Created with Sketch.
Data Privacy Detective
17 minutes | Aug 1, 2022
Episode 94 - Cryptography and Data Privacy
Cryptography comes from the ancient Greek word “cryptos,” meaning “hidden” or “secret.” Encryption is a cybersecurity pillar, a key defense against invasion of our privacy. But it may be underappreciated in practice. Tune in to learn about the growing need for encryption technology to combat the rising tide of cyber-attacks. A recent report by the Port of Los Angeles to the FBI indicated that it suffers from over one million cyber-attacks per day. Dan Draper, CEO and Founder of CipherStash, explains from his home in Sydney, Australia the role of cryptography in protecting sensitive personal and other information. Dan’s company provides a data storage platform for sensitive data that uses searchable encryption technology to protect against attacks. Dan discusses how encryption protects personal data and how traditional databases are vulnerable to hacking and other risks. Learn why cryptography is becoming increasingly crucial in guarding data privacy and why Dan is optimistic about the use of encryption even as the age of quantum computing dawns. If you have ideas for more interviews or stories, please email email@example.com.
24 minutes | Jul 29, 2022
Episode 93 - 5G and Data Privacy
5G is the buzzword for the new generation of mobile networking. It brings blazing speed to digital communication. With that comes concern about the impact on our privacy. 5G speeds up data sharing – the good, the bad, the annoying, the criminal. With the emergence of the Edge linking devices and data infrastructure (DPD podcast 90), 5G shares information in virtual real-time about your health, your highway speed, your browsing and entertainment, your choices in a grocery store, and your location. In equally instant time, this data will be shared by a growing number of companies and people watching and listening to us (known and unknown), who will turn the information into benefits for themselves and risks for your privacy. National security is also at stake. Criminal elements will exploit the benefits, along with governments foreign and domestic. Explore in this episode the intersection of 5G and personal information. What does 5G mean for data privacy and what can the U.S. Government do to address the national security risks? Our tour guide is Sohan Dasgupta, former Deputy General Counsel of the U.S. Department of Homeland Security and a leading data privacy expert, an attorney with Frost Brown Todd LLC’s Washington, D.C. office. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
22 minutes | Jul 17, 2022
Episode 92 - TikTok and Data Privacy
TikTok built a global platform sharing short videos of wild and wonderful doings of people, animals, and things. It is the first Chinese-owned company to create a global base of more than a billion users. What are the risks to personal data privacy from TikTok? How can regular users and influencers protect their personal privacy while using TikTok? How different are the TikTok risks from those of other social media companies that are not owned in part by the Chinese Government? Our guest is Ben Kunde, a Certified Fraud Examiner who leads the international investigations practice at Interfor. Starting with a tragic story about a 13-year-old girl who amassed a million fans that included a demented stalker, Ben discusses prudent privacy measures individuals can take to enjoy a platform’s offerings without needlessly sharing personal data. We also consider controls a country can take when a foreign-owned media giant creates risks to minors and others and what reasonable measures can apply in a world of global data and commerce. If you have ideas for more interviews or stories, please email email@example.com.
18 minutes | Jul 6, 2022
Episode 91 - Data Privacy and Abortion
With the reversal of Roe v. Wade by the U.S. Supreme Court, data privacy becomes a more important issue than ever. This podcast considers how highly personal, sensitive information about the period between conception and birth is shared and used, how prosecutors obtain and use digital evidence, how private parties obtain information about women considering their options. Learn how individuals can protect their digital healthcare data against unwanted future use by third parties. Consider how a person can safeguard thoughts, considerations, and decisions about intimate personal matters, including the consequences of pregnancy termination. In the uncertainty of what individual states will impose on women’s healthcare and decisions, understand what steps one can take to protect personal digital privacy. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
27 minutes | Jun 14, 2022
Episode 90 - The Edge and Personal Data Privacy
Protecting and using personal information has focused on computer and software technology. With the Internet of Things (IoT), the Edge has arrived – the place where devices and traditional data infrastructure connect. Niranjan Maka takes us on a tour of the Edge and explains what it means to enterprises and individuals and the risks the Edge creates for us all. Niranjan heads SmartHub.ai, Enterprise IoT Platform | Smarthub.ai, an Edge company spun out from VMware, focused on bringing AI/ML powered management and monitoring to IoT/Edge devices. Our physical presence is replete with siloed millions of devices and sensors that collect, process, and share our personal information and enterprise data. As a veteran holding leadership positions at companies like RSA Security, Niranjan explains how we must become aware of the devices and sensors that are constantly with us and how the Edge changes how enterprises and individuals manage data and affect how our personal information is gathered and used. Tune in for an introduction to the Edge. Learn what enterprises and individuals can do about it, both to manage well in the IoT age and to protect our personal information. If you have ideas for more interviews or stories, please email email@example.com.
26 minutes | Jun 10, 2022
Episode 89 - Restaurants and Personal Data Privacy
What’s at stake as Congress considers a national data privacy law? The National Restaurant Association is the U.S.’ leading trade association for the restaurant and foodservice industry, representing thousands of members from the largest chain to solo providers. Brennan Duckett, its Director of Technology and Innovation Policy, discusses the key issues for the restaurant industry as Congress debates whether to adopt a national data privacy law. The “Three Corners Bill” recently introduced with bipartisan and bicameral support endorses substantial federal preemption of state law and a limited private right of action for substantial and individualized harm. How does a major industry see this proposal, and what are the changes needed before it is enacted? Our personal data is shared when we order, pay for, and receive a meal. Restaurants and food service companies can be both data controllers and data processors. They interact with other companies that are data processors and controllers. Tune in to this podcast to explore the issues the restaurant industry sees as important as Congress seeks a national approach to data privacy. These issues include private rights of action, loyalty programs, and harmonization of data privacy laws rather than the patchwork and confusing current state-by-state approach. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
16 minutes | May 22, 2022
Episode 88 - India’s Six-Hour Deadline to Report Cyberattacks to Government
Through a new cybersecurity regulation, businesses in India will have six hours to report cyberattacks to the government, pursuant to a regulation that comes into force at the end of June 2022. On April 28, 2022, the Indian Computer Emergency Response Team – CERT – part of the Ministry of Electronics and Information Technology, announced regulations that include the world’s most time-sensitive deadline for reporting cyber incidents to the government. Stephen Mathias, head of the Technology Law Practice at the premier Indian law firm Kochhar & Co., presents the substance, challenges, and ambiguities of this pioneering effort. The regulation covers cyberattacks regardless of whether personal data is involved. In comparison to other global reporting requirements (such as GDPR’s 72-hour deadline for reporting breaches of personal data), the 6-hour deadline is daunting and perhaps unworkable. Wording covers attacks even if not successful, in effect requiring Indian businesses to report in real-time the stream of all cyber-attacks that occur daily. Global businesses rely on India’s strong tech industry for data processing. The regulation will challenge all Indian legal entities and any business with Indian connections to act quickly to assess the regulation’s impact before July 2022. Both civil and criminal enforcement can result from failing to report a broad array of cyber incidents. This podcast will help you understand the impact of the new Indian regulation and what it means to global business and data protection. If you have ideas for more interviews or stories, please email email@example.com.
17 minutes | May 16, 2022
Episode 87 - Japan’s Data Privacy Approach
12 minutes | Apr 25, 2022
Episode 86 - Blockchain and Privacy - The First Imposition of U.S. Sanctions
Blockchain. Does it protect personal privacy? Is it a tool that can evade the law? How should we think about the relationship between blockchain technology and individual privacy? In this first of a series of podcast episodes about blockchain and privacy, we turn our spotlight on the first use of U.S. Government sanctions against a cryptocurrency mining company. On April 20, 2022, the U.S. sanctioned the Russian-Swiss Bitriver conglomerate, as part of its response to Russia’s 2022 invasion of Ukraine. Consider how blockchain and privacy interact and what it means for the future of this technology, the use of cryptocurrency, and the ongoing contest between government and personal privacy. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
17 minutes | Mar 31, 2022
Episode 85 - Japan’s New Data Privacy Act, 4 Key Developments
Japan’s Act on the Protection of Personal Information (APPI) becomes effective on April 1, 2022. The APPI strengthens the country’s comprehensive personal data privacy code and affects all businesses that collect or process personal information of Japanese residents. Yugo Nagashima of Frost Brown Todd LLC explores four key developments that affect global business: 1. “Person Related Information” – a new category of data – with consent required to transfer such data to a person related information handler. 2. Extra-Territorial Reach – Instead of an adequacy approach (like the EU), Japan requires a business that will handle Japanese personal information outside Japan to have the consent of those persons after a clear description of the data privacy laws of the foreign jurisdiction. 3. Data Breach Notification – A two-step notification process is mandatory for data breaches, with a low threshold of 1,000 persons triggering a mandatory notification. 4. Pseudonymous Information – Specific definition of pseudonymized data and exemption from data breach notification when pseudonymous data has been hacked. If you have ideas for more interviews or stories, please email email@example.com.
19 minutes | Mar 21, 2022
Episode 84 - The Role of EU Data Protection Officers
The data protection laws of the European Union require many European and other companies holding or processing personal information of EU residents to appoint a Data Protection Officer – a DPO. This role creates a triangle of DPO duties – with responsibilities to the individuals whose personal information is at stake, to the company the DPO serves, and to the Data Protection Authorities who enforce GDPR. Marie Penot provides outsourced DPO services to companies in German, French, and English from her own German consultancy. We explore with her the working life of an outsourced DPO. Learn how companies benefit from the independent role of a DPO regarding EU residents’ personal data. Explore advantages and disadvantages of an outsourced DPO instead of one appointed internally. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
22 minutes | Feb 17, 2022
Episode 83 - Ethical Hacking and Data System Assessments
Hacking – it gets a bad rap. For good reason. It’s associated with bad actors who infiltrate an IT system and steal organizational and personal information for criminal purposes. But hacking is simply an activity. Ethical hacking is a means for companies and people to test their data systems and avoid bad actors from getting into them. Ethical hacking is a tool to protect data by upgrading defenses. André Sollner is Global CFO of wizlynx group, a global ethical hacking and penetration testing provider. André holds numerous certifications over a 20+-year career in cybersecurity, including that of Certified Data Privacy Solutions Engineer. He is our tour guide for how a system assessment is conducted in five phases, from understanding and mapping an IT system and all points of entry, to a final assessment and report after the system is ethically attacked. This podcast episode will inform you about preventive system assessments that can fortify defenses against data theft, ransomware attacks, and other data disasters. We discuss the range of personal information commonly found in company databases and key weaknesses in IT systems. You will get top tips for both organizational and personal data privacy protection. If you have ideas for more interviews or stories, please email email@example.com.
19 minutes | Feb 11, 2022
Episode 82 - India’s Imminent Data Privacy Law
India is about to enact a far-reaching Data Privacy Law. Expected to be passed by April 2022 and in force as early as 1st quarter 2023, it represents a far-reaching comprehensive approach based on but extending beyond the model of European Union’s GDPR. It would govern not only personal information but how non-personal data is collected and processed across borders. The bill would force global companies that gather and use data of Indian residents – or that have personal data of non-Indian persons processed by India’s stellar offshoring/outsourcing industry – to reconsider existing privacy policies and procedures. By including non-personal data and introducing measures of data localization, India’s novel approach would represent perhaps the most onerous and strict national policy about data collection, storage, and use. Join this excursion to India, guided by Stephen Mathias, head of the Technology Law Practice at Kochhar & Co. (https://kochhar.com), one of India’s premier multi-city law firms. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
17 minutes | Jan 28, 2022
Episode 81 - Quantum Computing and Data Privacy Does a Privacy Apocalypse Draw Near?
Quantum computing – some view its emergence as heralding the end of data privacy. It threatens to penetrate encryption used in conventional computing to give hackers ready access to digital data. What will quantum computing mean for our privacy and the digital world? And what can we do to defend against its perils? Our guest is Ken Morris, CEO of KnectIQ, a company that provides beyond military grade identity, authentication, access, and data protection solutions for highly sensitive environments. KnectIQ: ZeroTrust based identity, access & data protection. Explore the meaning of quantum computing - its promise, timing, and limitations, as well as the defenses against attackers who will harness it to steal and misuse our data. Learn the two schools of thought about defenses to data theft when quantum computing empowers bad actors as never before. This podcast will force you to rethink cryptography as the sole defense against data loss. Learn how we can better protect data by dealing directly with the infrastructure of data storage and transfer and eliminating the fundamental problem. Tune in for an introduction to the coming age of quantum computing and how individuals, businesses and governments can protect personal and other data from misappropriation. If you have ideas for more interviews or stories, please email email@example.com.
23 minutes | Jan 24, 2022
Episode 80 - Backup and Privacy
Backup – what does it have to do with protecting data privacy? And how does a backup service work? What should businesses and individuals know about backing up their digital data? On one hand, a backup of data provides a second target for data thieves. Not properly handled, backups can increase privacy risks. But without a backup of data, it can be lost and subject to exfiltration by thieves who steal or freeze the data held by businesses and government, the prime targets of ransomware criminals. This podcast explores the world of backup with W. Curtis Preston, sometimes referred to as Mr. Backup. Host of the podcast series “Restore It All,” author of books, veteran of the data backup business, and Chief Technical Evangelist for Druva (www.druva.com), our guest will take you on a tour of a business and service little understood but vital for protecting and recovering data in case of loss. Learn the meaning and importance in tech field lingo of “regular expressions” and “immutability.” Consider how backup services can inform businesses about protecting sensitive data better, beyond their role in resiliency and providing prompt access to data streams that are lost or stolen. And get tips about how individuals can consider the role of backup for their own personal data. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
14 minutes | Jan 14, 2022
Episode 79 - Data Localization - The Case of Taiwan
Taiwan occupies a unique geopolitical position – with a substantial population and robust economy, it lacks formal diplomatic recognition by most countries and is considered by the People’s Republic to be rightfully part of it. Taiwan has its own system and laws. How does it approach personal data flows beyond its borders? Taiwan has a comprehensive personal data privacy law with a GDPR-similar approach. It provides more flexibility than the EU in how Taiwanese personal information is collected and processed. There is no express extraterritorial reach to its law. But Taiwan businesses must comply with rules on handling data they collect and can be held criminally and civilly liable for exporting data that infringes Taiwan principles. There are statutory exceptions to the relatively free ability for cross-border sharing and processing of personal data. Taiwan’s financial regulator requires financial institutions to obtain consent for the export of personal financial data. Taiwan prohibits its telecommunications and broadcast companies from storing subscriber data in the People’s Republic of China. Taiwan uses sectoral exceptions to address particularly sensitive security concerns. This podcast episode explores the unique position of Taiwan on our continuing global tour with Yugo Nagashima about how data localization is practiced. If you have ideas for more interviews or stories, please email email@example.com.
17 minutes | Jan 5, 2022
Episode 78 - Data Localization - The Case of Turkey
Turkey is the first 2022 stop on our global tour about data localization. What is Turkey’s approach to cross-border transfers of personal data about its citizens and residents? Turkey’s Law on Protection of Personal Data is comprehensive and like the European Union’s former Data Protection Directive, though it differs in some respects. Data localization is not part of this existing Turkish law. Instead, Turkey takes a sectoral approach to cross-border collection and processing of personal data of its residents. Turkish banks must collect and store Turkish customer data within Turkey. Data localizations requirements apply to payment and electronic money institutions, forcing companies like Paypal or Venmo to locate a payment system within Turkey and to comply with Turkish data privacy regulations. Social media providers must register with and report every six months to Turkish authorities about Turkish social media users. In August 2021, the Turkish Data Protection Authority (KVKK) proposed to amend Turkish law to permit cross-border data transfers if it issues an adequacy decision about another country. But unlike GDPR, the amendment would require the foreign country to be reciprocal in its data privacy laws, a unique approach that extends beyond adequacy. If adopted, the KVKK approach would encourage multinational companies to use Turkish-based servers and a Turkish subsidiary to have broad access to the Turkish market but would allow flexibility through binding corporate rules and notifying the Turkish authorities of a standard undertaking. Tune in to Episode 78 to learn how and why Turkey may be aligning with evolving European standards instead of more authoritarian and protectionist rules evident in China, Russia, and India. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
16 minutes | Dec 27, 2021
Episode 77 - Data Localization - The Case of Singapore
The Data Privacy Detectives turns his data localization spotlight on the island nation of Singapore. With a per capita income of 64% higher than the United Kingdom’s and a free-market economy that depends on global trade and commerce, Singapore takes a very different approach from China, Russia, India, and other countries that strive to localize their residents’ personal information. Singapore’s Personal Data Protection Act (2012) provides a comprehensive set of rules protecting the personal information of its residents. Like GDPR in scope, it differs in its flexible approach to balancing privacy and national security protections. In 2020 Singapore’s Monetary Authority and the U.S. Treasury issued a joint statement opposing data localization requirements, calling them a risk to cybersecurity and economic growth. They called instead for data mobility in financial services as a spur to innovative services and economic growth and as a more effective approach to risk management and cross-border compliance. Singapore's broad privacy protection rules allow flexibility for businesses to comply, a model that U.S. regulators may wish to study as alternatives to data fencing or rigid regulation. In February 2021 Singapore’s Privacy Data Protection Commission published a guide of model clauses for processors to follow, regardless of where they are based and not requiring that a Singapore server be the data custodian. The island’s embrace of regional multinational compacts (Asia Pacific Cooperation Cross-Border Privacy Rules and Asia Pacific Economic Cooperation Privacy Recognition for Processors) offers a regional model different from China’s data nationalism. If you have ideas for more interviews or stories, please email email@example.com.
13 minutes | Dec 6, 2021
Episode 76 - Data Localization - The Case of Australia
Our prior podcast episodes detailed how China, Russia, and to a lesser extent India have created barriers to the free flow of personal information across borders. Data localization, sometimes called data nationalization, is the practice of governments to restrict or regulate closely how personal information of their citizens can be collected or shared outside a country. This podcast episode looks at how Australia, a free-market country, is handling personal data transfers. Australia has no broad data localization requirements. But it restricts the export of medical information about its residents. Electronic health records with personally identifiable information cannot be transferred or processed outside Australia. Australia’s Privacy Act, an early national data privacy law (1988), is comprehensive and different from GDPR. Collecting personal information is possible only if “reasonably necessary,” so does not require express consent. But Australia is protective of its citizens’ privacy interests. A 2021 order of Australia’s regulator against Clearview ordered it to cease collection of facial biometrics and destroy existing images of Australian citizens. Clearview argued with no success that the images were publicly available (and so did not constitute personally protected data) and that Clearview is a U.S. company with no establishment in Australia. If a free-market oriented country like Australia engages in data localization and the extraterritorial reach of its laws, what does this mean for the internet, global data business, and the privacy of people? Tune into this discussion in our fourth episode about data localization. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
12 minutes | Nov 9, 2021
Episode 75 - Data Localization - The Case of Russia
We turn to Russia in our data localization series. Russia’s 2015 personal data protection law requires “data operators” to collect and keep information about Russian residents within Russia. It forces them to keep personal data about its citizens on a Russian located server, which must at all times keep at least as much data as is kept on a company’s servers outside Russia. This law resulted in LinkedIn’s being blocked from the Russian internet in 2016 for failing to do this. In 2019 Russia expanded the authority of its regulator, Roskomnadzor, to levy fines instead of being limited to blocking for violations. While the fines are modest in amount, this lets regulators allow popular sites into Russia while insisting on data localization Russian style. In July 2021, Russia began requiring giant social media companies to establish a Russian presence to connect with Russian citizens. It’s believed that more than 600 foreign companies have registered with Russian authorities to participate in the Russian market and comply with Russian data laws. These include giants such as Microsoft, Apple, and Samsung. If they fail to comply with Russian law regarding the data of Russian citizens, they can face advertising bans or blocking of access. Russia’s approach lies between the stricter regimen of China and the globally open approach of the United States. Russia’s Government would argue that its laws are there to protect Russian citizens from data abuse by foreign companies. But tech protectionism and Russian sovereignty over its citizens’ internet use are also at work. Podcast Episode 75 asks what Russia’s data localization means for the original internet dream of communications and commerce across borders. Tune in for the conversation. If you have ideas for more interviews or stories, please email email@example.com.
Terms of Service
Do Not Sell My Personal Information
© Stitcher 2022