In this episode, Debbie Reynolds “The Data Diva” speaks with Evan Benjamin, President of Tier 3 Inc., about the growing challenges of privacy in AI systems, particularly in relation to inference, agent-based systems, and data lifecycle management.

Evan shares his transition from IT, e-discovery, and information security into privacy, highlighting how the rapid adoption of large language models has exposed gaps in how organizations approach privacy and data protection. The conversation explores the distinction between security and privacy, emphasizing that security focuses on protecting systems while privacy focuses on purpose, data use, and fundamental rights.

Debbie and Evan discuss the risks associated with AI-driven inference, including how systems generate insights about individuals based on context and historical data, often without user awareness or control. They also examine how AI memory and agent-based systems can extend data usage beyond original intent, raising concerns about purpose limitation and data minimization.

The discussion further addresses challenges with data retention, logging, and traceability, as well as the difficulty of deleting data from AI systems once it has been incorporated into model training. Evan highlights the technical limitations of data erasure in machine learning models and the implications for privacy rights such as the right to be forgotten.

Finally, the conversation explores issues related to data processing across multiple systems, including the complexity of managing controllers, processors, and sub-processors, as well as emerging risks related to liability when organizations deploy AI systems and autonomous agents.

In this episode, Debbie Reynolds “The Data Diva” speaks with Mojisola Abi Sowemimo about the intersection of privacy, governance, and emerging technologies, with a focus on how organizations can better align data practices with regulatory expectations and ethical responsibilities.

The conversation explores how organizations approach privacy in practice, including gaps between policy and implementation, and the challenges of operationalizing privacy requirements across complex systems. Mojisola discusses the importance of embedding privacy considerations early in system design, as well as the need for organizations to move beyond surface-level compliance toward more accountable and transparent data practices.

Debbie and Mojisola also examine how global regulatory differences influence organizational behavior, the role of governance frameworks in managing data risk, and the importance of building internal awareness and accountability. The discussion highlights how organizations can strengthen their approach to privacy by aligning legal, technical, and operational perspectives while ensuring that data practices remain consistent with user expectations and regulatory requirements.

Federica Fornaciari, Full Professor and Academic Program Director for the Master's in Strategic Communications, National University

In this episode, Debbie Reynolds "The Data Diva" speaks with Federica Fornaciari, Full Professor and Academic Program Director for the Master's in Strategic Communications at National University, about how communication, media narratives, and cultural values shape societies' understanding of privacy, technology, and artificial intelligence.

Federica shares her background studying communication, journalism, and privacy research, including her work examining how media narratives in the United States and Europe have shaped public perceptions of privacy over time. The conversation explores how privacy is often framed as a fundamental human right in Europe, whereas in the United States, it is frequently treated as a consumer or transactional issue, shaping both regulatory approaches and public expectations.

Debbie and Federica discuss the role of AI literacy in privacy protection, emphasizing that people increasingly share highly personal information with generative AI systems without fully understanding how their data may be collected, stored, or used. They also explore the ethical responsibilities of organizations developing AI technologies, as well as the importance of transparency, accountability, and the embedding of ethical values in algorithm design.

The conversation also addresses emerging risks, including deepfakes, the erosion of public trust in digital information, and the challenges of identifying manipulated content. Debbie and Federica discuss the importance of media literacy and education in helping individuals recognize these risks while also acknowledging that technological detection tools often lag behind the creation of synthetic media.

Finally, the discussion explores the risks of algorithmic inference in areas such as healthcare and decision making, the importance of keeping humans in leadership roles when using AI systems, and the need for ethical frameworks that protect human rights, avoid bias, and prioritize transparency and accountability. Federica concludes by emphasizing the importance of combining technology design, human literacy, and regulatory frameworks to create a more responsible global approach to privacy and AI governance.

By popular demand, Debbie Reynolds Consulting is now offering executive briefings on emerging data privacy risks and how companies can avoid them. To learn more, visit the Executive briefings page on my website.

Debbie Reynolds “The Data Diva” talks to Bob Carver, CEO of Cybersecurity Boardroom, about the evolving cybersecurity and privacy risks created by emerging technologies, connected devices, and increasingly sophisticated threat actors.

Bob shares his path into cybersecurity, beginning with a career managing commercial real estate before transitioning into information systems and eventually helping build one of the early internal security programs at Verizon Wireless. He reflects on how cybersecurity has evolved from basic perimeter defenses such as firewalls and intrusion detection systems into a far more complex environment where organizations must secure interconnected systems, APIs, cloud services, and AI technologies.

The conversation explores several emerging risks associated with artificial intelligence systems, including model inversion attacks that allow attackers to extract sensitive or proprietary information from AI models, as well as the potential theft of entire AI models through repeated API queries. Debbie and Bob also discuss the security risks associated with agentic AI systems that have administrative permissions to interact with files, databases, or enterprise systems, highlighting the importance of strong guardrails and controlled access.

Privacy risks related to connected devices are also discussed, including smart televisions and other IoT technologies that continuously collect and transmit user data to manufacturers and data brokers. Debbie and Bob examine the broader implications of large-scale data collection and the challenges individuals face in maintaining visibility and control over their personal information.

The episode also covers common phishing attacks that mimic legitimate security alerts and the importance of verifying requests through official platforms. Finally, Bob discusses the potential future of cybersecurity, highlighting the role that zero-trust architectures and post-quantum encryption may play in strengthening long-term digital security.

Chuck Brooks, President, Brooks Consulting International and Adjunct Faculty, Georgetown University

In this episode, Debbie Reynolds speaks with Chuck Brooks about why data privacy and cybersecurity are now strategic imperatives for organizations. The discussion includes Chuck’s Forbes article, “Why Data Privacy Is a Strategic Imperative for Organizations,” and expands on its core themes in the context of today’s rapidly evolving threat landscape.

The conversation begins with the rapid evolution of artificial intelligence, including generative AI and agentic AI. Chuck explains how AI is being used not only for productivity and automation but also for sophisticated phishing campaigns, automated vulnerability discovery, ransomware operations, bot-driven attacks, and large-scale fraud. They discuss the risks of agentic AI operating autonomously without clear regulatory guardrails, as well as the dangers of poor data quality when AI systems rely on flawed or excessive data.

Debbie and Chuck examine cybersecurity hygiene, including password management, multi-factor authentication, identity protection, social engineering threats, phishing resilience, segmentation of critical data, and the importance of assuming breach as part of an overall resilience strategy. They highlight why small and medium businesses are especially vulnerable in today’s threat environment.

The discussion explores the relationship between privacy and cybersecurity, clarifying how privacy is contextual and often elective, while cybersecurity focuses on protecting systems and data integrity. They examine oversharing on social media, identity exploitation, insider threats, trade secret protection, and why organizations must treat data as a strategic asset. The importance of building a culture of privacy within organizations is emphasized as a leadership responsibility rather than a compliance afterthought.

IoT risks are addressed, including default passwords, connected devices as attack vectors, endpoint vulnerabilities, and real-world breaches involving unexpected networked devices. The episode also covers data retention risks, overcollection, data minimization, and the need for structured governance frameworks that prioritize high-value data.

Finally, the conversation turns to quantum computing. Chuck explains different forms of quantum technologies, including quantum algorithms, sensing, and photonics, and discusses the potential impact of “Q Day” on encryption standards. They explore quantum-resistant algorithms, NIST guidance, and the convergence of quantum and AI as both transformative and disruptive forces.

In Episode 277 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, the Data Diva, speaks with Tom Kemp, Executive Director of the California Privacy Protection Agency, about California’s role as the de facto privacy bellwether in the United States and how regulatory expectations are shifting from policy development to operational enforcement and accountability.

Debbie and Tom discuss key regulatory focus areas, including the Delete Request and Opt-Out Platform (DROP), Automated Decision-Making Technologies (ADMT), Opt-Out Preference Signals (OOPS), Global Privacy Control (GPC), cybersecurity audits, and privacy risk assessments. The conversation explores how these initiatives reflect a broader shift toward measurable governance, technical compliance, and demonstrable accountability.

They also discuss how regulators assess data risk, emerging enforcement trends, and what companies should be thinking about now as privacy programs start and mature. Tom explains how organizations can prepare for evolving expectations around governance, risk management, and documentation, and what strong privacy governance looks like going forward.

The episode concludes with Tom Kemp’s message to organizations about accountability, risk awareness, and responsible innovation as privacy regulation continues to evolve alongside artificial intelligence and emerging technologies.

In Episode 276 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, the Data Diva, speaks with Willem Koenders about how organizations can move from traditional data governance models toward a data product approach that aligns business value, privacy, security, and operational accountability. The conversation focuses on how treating data as a product changes the way organizations design governance, ownership, and lifecycle management.

Debbie and Willem discuss how data products create clearer accountability structures by defining ownership, usage boundaries, metadata standards, and lifecycle expectations at the point where data is created and shared. They explore how ingestion standards, classification, observability, and stewardship practices help organizations manage data consistently across decentralized teams. The discussion emphasizes how privacy and cybersecurity controls can be embedded directly into data products through least privilege access, usage constraints, and shared governance standards.

The episode also examines how artificial intelligence is accelerating the need for stronger data foundations. Debbie and Willem discuss how agentic AI systems, automated workflows, and AI-driven decision-making underscore the importance of data quality, lineage, classification, and stewardship. They explore how governance must evolve to support scale and automation while maintaining accountability for how data is used across business operations.

The conversation concludes with a discussion about balancing innovation with responsible data use, how organizations can prepare for AI-driven governance environments, and why building strong data product practices today helps organizations manage future risk.

In Episode 275 of the Data Diva Talks Privacy Podcast, Debbie Reynolds, the Data Diva, speaks with personal data privacy consultant Toin Berry about how personal data is collected, combined, inferred, and reused in ways that can significantly affect individuals without their awareness. The conversation focuses on how modern data ecosystems operate beyond direct data collection, emphasizing how inference and aggregation can shape outcomes for people in ways that are difficult to see and even harder to challenge.

Throughout the episode, Debbie and Toin explore how personal data moves through complex networks that include platforms, data brokers, analytics firms, and secondary users. They discuss how information collected in one context can be repurposed in another, how inferred attributes can be treated as facts, and how predictive models can influence decisions about individuals in employment, housing, access to services, and social standing. The discussion also addresses how these practices affect autonomy and agency, particularly when individuals are unaware that profiles are being created about them based on behavioral signals rather than explicit disclosures.

The conversation further examines the limits of commonly promoted privacy controls, such as deletion requests and consent mechanisms, when data has already been copied, enriched, or redistributed across multiple systems. Debbie and Toin talk about the role of data brokers, the recycling of personal data, and the challenges individuals face when trying to understand where their data travels and how it is ultimately used. They also compare approaches to privacy protection in different jurisdictions, including perspectives shaped by European data protection frameworks and U.S. sector based models, highlighting how cultural and regulatory differences influence expectations and outcomes.

This episode also emphasizes the importance of education and data literacy in privacy conversations. Rather than focusing on fear or alarm, Debbie and Toin discuss the need for clearer explanations of how data-driven systems work, how inferences are generated, and what meaningful prevention looks like in practice. The discussion reinforces the idea that privacy is fundamentally about human impact, agency, and long-term consequences, and that understanding data use is essential for protecting people in increasingly complex digital environments.

Episode 274 – Liz MacPherson, Deputy Privacy Commissioner, Office of the Privacy Commissioner, New Zealand

In Episode 274 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Liz MacPherson, Deputy Privacy Commissioner at the Office of the Privacy Commissioner of New Zealand, about how privacy functions as a critical guardrail for innovation rather than a barrier to progress. The discussion focuses on New Zealand’s purpose and context-based privacy framework and why strong privacy foundations enable faster, safer, and more trustworthy data use across government and industry.

The conversation explores a landmark case involving the use of facial recognition technology in supermarkets, where regulators, businesses, and independent evaluators worked together to test effectiveness, necessity, and proportionality before deployment. Debbie and Liz unpack why biometric data demands heightened scrutiny, how privacy impact assessments and real-world trials can reduce risk, and why facial recognition is not a plug-and-play technology. They also discuss the importance of human oversight, data quality, access controls, transparency to the public, and the risks of bias and misidentification when systems are poorly governed.

Debbie and Liz also examine New Zealand’s Biometric Processing Privacy Code and its role in setting clear thresholds for biometric use, including limits on categorization and inference. The episode highlights why data retention is one of the most overlooked sources of organizational risk, how unnecessary data creates downstream harm, and why treating personal information as a treasure rather than an asset to be exploited builds long-term trust. Liz emphasizes that organizations succeed when they place people at the center of data decisions and design privacy into the full information lifecycle.

In Episode 273 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Kohei Kurihara, CEO and Founder of Privacy by Design Lab, about the relationship between privacy, trust, and innovation across Japan and the broader Asia-Pacific region. Kohei shares how his background in startups, blockchain, and digital identity led him to focus on privacy as a foundational element of sustainable technology.

The discussion explores the distinction between security and privacy, including why technical safeguards alone cannot establish trust. Debbie and Kohei examine privacy by design as a proactive discipline, contrasting it with reactive compliance-driven approaches. They discuss why companies that embed privacy early can move faster, innovate responsibly, and build stronger relationships with users rather than slowing progress.

The episode also examines cultural perspectives on privacy in Japan and Asia, including how collective values, family structures, and trust-based relationships influence attitudes toward data sharing. Kohei emphasizes that privacy expectations are shaped by history and culture, and that global frameworks must account for these differences. The conversation reinforces that trust, not compliance alone, is what ultimately determines whether technology is accepted and sustained.

In Episode 272 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Sean Pauzauskie, Medical Director at the Neurorights Foundation, about the emergence of neurorights and why brain data represents one of the most sensitive frontiers in privacy and human rights. Sean explains what neurorights are, how they developed from advances in neurotechnology, and why mental privacy, identity, and free will must be protected as technology becomes capable of reading and influencing brain activity.

Debbie and Sean explore the five core neurorights, including mental privacy, fair access to mental augmentation, personal identity, free will, and freedom from algorithmic bias. They discuss real-world neurotechnology use cases, from medical treatment to consumer wellness devices, and why commercialization increases the urgency of governance. The episode examines risks such as discrimination, surveillance, and misuse of neural data, even in the absence of malicious intent.

The conversation also highlights Colorado’s groundbreaking neural data protections and how state-level action can address human rights gaps left by federal consumer-focused laws. Debbie and Sean discuss why states can serve as laboratories for rights-based protections, how neurorights differ from traditional data privacy, and what policymakers, companies, and individuals should be thinking about as neurotechnology becomes mainstream.

In Episode 271 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Ridwan Oloyede, Emerging Technologies and Technology Policy Lead, about the rapid evolution of data protection across Africa and why global conversations often misunderstand or oversimplify the continent. Ridwan shares insights into how privacy and technology policy have matured across African jurisdictions and why Africa should not be treated as a monolith in global regulatory discussions.

The conversation explores the growth of data protection laws, regulators, and professional communities across the continent, including how capacity building, certification, and cross-border collaboration are shaping the next generation of privacy leadership. Debbie and Ridwan discuss common misconceptions, the importance of local context, and how African countries diverge meaningfully on issues such as post-mortem privacy, registration requirements, audits, and cross-border data transfers.

They also examine how legal traditions that predate the GDPR influence modern African privacy frameworks, including differing approaches to legal bases for processing and consent. Ridwan emphasizes the need for better global research, storytelling, and representation to accurately reflect what is happening on the ground. The episode highlights Africa’s growing role in shaping global privacy norms through innovation, pragmatism, and preventative approaches to data protection.

In Episode 270 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Filipe Pinto, researcher, strategist, and author of Consumer-Controlled Digital Twin Architecture, about the future of personal data control and what it means to move beyond consent-based privacy models. The conversation centers on Filipe’s concept of consumer-controlled digital twins and why true privacy requires technical and architectural change rather than reliance on legal agreements alone.

In Episode 269 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Kimberly Lancaster, Founder and CEO of Avalon Privacy and Compliance. They discuss the evolving relationship among privacy, security, and compliance and why companies must treat these functions as interconnected elements of trust rather than isolated disciplines. Kimberly explains how organizations of all sizes can build stronger programs by emphasizing transparency, shared responsibility, and thoughtful data stewardship throughout the enterprise.

The conversation explores the real world challenges companies face when scaling governance, including vendor diligence, access controls, continuous monitoring, and the risks created when teams assume that technology alone can solve problems. Kimberly describes why proactive privacy practices, including data inventories and lifecycle thinking, make companies more resilient, reduce downstream crises, and strengthen their ability to respond to new regulations without disruption.

Debbie and Kimberly also examine the human side of privacy work, highlighting how culture, empowerment, and community learning shape successful programs. Kimberly shares her wish for a future where transparency becomes the foundation for trust and where companies design experiences that offer convenience without requiring people to sacrifice their data unknowingly. She emphasizes that privacy leadership is ultimately about enabling people to grow, make better decisions, and help organizations operate with integrity.

In Episode 268 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Anuj Jain, Lead Privacy Engineer at S&P Global. They discuss the role of privacy engineering in shifting data stewardship earlier in the technology lifecycle and how privacy-focused design strengthens both compliance and innovation. Anuj explains why many organizations still view privacy narrowly through a legal or security lens and why technical privacy practices are essential for building sustainable, enterprise wide maturity.

The conversation explores how privacy engineering transforms real operational workflows, including the review of cookies and tracking technology, automation of assessments, governance of AI systems, and managing risk through proactive testing and technical controls. Anuj provides insight into how S&P Global structures its privacy program across legal, technology, and business teams, creating a model of cross functional collaboration that allows privacy to scale.

Debbie and Anuj also discuss the cultural dimensions of privacy and how expectations differ across regions such as India, Europe, and the United States. They examine the impact of consumer awareness, regulatory timelines, and local norms on how individuals and companies interpret privacy. Anuj closes with practical insights about the power individuals have to influence corporate behavior through their choices and questions, and why thoughtful human decision making remains essential even in an AI driven world.

In Episode 267 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Federico Marengo, Associate Partner at White Label Consultancy in Italy. They explore the accelerating intersection of privacy, artificial intelligence, and governance, and discuss how organizations can build practical, responsible AI programs that align with existing privacy and security frameworks. Federico explains why AI governance cannot exist in a vacuum and must be integrated with the policies, controls, and operational practices companies already use.

The conversation delves into the challenges organizations face in adopting AI responsibly, including understanding the requirements of the EU AI Act, right-sizing compliance expectations for organizations of different scales, and developing programs that allow innovation while managing risk. Federico highlights the importance of educating leadership about where AI regulations actually apply, since many businesses overestimate their obligations, and he explains why clarity around high-risk systems is essential for reducing unnecessary fear and confusion.

Debbie and Federico also discuss future trends for global AI and privacy governance, including whether companies will eventually adopt unified enterprise frameworks rather than fragmented jurisdiction-specific practices. They explore how organizations can upskill their teams, embed governance into product development, and normalize AI as part of standard technology operations. Federico shares his vision for a world where professionals collaborate to advance best practices and help organizations embrace AI with confidence rather than hesitation.

In Episode 266 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks to Matthew Kay, Group Data Protection Officer at Shawbrook. Their discussion centers on pragmatic data protection, responsible governance, and the realities of advising organizations that are rapidly scaling or adopting emerging technologies. Matthew explains why trust building, timing, and understanding business context are essential for privacy professionals seeking to drive meaningful change.

Debbie and Matthew explore the challenges created by fast moving artificial intelligence adoption, including transparency gaps, organizational pressures to automate, and the difficulty of maintaining meaningful oversight as data processing grows more complex. Matthew describes how privacy professionals can enable innovation by identifying mitigations early, embedding privacy by design, and guiding business leaders toward safe, sustainable data use. They also discuss why effective data protection requires risk balancing rather than rigid absolutism, and how credibility and constructive engagement support long term compliance.

Their conversation concludes with a focus on the future of data management and the importance of ongoing stewardship. Matthew reflects on the parallels between data governance in everyday life and large corporate environments, emphasizing continuous organization, monitoring, and clarity of purpose. Debbie and Matthew highlight why global communities benefit from sharing best practices across jurisdictions and how pragmatic, human-centered governance helps strengthen trust and resilience in a rapidly evolving digital landscape.

In Episode 265 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks to James Robson, Data Protection Officer for the Labour Party in the United Kingdom. Together, they explore how public sector organizations and political entities navigate modern data protection challenges while balancing public trust, transparency, and societal benefit. Their conversation highlights why research data, safe data environments, and responsible access structures are increasingly essential for tackling complex social problems.

Debbie and James discuss the importance of privacy preserving data sharing for research and the practical realities of enabling societal value without compromising individual rights. James describes his work supporting research ecosystems, including the creation of secure data archives, the role of the Office for National Statistics, and how the United Kingdom’s “five safes” framework helps protect high risk datasets in controlled environments. They also examine the ethical considerations around using sensitive data to improve outcomes for vulnerable groups, and how organizations can design safe, centralized systems without sacrificing privacy.

In the final segment, Debbie and James reflect on the future of data minimization, trust, and governance. They consider how architectures that strictly limit data use could reshape long term privacy protections and discuss the human element required to steward data responsibly. Their conversation underscores the need for collaboration across government, research institutions, and technology teams to build trustworthy systems that support both privacy and public benefit.

In Episode 264 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Brintha Shanmugalingam, Data Governance Expert at Capgemini, about how organizations can reduce privacy risk and unlock innovation by managing data with more context, precision, and intelligence. They explore why traditional governance often restricts value by imposing blanket prohibitions, and how granular, attribute-level stewardship enables safe data usage without unnecessary barriers. Brintha explains how ontological modeling and knowledge graphs help maintain meaning, purpose, and control throughout the data life cycle, even as information moves across borders and functions.

Debbie and Brintha examine the growing importance of aligning privacy, compliance, security, business value, and technical feasibility to establish governance systems that empower rather than block decision makers. They discuss how identifying the specific sensitivity of each data element can prevent misuse while accelerating lawful sharing and innovation in areas such as AI and cross-regional analytics. The conversation also highlights the misconceptions organizations have about risk and why binary thinking about data exposure leads to lost opportunities.

Listeners will learn practical insights for improving data confidence and accountability, including understanding the contextual use of data, designing protections that evolve with business needs, and ensuring safeguards are embedded where work actually happens. This episode encourages leaders to rethink governance as a strategic capability that creates agility, trust, and measurable outcomes when executed with a smarter structure and a deeper understanding.

In Episode 263 of The Data Diva Talks Privacy Podcast, Debbie Reynolds, The Data Diva, talks with Karen Smiley, Founder and Owner of She Writes AI LLC, about the complex ethical questions emerging as artificial intelligence systems leverage vast amounts of creative and personal data without clear permission or accountability. They examine how rapid innovation is challenging legacy rules around copyright, content reuse, and compensation, especially for creators whose work fuels AI models without acknowledgment or benefit. Karen explains why opacity in data sourcing and AI training has created a critical trust gap that reflects deeper societal risks.

The conversation explores the hidden environmental and labor impacts that many users never see, including the enormous resources required to run large-scale systems and the human labor behind data annotation and content moderation. Debbie and Karen discuss how misinformation, inaccurate outputs, and a lack of transparency threaten both consumer well-being and global cyber resilience, revealing a growing disconnect between hype and ethical responsibility across industries rushing to adopt AI.

Listeners will hear how real awareness and education can empower individuals to ask harder questions, influence product choices, and demand systems that reflect fairness, safety, and truth. This episode highlights why companies must evolve from simply extracting value to earning user trust through ethical design, accountability, and consistent respect for the people who generate data and creativity that make AI possible.