a good story. Right? This is one that Jodi and I experienced and Jodi will experience tomorrow. So when you drive from our house to the airport, you get in our car, which has GPS tracking, and the car knows exactly where we’re going where it’s parked, you get out of the west parking deck at the Atlanta airport, and you don’t take a ticket anymore, it takes a picture of your license plate, you walk in the airport, you go through TSA, and they take your picture. So within an hour of getting up in the morning, data has been collected on Where you’ve been Where you’ve parked, your your license plate on your car and your face. So as a consumer or just living our daily lives, do people even realize the volume of data that’s collected about us every day and think about the detailed portrait of what can be painted about what Jodi or Justin does every day with just those three or four data points. And so by collecting those data points, then you get into the issue of well, who are they sharing with? What’s the purpose of being collected, because of someone out there who’s a hacker or whatnot gets a hold of that information? Boy, they can get a pretty detailed portrait of what everybody does on a daily basis. And I’m not even getting into when autonomous vehicles come drones and all this other technology that’s coming down the road, because if we’re going to collect all this data, it comes with well, how do we secure it.

Jodi Daniels  8:06  

So I would just add from a privacy point of view, and kind of connecting the essence of how we’ve explained all of these different pieces in the book where we’re trying to get someone to think about their daily life and how that data is collected, and translate that into the company that they’re working with. And it might sound like a really great idea to collect or use or share data in a certain way. But did we think holistically about that? What could the impact be to customers? And that’s really what we hone in on?

Chad Franzen  8:39  

What would you say is kind of the prevailing attitude on the part of consumers, toward customer toward companies regarding their data. You know, as Justin just shared, the what he just shared is kind of like eye opening. I mean, I kind of probably knew in the back of my head that that was happening. But I never had never rose to a level of maybe concern, would you say consumers are becoming more and more concerned.

Jodi Daniels  9:01  

They are there’s a variety of different studies that are out there. And depending on your favorite one, it’s greater than 80% care about privacy, they’re making decisions based on that more than 50% of people won’t buy something over privacy or security concern. At the same time. We want convenience and cool technologies. So it’s about picking a company to give data to or interact with that you can trust. So we still want to do some of these things. But we’re going to Well, in the airport example I actually got no choice in the matter. Or you can’t just go to the airport. That’s like my only choice. But when consumers have choices of Company A or company B, they want to feel warm and fuzzy and comfortable that the company is doing the right thing with their data. And so they do care. Does everyone care? Is it at the perfect level yet? No, definitely not there. There’s greater awareness of what is happening and especially Surely in a b2b environment, there’s a significant level of care. Company A is often not doing business with Company B, unless they comply with certain privacy laws and security measures and sales are getting lost. Definitely in the b2b space for sure.

Chad Franzen  10:15  

Would you say the trust is prevalent at this point? Trust is at

Justin Daniels  10:21  

the core of our book. And we have a lack of trust in a variety of ways in our society that I think has been exacerbated by the pandemic and some of the innovations like social media. But when you ask us, what is the core theme about our book, it’s really about creating trust in a business context. But beyond that, when we’re in this electronic age, how do we create trust, and part of creating trust is, what data you collect about people what you tell them how you treat their data, because in our view, that’s really online with how you are treating them as if they were right in front of you. And that’s really the core theme in our book.

Chad Franzen  11:02  

So given given that, those are parts of creating trust, you know, what, what can companies do to further enhance that level of trust or develop that level of trust?

Jodi Daniels  11:13  

Well, the first thing is they have to know what kind of data they’re even collecting. And a lot of companies don’t know that in the privacy world does the data inventory. So we encourage all companies to literally know the data that they collect. And a requirement is to have a privacy notice. Some people think of that as a long, boring legal document. And it kind of is, but it’s also the place and the opportunity to connect with customers. That’s how we say, Hi, here’s what we’re collecting, how we’re using it, it’s the place to create that trust. I like to encourage companies to not only have a privacy notice, you’re seeing more and more where there’s a privacy page or Privacy section. Try I’ve even seen a trust Section A literally have Trust Center as an entire page that says, here’s everything you ever wanted to know about privacy, and security. And they’re putting it all right there. Sometimes I’ve even seen it as the language on a page to describe the product or service. We do all these wonderful things. And here’s our privacy and security measures.

Chad Franzen  12:18  

What will readers of your book learn about the newest data laws? Go ahead nonlawyer.

Jodi Daniels  12:28  

Well, they’ll learn that there’s a plethora of them, and that they yesterday, you like my fancy? Well, I’d had to go with the almond butter and the raspberry jam, I had to you know, like

I’m impressed.

Back to my laws. There are a variety of privacy laws. And they all are nuanced. But there’s some really common similarities. And many people kind of woke up to the privacy universe with GDPR in the EU. But here in the United States, we’re gonna have five privacy laws in 2023. And that’s a lot that companies probably don’t fully appreciate what that entails. So we’re kind of at an early stage of this privacy universe. In the sports world. We’re in like early innings.

Justin Daniels  13:23  

You’re gonna use sports man, I

Jodi Daniels  13:24  

am I’m gonna use sports. I thought you’re gonna say early ish. No, I had to keep you on your toes. Okay.

Chad Franzen  13:31  

So there are five laws? How should people kind of how should companies respond to those laws? Well,

Jodi Daniels  13:41  

there’s gonna be five, US privacy, state privacy laws. So there’s actually 150 Plus privacy laws around the world. Okay. But in the net? No, no, that’s okay. And the United States, there’s about to be five state privacy laws, and we have other ones that exist now, just about everyone listening has probably gone to a doctor’s office and hospital and seen a HIPAA statement and gotten the credit card statement. So there’s lots of other ones that exist today. But to for companies to get started, they need to know their data. Yeah, I feel like a broken record. But I actually am trying to be because it’s so important for companies to understand that. And then they have different policies that they need to create. Some are internal, some are external. And there’s kind of a long list of other to do’s but the very, very first step is going to be that data inventory. Justin, what would you add from a security standpoint?

Justin Daniels  14:34  

From a security standpoint, we’re talking about really understanding what are your important business processes. So let me contrast for you the difference between say a law firm and an E commerce site, and a law firm if our website goes down, it might be a little embarrassing, but it really doesn’t impact our operations. However, you take down a law firms document management system, you bring the whole firm to a screeching halt. So that’s A critical business process. Conversely, if you have an E commerce site, using Amazon as an example, if that site’s even down for an hour due to a distributed denial of service attack, that could be 10s of millions of dollars. So how they protect that business process, which attaches directly to the internet, is critically important. So you really need to be going through a process of identifying what your critical processes are, then you want to protect them, then you want to figure out how to detect if there’s a problem. And then if the worst happens, how do you respond? And then there’s resilience? How do you learn lessons from mistakes that happened? Or if you had a breach incident, learning from your mistakes?

Chad Franzen  15:49  

Given all of this what kind of change in mindset mindset Do you think companies will need to have as a result of kind of just perspective towards data?

Justin Daniels  15:58  

From my perspective, people need to start viewing data as the most important asset of their company, but also understanding that they have to view cybersecurity as a strategic business enterprise risk up there with, you know, losing employees, other macro economic issues, until a company has experienced ransomware. They are never the same after the experience. So in my view, it’s really rethinking or reimagining, as our book title says that security is a strategic business enterprise risk, and you have to be managed that way.

Jodi Daniels  16:39  

What do you think Jodi? So I would say that, in addition, it’s putting the customer first, I think a lot of companies think, Oh, I have this big pile of data, look at all the cool things I can do with it. And even if it’s also just Okay, from a privacy law perspective, here’s all the two dues that I have to do. And they just kind of check them off like a checklist. That’s a very compliance focused approach. And instead, we really believe if you put the customer in the middle really think of what is the customer think when I give them this data? What would what would they expect that I do? Would they be okay with that, then you’re going to make decisions that builds that trust. And it’s going to be not just a compliance activity, it’s going to be the basics that you have to do. And then above and beyond,

Chad Franzen  17:29  

what can what will readers learn kind of about data crime, and how that’s going to look in the future?

Justin Daniels  17:36  

Hate Crime is only limited by the imagination of the criminal. And I think you’re also going to learn the book about hot shots, nation states, and also, that we’re in the era now where there’s really no backup to our reliance on computers. And so that makes all of that infrastructure, a target. And we talked about in the book, you know, some really common sense approaches that people can take about using LastPass. Using multifactor authentication, just doing some basic things that now have to be the same with getting up and putting on your seatbelt when you get in the car, digitally speaking using things like multifactor, using a password manager that needs to be on par with getting in your car and buckling up.

Chad Franzen  18:28  

Wow. But are there any other what are some other valuable insights that readers might take away from the book?

Jodi Daniels  18:36  

I think one of the first is we want people to appreciate how much data is collected in a variety of different ways. Justin kind of, you know, shared the story of going to the airport, but it exists everywhere else. And we throw a variety of real world stories throughout. And the other I think is that privacy isn’t and security isn’t just one person’s job. It’s a collective effort. It’s a company wide effort. It can’t just be one person trying to solve for it. If I’m a marketer, I need to really work with my IT team and my compliance and my legal team. If I’m in finance, and I’m getting information from contractors, I might have W nine and sensitive information, their bank account information, I too am responsible for how do I receive that information? How do I treat that personal information? It’s it’s not just one other person’s job. It truly is a cross functional activity.

Chad Franzen  19:35  

Okay, great. How can people find out more about data reimagined?

Jodi Daniels  19:41  

Visit redcloveradvisors.com/book And you can learn everything you ever wanted to know about the books there.

Chad Franzen  19:50  

Okay, fantastic. Hey, Jodi, and Justin, it’s been great to talk to you today. Thank you so much.

Outro  19:59  

Thanks for listening. To the She Said Privacy/He Said Security podcast if you haven’t already be sure to click Subscribe to get future episodes and check us out on LinkedIn See you next time