Let's Talk Privacy

So You Got the Privacy Officer Title, Now What? with Teresa Toester-Falk

GIVEAWAY INFORMATION Below you will find Terasa’s Privacy Career Map  https://drive.google.com/file/d/1iIo8hAre5oiwe3WYa_Hn4jmffm0l946I/view?usp=sharing [https://drive.google.com/file/d/1iIo8hAre5oiwe3WYa_Hn4jmffm0l946I/view?usp=sharing] Terasa is also giving away a 45-minute mentoring session specifically for someone who is looking to make a shift in their privacy career journey.  HOW TO: 1. Listen to the episode, follow on Apple Podcasts. 2. DM Aakash a screenshot proof following and listening https://www.linkedin.com/in/aakashsuri-thoughtleader/ [https://www.linkedin.com/in/aakashsuri-thoughtleader/]  3. All entries must be submitted within the first 24 hours of the episode's release.  In this episode, Aakash sits down with privacy powerhouse Teresa Toester Falk to uncover the messy reality of running a corporate privacy program. Ditching polished compliance platitudes, Teresa explains why certifications only tell half the story and how professionals can truly survive the trenches of privacy and AI governance. From embracing the controversial reality that privacy is a cost center to mastering the art of influencing without authority by mapping an organization's working network. KEY TAKEAWAYS Certifications Teach the Law, Not Operations: Certifications like the CIPP are excellent for testing foundational knowledge, but they are not designed to teach professionals how to evaluate, create, or execute privacy operations when facing intense corporate deadlines. Embrace the Cost Center Reality: Instead of exhausting resources trying to prove that privacy "adds value" to revenue, professionals should be proud to stand as a necessary compliance and overhead function that protects the business. Map the Real Working Network: To build influence without authority, privacy leaders must look past the official organizational chart and instead follow the data, track who fixes systems when they break, and identify the informal advisors who actually drive decisions. Adopt Agile AI Governance: Traditional governance frameworks take too long to implement in the fast-paced AI environment; professionals should focus on the top immediate risks, apply a "keep, learn, delegate, buy" strategy, and start executing right away. Prioritize Documented Execution over Perfect Coverage: When resources and budgets are tight, it is always better to handle a few high-priority compliance tasks with clear evidence and documentation than to poorly attempt full program coverage. BEST MOMENTS "The certification is, it's not easy to get. But compared to other disciplines, it's a fairly easy gate. You write that exam. If you pass it, you can call yourself a certified professional.” "I'm going to say something a little controversial, but I believe 80, 95% of the time. I'm sorry. Privacy doesn't add value. It is a... Overhead. And it's compliance hygiene. I wish that it did... Privacy can be a cost center. And it's okay. It, you can be proud of that..." "When we start our roles, we often ask, ' Show me the org chart... But the reality is, the executive level leaders often, you know, are a little bit out of touch with what is happening on the ground.” "I hate that we're presenting this as something wildly new, right? AI has been around, and machine learning has been around for 23 years.” "When you're under pressure, and you don't have enough people or hours to run a full program, you have to choose between doing everything poorly or doing the most important things with evidence. And I will always choose the second." TO CONNECT WITH TERASA  https://www.linkedin.com/in/ttfalk/?isSelfProfile=false [https://www.linkedin.com/in/ttfalk/?isSelfProfile=false]  TO CONNECT WITH YOUR HOST: https://www.linkedin.com/in/aakashsuri-thoughtleader/ [https://www.linkedin.com/in/aakashsuri-thoughtleader/]  https://www.linkedin.com/company/as-privacy-ai-solutions-ltd/ [https://www.linkedin.com/company/as-privacy-ai-solutions-ltd/posts/?feedView=all] Aakash Suri (@letstalkprivacypodcast) • Instagram photos and videos [https://www.instagram.com/letstalkprivacypodcast/] https://www.tiktok.com/@letstalkprivacypodcast [https://www.tiktok.com/@letstalkprivacypodcast] HOST BIO Aakash is a recognised Data Privacy leader who helps organisations navigate complex regulations with clarity, confidence, and common sense. Unlike the legalese-driven privacy pros who simply regurgitate the law, Aakash breaks down what the rules actually mean, translates them into plain English, and gives businesses three SMART, pragmatic steps to demonstrate real compliance. This Podcast has been brought to you by Disruptive Media. https://disruptivemedia.co.uk [https://disruptivemedia.co.uk/]/

Law Enforcement to National Privacy Council: Real World Data Risks

Stop treating privacy like a boring legal chore and start looking at the human beings behind the data. Chase F joins the show to strip away the corporate buzzwords and share what nearly two decades in law enforcement and cybersecurity actually teaches you about trust. We dive into the "spicy" reality that a thousand state-of-the-art controls won't save an organization if the culture is broken. From the cumulative risks of "free" AI accounts to the eerie way your phone tracks who you’re standing next to via Bluetooth, this conversation is a wake-up call for parents and professionals alike. Discover why privacy must be a design principle from day one rather than a bolted-on afterthought and hear a powerful take on why the best investment you can ever make is a leap of faith in your own vision. KEY TAKEAWAYS Privacy is a human-centred game rather than a technical one, meaning your everyday users are the true frontline defenders. Digital exposure is cumulative and slow, built through small daily permissions rather than just one-off major breaches. AI memory features mean these platforms may eventually know more about your history and habits than you can remember yourself. Being proactive means baking privacy and security into every operational conversation from the start to avoid being reactive to regulations. Taking the risk to invest in your own skills and vision is the most reliable way to create a meaningful impact in a rapidly shifting world. BEST MOMENTS "What we lose focus on is that these are all human centered games." "You’re really risking these digital systems becoming more about knowing you than you even know yourself." "Privacy falls when organizations treat it like paperwork instead of like a design principle." "AI does not forget. These systems will remember that about you and the total picture will be more complete than you even know." "You learn the most from fear and mistakes anyway and just go towards it." TO CONNECT WITH CHASE: https://www.linkedin.com/in/chaseprivacy/ [https://www.linkedin.com/in/chaseprivacy/] TO CONNECT WITH YOUR HOST: ⁠https://www.linkedin.com/in/aakashsuri-thoughtleader/⁠ [https://www.linkedin.com/in/aakashsuri-thoughtleader/]  ⁠https://www.linkedin.com/company/as-privacy-ai-solutions-ltd/⁠ [https://www.linkedin.com/company/as-privacy-ai-solutions-ltd/posts/?feedView=all] ⁠Aakash Suri (@letstalkprivacypodcast) • Instagram photos and videos⁠ [https://www.instagram.com/letstalkprivacypodcast/] ⁠https://www.tiktok.com/@letstalkprivacypodcast⁠ [https://www.tiktok.com/@letstalkprivacypodcast] HOST BIO Aakash is a recognised Data Privacy leader who helps organisations navigate complex regulations with clarity, confidence, and common sense. Unlike the legalese-driven privacy pros who simply regurgitate the law, Aakash breaks down what the rules actually mean, translates them into plain English, and gives businesses three SMART, pragmatic steps to demonstrate real compliance. This Podcast has been brought to you by Disruptive Media. ⁠https://disruptivemedia.co.uk⁠ [https://disruptivemedia.co.uk/]/

Privacy Inside Government: UAE Data Laws, AI Risks & Biometric Surveillance Explained with Feba Rachel

In this episode, Aakash sits down with Feba Rachel, a Senior Privacy Counsel working within the UAE Government, to explore the rapidly evolving landscape of data protection in the GCC. Feba unpacks the stark differences between managing privacy in global corporations versus the public sector, emphasizing how government privacy initiatives must prioritize public trust over mere commercial risk mitigation.  KEY TAKEAWAYS Public Trust Over Compliance: In the government sector, privacy is a public duty centered around maintaining citizens' trust, unlike the commercial sector, which often focuses on checking boxes and risk mitigation. Navigating Multi-Framework Landscapes: The UAE presents a highly complex regulatory environment, requiring organizations to carefully figure out whether they fall under the federal UAE PDPL, free zone laws like DIFC or ADGM, or other specific sectoral laws. The Over-Reliance on Consent: While international frameworks like the GDPR allow for "legitimate interest" as a flexible legal basis for data processing, the UAE's federal PDPL leans heavily on explicit consent, which can create significant operational challenges. AI Adoption is Outpacing Governance: Organizations are rushing to adopt AI tools at a massive speed, often leaving privacy teams out of the loop until after procurement, which creates severe risks regarding training data rights and automated decision-making. Biometrics Require Complex Data Mapping: Implementing massive initiatives like Dubai's contactless hotel check-in demands rigorous data mapping from the outset to establish clear controller and processor roles among the government, tech vendors, and hotels. BEST MOMENTS "In government, it becomes what is the right thing to do with the trust people have placed in us." "When someone cannot walk away, you carry a greater responsibility to be transparent and to be careful with their data. You don't get to hide behind a terms and conditions page." "People come into the UAE expecting one privacy law. What they find is more like three rule books sitting next to each other, and your job is figuring out which one applies to you." "A condition is not valid consent, right?" "The same processing activity can be completely lawful under one framework and then require a completely different legal basis under another." TO CONNECT WITH FEBA https://www.linkedin.com/in/feba-rachel-914b7889/?isSelfProfile=false [https://www.linkedin.com/in/feba-rachel-914b7889/?isSelfProfile=false]  TO CONNECT WITH YOUR HOST: https://www.linkedin.com/in/aakashsuri-thoughtleader/ [https://www.linkedin.com/in/aakashsuri-thoughtleader/]  https://www.linkedin.com/company/as-privacy-ai-solutions-ltd/ [https://www.linkedin.com/company/as-privacy-ai-solutions-ltd/posts/?feedView=all] Aakash Suri (@letstalkprivacypodcast) • Instagram photos and videos [https://www.instagram.com/letstalkprivacypodcast/] https://www.tiktok.com/@letstalkprivacypodcast [https://www.tiktok.com/@letstalkprivacypodcast] HOST BIO Aakash is a recognised Data Privacy leader who helps organisations navigate complex regulations with clarity, confidence, and common sense. Unlike the legalese-driven privacy pros who simply regurgitate the law, Aakash breaks down what the rules actually mean, translates them into plain English, and gives businesses three SMART, pragmatic steps to demonstrate real compliance. This Podcast has been brought to you by Disruptive Media. https://disruptivemedia.co.uk [https://disruptivemedia.co.uk/]/

Bitesize AI Briefings: Why Mythos Changes the Privacy Governance Game

Imagine a tool so capable at finding software vulnerabilities that its own creators are hesitant to release it. We’re looking at Mythos, the latest frontier model from Anthropic that has the tech world divided between genuine fear and intense curiosity. While the "hacker's dream" headlines make for great clicks, the reality for privacy and security professionals is much more complex. This briefing cuts through the noise to explore why a model's ability to chain exploits and reason through code changes the balance of power in cyber security. We move past the panic to discuss the essential governance questions: Who gets access? What happens when a model does its job too well?. It’s time to stop viewing AI risk as theoretical and start preparing for a future where the battlefield is human plus AI versus human plus AI. Key Takeaways Capabilities over Hype: Mythos represents a shift toward advanced reasoning and serious cyber security capabilities rather than just simple text generation. The Access Dilemma: Anthropik has restricted access to Mythos due to concerns that its power could be misused in a security context. Privacy and Cyber are Linked: Any model that simplifies finding vulnerabilities creates a direct risk of data breaches and privacy loss. Avoid the Binary Reaction: The danger lies in either overreacting with panic or underreacting by assuming developers have handled all safeguards. New Governance Standards: Businesses must implement strict access controls, red teaming, and human oversight to manage high-capability models. Quotes "The big story here is that Anthropik's latest model appears to be extremely capable at cyber security style tasks." "We are no longer just asking, can the model do the job? We are now asking, can it do the job too well?" "If a model helps attackers find vulnerabilities faster, that can lead to breaches, data loss, and a whole chain of privacy consequences." "The future of cyber is not just human versus human. It's human plus AI versus human plus AI." "If a model is powerful enough to be called a hacker's dream, then it's powerful enough to need serious guardrails." TO CONNECT WITH YOUR HOST: ⁠https://www.linkedin.com/in/aakashsuri-thoughtleader/⁠ [https://www.linkedin.com/in/aakashsuri-thoughtleader/]  ⁠https://www.linkedin.com/company/as-privacy-ai-solutions-ltd/⁠ [https://www.linkedin.com/company/as-privacy-ai-solutions-ltd/posts/?feedView=all] ⁠Aakash Suri (@letstalkprivacypodcast) • Instagram photos and videos⁠ [https://www.instagram.com/letstalkprivacypodcast/] ⁠https://www.tiktok.com/@letstalkprivacypodcast⁠ [https://www.tiktok.com/@letstalkprivacypodcast] HOST BIO Aakash is a recognised Data Privacy leader who helps organisations navigate complex regulations with clarity, confidence, and common sense. Unlike the legalese-driven privacy pros who simply regurgitate the law, Aakash breaks down what the rules actually mean, translates them into plain English, and gives businesses three SMART, pragmatic steps to demonstrate real compliance. This Podcast has been brought to you by Disruptive Media. ⁠https://disruptivemedia.co.uk⁠ [https://disruptivemedia.co.uk/]/

How Privacy and AI Governance Work at Scale in Public Service Media with Marissa Valerio

In this episode, Aakash sits down with Marissa Valerio, a senior data privacy lawyer with extensive experience across UK, EU, and global privacy law. Together, they dive into the realities of translating complex legal requirements into actionable strategies that tech and business teams can actually use. Marissa shares her insights on moving privacy away from a dreaded "tick-box compliance" exercise and repositioning it as a strategic business enabler.  KEY TAKEAWAYS Speak the Business's Language: To get buy-in from senior leadership, privacy professionals must translate complex legal concepts into clear, risk-based language that aligns with what the stakeholders are actually trying to achieve. Privacy is About Human Rights: Effective data protection goes beyond strict academic compliance; it fundamentally requires protecting the rights, freedoms, and psychological well-being of the individuals behind the data. Reposition Privacy as an Enabler: The privacy function must shed its reputation as the "Department of No." By adopting a pragmatic, risk-based approach, privacy teams can help businesses innovate safely and responsibly. AI Requires Case-by-Case Governance: There is no blanket approach to AI compliance. Organizations must establish clear internal policies to manage how the business uses data within AI tools, and just as importantly, how those AI tools use the business's data. Embrace the Unknown in Your Career: Taking calculated risks like moving across the world to restart a career can be daunting, but stepping out of your comfort zone is often the catalyst for the greatest professional and personal growth. BEST MOMENTS "The way we speak... to a DPO about privacy is not the same way you would speak to a systems engineer or to a contract manager."  "It's important to remember that we are talking about human rights and about human beings and their rights and their freedoms... you can't be too rigid or too academical about it either."  "We should move away from that and just think about privacy as an enabler. I like to use that phrase when I deliver training."  "You can't have a blanket approach for deploying AI. All AI initiatives should be looked at on a case-by-case basis."  "The human has to be in the loop in the end. You can't just take the human out."  TO CONNECT WITH MARISSA linkedin.com/in/marissa-valerio-llm-1909b5119 [http://linkedin.com/in/marissa-valerio-llm-1909b5119] TO CONNECT WITH YOUR HOST https://www.linkedin.com/in/aakashsuri-thoughtleader/ [https://www.linkedin.com/in/aakashsuri-thoughtleader/]  Aakash Suri (@letstalkprivacypodcast) • Instagram photos and videos [https://www.instagram.com/letstalkprivacypodcast/] https://www.linkedin.com/company/as-privacy-ai-solutions-ltd/posts/?feedView=all [https://www.linkedin.com/company/as-privacy-ai-solutions-ltd/posts/?feedView=all]  https://www.tiktok.com/@letstalkprivacypodcast [https://www.tiktok.com/@letstalkprivacypodcast] HOST BIO Aakash is a recognised Data Privacy leader who helps organisations navigate complex regulations with clarity, confidence, and common sense. Unlike the legalese-driven privacy pros who simply regurgitate the law, Aakash breaks down what the rules actually mean, translates them into plain English, and gives businesses three SMART, pragmatic steps to demonstrate real compliance. This Podcast has been brought to you by Disruptive Media. https://disruptivemedia.co.uk [https://disruptivemedia.co.uk/]/