Episode 01: The Speed of Innovation | On Your Radar Podcast
Hello experts! In the first episode of On Your Radar, Judy sat down with privacy and compliance thought leader Jodi Daniels to talk about what she expects from regulations in 2024 and what technology trends organizations should keep an eye on to maintain compliance in the new year.
The Speed of Innovation
Judy: Hello, and welcome to On Your Radar. I’m your host, Judy Titera. Whether you’re a privacy, security, compliance, or risk professional, we can all relate to the challenges of trying to keep on top of the rapidly evolving operational, regulatory, and technology changes. We can easily become overwhelmed if we’re not focused on the right things.
In this show, I have invited privacy professionals. To understand what keeps them up at night, what excites them in the privacy sector and what’s on their radar. Today, we’re speaking with Jodi Daniels, who is the founder and CEO of Red Clover Advisors. A privacy consultancy that simplifies data privacy compliance, helps companies build trust with customers and serves as the outsource privacy officer for organizations.
Jodi is a national keynote speaker, co-host of the top ranked She Said Privacy, He Said Security podcast, and co-author of the Wall Street Journal and USA Today bestselling book, Data Imagined, Building Trust One Byte. B-Y-T-E at a time. Jodi, I am thrilled to have you with me today for our 2024 kickoff as my first guest on this podcast.
I couldn’t ask for a better guest to get us going because I’m a big fan of your podcast that you co-host with your husband. And I often rely on your resources to keep me focused on what’s on my radar. So welcome.
Jodi: Well, hello, and I’m so excited to be the first guest. What a wonderful honor and privilege.
Judy: Yeah. Thanks for, thanks for being here. So just, you know, to jump right in, as I said, the resources that you provide, if anyone who’s listening right now, if you’re looking for great privacy resources is, Jodi’s website, great resources that she has out there, webinars, resources.
Today we’re going to be talking about her 2024 privacy program to do checklist, which, which is outstanding, right? It gives really good information. If you’re trying to figure out what should be on your radar, that’s the place to go. So Jodi, Jodi, talk to me about this. I mean, I just think it’s outstanding and amazing that you’re.
Providing these resources, for free to anyone who needs to see them. So thank you.
Jodi: Well, thank you. So redcloveradvisors.com will get you all the privacy things that you ever wanted but we, you know, privacy is confusing and there’s a lot of information that people are trying to figure out whether you’re an organization and you are the part time voluntold or volunteered privacy person to the large organization where you have a plethora of privacy professionals.
There’s still just a significant amount of information that you have to sort. Through and identify. What are you going to be able to accomplish on your organization? And as a result, I love education. I love teaching. I like to make things simple and we would just really feel that if we can package it up in a way that makes sense to Privacy professionals and to help their organization move some part of their privacy program in a forward direction, then that’s a good thing for the overall universe for the company and for those people.
And as a result, we have this 2024 checklist. We’ve been doing it every year. So now we’re up to 2024, we started it years ago, and it’s meant to be a, you know, it’s not a page of just here’s the 10 things you have to do, it’s, I think you even counted this year, it’s 15 plus different areas, it’s multiple steps within each one.
There’s only so much we can put in, we probably could write a whole another book of everything to do, right? But it’s really meant to be the specific areas we feel are the core parts of a privacy program, Kind of tied to what you might want to focus on this year. It does build on the prior years. If you pick it up today, it’s not going to list everything that you needed to cover for CCPA in California or for GDPR years before.
It’s going to focus on what are the new special laws. that we get to contend with this year.
Judy: Fantastic. So with that, in that report, if you had to say what’s on your radar if you were building, if you’re a privacy officer of an organization right now, 15 has a great amount of things, but what are the main things that are on your radar for 2024?
What’s On Your Radar?
Jodi: The big one, I don’t think has ever changed. And if you listen to our podcast, Justin will always say he wants his t shirt with the hashtag, know your data one day, I’m really going to make them. It is so important because I firmly believe that the heart of a privacy program is the data inventory and understanding it because.
Understanding how you’re collecting, using, and storing data fuels what you’re writing on your internal and external privacy notices. Then it helps you determine what you can and can’t or should or shouldn’t be using with data. Can I share it? Can I not? Should I? Should I not? What about individual rights?
How do you actually process them? When is a privacy impact assessment necessary? Well, I can give you what the regulators have hinted at when they want it for some laws, they are specific. However, you really need to understand what you’re actually doing in your organization to determine when to do a privacy impact assessment.
And the list just keeps going on. As a result, I think a data inventory is something that many companies start and then think they’re done. I got it. I’m, I hooked up my system. I picked my favorite software. I did that massive Excel spreadsheet. I’ve seen them all. Large or small, and then they put pencils down.
And instead, it actually needs to be something that is reviewed every single year, because like I said, all those other parts of a privacy program, which are really coming from privacy laws, you need to understand what’s actually happening with the data.
Judy: Yeah, those are great tips. So starting with the basics, understand the foundation.
So as you’re seeing new laws, I mean, there we have, you have a great list of all the laws that are current, what we’re looking in 24 and into 25 and beyond. What are you anticipating for this year? Do you think we’re going to be seeing additional laws coming through? Are we going to level out?
New and Relevant State Privacy Regulations
Jodi: I do.
I do think we’re going to have more. I mean, as a little bit of a recap, we had it. We had sort of the modern privacy law era, I’m going to call it, GDPR in 2018, from an effective date standpoint. Then we had California become effective in 2020. Very quickly, we then had Virginia, Colorado, Connecticut, and Utah by the end of 2023.
And then in 2023 we had seven laws pass at a comprehensive state level, then we had Washington and a variety of kind of very narrow other laws. That’s a lot. That’s a massive jump for what took years to get there. My, you know, Jodi crystal ball, I think it’s going to be seven to 10 more this year. That’s Jodi’s crystal ball.
Judy: One of the things I’m seeing is the states are having shorter implementation dates. Yes. Have you noticed that and any thoughts on that?
Jodi: I have, well, you know, and I also think in some ways that makes sense because most companies are having to already comply with privacy laws and many of the states are, who are coming on the scene now are taking what they’ve identified in other states.
Sometimes they’re copying the state, sometimes they’re blending the states, whatever works for them. And as a result, most companies likely already had to deal with. The privacy laws in some variety and other places, not everybody, but a lot of them. And so as a result, I think their view is, well, you probably already had to deal with this to get ready for our state.
It is a lift, but maybe not as huge of a lift as it was when California first came on the scene. I also think it’s just such an important piece that their view is, I don’t want to give you a multi-year approach because this is just too important. And the technology is moving so quickly and how companies are using it.
And as a result, we’re going to make you do it now, or fairly now, what seems like now. I guess you get a little bit of window, a little time.
Judy: Right. So on our radars, right, we should be watching that, but also knowing as we, again, we build out our foundation. we should be able to build that thinking, forward thinking, of other laws that, that could be coming and how we can be flexible and make sure we’re developing our policies, our notices, to be flexible for additional laws that might be coming.
Jodi: Judy, that’s a really good point. I think so many organizations focus on here’s the law, here’s my requirements, and we have this conversation internally all the time. you have all these states and sometimes the nuances are. a little, they’re just, just word tweaks. Even the definitions aren’t exactly the same.
And at the same time, I have companies who will say, well, why am I going to really treat Jodi and Georgia who has no rights, by the way, anyone listening in Georgia, feel free to emphasize. We should have a lot to, but right now Jodi and Georgia has nothing. So why should we really treat Jodi differently?
Sometimes operationally speaking, that’s actually just as hard, if not harder to separate out. Because you don’t always know where the individual is from. Now I have to ask more information. And many companies are moving towards, I’m just going to treat everybody the same. Which means as a new law comes on, you have to be able to really build the base.
And be able to understand just the difference. That you have to add to it, which is why I go back to know your data, because if you have this in place, all the other requirements will be smaller lifts. And it’s much more of a maintenance ongoing type of scenario than a massive new implementation. It’s kind of similar in my mind to HR laws, right? We have HR laws in 50 states. We have HR law nationally, and we have them sometimes at individual locations. Most companies will build basic HR programs and then just have to tweak and say, Oh, this state gets this extra little special policy. But for the majority, we already had. Most of what we needed covered.
We just needed this extra little part. I think privacy is moving in the same direction.
Judy: Yep. Great point. So we have our foundation. We were watching new laws. We’re building for that future. then we have, we have the innovation, we have AI coming, we have marketing, we have a lot of different things going on.
What are things that, are. those listening in should be thinking about, as we’re moving into 2024 this year.
2024 Privacy Predictions
Jodi: Well, if AI was the word of 2023, it’s still going to be the word of 2024. I think it’s very hard to have a conversation without it. And what’s really fascinating is talking to so many companies.
The privacy teams are really being tasked with AI and understanding it. Now, all the risks are not only privacy risks. A substantial amount when it comes to personal data and the idea of AI is utilizing data while you’re either utilizing personal information, confidential or company information, or truly public, completely out there information.
Then you get into, you know, potentially IP and other things. If we stay in our little personal data universe and privacy, those are definitely going to be areas that privacy programs want to evolve to. And how are you going to be able to include? New innovations and technologies, whether it be AI or, you know, hardware and software, I think remote teams and global organizations, the idea of cross border movement is still going to be here and prevalent.
So for me, those are going to be the, the two big ones. And actually to me, the third is probably just maintaining this privacy program because we have five privacy laws effective. By the time we’re starting 2024, we have many new laws coming into effect, and we anticipate, as we just discussed, even more getting passed.
And that’s just in the United States. Let’s not forget about Quebec, law 25. Let’s not forget about everything that’s happening globally, plus the speed of innovation. This is very much a build a program. and move that forward as opposed to little pieces that I’m going to try and band aid all together. We all know if you’ve ever talked to an IT organization that has been around for a long time and they band aided the systems, it doesn’t work.
It all comes crashing down. And then it’s much more expensive to fix. We have an opportunity to build something from scratch, which I think is exciting and exhilarating. And you can build it correct from day one by knowing your data, by knowing your data and right, having the right policies in place and the right steps along the way, right?
The Opportunity in AI
Think about an organization. Should I use AI? Should I not? Well, what are the questions that should be discussed? Who’s going to make those decisions? There’s a variety of steps involved. That’s a brand new opportunity for an organization to set the rules at the beginning. Versus everyone is the Wild Wild West and then you have to try and rein everybody in.
That doesn’t work. AI, much like the privacy programs, clean slate, brand new opportunity, and you can build it right from the beginning.
Judy: Great advice. Now I, again, for, for those who listen, the, the 2024 privacy program to do list provides an overview of, you know, 15 different areas plus, that we can look at and say, what should we be focusing on, whether your organization is just getting started, or if you’ve been working on your program and you need to sustain that information.
What I heard from Jodi today is know your data. And continue to know your data, even if you knew where it was yesterday, where is it tomorrow, make sure you’re keeping your policies updated, make sure that you’re watching new laws, privacy notices updated. So really, really great information. Jodi, we’re really ready running out of time.
To, you know, really wrap this up. So I wanted to ask you, I want to switch gears just a little bit. And, and it asks you, you, you have so much knowledge on privacy. You’ve been in this field for, for a long time. And I always, you know, always like to wonder, you know, question, like number one, either how you got into privacy or was, you know, there wasn’t privacy.
Degrees back when we started off. Right? So what was where did you think that you would have gone when you were maybe in college? What was your career? What were you looking at? And then how did you end up in privacy? So love to hear about that.
A Career in Privacy
Jodi: I definitely did not think I would be in privacy. It’s not even a word that I really understood. In college, I ended up as an accounting major and followed what you do with an accounting major degree. You go and work for one of the big four. I was a financial statement auditor and it was a wonderful experience. I worked for Deloitte, really loved the firm, just didn’t really like accounting.
Actually, it was, if anyone listening remembers the, the big Enron debacle, that was when I had to account for FAS 142 and 141. Those are big, fancy accounting terms, and I said, I’m done. And, and as a result, I ended up doing financial statement controls, which was actually the Sarbanes Oxley work that came out of the Enron fall.
I went to a large organization and, implemented that from the ground up. So it was financial statement controls, which is kind of funny, because now I’m doing data controls. Similar things, not a different area. But then I went into strategy and really enjoyed kind of the strategic corporate strategy work.
I did that at two large organizations, also went back, got my MBA. So kind of the idea of always learning is really important to me. And when I did that strategic work, I followed one of my projects at a large media organization and went into targeted advertising. So before Facebook was targeting you for everything under the sun, I helped create that you, You know, at the organization I was at.
So I stalked you for cars, basically, before Facebook did. Trying to encourage you to buy whatever kind of car someone was trying to do. But out of that came some privacy pieces. The, Digital Advertising Alliance formed to try and prevent government legislation, and making sure we were complying with that was a part of my job.
I found that really interesting, dug into it even further, and decided that was something that I thought might be a good next step. The company I was at, we had a lot of We were acquiring many companies and as a result, massive piles of data, people trying to do interesting things, really complex questions.
I raised my hand and convinced them to let me be the privacy pioneer, and so I created the privacy program there. From then, went on to a large financial organization and really was able to see from. Not having a privacy program to a very mature privacy program and seeing everything kind of in between really enjoyed that experience and then left six and a half years ago to start Red Clover to be able to take all that knowledge, all the business and all the privacy knowledge to help organizations.
Grapple with the next alphabet soup of privacy acronyms along the way. It’s just continuous learning because we are on this roller coaster of new laws being implemented. They have similar themes, but it’s about really identifying what are those themes and how does it apply to the business? And I think honestly, the business background that I have, we try and come not just from here’s the law and here’s the requirement, but here’s how it works in your business, because this is what your business is all about.
And where does this fit within that universe? Fantastic.
Judy: That’s great. Great story. So one last question. So what’s on your radar for privacy above, like in the next 5, 10 years, the future of privacy?
Where Do You See Privacy in the Future?
Jodi: What’s on your radar? Oh, the future of privacy. Well, I hope that the future of privacy is that privacy gets a invited seat at the table and people think of it just like they do any project now.
No one ever. Doesn’t ask how much does something cost and no one ever forgets. Oh, there could be some people or some technology to go along with it. I want privacy to be there. I think it’s going to be a fast and furious ride the next couple of years with the volume of laws that are going to come in and companies realizing that they have to actually take it seriously, which will then have it be at a compliance level.
And the shift from compliance to just mainstream will come, I think, right after that. You’ll have some early adopters, of course. The majority of companies, I think it’s going to take the compliance level and then we’re going to jump. And I think AI is going to help make all of that much, much faster.
Companies are trying to figure out how to make it work. You’re going to have some examples of companies doing it completely wrong. And then other organizations saying, Nope, I don’t want to be that news headline and deciding, I guess I have to take this pretty seriously.
Judy: Fantastic. Well, this has just been a wonderful discussion.
This time just went so fast. But thank you so much, Jodi, for taking the time to meet with us today. And thank you, everyone, for listening to On Your Radar, which has been made possible by the privacy and compliance innovators at RadarFirst. RadarFirst’s governance, risk, and compliance software solutions are trusted by organizations to reduce risk and simplify operational decisioning, privacy, and compliance.
Cyber and compliance laws, learn more. radarfirst.com. Contact information and resources shared by Jodi at clover, clover red clover advisors.com will be available at the in the show notes. if you like what you heard today, be sure to follow our show for the next episodes. Jodi, again, thank you so much for being here today.
We greatly appreciate everything that you do, and thank you for being on your radar today. Thank you.
About our guest:
Jodi Daniels is Founder and CEO of Red Clover Advisors, a privacy consultancy, that brings data privacy strategy and compliance together with its flexible and scalable approach that simplifies data privacy complexity, refines, updates or builds privacy structure, and makes both the business and the legal issues accessible and actionable for all. Jodi is a Certified Informational Privacy Professional and serves as the outsourced privacy office for companies. Jodi Daniels is a national keynote speaker, co-host of the top-ranked She Said Privacy / He Said Security Podcast, co-author of Wall Street Journal & USA Today best-selling book Data Reimagined: Building Trust One Byte at a Time, IANS Faculty Member, and also has been featured in The Wall Street Journal, The Economist, Forbes, Inc., Authority Magazine, Thrive Global, Inc., and more. Jodi holds a Masters of Business Administration and a Bachelor of Business Administration from Emory University’s Goizueta Business School.