Send us Fan Mail

Ross Saunders, Head of Ross G. Saunders Consulting

In this episode of The Data Diva Talks Privacy, Debbie Reynolds, The Data Diva speaks with Ross Saunders, Head of Ross G. Saunders Consulting, about privacy engineering and the challenges organizations face when translating legal requirements into technical implementation. Ross shares his background in infrastructure, DevOps, and software architecture, explaining how his experience working with SaaS environments and data breaches led him to focus on bridging the gap between legal, security, and development teams.

The conversation explores how privacy is often treated as a legal or compliance exercise, while in practice it requires integration into system design and development workflows. Debbie and Ross discuss how developers frequently receive requirements that do not align with legal intent, leading to inconsistencies in implementation and increased risk for organizations.

They examine real-world challenges in applying privacy regulations, including age verification requirements and the classification of IP addresses, where technical realities may conflict with regulatory expectations. The discussion also addresses the limitations of focusing on specific technologies, such as cookies, rather than addressing broader issues related to data sharing and potential harm.

The episode highlights practical examples of risk, including loyalty applications that collect extensive financial transaction data and the potential consequences if that data is exposed or misused. Debbie and Ross emphasize the importance of shifting toward harm-based approaches to privacy and ensuring that organizations understand the real-world impact of their data practices.

The conversation also explores emerging risks associated with agentic AI and autonomous systems, including scenarios where systems are granted excessive access and cause unintended damage or data loss. Organizations must implement governance, oversight, and clear controls to ensure that innovation in AI does not introduce unnecessary risk.

By popular demand, Debbie Reynolds Consulting is now offering executive briefings on emerging data privacy risks and how companies can avoid them. To learn more, visit the Executive briefings page on my website.

Support the show

Become an insider, join Data Diva Confidential for data strategy and data privacy insights delivered to your inbox.

💡 Receive expert briefings, practical guidance, and exclusive resources designed for leaders shaping the future of data and AI.

👉 Join here: http://bit.ly/3Jb8S5p

Debbie Reynolds Consulting, LLC

Send us Fan Mail

Terri Lewis, Founder of Planet Connected

In this episode of The Data Diva Talks Privacy, Debbie Reynolds, The Data Diva speaks with Terri Lewis, Founder of Planet Connected, about privacy, data governance, and risk in smart cities and connected infrastructure. Terri shares her background in digital strategy and her work supporting collaboration between cities and technology providers, emphasizing the importance of building trust and transparency into smart city initiatives.

The conversation explores how everyday systems such as water utilities, parking applications, and license plate readers collect and process personal data, often without individuals fully understanding the scope of that data collection. Debbie and Terri discuss how data from smart meters, for example, can reveal occupancy patterns and behavioral insights, and how location-based services and parking systems can introduce privacy risks through the collection of personal and financial information.

They examine the role of third-party vendors and the challenges organizations face in managing data across multiple providers, including concerns about overcollection, lack of transparency, and unclear data ownership. Real-world examples highlight how individuals may be required to provide more data than expected for routine activities, raising questions about proportionality and necessity.

The episode also explores broader IoT risks, including long device lifecycles, evolving capabilities through updates, and the increasing use of cameras and image-based technologies. Debbie and Terri discuss how advances in image recognition and facial recognition can enable identification of individuals in public spaces, creating new risks that existing legal frameworks may not fully address.

The discussion emphasizes that organizations must take a proactive approach to data governance, anticipating potential misuse, addressing unintended consequences, and aligning technology deployment with public expectations and trust. As cities continue to adopt connected technologies, leaders must ensure that innovation is balanced with strong privacy, security, and accountability practices.

By popular demand, Debbie Reynolds Consulting is now offering executive briefings on emerging data privacy risks and how companies can avoid them. To learn more, visit the Executive briefings page on my website.

Support the show

Become an insider, join Data Diva Confidential for data strategy and data privacy insights delivered to your inbox.

💡 Receive expert briefings, practical guidance, and exclusive resources designed for leaders shaping the future of data and AI.

👉 Join here: http://bit.ly/3Jb8S5p

Debbie Reynolds Consulting, LLC

Send us Fan Mail

Vibeke Specht, Co-founder of Peak Privacy and Author of “From GDPR Confusion to Privacy First Marketing”

In this episode of The Data Diva Talks Privacy, Debbie Reynolds, The Data Diva speaks with Vibeke Specht, Co-founder of Peak Privacy and author of “From GDPR Confusion to Privacy First Marketing,” about privacy, data governance, and the broader societal impact of data-driven marketing practices. Vibeke shares her background in journalism, political science, and marketing, explaining how her work evolved into a focus on privacy as she recognized the deeper implications of data collection, tracking, and profiling.

The conversation explores how GDPR is grounded in European history and fundamental rights, including protections against surveillance and misuse of personal data, and how this approach differs from more commercially driven data models often seen in the United States. Debbie and Vibeke discuss how marketing teams were among the first to confront the operational impact of GDPR, particularly through cookie regulations, consent requirements, and shifting expectations around transparency and accountability.

They examine the evolution of the ad tech ecosystem, including third-party cookies, large-scale tracking, and the role of dominant platforms in shaping how data is collected, shared, and monetized. The discussion highlights how complex and opaque data flows make it difficult for both organizations and individuals to fully understand how personal data is used, creating risk for companies and limiting meaningful user control.

The episode also explores how data practices influence behavior at scale, including the potential impact on democratic systems, decision-making, and public trust. Vibeke emphasizes the importance of moving beyond surface-level compliance and addressing the underlying structures that drive data collection and use, while organizations must balance innovation, competition, and responsible data practices in an increasingly complex regulatory environment.

By popular demand, Debbie Reynolds Consulting is now offering executive briefings on emerging data privacy risks and how companies can avoid them. To learn more, visit the Executive briefings page on my website.

Support the show

Become an insider, join Data Diva Confidential for data strategy and data privacy insights delivered to your inbox.

💡 Receive expert briefings, practical guidance, and exclusive resources designed for leaders shaping the future of data and AI.

👉 Join here: http://bit.ly/3Jb8S5p

Debbie Reynolds Consulting, LLC