Rowenna Fielding, Director, Miss IG Geek

In this episode of The Data Diva Talks Privacy, Debbie Reynolds, "The Data Diva" speaks with Rowenna Fielding, Director of Miss IG Geek, about data ethics, privacy, governance, and the human impact of how organizations collect and use data. Rowenna shares her unconventional path into privacy, beginning in theater and information technology before eventually specializing in information governance, data protection, and data ethics. She explains how her work evolved as she became increasingly interested not only in legal compliance but also in the broader consequences of the way organizations make decisions about people using data.

The conversation explores the distinction between compliance and ethics, and why organizations often assume that following policies, regulations, or technical controls automatically leads to ethical outcomes. Rowenna argues that data is not neutral or objective but is instead the product of human choices, incentives, and assumptions. Debbie and Rowenna discuss how organizations frequently collect and use data without fully considering whether the data is appropriate, whether it should be collected at all, or whether its use could unintentionally cause harm.

They examine the challenge of defining harm in the context of privacy and data protection, particularly when the effects are psychological, social, reputational, or otherwise difficult to measure. The discussion includes comparisons to health and safety frameworks, highlighting how organizations can build systems, governance structures, incentives, education programs, and cultures that make responsible data use the default rather than the exception. Rowenna explains how GDPR's foundation in fundamental rights provides a useful framework for evaluating ethical questions and why organizations must think beyond legal compliance to consider the broader impact of their actions on individuals and society.

The episode also explores corporate social responsibility, ESG, organizational values, and how leaders can establish meaningful ethical boundaries in environments where technology is advancing faster than regulation or societal norms. Throughout the conversation, Debbie and Rowenna challenge organizations to think critically about what it means to use data responsibly and how privacy programs can move beyond box-checking exercises to become part of a broader commitment to reducing harm and protecting people.

Eric Null, Director, Privacy & Data Program, Center for Democracy & Technology

In this episode of The Data Diva Talks Privacy, Debbie Reynolds, "The Data Diva" speaks with Eric Null, Director, Privacy & Data Program at the Center for Democracy & Technology, about the current state of privacy in the United States and the ongoing effort to establish comprehensive federal privacy legislation. Eric shares his unique journey from studying classical clarinet performance to becoming a leading advocate for privacy and consumer rights, explaining how his work in technology policy, net neutrality, broadband privacy, and consumer protection shaped his perspective on privacy as an issue fundamentally connected to power and control.

The conversation explores how information functions as a source of power in the digital age and why the collection, processing, and use of personal data can create risks ranging from manipulation and profiling to broader concerns about autonomy and control. Eric discusses his early work involving children's privacy, broadband privacy, and consumer protection, including efforts to strengthen privacy protections through the Federal Communications Commission and the Federal Trade Commission. He explains how the growth of the "free" Internet business model has created an environment in which individuals often exchange large amounts of personal information in exchange for access to online services, incentivizing extensive data collection and monetization.

Debbie and Eric examine the current U.S. privacy landscape, including the sector-specific approach taken by laws such as HIPAA, the Gramm-Leach-Bliley Act, and COPPA. They discuss the Federal Trade Commission's role as the primary federal privacy regulator and how the agency's authority has historically relied on preventing deceptive and unfair practices rather than establishing broad data rights. The discussion explores the limitations of the notice-and-choice model, in which organizations disclose their practices through privacy policies that consumers rarely read or meaningfully negotiate, and how network effects can limit the practical choices available to individuals seeking to participate in modern digital platforms.

The episode also covers the repeated attempts to pass comprehensive federal privacy legislation, including the American Data Privacy and Protection Act (ADPPA), the American Privacy Rights Act (APRA), and more recent proposals. Eric shares insights into the legislative challenges that have prevented these efforts from becoming law and discusses the policy debates surrounding data minimization, consumer rights, enforcement, and the relationship between privacy and broader concerns about the power of large technology companies. The conversation highlights why privacy remains one of the most important policy issues facing organizations, regulators, and consumers, and why meaningful reform continues to be difficult despite widespread public concern.

Doug Austin, Editor of eDiscovery Today

In this episode of The Data Diva Talks Privacy, Debbie Reynolds, The Data Diva speaks with Doug Austin, Editor of eDiscovery Today, about how eDiscovery, data governance, privacy, and artificial intelligence are increasingly interconnected in modern organizations. Doug explains how eDiscovery has evolved from a litigation-focused discipline into a broader framework that supports investigations, audits, incident response, and privacy-related workflows such as data subject access requests.

The conversation explores how AI is generating entirely new categories of data, including chatbot interactions, meeting transcripts, automated summaries, and AI-generated content, all of which may become evidence in legal and regulatory contexts. Debbie and Doug discuss how organizations are struggling to manage this expanding data landscape, particularly as employees adopt AI tools without fully understanding the implications for privacy, confidentiality, and data exposure.

They examine real-world scenarios involving AI note-taking tools and meeting recordings, including cases where sensitive information is captured and shared beyond its intended audience. The discussion also highlights risks associated with uploading confidential information into public AI systems and the lack of awareness around how these tools handle and retain data.

The episode further explores key legal developments, including litigation involving AI companies and disputes over data retention and production, as well as emerging questions around privilege and work product protections for AI-generated content. Debbie and Doug discuss how courts are beginning to address whether interactions with AI systems can be protected and the implications for both represented and self-represented individuals.

The conversation emphasizes that AI is fundamentally reshaping how data is created, stored, and used, and that organizations must adapt their governance, legal, and privacy strategies to manage these risks effectively while maintaining defensible and compliant data practices.

In this episode of The Data Diva Talks Privacy, Debbie Reynolds, The Data Diva speaks with Ross Saunders, Head of Ross G. Saunders Consulting, about privacy engineering and the challenges organizations face when translating legal requirements into technical implementation. Ross shares his background in infrastructure, DevOps, and software architecture, explaining how his experience working with SaaS environments and data breaches led him to focus on bridging the gap between legal, security, and development teams.

The conversation explores how privacy is often treated as a legal or compliance exercise, while in practice it requires integration into system design and development workflows. Debbie and Ross discuss how developers frequently receive requirements that do not align with legal intent, leading to inconsistencies in implementation and increased risk for organizations.

They examine real-world challenges in applying privacy regulations, including age verification requirements and the classification of IP addresses, where technical realities may conflict with regulatory expectations. The discussion also addresses the limitations of focusing on specific technologies, such as cookies, rather than addressing broader issues related to data sharing and potential harm.

The episode highlights practical examples of risk, including loyalty applications that collect extensive financial transaction data and the potential consequences if that data is exposed or misused. Debbie and Ross emphasize the importance of shifting toward harm-based approaches to privacy and ensuring that organizations understand the real-world impact of their data practices.

The conversation also explores emerging risks associated with agentic AI and autonomous systems, including scenarios where systems are granted excessive access and cause unintended damage or data loss. Organizations must implement governance, oversight, and clear controls to ensure that innovation in AI does not introduce unnecessary risk.

Terri Lewis, Founder of Planet Connected

In this episode of The Data Diva Talks Privacy, Debbie Reynolds, The Data Diva speaks with Terri Lewis, Founder of Planet Connected, about privacy, data governance, and risk in smart cities and connected infrastructure. Terri shares her background in digital strategy and her work supporting collaboration between cities and technology providers, emphasizing the importance of building trust and transparency into smart city initiatives.

The conversation explores how everyday systems such as water utilities, parking applications, and license plate readers collect and process personal data, often without individuals fully understanding the scope of that data collection. Debbie and Terri discuss how data from smart meters, for example, can reveal occupancy patterns and behavioral insights, and how location-based services and parking systems can introduce privacy risks through the collection of personal and financial information.

They examine the role of third-party vendors and the challenges organizations face in managing data across multiple providers, including concerns about overcollection, lack of transparency, and unclear data ownership. Real-world examples highlight how individuals may be required to provide more data than expected for routine activities, raising questions about proportionality and necessity.

The episode also explores broader IoT risks, including long device lifecycles, evolving capabilities through updates, and the increasing use of cameras and image-based technologies. Debbie and Terri discuss how advances in image recognition and facial recognition can enable identification of individuals in public spaces, creating new risks that existing legal frameworks may not fully address.

The discussion emphasizes that organizations must take a proactive approach to data governance, anticipating potential misuse, addressing unintended consequences, and aligning technology deployment with public expectations and trust. As cities continue to adopt connected technologies, leaders must ensure that innovation is balanced with strong privacy, security, and accountability practices.

Vibeke Specht, Co-founder of Peak Privacy and Author of “From GDPR Confusion to Privacy First Marketing”

In this episode of The Data Diva Talks Privacy, Debbie Reynolds, The Data Diva speaks with Vibeke Specht, Co-founder of Peak Privacy and author of “From GDPR Confusion to Privacy First Marketing,” about privacy, data governance, and the broader societal impact of data-driven marketing practices. Vibeke shares her background in journalism, political science, and marketing, explaining how her work evolved into a focus on privacy as she recognized the deeper implications of data collection, tracking, and profiling.

The conversation explores how GDPR is grounded in European history and fundamental rights, including protections against surveillance and misuse of personal data, and how this approach differs from more commercially driven data models often seen in the United States. Debbie and Vibeke discuss how marketing teams were among the first to confront the operational impact of GDPR, particularly through cookie regulations, consent requirements, and shifting expectations around transparency and accountability.

They examine the evolution of the ad tech ecosystem, including third-party cookies, large-scale tracking, and the role of dominant platforms in shaping how data is collected, shared, and monetized. The discussion highlights how complex and opaque data flows make it difficult for both organizations and individuals to fully understand how personal data is used, creating risk for companies and limiting meaningful user control.

The episode also explores how data practices influence behavior at scale, including the potential impact on democratic systems, decision-making, and public trust. Vibeke emphasizes the importance of moving beyond surface-level compliance and addressing the underlying structures that drive data collection and use, while organizations must balance innovation, competition, and responsible data practices in an increasingly complex regulatory environment.

In this episode of The Data Diva Talks Privacy, Debbie Reynolds, "The  Data Diva," speaks with Bradon Rogers, Chief Customer Officer, Island, about how organizations are addressing complex enterprise challenges related to data governance, privacy, and control. Bradon explains how Island was designed to solve persistent issues that companies face, including limited visibility into user activity, fragmented tools, and the difficulty of managing sensitive data across cloud applications, remote work environments, and emerging technologies.

The conversation explores how organizations can move toward a more unified, practical approach to data management, where governance and privacy controls are embedded directly into how work is performed. Rather than relying on disconnected systems, Island enables companies to monitor and control how data is accessed and used in real time, helping to reduce risk while maintaining operational efficiency.

Debbie and Bradon also discuss how modern enterprises are rethinking data governance as a business-critical function, not just a compliance requirement. They highlight how privacy considerations are becoming more integrated into enterprise workflows, and how organizations can better align their security, privacy, and data strategies to support both protection and productivity in increasingly complex digital environments.

This episode is sponsored by Island. We thank them for their support and for sharing insight into how organizations can better manage data governance and privacy in today’s enterprise landscape.

In this episode, Debbie Reynolds, "The  Data Diva", speaks with Michael Simon of Law+Data, LLC about the convergence of law, data, and artificial intelligence, and how this shift is transforming privacy practices and legal frameworks.

Michael shares his background in technology and law, including early experience with computing and its influence on his legal career. The conversation explores how traditional legal models, particularly notice and consent, are becoming less effective in modern data environments where data is continuously collected, processed, and reused.

Debbie and Michael discuss emerging regulatory approaches, including restrictions on certain types of data use, and the limitations of relying solely on compliance to address privacy risks. They examine how organizations must develop a deeper understanding of how data flows through systems and how AI technologies generate insights and inferences.

The discussion also covers the need for legal professionals to understand technical systems, including AI, data processing, and system architecture, as well as lessons from eDiscovery that remain relevant in modern data environments. The episode highlights the importance of moving toward integrated approaches that combine legal, technical, and operational perspectives to manage privacy risk effectively.

In this episode of The Data Diva Talks Privacy, Debbie Reynolds, "The Data Diva" speaks with Michelle Finneran Dennedy, Chief Data Strategy Officer at Abaxx Technologies, about the evolving role of data strategy in modern organizations and how companies can operationalize trust, accountability, and value from their data. Michelle shares insights from her extensive experience at the intersection of privacy, data governance, and business strategy, emphasizing that data is not just a compliance obligation but a core enterprise asset that must be actively managed and aligned to business outcomes.

The conversation explores how organizations can move beyond reactive compliance models toward proactive data strategy frameworks that integrate privacy, governance, and innovation. Debbie Reynolds, "The  Data Diva" and Michelle discuss the importance of embedding data responsibility into organizational culture, the role of leadership in setting expectations for ethical data use, and how companies can build systems that support both regulatory requirements and long-term business value. They also examine how data governance must evolve to address increasingly complex ecosystems, including cross-border data flows, emerging technologies, and shifting regulatory expectations.

Michelle highlights the need for clear accountability structures, strong internal alignment across legal, technical, and business teams, and the development of practical frameworks that translate policy into action. The discussion also covers how organizations can better measure the value of data, manage risk in dynamic environments, and create scalable approaches that support growth without compromising trust. This episode provides practical guidance for leaders looking to strengthen their data strategy, improve governance, and position their organizations for long-term success in a data-driven world.

Merry Marwig, Vice President, Global Communications & Advocacy, Privacy4Cars

In this episode, Debbie Reynolds, "The Data Diva" speaks with Merry Marwig, Vice President, Global Communications & Advocacy at Privacy4Cars, about privacy risks in connected vehicles and the expanding automotive data ecosystem.

Merry explains how modern vehicles function as sophisticated data platforms that continuously collect and transmit information about drivers, passengers, and vehicle activity. The conversation explores the types of data collected, including location data, behavioral data, infotainment usage, diagnostic data, and other signals generated through connected systems, as well as how that data is shared across manufacturers, dealerships, service providers, insurers, and third-party technology providers.

Debbie and Merry discuss the complexity of data flows within the automotive ecosystem, including the roles of controllers, processors, and third parties, and how these relationships create challenges for transparency, accountability, and consent. The discussion highlights how individuals often lack visibility into how their data is used and shared across multiple entities.

The conversation also includes discussion of Debbie Reynolds’ work on the Internet of Things Advisory Board report with the U.S. Department of Commerce, and how that work highlighted many of the same issues now seen in connected vehicles, including data sharing across ecosystems, lack of transparency, and challenges with governance and accountability in multi-party environments.

Debbie and Merry examine consumer awareness gaps, including how most individuals do not fully understand the extent of data collection in vehicles or how their information is used. They also discuss what happens to personal data when a vehicle is sold, transferred, or serviced, and the importance of tools and processes that allow individuals to manage, delete, or control their data across the vehicle lifecycle.

The episode also covers regulatory developments impacting automotive privacy, the role of advocacy organizations in improving industry practices, and the importance of clear communication between companies and consumers. The discussion emphasizes the need for organizations to integrate privacy into product design and governance processes while balancing innovation and responsible data use.

In this episode, Debbie Reynolds “The Data Diva” speaks with Evan Benjamin, President of Tier 3 Inc., about the growing challenges of privacy in AI systems, particularly in relation to inference, agent-based systems, and data lifecycle management.

Evan shares his transition from IT, e-discovery, and information security into privacy, highlighting how the rapid adoption of large language models has exposed gaps in how organizations approach privacy and data protection. The conversation explores the distinction between security and privacy, emphasizing that security focuses on protecting systems while privacy focuses on purpose, data use, and fundamental rights.

Debbie and Evan discuss the risks associated with AI-driven inference, including how systems generate insights about individuals based on context and historical data, often without user awareness or control. They also examine how AI memory and agent-based systems can extend data usage beyond original intent, raising concerns about purpose limitation and data minimization.

The discussion further addresses challenges with data retention, logging, and traceability, as well as the difficulty of deleting data from AI systems once it has been incorporated into model training. Evan highlights the technical limitations of data erasure in machine learning models and the implications for privacy rights such as the right to be forgotten.

Finally, the conversation explores issues related to data processing across multiple systems, including the complexity of managing controllers, processors, and sub-processors, as well as emerging risks related to liability when organizations deploy AI systems and autonomous agents.

In this episode, Debbie Reynolds “The Data Diva” speaks with Mojisola Abi Sowemimo about the intersection of privacy, governance, and emerging technologies, with a focus on how organizations can better align data practices with regulatory expectations and ethical responsibilities.

The conversation explores how organizations approach privacy in practice, including gaps between policy and implementation, and the challenges of operationalizing privacy requirements across complex systems. Mojisola discusses the importance of embedding privacy considerations early in system design, as well as the need for organizations to move beyond surface-level compliance toward more accountable and transparent data practices.

Debbie and Mojisola also examine how global regulatory differences influence organizational behavior, the role of governance frameworks in managing data risk, and the importance of building internal awareness and accountability. The discussion highlights how organizations can strengthen their approach to privacy by aligning legal, technical, and operational perspectives while ensuring that data practices remain consistent with user expectations and regulatory requirements.

Federica Fornaciari, Full Professor and Academic Program Director for the Master's in Strategic Communications, National University https://www.nu.edu

In this episode, Debbie Reynolds "The Data Diva" speaks with Federica Fornaciari, Full Professor and Academic Program Director for the Master's in Strategic Communications at National University, about how communication, media narratives, and cultural values shape societies' understanding of privacy, technology, and artificial intelligence.

Federica shares her background studying communication, journalism, and privacy research, including her work examining how media narratives in the United States and Europe have shaped public perceptions of privacy over time. The conversation explores how privacy is often framed as a fundamental human right in Europe, whereas in the United States, it is frequently treated as a consumer or transactional issue, shaping both regulatory approaches and public expectations.

Debbie and Federica discuss the role of AI literacy in privacy protection, emphasizing that people increasingly share highly personal information with generative AI systems without fully understanding how their data may be collected, stored, or used. They also explore the ethical responsibilities of organizations developing AI technologies, as well as the importance of transparency, accountability, and the embedding of ethical values in algorithm design.

The conversation also addresses emerging risks, including deepfakes, the erosion of public trust in digital information, and the challenges of identifying manipulated content. Debbie and Federica discuss the importance of media literacy and education in helping individuals recognize these risks while also acknowledging that technological detection tools often lag behind the creation of synthetic media.

Finally, the discussion explores the risks of algorithmic inference in areas such as healthcare and decision making, the importance of keeping humans in leadership roles when using AI systems, and the need for ethical frameworks that protect human rights, avoid bias, and prioritize transparency and accountability. Federica concludes by emphasizing the importance of combining technology design, human literacy, and regulatory frameworks to create a more responsible global approach to privacy and AI governance.

By popular demand, Debbie Reynolds Consulting is now offering executive briefings on emerging data privacy risks and how companies can avoid them. To learn more, visit the Executive briefings page on my website.

Debbie Reynolds “The Data Diva” talks to Bob Carver, CEO of Cybersecurity Boardroom, about the evolving cybersecurity and privacy risks created by emerging technologies, connected devices, and increasingly sophisticated threat actors.

Bob shares his path into cybersecurity, beginning with a career managing commercial real estate before transitioning into information systems and eventually helping build one of the early internal security programs at Verizon Wireless. He reflects on how cybersecurity has evolved from basic perimeter defenses such as firewalls and intrusion detection systems into a far more complex environment where organizations must secure interconnected systems, APIs, cloud services, and AI technologies.

The conversation explores several emerging risks associated with artificial intelligence systems, including model inversion attacks that allow attackers to extract sensitive or proprietary information from AI models, as well as the potential theft of entire AI models through repeated API queries. Debbie and Bob also discuss the security risks associated with agentic AI systems that have administrative permissions to interact with files, databases, or enterprise systems, highlighting the importance of strong guardrails and controlled access.

Privacy risks related to connected devices are also discussed, including smart televisions and other IoT technologies that continuously collect and transmit user data to manufacturers and data brokers. Debbie and Bob examine the broader implications of large-scale data collection and the challenges individuals face in maintaining visibility and control over their personal information.

The episode also covers common phishing attacks that mimic legitimate security alerts and the importance of verifying requests through official platforms. Finally, Bob discusses the potential future of cybersecurity, highlighting the role that zero-trust architectures and post-quantum encryption may play in strengthening long-term digital security.

Chuck Brooks, President, Brooks Consulting International and Adjunct Faculty, Georgetown University

In this episode, Debbie Reynolds speaks with Chuck Brooks about why data privacy and cybersecurity are now strategic imperatives for organizations. The discussion includes Chuck’s Forbes article, “Why Data Privacy Is a Strategic Imperative for Organizations,” and expands on its core themes in the context of today’s rapidly evolving threat landscape.

The conversation begins with the rapid evolution of artificial intelligence, including generative AI and agentic AI. Chuck explains how AI is being used not only for productivity and automation but also for sophisticated phishing campaigns, automated vulnerability discovery, ransomware operations, bot-driven attacks, and large-scale fraud. They discuss the risks of agentic AI operating autonomously without clear regulatory guardrails, as well as the dangers of poor data quality when AI systems rely on flawed or excessive data.

Debbie and Chuck examine cybersecurity hygiene, including password management, multi-factor authentication, identity protection, social engineering threats, phishing resilience, segmentation of critical data, and the importance of assuming breach as part of an overall resilience strategy. They highlight why small and medium businesses are especially vulnerable in today’s threat environment.

The discussion explores the relationship between privacy and cybersecurity, clarifying how privacy is contextual and often elective, while cybersecurity focuses on protecting systems and data integrity. They examine oversharing on social media, identity exploitation, insider threats, trade secret protection, and why organizations must treat data as a strategic asset. The importance of building a culture of privacy within organizations is emphasized as a leadership responsibility rather than a compliance afterthought.

IoT risks are addressed, including default passwords, connected devices as attack vectors, endpoint vulnerabilities, and real-world breaches involving unexpected networked devices. The episode also covers data retention risks, overcollection, data minimization, and the need for structured governance frameworks that prioritize high-value data.

Finally, the conversation turns to quantum computing. Chuck explains different forms of quantum technologies, including quantum algorithms, sensing, and photonics, and discusses the potential impact of “Q Day” on encryption standards. They explore quantum-resistant algorithms, NIST guidance, and the convergence of quantum and AI as both transformative and disruptive forces.

In Episode 277 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, the Data Diva, speaks with Tom Kemp, Executive Director of the California Privacy Protection Agency, about California’s role as the de facto privacy bellwether in the United States and how regulatory expectations are shifting from policy development to operational enforcement and accountability.

Debbie and Tom discuss key regulatory focus areas, including the Delete Request and Opt-Out Platform (DROP), Automated Decision-Making Technologies (ADMT), Opt-Out Preference Signals (OOPS), Global Privacy Control (GPC), cybersecurity audits, and privacy risk assessments. The conversation explores how these initiatives reflect a broader shift toward measurable governance, technical compliance, and demonstrable accountability.

They also discuss how regulators assess data risk, emerging enforcement trends, and what companies should be thinking about now as privacy programs start and mature. Tom explains how organizations can prepare for evolving expectations around governance, risk management, and documentation, and what strong privacy governance looks like going forward.

The episode concludes with Tom Kemp’s message to organizations about accountability, risk awareness, and responsible innovation as privacy regulation continues to evolve alongside artificial intelligence and emerging technologies.

In Episode 276 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, the Data Diva, speaks with Willem Koenders about how organizations can move from traditional data governance models toward a data product approach that aligns business value, privacy, security, and operational accountability. The conversation focuses on how treating data as a product changes the way organizations design governance, ownership, and lifecycle management.

Debbie and Willem discuss how data products create clearer accountability structures by defining ownership, usage boundaries, metadata standards, and lifecycle expectations at the point where data is created and shared. They explore how ingestion standards, classification, observability, and stewardship practices help organizations manage data consistently across decentralized teams. The discussion emphasizes how privacy and cybersecurity controls can be embedded directly into data products through least privilege access, usage constraints, and shared governance standards.

The episode also examines how artificial intelligence is accelerating the need for stronger data foundations. Debbie and Willem discuss how agentic AI systems, automated workflows, and AI-driven decision-making underscore the importance of data quality, lineage, classification, and stewardship. They explore how governance must evolve to support scale and automation while maintaining accountability for how data is used across business operations.

The conversation concludes with a discussion about balancing innovation with responsible data use, how organizations can prepare for AI-driven governance environments, and why building strong data product practices today helps organizations manage future risk.

In Episode 275 of the Data Diva Talks Privacy Podcast, Debbie Reynolds, the Data Diva, speaks with personal data privacy consultant Toin Berry about how personal data is collected, combined, inferred, and reused in ways that can significantly affect individuals without their awareness. The conversation focuses on how modern data ecosystems operate beyond direct data collection, emphasizing how inference and aggregation can shape outcomes for people in ways that are difficult to see and even harder to challenge.

Throughout the episode, Debbie and Toin explore how personal data moves through complex networks that include platforms, data brokers, analytics firms, and secondary users. They discuss how information collected in one context can be repurposed in another, how inferred attributes can be treated as facts, and how predictive models can influence decisions about individuals in employment, housing, access to services, and social standing. The discussion also addresses how these practices affect autonomy and agency, particularly when individuals are unaware that profiles are being created about them based on behavioral signals rather than explicit disclosures.

The conversation further examines the limits of commonly promoted privacy controls, such as deletion requests and consent mechanisms, when data has already been copied, enriched, or redistributed across multiple systems. Debbie and Toin talk about the role of data brokers, the recycling of personal data, and the challenges individuals face when trying to understand where their data travels and how it is ultimately used. They also compare approaches to privacy protection in different jurisdictions, including perspectives shaped by European data protection frameworks and U.S. sector based models, highlighting how cultural and regulatory differences influence expectations and outcomes.

This episode also emphasizes the importance of education and data literacy in privacy conversations. Rather than focusing on fear or alarm, Debbie and Toin discuss the need for clearer explanations of how data-driven systems work, how inferences are generated, and what meaningful prevention looks like in practice. The discussion reinforces the idea that privacy is fundamentally about human impact, agency, and long-term consequences, and that understanding data use is essential for protecting people in increasingly complex digital environments.

Episode 274 – Liz MacPherson, Deputy Privacy Commissioner, Office of the Privacy Commissioner, New Zealand

In Episode 274 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Liz MacPherson, Deputy Privacy Commissioner at the Office of the Privacy Commissioner of New Zealand, about how privacy functions as a critical guardrail for innovation rather than a barrier to progress. The discussion focuses on New Zealand’s purpose and context-based privacy framework and why strong privacy foundations enable faster, safer, and more trustworthy data use across government and industry.

The conversation explores a landmark case involving the use of facial recognition technology in supermarkets, where regulators, businesses, and independent evaluators worked together to test effectiveness, necessity, and proportionality before deployment. Debbie and Liz unpack why biometric data demands heightened scrutiny, how privacy impact assessments and real-world trials can reduce risk, and why facial recognition is not a plug-and-play technology. They also discuss the importance of human oversight, data quality, access controls, transparency to the public, and the risks of bias and misidentification when systems are poorly governed.

Debbie and Liz also examine New Zealand’s Biometric Processing Privacy Code and its role in setting clear thresholds for biometric use, including limits on categorization and inference. The episode highlights why data retention is one of the most overlooked sources of organizational risk, how unnecessary data creates downstream harm, and why treating personal information as a treasure rather than an asset to be exploited builds long-term trust. Liz emphasizes that organizations succeed when they place people at the center of data decisions and design privacy into the full information lifecycle.

In Episode 273 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Kohei Kurihara, CEO and Founder of Privacy by Design Lab, about the relationship between privacy, trust, and innovation across Japan and the broader Asia-Pacific region. Kohei shares how his background in startups, blockchain, and digital identity led him to focus on privacy as a foundational element of sustainable technology.

The discussion explores the distinction between security and privacy, including why technical safeguards alone cannot establish trust. Debbie and Kohei examine privacy by design as a proactive discipline, contrasting it with reactive compliance-driven approaches. They discuss why companies that embed privacy early can move faster, innovate responsibly, and build stronger relationships with users rather than slowing progress.

The episode also examines cultural perspectives on privacy in Japan and Asia, including how collective values, family structures, and trust-based relationships influence attitudes toward data sharing. Kohei emphasizes that privacy expectations are shaped by history and culture, and that global frameworks must account for these differences. The conversation reinforces that trust, not compliance alone, is what ultimately determines whether technology is accepted and sustained.