ZoomInfo’s Al Raymond on B2B Privacy Programs and Third-Party Privacy Risk Management

Intro  0:01  

Welcome to the She Said Privacy/He Said Security Podcast. Like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st century.

 

Jodi Daniels  0:22  

Hi, Jodi Daniels here. I’m the Founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a Privacy Consultant and Certified Informational Privacy Professional providing practical privacy advice to overwhelmed companies.

 

Justin Daniels  0:37  

Hello, Justin Daniels here. I am an equity partner at the law firm Baker Donelson, and I practice technology law. However, I am passionate about helping companies solve complex cyber and privacy challenges during the lifecycle of their business. I am the cyber quarterback, helping clients design and implement cyber plans as well as helping them manage and recover from data breaches.

 

Jodi Daniels  1:00  

This episode is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in various fields, including technology, e-commerce, professional services, and digital media. In short, we use data privacy to transform how companies do business together. We’re creating a future with greater trust between companies and consumers. To learn more, and to check out our best-selling book, Data Reimagined: Building Trust One Byte at a Time, visit redcloveradvisors.com. You’re laughing at me?

 

Justin Daniels  1:44  

I know. Because a year ago, you’re not new anymore. I know. But we still have people feels new. Well, we still have people who read the book and comment on it.

 

Jodi Daniels  1:53  

It is true, it is new to them. Thank you to all those wonderful people who have picked up our book, read it and even left us wonderful, heartwarming comments on social, we really appreciate it.

 

Justin Daniels  2:04  

And I’m sure our listeners will appreciate the fact that Jodi and I both got asked to be quoted in a magazine and we did and only Jodie got the quote in the magazine. So I had to take it for you know, she won, I lost okay.

 

Jodi Daniels  2:21  

It was fine. But today I’m really excited because we are going to dive in to B2B privacy programs. And with us, we have Al Raymond, who is the Privacy Compliance Officer for ZoomInfo Technologies. He is a privacy compliance and data governance professional with an MBA and 20-plus years of progressive experience and customer data privacy, information security, regulatory compliance and risk management. Al welcome to the show.

 

Al Raymond  2:51  

Thank you both for having me. Pleasure to be here.

 

Jodi Daniels  2:55  

Welcome to the craziness of our show.

 

Justin Daniels  2:57  

You know what maybe one of the shows we can have like our someone come on, and we’ll have like a privacy and security song we’ll have a guitarist and everything.

 

Jodi Daniels  3:04  

We can have like a whole bands. We could we could build a band

 

Justin Daniels  3:09  

That security scaring is carrying, oh, privacy when they want to collect your data. Just say no.

 

Jodi Daniels  3:18  

That was cute. That’s not often you break out into song, but I’m gonna bring you back to the present. Yes,

 

Justin Daniels  3:23  

Yes. Let’s focus on our guest. Al, as we always like to discuss, tell us a little bit about your career journey and how you came to your current role.

 

Al Raymond  3:34  

Justin, you’ll appreciate this, I think, because I started in information security. Before I evolved, as I say, into privacy. I started an information protection team. And as I got more and more involved in data protection and data governance, I was debating whether I wanted to go to law school or not. And I just couldn’t justify the the time and the cost. But I really love the law aspect of privacy. So you know, the privacy is a lot about law, if not all about law. And so I gravitated more and more towards that, as I assume more responsibilities. And one of the early companies I was at. I became a chief privacy officer the first the first one that they had there. And so being a CPO, you got to embrace all that and more privacy, or duties responsibilities. So it just took that path instead. But I still got a CISSP as well as my CIPP because the people who report to me were security engineers. And I wanted to be able to talk their language. So that when we communicated and I had to talk about controls and the importance of controls upstream, you know, they would take me more seriously because I was able to speak their language versus being a compliance guy, or just talking to law to them, which they weren’t interested in hearing. They were, they were speaking language or privacy technologies and you know, encryption and triple D’s and all that kind of stuff. That’s the update, appreciate it. So I got to say, I CISSP balancing with the CIP and just got more involved in compliance activities, risk management activities, data governance, here I am today.

 

Jodi Daniels  5:14  

Always a fun story, right? But did you ever question going to law school?

 

Justin Daniels  5:19  

Well know that I ever questioned it. I think, as I’ve gotten out kind of a little different than Al is, I’ve gotten several degrees from YouTube University. To learn blockchain, to learn like mobile edge computing, you have to be a lifelong learner, which is what Al is really saying because these technologies evolve. And if you really want to be taken seriously by people, you have to be able to speak tech language, you also have to be able to understand the law and the business purpose, because a lot of these laws are around, you know how to navigate a business purpose, but also comply with the law. So to me when I listened to our, to me, it’s another great example of you have to be dedicated to being a lifelong learner, because the space is evolving.

 

Jodi Daniels  6:05  

That is true. Now, ZoomInfo is a love/hate relationship with almost all of my clients, especially if obviously, there’s in the b2b space, because marketers and sales teams love buying third-party data to use and grow their companies. And privacy teams worry about the viability to use that data under a variety of different privacy laws. How can privacy teams be comfortable and make their marketing people happy?

 

Al Raymond  6:36  

It is definitely a delicate balance. There’s definitely a dance involved. But the experience I’ve had so far at ZoomInfo is that when we’re meeting with the privacy teams, privacy counsel, compliance folks at an existing or potential client, they really want to be on side with the laws in the jurisdiction. And so they’re effectively saying, we know the salespeople love the tool. We know the marketing people love the tool, it really gives them a leg up to be able to sell our products. But we of course have to be on side to the regulations. So ZoomInfo, can you help us do so. So we’re quite often the salespeople bring us to the table. And we talk to the compliance people, we talk to the chief privacy officer, you’ve talked to the privacy legal, privacy counsel, to make sure that they’re comfortable with what the services were offering in that way. It just greases the skids for the salespeople to do their discussion. So a lot of the things we talk about is, you know, there’s sometimes there’s, there’s co-controller relationships, sometimes there were joint controllers, depending on the relationship. And we make sure we confer to them that they have obligations in addition to us. And when they acquire data, they have certain obligations, in addition to what we’re doing behind the scenes as well. So we talk about providing privacy, their own privacy notices to the people whose data they acquire, let them know where they got the data. And if they want to be taken out of their database, fine. And they can pass that opt out on to us, we’ll take them out of our database as well. Right. So it’s full transparency, on where the data is, who owns it, and what the purpose of the collection was. The other thing we want to make sure that people are aware of is make sure you got your proper Article Six legal basis. It’s not just consent, like everyone thinks just consent is the only thing that you need to be able to market to people to email people to sell to people. But there’s six different consent the legal basis under Article Six, make sure you’re picking the right one. So again, transparency, how are you using the data, put it in your privacy policy, offer an easy way to opt out, don’t make it a dark pattern to try to figure out how to get out of the database, if you don’t want to be marketed to someone tells you to take me off the list, take them off the list. It just not worth the aggravation of them complaining to her to regulator or DPA, and then having to deal with the downstream. So transparency is the word of the day.

 

Jodi Daniels  9:08  

Al you mentioned in some situations, you could be a co-controller.can you share potentially any scenarios where that might exist?

 

Al Raymond  9:18  

If we’re both using the data and making independent determinations of how the data is being used, it’s more rare than it is just being an independent controller of the data. Sometimes we’ll use the same data for our purposes to market to similar or same clients that our clients are marked, and customers that our clients are marketing to, but for the most part, usually independent controller relationships or sometimes we’re processor as well. If Red Clover is using ZoomInfo to target clients or to look for talent, we would be a processor in that scenario.

 

Jodi Daniels  9:52  

Right? Okay. Thank you. I appreciate you expanding on that and really highlighting also the Article Six piece so for us Anyone who is not remembering Article Six ties you to GDPR obligations and you need a legal basis, there’s six to pick from. And you do have to go through the right analysis to be able to identify which one applies to you so that everyone: privacy, marketing, sales legal can all be happy and grow your company all at the same time.

 

Justin Daniels  10:27  

I want to kind of segue, I find, as I increasingly work on deals that involve artificial intelligence, which for those deals to work, they really want access to lots and lots of data. And so I’m just curious, when we talk about b2b privacy programs, because when I work on AI deals, it comes up all the time in terms of what you’re allowed to use the client data you’re collecting for in terms of AI. Talk to us a little bit about underlying that. What are the big challenges in building and maintaining a B2B privacy program?

 

Al Raymond  11:03  

I think the biggest misconception is that it’s easier than b2c And so I spent the last 20 years in the b2c world mostly in financial services so I’m knee deep neck deep in gramm leach Bliley, you know, sensitive SPI all individual customer information coming to ZoomInfo. It’s business to business data. And we make a pretty strong argument that we are using data that is business to business and only what’s on your business card, what’s on your LinkedIn profile, nowhere near as sensitive as your bank account information, your passport, your genetics into those sensitive, SPI categories. But it is not as easy as you think it is. It’s not just we’re b2b, we have no rules to follow. Just in the US alone, you still have TCPA, you still have can spam to follow you still, we still have a regulator. We’ve not we don’t we weren’t as heavily regulated as we were in the financial services world. We still have a regulator, the FTC is particularly active, as I’m sure you guys both know, in this space. So they’re still regulated to be to be aware of the other challenge is educating employees on the nuances between the two and educating employees in general, you know, on privacy and security, compliance is always challenging, but educating them on the nuances between the beetus B and b2c, and making sure they’re able to convey that to people that they speak to the differences. The other thing that we do quite often is we we socialize the laws, the actual laws are the names of laws with the with employees and what they mean. So we’re not trying to make people privacy experts, we wouldn’t be so cruel to try to do that. But we do want to make sure that when they’re having conversations, whether it’s a salesperson or marketer, or somebody in talent, that they’re somewhat conversant with laws like GDPR CCPA. So they can tell prospective clients? Yes, we have. We have designed programs that are in compliance with these laws and rules and regs. We’re happy to bring in experts to be able to work out the nuances. But we don’t want them to be ignorant of the obligations that we had even in a b2b-b2b space. And so the probably the hardest thing, the last thing I’d say is biggest challenge is keeping it b2b Only. Right? There’s always a scope creep. Why should we collect more for this? Can we expand our product line there? What if we inadvertently collect social security numbers or other kind of inferences that we make, then you start getting into other roles, regs and laws that you have to be compliant with, and the administrative burden and overhead becomes, you know, exponentially greater? So keeping it b2b, if you’re a b2b company, that way you stay in your lane, and you stay focused on b2b Only, it makes it a lot easier for everyone.

 

Jodi Daniels  14:01  

Al, you mentioned that there are differences between b2b and b2c? Can you share maybe two of those big differences that you share with your employees internally?

 

Al Raymond  14:12  

So we talk about the kind of data that we collect, like we’re very, very exacting on. This is business data for business people to be able to sell market to other business people. We don’t need to know your social security numbers. We don’t need to collect it. We don’t need to know what your reading preferences are. We don’t need to know what kind of religious denomination you are. Remember, we don’t need to know your passport number, your blood type or your medical conditions. We want to know what’s on your business card. We want to know what’s on your LinkedIn profile. That’s the big emphasis there. And we want to make sure that we don’t again, don’t scope creep into that area. And we also want to make sure the employees are again educated on the nuances of those two, to keep the conversation to b2b. Other jurisdictions outside the US you The email address the business, even in business email is still considered to be PII personally identifiable information. There’s no way around it, right? So we have to have we do fall into some kind of PII type obligations there, versus the US, but we’re still trying to keep the big focus. The big thing is b2b business to business where sign and business people for business reasons, were, the reason why zoom into I think is so successful is because you remember, you know, back in the day, 2025 years ago, if you were a copy salesman, and you wanted to sell copiers to a big company, you had to pick up the phone, you call the 800 number, and 25 Cook people later, you found the person who is in charge of buying copiers. So you annoy 24 People in the way to get to that person because you had no other choice, like there was nothing else to get you there. Now we have the right number, the right name, the person who’s expecting calls from people, yes, I’m in the I’m in the market for copiers in the market for security software, I’m an American for privacy consulting services, you know who that person is, you’re targeting them with the right call, hopefully at the right time.

 

Jodi Daniels  16:06  

I appreciate you expanding a lot of large organizations, some of the challenges in building a privacy program, you’re going to have a policy, you’re going to have a procedure, you’re going to say here’s how we’re going to do it. And then you kind of have to hope that it’s actually going to be done. Al, what do you find to be successful to address this, you know, challenge of building those policies and procedures and not always knowing if they’re actually working.

 

Al Raymond  16:36  

It is definitely challenging, especially if you’re a large company, the last company I was at had turned 65,000 employees, right across your 20-25 countries. As a small company, obviously, the easier it is, but still, at the end of the day, I think you still have the same challenges. I like to call my technique, the charm offensive. So letting everyone know who you are, who your team is, and that they exist. Which is, which is a pretty big challenge at some places, because you’d be surprised how many times I’ve had a company and they’re like, I didn’t even know we had privacy officer. I don’t even know we had a compliance team. And that is on us right for not being able to communicate that effectively and as as, as broadly as we should have. But we have to know, we have to make sure that people know that we exist, and then how we can help facilitate business and not impede it. Right? Because as you probably both are aware, a lot of what we get tagged with unfairly is the Department of now, the VP of now. And I know if I’m going to come and ask for this, the answer is going to be Justin is going to say no, we can’t do it. Because technology be the rule the rag. And so like you don’t want to have that reputation. Because if you do, ultimately what will happen is people go around you. And they ultimately make the company more insecure at the end of the day, right? So you have to get the reputation of a reasonable person and you’re helping facilitate business and you’re not impeding it. The other thing I think that I always try to do is put a name to a privacy face. And I don’t care if people come to me with the wrong question all I just care if they say I had a privacy question. And I thought of you the word privacy, compliance, and then me these people put those two things together that I’m successful. If I don’t know the answer, I’m the wrong person. I’ll triage it to the right person. But at least people are saying we have a person or I got a guy. I’m going to ask him this question. I think he’s the right person. He may not be but at least he’s a good place to start. And if it’s a legal question, obviously, my friends and they will get it. If it’s a compliance, we can update up the compliance. If it’s privacy question, great, I’ll be able to handle it. The other thing that works well, Jodi is that we’ve created talk tracks we call them. And these are just talk tracks for common questions, typical questions that we get from privacy, people, compliance people, security people, legal people outside, they ask generally the same questions over and over again to the organization. How do you ensure compliance? How do you collect data? Do you get consent? Do you need consent? Can you do business in New York is classic kind of questions. So we have these talk tracks that we’ve created for the non compliance and on privacy that non legal people. If a client says to them, I’m interested in your product, love the service, but I have a question about this compliance issue of privacy issue. We’ve got talk tracks, it’s a simple three lines, three, three sentences, that generally say this is how we do it. This is how we’re compliant. We’ve taken Article Six one F as legitimate interest as our legal basis under GDPR. You know, those kinds of things. And we socialize that with the with the sales folks with the marketing people to get them somewhat conversant in the process so that we’re all in invested in the same messaging throughout the organization. And then finally, my team is the is the assurance team. We do privacy compliance we do also the enterprise risk management. So we have a motto is It’s evidence, overconfidence is our motto. It’s like the kind of trust but verify thing that, you know, Ronald Reagan used to say a lot. And the kind of confidence that we get is we do assurance reviews, just like as a second line organization compliance, their job is to make sure the business is doing what they say they’re doing. So we do assurance reviews throughout the organization to make sure that that thing is happening. So to your original question is, it’s an assurance is somewhat confidence, it’s we can’t do that we can’t boil the ocean, but we do targeted risk-based approach is to the reviews. And that’s how we are confident that the machine is working properly. And people are doing what they say they’re doing, at least at some scale.

 

Justin Daniels  21:01  

You know, I’m thinking we could have a 21st century update to trust but verify, you could put a sign up that says, Let’s not have truthiness, which means something that feels true, but isn’t supported by the facts.

 

Al Raymond  21:16  

Right. That’s good. That’s good.

 

Jodi Daniels  21:19  

And I was thinking you always want your T-shirt with no your data, I think I should create privacy bells. Al, when you are explaining that you’re so excited when someone comes to you with any privacy related question. Even if you’re not the right person, they’ve associated privacy with Al or privacy with fill in the blank person. I completely agree and used to have the same belief when I was building a privacy program. And I always had an imaginary cheer and flag anytime someone came, and I would count how many times and actually from a measurement perspective, all those questions are valuable. That means that you’re educating people about privacy. And when I’m doing a training, I always say you just want people to come to you just know you equal privacy, and I’m going to create privacy bells. I want I want that’s my next thing.

 

Al Raymond  22:08  

I’ve seen it yeah says your messaging is working. It’s it’s getting into the bloodstream of the organization number one, and two, it’s making you indispensable to the organization because everyone thinks if I have a privacy question, I have one person I know I’m going to and that’s that person there. She knows privacy. She’s my privacy contact makes you indispensable to the organization.

 

Jodi Daniels  22:29  

And people have the same for other areas. If you have an HR question, you you go to the HR person, if you have finance and legal and all these things, you know who to go to privacy is newer. And we’re getting there.

 

Justin Daniels  22:41  

You have to build a program to create awareness with multiple touchpoints it Cybersecurity Awareness Month. So at my firm, we’re getting multiple communications about cybersecurity, because again, that’s not building awareness until of course, they get hacked or whatnot, then the whole company.

 

Jodi Daniels  22:58  

I’m bringing us back, b2b privacy today, you can add your Cybersecurity Awareness month another day. In fact, there’s 31 days to happen. No, not really. It’s about slip. That’s all my fault. You’ve had 24 of them already. We’re about to b2b programs. Your turn.

 

Justin Daniels  23:13  

I’m allowed to speak now? I was told don’t bring up the word cybersecurity again? We’ll have to roll the tape. So, Al, many b2b companies act and a variety of different roles could be service provider, processor, vendor, you can pick your favorite description from various different privacy laws. And they also want to use the data to help their own customers. So how should companies deal with those business requests and in light of the different hats that they wear.

 

Al Raymond  23:48  

Like a lot of it comes down to the contract, the black and white that says how you can or cannot use the data that we either purchase from you, or that we share with you. And that generally sets the stage and it also determines we’re going to be a processor here are going to be a controller there is going to be joint ownership, where we join controllers, independent controllers, can also dictate the terms of how you can use this, this data that we’re sharing or buying from you, we are allowing any secondary use of the data. Can you use it for your own purposes that we share with you as a vendor or service provider? Again, it comes back to the T word transparency between the two parties. And this way you can always if need be with other clients as to how and who do you share data with the medications you have to provide that information. So you need that transparency to be able to say we provide with the to these parties for these purposes. And then at the end of the day, in my opinion, it comes down to one of my favorite topics vendor management 101 You got to know what your vendors are doing. You’ve got To review your vendors, you got to test your vendors, you have to oversee your vendors, because their risk is your risk. And you cannot outsource accountability.

 

Justin Daniels  25:12  

Well, I wanted to ask a follow up question actually, for you and Jodi. So just for the benefit of our audience, obviously, there’s a privacy policy that’s outward facing, you know, how data might be collected on a website. But really, what we’re talking about here, when we talk about the contract is, if I have a contract with ZoomInfo to share data, or whatnot, it’s really the contract that determines what you’re going to do with the data, how you’re going to share it. And so people need to understand the distinction of having a good privacy program isn’t just the privacy policy on your website, but it’s having privacy involved when you negotiate and consummate contracts, because as you said, that contract will define the relationship to that data and how it’s going to be used. Could you maybe elaborate on that for the benefit of our audience.

 

Al Raymond  25:55  

So we’d also not only, you know, adhere to whatever the contract says, and how we can or cannot use or how they can or cannot use data, we would probably also weave into our outward facing privacy policy, generally how we use data. And most companies have pretty extensive publicly facing privacy policies, there’s sections in there, if we use third parties, how and how we use data, how we use your data, we tend to share it with vendors, we tend to share with partners, we tend to use these aspects of it. So again, you’re just really extending some terms of the contract in the data usage aspect of it to the outward-facing for the average person who calls upon your website, they have a sense of, are they sharing my data? Are they selling my data or not, and with whom, generally speaking, because you’re going to have to disclose it, in many cases, if you get a data subject access request. So the transparency should be there upfront, because if it’s not there, someone will find it out, and then you’re going to pay the price for it. So again, transparency.

 

Jodi Daniels  27:01  

So, to echo what you were just saying, I’ll what I see Justin is, and when we are writing privacy notices, it kind of depends on the kind of b2b vendor. So for some of them, it might be the outside privacy notice is all about what’s happening on the actual website, the marketing that that company is doing to identify future b2b customers. But if they are processing data, significantly, like they’re an email service provider, there’s ZoomInfo that has a lot of data, then there tends to be either a significant section, as I’ll just said, or a completely separate policy that says, here’s how our application is using the data, here’s how us as a company is using the data to be able to clearly explain to someone, here’s the data we collect, basically, as a business or a controller. And then here’s the kind of data and how we’re processing it when we were our processor service, that provider vendor kind of hat. So there are some companies, you don’t need a big section, because there might not be a whole lot for some companies, there’s a lot and then there’s a bigger section or a separate policy. I will I will also want to emphasize what you had shared in terms of vendor management, because for me, this is why I actually love working with b2b companies and an area that I think b2b companies miss, which is when you’re the customer, I’m sorry, when you’re that processor, or service provider, your customers are likely listening to podcasts like this, and are employing strong vendor management programs, which means they come knocking to you and say, Hi, here’s this great contract that someone like Justin just wrote. And here’s my assessment that my privacy and security teams have said, I have to ask you, and then that team is not prepared, loses sales. And I see it all the time. And this is why, in addition to obviously regulators complying with privacy laws, but building a really strong b2b privacy program is helpful to the business because that helps you actually sell more quickly, when you’re able to answer through all those questions that they have. You can close the sale more quickly move along, and everyone is happy.

 

Al Raymond  29:07  

Right? Right. And when we’re sitting in front of a prospective client, or existing client, we’re effectively in a minute and vendor management scenario, right? They’re asking us, how are we going to get comfortable using you because your risk is going to be our risk? And we’re not and the chief privacy officer is not going to sign off on a risky client because she or he may be held personally liable, depending on the jurisdiction. So we’ve got to be able to be as transparent as possible. We got to have all of our eyes dotted T’s crossed and be able to answer with confidence that we’ve got this covered. We will give you confidence that you’re not going to have a problem with us as a vendor because we know what the rules are. We know what the laws are in that jurisdiction. And we’ve got a vendor man internal vendor management program may be able to make sure that we are doing what we say to you that we are doing.

 

Jodi Daniels  29:54  

Make sense

 

Justin Daniels  30:00  

So, how, when you are out and about hanging out at a cocktail party, do you have a best personal privacy tip you’d like to share when you’re at the cocktail party with folks?

 

Al Raymond  30:15  

So, again, Justin, I think you’ll appreciate this that I think it’s not just one tip. It’s a layered security approach to privacy because I don’t think there’s one thing that’s a silver bullet for privacy because there’s just so many aspects of privacy that people deal with day in and day out technologies, etc.

 

Justin Daniels  30:35  

Hold on, Jodi, are we allowed to use talking about security? Now you said to be proud? Are we allowed to deviate?

 

Jodi Daniels  30:40  

Yes, we are.

 

Justin Daniels  30:41  

Okay, Al, please continue.

 

Al Raymond  30:44  

And so it’s kind of like some old school some new school like the my favorite old school. One is, I tell people never put the flag up on your mailbox, when you put mail in there for the postman to come pick up your your mail. Because it’s a literally and figuratively red flag that tells people, there’s mail in his mailbox, quite likely, it’s a check in somewhere. So now you’ve got to check, you’ve got the account number, you got the routing number, and you’ve got their signature. And maybe because I was in banking for so long that I always always knew what you could do with that kind of information. So never do that. The mailman is gonna get it anyway. You don’t have to tell them, but they’re gonna open the thing to put your mail in anyway, so you never need to put the flag up. The more practical thing though, is one of the things is freeze all your credit lines, your TransUnion and Equifax. TransUnion, Equifax, Experian, freeze them. It prevents people from opening credit in your name, it’s probably one of the biggest things you can do most effective things you can do in an easy stroke, it’s free, there’s no cost. There’s some inconvenience, if you’re trying to get a loan or try to buy a car, you have to unfreeze it and freeze it back. But for the most part, it’s one of the biggest bang for your bang for your buck to protect your identity as well. Because people can open up credit in your name, they can open spend money in your name, it’s a big, it’s a big win. And then finally, Justin, this is refer back to something you talked about very early about the SIM swap, put a pin on your SIM card, I was a victim of a SIM swap fraud, somebody’s got my, my cat, my my carrier account. And they were able to get to other accounts, because they were just all connected. So I looked into my carrier and my phone and I could put a pin on the SIM. So the SIM won’t work. You can’t swap it. Unless you know the pin on the code easy to do. It’s free. Takes a little little bit of involvement when you reboot your phone. Because now if you put a code in and the SIM, they have to remember what the SIM is, if that’s like your ATM, you know, same number. But it prevents the SIM swap which can do a lot of damage. People don’t realize it because it’s a fairly, I guess, unknown hacker threat. But when it hits you, it’s pretty expansive.

 

Jodi Daniels  33:07  

That’s a good one. We also had kind of similar in the phone arena, we had a friend share, you can freeze porting of your number, so not quite the same as SIM but you know, if they were going to try and move carriers, we can we freeze them.

 

Justin Daniels  33:21  

So that’s essentially, what SIM swap is yeah, they tried to take your phone and port it to another carrier or put it somewhere else.

 

Jodi Daniels  33:28  

You don’t always have to port. I mean, you could just keep it on the same carrier, but it’s possible. I’m just saying you wouldn’t. You can have both scenarios. Okay, that’s all Alright, when you’re not managing privacy and risk, what do you like to do for fun?

 

Al Raymond  33:45  

So you can see, you see, my, my not a prop here is a guitar. I’ve been playing now on I don’t know, 40 years, 45 years or so. And it’s, it’s the cheapest psychiatrist I’ve ever had. And I’m in a band. I’m in a working band. So once or twice a month, every month, we have live gigs. So it’s, it’s quite rewarding to be able to keep doing it and be doing something that I dreamed about being a rock star when I was a 15 year old, with long flowing hair like God has now but those days are over, but I can still play and entertain people and it’s it’s very rewarding. It’s probably the one thing the one, the longest thing has given me the most satisfaction be able to play the guitar. And now I can almost play anything that I hear because I’ve been doing it for so long. I recognize the patterns and the keys and whatnot. So that’s my favorite thing to do.

 

Justin Daniels  34:49  

Well, Al, maybe you and God could put together you could be on guitar and God could do vocals and you can call your little band Article Six.

 

Jodi Daniels  35:00  

Next IPP conference.

 

Justin Daniels  35:02  

The two of you should show up and have a little song for privacy that you do and your band is called Article Six.

 

Al Raymond  35:08  

I think the IPP would actually like that.

 

Jodi Daniels  35:11  

Oh my goodness. They wouldn’t love that.

 

Al Raymond  35:15  

And you know what that means, Jodi? Free admission to the conference.

 

Justin Daniels  35:20  

All you know what, I’ll take my marketing fee, but honestly, I really think if you went to them with a little marketing diddy from the band Article Six, I bet you they’d think, Oh, that’s pretty cool.

 

Al Raymond  35:31  

I like it.

 

Justin Daniels  35:32  

Because Jodi can sing.

 

Jodi Daniels  35:33  

That’s funny.

 

Al Raymond  35:34  

Beautiful.

 

Jodi Daniels  35:35  

Well out. Thank you so much for sharing all about b2b privacy programs today, if people would like to connect or learn more, where should they go?

 

Al Raymond  35:46  

The easiest thing is just to look me up on LinkedIn. Happy to connect with people like-minded people want to learn more about privacy, when to share things. Always happy to connect with folks.

 

Jodi Daniels  35:59  

Well, wonderful. We will put that in the show notes as well. We’re so glad that you joined us today. And for those who can hear potentially, our dog in the background is also really excited that you joined us today.

 

Al Raymond  36:08  

Thank you. My pleasure. I really appreciate you guys having me as your fun conversation and best of luck to you. And congratulations on the one year anniversary of your book

 

Jodi Daniels  36:18  

Thank you.

 

Outro  36:23  

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click subscribe to get future episodes and check us out on LinkedIn. See you next time.