Daniel B. Rosenzweig is the Founder and Principal Attorney at DBR Data Privacy Solutions, a boutique data privacy law firm. He advises clients on legal and technical compliance with data protection and privacy laws and counsels clients on the responsible use of AI, AdTech, and privacy-enhancing technologies. Dan’s legal practice is unique in that he also codes and develops technical solutions to enhance his legal services.

As the AdTech landscape evolves, companies are facing new challenges with cookie alternatives like server-side technologies and alternative IDs. While these new tools offer improved targeting capabilities, they also bring risk, especially when it comes to managing opt-outs and tracking user consent. To preserve consumer trust and drive revenue, businesses need to fully understand how these advanced technologies work while adhering to applicable privacy laws. So, how can companies stay compliant while leveraging these technologies?

Adopting alternative IDs, advanced matching, and server-side technologies offers new opportunities for businesses to enhance targeting while maintaining consumer trust. Still, companies need to carefully assess the risks and ensure proper implementation. Establishing a proper governance process, conducting regular audits and testing, maintaining transparency in privacy notices, and avoiding dark patterns are crucial steps for regulatory compliance and protecting consumer privacy.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels chat with Daniel Rosenzweig, Founder and Principal Attorney at DBR Data Privacy Solutions, about the challenges of balancing data privacy with AdTech solutions. Dan explains how businesses can implement these technologies without sacrificing consumer privacy by effectively managing consent platforms, auditing and testing technologies, and ensuring transparent data practices that align with regulations. He also emphasizes the importance of regular collaboration between legal, marketing, and technical teams to stay compliant with evolving regulations.

Rob Black is the Founder of Fractional CISO and has guided numerous companies in enhancing their security postures. With extensive experience in product and corporate security roles at prominent companies like PTC, Axeda, and RSA Security, Rob is recognized as a trusted authority in risk management and cybersecurity innovation.

As companies face increasing pressure to meet security and compliance demands, many are turning to AI to enhance their governance, risk, and compliance programs. Tools like ChatGPT and Claude can streamline processes such as summarizing reports and generating responses to security questionnaires. While these tools can improve efficiency, they can also produce inaccuracies, underscoring the importance of human oversight. How can companies use AI responsibly to enhance these programs?

AI tools can save security teams a ton of time, but they’re not reliable enough to replace human oversight. This means that companies need to establish clear guidelines and governance frameworks on AI usage to protect sensitive information and mitigate risks. By integrating these strategies, companies can build more resilient and compliant programs.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Rob Black, the Founder of Fractional CISO, about integrating AI into governance, risk, and compliance programs. Rob explores the benefits and risks of utilizing AI in these programs, emphasizing the need to blend AI with human oversight. He also emphasizes the need for companies to have a security-first mindset when implementing AI tools to reduce risk and ensure long-term success.

Arsen Kourinian is a Partner in Mayer Brown’s AI Governance and Cybersecurity & Data Privacy practices. He advises clients on data privacy and AI laws and frameworks. Arsen has published numerous articles regarding nuanced issues in these fields, including a forthcoming book entitled Implementing a Global Artificial Intelligence Governance Program.

The growing number of global and state privacy laws and AI regulations is prompting companies to integrate fundamental frameworks into their AI governance programs. While the US lacks a comprehensive federal AI law, states like Colorado have begun implementing AI regulations that could serve as a model for future state-level standards. With seemingly fragmented regulations, how can companies effectively develop an AI governance program?

A multi-regulatory approach to AI governance can be challenging for companies to navigate with regulations like the EU AI Act, Colorado's Artificial Intelligence Act, and international standards like ISO and NIST. While the regulatory landscape is patchy, harmonizing across various regulations and frameworks can help companies meet compliance obligations and reduce risk. This includes forming an AI governance committee, implementing a data governance plan, conducting risk assessments, documenting accountability with policies and procedures, and continuous monitoring and oversight of AI vendors.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Arsen Kourinian, Partner at Mayer Brown, about developing an AI governance program amid emerging global and state regulations. Arsen emphasizes incorporating key components and frameworks from various laws to develop AI governance programs. He also delves into the departments that assume responsibility for these programs and offers guidance on completing AI impact assessments, highlighting the importance of risk mitigation and understanding practical harms.