Privacy Please

Send us a textDiscover how these cyber criminals impersonate bosses and coworkers, manipulating emotions to trick victims into transferring money or revealing sensitive information. Learn how to spot the red flags: from urgent requests that cloud judgment, to lookalike email domains designed to deceive. We'll guide you through practical steps to safeguard your organization, emphasizing the importance of communication and verifying requests through trusted channels.Join me, Cameron Ivey, as I break down these sophisticated scams and explore why adherence to company protocols is crucial in defending against them. Support the show

Send us a textIn this episode of Privacy Please, uncover how cutting-edge technologies are transforming voting, and enhancing privacy and integrity in the digital age. Explore decentralized platforms like Mastodon for greater user control and transparency, and see how Bitcoin is shifting power away from traditional authorities. Dive into the potential of cryptographic tools and blockchain to authenticate media and voting information, reducing misinformation and boosting election transparency. Tune in to discover how these innovations promise a bright future for trust in technology.Support the show

Send us a textWhat if a simple app failure could trigger chaos across the financial world? Explore the vital safeguards of Europe's Digital Operational Resilience Act (DORA) with host Gabe Gumbs on Privacy Please. This episode goes into how DORA is transforming digital infrastructure to withstand the onslaught of cyber threats like ransomware, ensuring that your access to financial services remains seamless and uninterrupted. From banks to tech providers, discover the global ripple effects of this European regulation that extends its reach to American firms intertwined with the EU financial sector.Support the show

Send us a textImagine having just one key for every lock in your house—sounds handy, right? But when it comes to your online security, this convenience could lead to disaster. Join me, Cameron Ivey, as we navigate the treacherous waters of online safety during Cybersecurity Awareness Month, with a special spotlight on the simple yet powerful habit of password management. Fresh from my whirlwind travels to PSR in Los Angeles and a corporate retreat in Santa Rosa, I’m back, a little under the weather but eager to share insights that could safeguard your digital life. This episode of Privacy, Please is your ticket to understanding the common mistakes we all make, like reusing passwords—and how to avoid falling into these traps. I’ll introduce you to the world of password managers, which can transform the way you protect your online accounts without causing a headache. Expect a light-hearted yet informative discussion packed with practical advice to boost your digital security. Whether you’re a seasoned listener or new to the show, there’s something here for everyone to learn about keeping their online presence secure.Support the show

Send us a textUnlock the secrets of privacy innovation and assurance with our enlightening conversation featuring Aaron Weller from HP. Aaron walks us through his fascinating journey of establishing a new privacy engineering function at HP and expanding into privacy assurance. You'll discover how his team is tackling significant challenges, such as developing standards for data aggregation and preventing re-identification attacks, with practical examples like employee surveys and website performance metrics.What happens when the need for privacy intersects with the rapid advancements in AI? We delve into this critical topic by examining the dual threats of data re-identification and evolving AI legislation. Aaron provides invaluable insights into the ethical principles and security measures necessary to navigate this complex landscape. Additionally, we give you a sneak peek into an intriguing upcoming panel on AI governance featuring a humanoid AI, highlighting the unpredictable and exciting future potential of this groundbreaking technology.Looking to the horizon, we explore the future predictions in data governance and the revolutionary impact of quantum computing on cryptography. Aaron discusses the strategic rethinking required as AI and technology advance, emphasizing the importance of integrating privacy measures directly into the code. Join us as we reimagine our relationship with data, ponder the necessity for solid foundational frameworks, and highlight the critical role of early detection in privacy issues. This episode is a must-listen for anyone invested in the future of data management and privacy.Support the show

Send us a textCalifornia's Senate Bill 1047 is on the brink of becoming a law, and we're here to break down what that means for the tech industry and society at large. Tune in as I dissect how this controversial bill mandates rigorous testing of AI systems to identify potential harms such as cybersecurity risks and threats to critical infrastructure. I've got insights from policymakers, including Senator Scott Weiner, who argues that the bill formalizes safety measures already accepted by top AI firms. Amidst passionate debates, hear how tech giants like Google and Meta push back against the regulations, fearing they could cripple innovation, especially for startups. Meanwhile, proponents, including whistleblowers from OpenAI and notable figures like Elon Musk and Yoshua Bengio, champion the necessity of such rules to mitigate substantial AI risks. We’ll also explore the broader legislative landscape that aims to combat deep fakes, and automated discrimination, and safeguard the likeness of deceased individuals in AI-generated content.Support the show

Send us a textCurious about the latest buzz from DEFCON and Black Hat? We promise you'll gain fresh insights into the world of cybersecurity, including a behind-the-scenes look at Palo Alto's marketing mishap that set the industry ablaze. Join Cameron Ivey and Gabe Gumbs as they shed light on the evolving landscape of cybersecurity, celebrating the growing contributions of diversity while acknowledging the industry's ongoing challenges.But that's not all—we dive into the nitty-gritty of AWS account takeovers, uncovering the risks and misconceptions that many IT professionals face. From shadow accounts to AWS's dominance over Google Cloud and Microsoft Azure, we've covered you with the latest research and conference highlights. Plus, we share some fun moments and upcoming events like PSR and IAPP in LA, sprinkled with a bit of autograph signing and fan interactions. Tune in for an engaging episode that combines technical deep dives with thoughtful industry reflections and a touch of humor!Support the show

Send us a textEver wondered how evolving privacy laws impact your company’s risk profile and compliance strategies? Join us for a captivating discussion with Ray, the Chief Compliance and Data Privacy Officer at TopCon Healthcare, and K, a seasoned privacy attorney with a unique nursing background. Ray shares his journey from the early days of HIPAA to his current challenges at TopCon, while K offers insights on transitioning seamlessly between legal and non-legal roles. Together, they unravel the complex interplay between legal and consulting roles in data protection, offering valuable insights for anyone navigating the privacy landscape.From the merits of hiring consultants versus law firms to manage privacy programs to the intricacies of data inventories and impact assessments, this episode tackles the pressing issues companies face today. We explore real-world scenarios, like the innovative Harmony platform at TopCon Healthcare, demonstrating how new business activities can shift a company’s risk profile. Ray and Kay provide a balanced perspective on when to engage consultants for their hands-on expertise and when to turn to law firms for their regulatory acumen.But it’s not all serious business—Ray shares a hilarious anecdote about the precise positioning of toilet paper, adding a touch of humor to our deep dive into privacy tech evolution and the essential collaboration between privacy and security officers. Whether you’re a privacy professional or someone interested in the dynamic between legal and consulting roles, this episode is packed with insights, practical advice, and a few laughs. Tune in and gain a fresh perspective on the ever-changing world of privacy compliance and consultancy.Support the show

Send us a textWhat if a single cybersecurity incident could cost your company billions? On this episode of Privacy Please, Cameron Ivey and Gabriel Gumbs dissect the monumental CrowdStrike incident that left 8.5 million Windows machines vulnerable and sent shockwaves through the IT community. As a dedicated Linux user, Gabriel lends his unique perspective, backing CrowdStrike amidst the backlash and exploring why public overreactions might be misplaced. We dig into the staggering five billion dollar financial toll and stress the importance of recognizing technology's imperfections. Our hosts also revisit cybersecurity fundamentals—confidentiality, integrity, and availability—emphasizing the crucial role of backup and recovery in maintaining these principles.But it’s not just about understanding what went wrong; preparation is key. Using the CrowdStrike incident as a pivotal case study, Cameron and Gabriel offer actionable advice on disaster recovery strategies crucial for any business. They break down the shared responsibility model in the cloud, highlighting how data and identity still lie in the hands of the customer. From adhering to the 3-2-1 rule of data protection to automating recovery processes and keeping offline guides, they cover practical steps to bolster your recovery plans. With industry-specific insights and tips tailored to sectors like healthcare and aviation, this episode provides essential guidance for any organization looking to proactively navigate IT disasters.Support the show

Send us a textAn exclusive livestream episode presented by Transcend and Privacy Please. Join Cam and Gabe as they chat with industry leader Amit Danenberg, who has a proven track record of spearheading security & privacy operations at top organizations like Cisco, Sonos, and Willow Innovations.We dig into some crucial topics, including:✅ Uncovering the advantages of prioritizing security & privacy in both operational and cultural aspects✅ Learning effective ways to manage privacy programs and choosing the right technology partners who share the same vision.✅ Understanding essential steps to prepare your enterprise for AI while ensuring data privacy & security.Support the show

Send us a textAs we reach the middle of the year, the focus is on responsible AI usage and the advancement of privacy measures, emphasizing their significance in both personal and business settings.Our discussion then turns to a more serious topic: the alarming increase in ransomware attacks. Occurring approximately every 17 seconds and leading to the compromise of billions of records, there's a clear need for strong data protection and recovery strategies. We delve into the evolving nature of these cyber threats and explore what businesses can do to protect their operations.Additionally, mark your calendars for our live show on July 16th featuring special guest Amit Danneberg, who will share insights on integrating privacy and security into business practices. Source - https://www.itgovernanceusa.com/blog/data-breaches-and-cyber-attacks-in-2024-in-the-usa#april-2024Support the show

Send us a textHistory of location sharing, it certainly didn't start yesterday folks...😉 Younger internet users seem to be okay with sharing their location data and the convenience it offers however, what about the potential risks of being constantly tracked? Do you know how much of your life is up for grabs in the digital world? In this electrifying episode of "Privacy Please," I, your host Cameron Ivey, morph into Ace Ventura, Privacy Detective, to lead you through the chaotic jungle of digital surveillance. From the massive amounts of location data in your smartphone to the generational divide over tracking, we tackle the intricate dance between convenience and privacy. Whether you're a privacy vet or someone who shrugs off the idea of sharing your whereabouts with friends, this episode is a rollercoaster ride of insights and surprises.-Source credit to Elaine Moore for the original articleSupport the show

Send us a textWhat if managing your company's digital secrets could be as seamless as sending a Slack message? Join us as we converse with Brian Vallelunga, the innovative CEO and founder of Doppler, who reveals his journey from Uber to spearheading a game-changing solution for developers. We cover Brian’s intriguing path, including a rocky venture into the world of crypto machine learning, and a transformative moment in Mexico that highlighted the pressing need for efficient secrets management. Learn how a pivotal dinner conversation and inspiration from Slack's Stuart Butterfield catalyzed the creation of Doppler, making it an indispensable tool for developers around the globe.Why do so many companies fail to protect their most sensitive data? Brian and our hosts break down the alarming oversight of "secrets" like API keys and database URLs in data security. Hear a harrowing personal story of a scam that exploited breached data, gather practical tips on safeguarding your information and much more!Support the show

Send us a textEver wondered about the hidden privacy risks lurking in your everyday Wi-Fi connections? In this episode, Cameron and Gabe discuss the hidden risks of Wi-Fi based positioning systems. They highlight a paper by Eric Rye and David Levine that explores the privacy risks associated with these systems. The paper discusses case studies where sensitive information about troop movements and refugee migrations was revealed through these systems. The conversation emphasizes the need for a larger conversation about the widespread use of these systems and the potential privacy implications.Source: https://arxiv.org/abs/2405.14975Credit: https://www.linkedin.com/in/erik-rye/ & https://www.linkedin.com/in/dave-levin-658b2564/Support the show

Send us a textShould AI have a role in the legislative chamber? Arizona State Representative Alexander Kolodin says "yes," leading to a groundbreaking law crafted by ChatGPT. I'm Cameron Ivey, and I’ll dissect the story behind this innovative bill addressing deepfakes in elections, made with AI assistance and causing ripples in the privacy community.This isn't just another political maneuver; it's a bold step toward a future where AI and lawmakers collaborate to shape regulations. Join me as we delve into the delicate balance of protecting free speech while curbing AI-generated misinformation. We'll explore Kolodin's approach, which includes measures for authenticating deepfakes through judicial channels, while also preserving the realms of comedy and satire.This legislation aims to control narratives and enhance the efficiency and effectiveness of AI-assisted lawmaking. Our discussion will transcend privacy, touching on the essence of truth in the digital age. Tune in, share your thoughts, and let's unpack this futuristic topic together. Love and privacy to all—Cameron Ivey Support the show

Send us a textExplore the dark side of cyber threats as we unveil the terrifying impact of ransomware attacks on the healthcare sector. In a gripping discussion with Cameron Ivey and Gabe Gumbs, we uncover how healthcare institutions are targeted for their sensitive data, risking patient privacy and trust. Through real-life stories of ransom payments gone wrong and the looming threat of repeated attacks, we reveal the harsh reality: paying ransom is just the beginning of the nightmare.Drawing insights from the 2023 Verizon Data Breach Investigation Report, we highlight a disturbing trend where ransomware aims not just to steal data, but to cripple operations, leaving vital medical equipment useless and multiplying the risk of human error. We delve into the shortcomings of data backup strategies and debunk myths surrounding the security of SaaS platforms. Join us for this conversation to empower yourself with more insights to safeguard your organization's data and people against cyber threats.Support the show

Send us a textDiscover the intricate dance between technology and ethics as Jake Ottenwaelder, principal privacy engineer at Integrated Privacy LLC, takes us into the heart of fractional privacy engineering. Join us for a captivating journey where Jake, pivoting from cybersecurity to privacy engineering, decodes the complexities of modern data protection laws. He artfully bridges the gap between legal mandates and technical implementation, providing a lifeline to organizations navigating the treacherous waters of GDPR compliance and beyond. This episode is a beacon for anyone seeking clarity on the interplay between privacy, technology, and legal frameworks.As we navigate the subtle distinctions between security and privacy engineering, Jake imparts wisdom on the essence of an engineering mindset in privacy practices. He dissects the rich tapestry of privacy engineering, painting a landscape where ethical data stewardship takes center stage, and integrative privacy solutions redefine how companies interact with consumer data. For those in the security sector eyeing a shift to privacy, Jake offers a roadmap, underscoring process improvement and the potential of privacy automation to transform the industry landscape.We wrap up with a profound discussion on the broader implications of privacy engineering — from the ethical quandaries in AI to the pivotal role data privacy plays in national security. Jake sheds light on the convoluted challenges faced by organizations, such as data deletion and retention, and advocates for equitable privacy that transcends user sophistication. The episode concludes with a reflection on the future of data economy ownership amidst geopolitical shifts, a conversation that will resonate with anyone invested in the intersection of technology, privacy, and global affairs.Support the show

Send us a textRumor Has It, in Privacy...Banning TikTok won't solve social media's issues with foreign influence, teen harm, and data privacy. Despite the proposed ban, the underlying problems remain unaddressed. We need comprehensive solutions to tackle these challenges head-on. Support the show

Send us a textRumor has it, in privacy, we discover how a damning federal report has exposed serious lapses in the tech titan's security armor, leaving businesses and individuals to question their trust in the cloud. As Microsoft faces a breach with Chinese fingerprints and a culture of shrugged shoulders towards security investments, we're unpacking what it all means for the future of enterprise safety. Buckle up as we explore the ramifications for Amazon Web Services and Google Cloud, who might just dance in the rain of Microsoft's storm.Listen in as we highlight the Cybersecurity Review Board's urgent call for action and how CEO Nadella is positioned to lead a revolution in Microsoft's approach to cybersecurity. Support the show

Send us a textHold onto your hats because we're cracking open the American Privacy Rights Act – a piece of legislation that's causing quite the stir. Will it be the superhero the privacy community has been waiting for, or is it a wolf in sheep's clothing? We dissect the nitty-gritty from data minimization to opt-out rights and ponder the act's potential global ripple effects on data protection. Support the show

Send us a textJoin us for a our new short Rumor Has It in Privacy.  As I walk you through the labyrinth of class action settlements that could put money back in your pocket. This episode is a treasure map, leading you to the X that marks the spot on significant payouts from big-name companies that might owe you more than just an apology. From Verizon's sneaky fees to Subaru's gear-grinding mishaps and the fiery engines of Kia and Hyundai, I'll be your guide on this solo expedition to reclaim what's yours.Support the show

Send us a textPrepare to have your mind expanded as we navigate the complex labyrinth of large language models and the cybersecurity threats they harbor. We dissect a groundbreaking paper that exposes how AI titans are susceptible to a slew of sophisticated cyber assaults, from prompt hacking to adversarial attacks and the less discussed but equally alarming issue of gradient exposure.As the conversation unfolds, we unravel the unnerving potential for these intelligent systems to inadvertently spill the beans on confidential training data, a privacy nightmare that transcends academic speculation and poses tangible security threats. Resources: https://arxiv.org/pdf/2402.00888.pdfSupport the show

Send us a textOur discussion takes a turn towards the skepticism now cast over Glassdoor and similar platforms. With anonymity in jeopardy, what's the true weight of an online review? We explore the pitfalls of anonymous comments devoid of context and the importance of leaning on personal networks for the real scoop on companies. The conversation doesn't shy away from the hard questions – it's a prompt for you to scrutinize digital platforms and their promises, urging a proactive stance on personal research. By the end of this thought-provoking dialogue, you'll be inspired to engage in deeper discussions and equipped to navigate the digital realm with a more critical eye... or so we hope.Support the show

Send us a textThis week on Privacy Please, we'll dissect the challenges that technologists face in harmonizing AI and privacy in their systems, and consider the state of AI governance laws that are shaping our digital future. Plus, get ready for a tale that hits close to home, shedding light on real-world privacy concerns that could affect any of us.Support the show

Send us a textCould the addition of 'Govern' to the NIST Cybersecurity Framework 2.0 be the game-changer in how we approach cybersecurity governance?  We unravel the significant evolution of the framework, now bolstering enterprise risk management with a holistic approach that's essential for any organization, big or small. We dissect the interplay of the six functions—Identify, Protect, Detect, Respond, Recover, and the new kid on the block, Govern—and how this integration across the entire lifecycle of protection can redefine the conventional cybersecurity steps. No stone is left unturned as we debate the necessity of maintaining distinct cybersecurity and privacy frameworks in the face of increasing overlap, a question that is becoming more pertinent as the digital age advances.Support the show

Send us a textJoin us for insights into the crucial aspects shaping the future of privacy. We'll delve into the significance of diversity in the privacy sphere, with women at the forefront of leadership roles. Discover why mentorship is indispensable for those embarking on privacy careers. Explore the delicate balance between profit and privacy, as companies often prioritize the former, jeopardizing user trust. Learn about the anticipated impact of CPRA enforcement on data management and privacy practices. Finally, we'll discuss the imperative of addressing biases in AI development to ensure the fairness of algorithms. Don't miss these essential discussions that are shaping the landscape of privacy.Support the show

Send us a textEver wondered how to keep your AI from turning into a sci-fi cautionary tale? California's Senate Bill 1047 might just be setting the blueprint, and we're unpacking its potential to navigate the tightrope between innovation and consumer safety. Plus, we pay tribute to Black History Month in true literary fashion, tipping our hats to James Baldwin's enduring wisdom in his piercing examination of race in America.This episode isn't just a rundown; it's a journey through the trenches of tech and culture, where we spotlight California's daring stride into the domain of AI legislation and what it could mean for you. As we highlight CalCompute's mission to democratize AI and dissect measures to safeguard whistleblowers, we invite you to join us in a narrative that connects the dots between the pages of history and the code of the future. Support the show

Send us a textPrepare to embark on a journey through the looking glass of modern airport security with me, Cameron Ivey, as we tackle the TSA's big bet on facial recognition at over 400 US airports. Get ready to peel back the layers of the high-tech CAT2 machines designed to match your face to your ID, and weigh in on the tug-of-war between rapid convenience and the sanctity of privacy. We dissect the Traveler Privacy Protection Act and its crusade to safeguard our personal data amidst the rise of automated scanning options. You'll learn how to opt out if you're not keen on taking part in the digital lineup and hear from voices on both sides of the aisle, including Senator Jeff Markley. The episode goes beyond the security checkpoint, exploring the societal ripple effects of facial recognition software, as evidenced by corporate bans. So, buckle up for an unfiltered discussion that might just redefine your next trip to the airport. With Privacy Please, your next flight of thought is now boarding!Support the show

Send us a textCelebrate the unsung heroes of privacy with us! Privacy Please's own Cameron Ivey and Gabe Gumbs tip their hats to the vanguards like Debbie Reynolds and Nishant Bhajaria, praising their unwavering dedication to our digital rights. We're not just talking shop; we're honoring the innovators who keep our data safe and our futures secure. From discussing the annual Privacy Week to giving a shout-out to those leading the charge, you'll feel the passion behind the pixels in protecting your personal information.Ever wonder if the watchdogs can watch themselves? We tackle the heated debate around the SEC's own data mishaps and whether they should be dishing out advice on data protection. Gabe doesn't pull any punches, defending the regulatory body with the kind of fervor that'll have you rethinking your stance on oversight. Listen in for a nuanced look at the complexities of privacy advocacy in the corporate and regulatory spheres – it's more than just a black-and-white issue.Support the show

Send us a textThis week on Privacy Please, discover the fine line between innovative tech and privacy pitfalls as I guide you through the complexities of generative AI in the corporate sector. Cisco's startling survey findings serve as the backbone of our discussion, revealing that a quarter of companies have pressed the panic button on generative AI tools to prevent data leaks and intellectual property breaches. You'll get a front-row seat to the latest industry moves, with tech juggernauts like Apple and Verizon leading the charge, and an exploration into the tension between AI integration and data protection. Support the show