John Corcoran: 13:55
Okay. And you mentioned cookie banners. It seems like in the last two years or so, every website you go to now has got some version of an opt in of some sort or cookie banner. So you mentioned that a lot of people do that wrong. So talk a little bit about how companies should be tackling cookie banners and whether they need one or not.
Jodi Daniels: 14:14
Yes, it’s it’s very interesting. So I’ll use myself as an example. I live in Atlanta, Georgia. I have no privacy law here in the state of Georgia that protects me. All I have is some national laws and I get cookie banners all day long, and I actually don’t need a single cookie banner.
There’s no law here that says I have to opt in to have cookies. Why do we get them all? It kind of started with GDPR when which is an opt in. So the very short version, if you are actively targeting and trying to get people a lot of countries globally, but let’s just use the EU, in the UK it needs to be opt in, which means banner, I accept. Then you get to fire the cookie.
Well, many people apply.
John Corcoran: 14:56
Just for the the noobs out there, for the people who are not super tech savvy. So the cookie is the piece of software on your website that that enables a company to kind of keep track of you and retarget you. Is that correct? Is that.
Jodi Daniels: 15:11
Yes. So if you’re doing, for example, Google ads or you’re doing Facebook ads or pick any social media pixel out there, some of the analytics pixels as well kind of just depends on which analytics provider. And if you’re doing any kind of advertising or some type of tracking session replay, you want to understand. I clicked on these five things on my website. It just depends on the company.
What is actually happening? But if you have some kind of pixel on your website, you might need to pay attention to these cookie banners and these rules, which is in the EU and UK. Again, using them as just the gold standard. It’s opt in, which means before you can fire one, fire a cookie. Let’s just use meta before you can fire that meta pixel or Facebook pixel.
Rather, I have to opt in. Now Jodie and Georgia, Jodie and Georgia I don’t have to opt in.
John Corcoran: 15:59
So they just do it overinclusive because.
Jodi Daniels: 16:01
They do an overinclusive. But now let’s go to California. John. In California you have some privacy laws. That law says you have the ability to opt out.
You don’t have to opt in if you choose to have a cookie banner, because some people believe there’s a requirement that says at or before the time of collection, you have to have a notice. So some people believe that to be I need a notice, Not just in the footer, but in a cookie banner. Well, if you have a cookie banner, California and several other states say, well, it has to look a certain way. There has to be it has to be symmetrical. Meaning if I have, except I have to have reject one click, opt in, one click opt out.
There’s a couple other states, again, depending on the kind of data that you have. Are you targeting kids? That’s a whole different ball game. Or do you have health data? Whole different ball game.
However, there’s a whole nother universe. And I do know several different entrepreneurs and other small businesses have received these, and they’re kind of what is this thing, which is the demand letter going after and using old privacy laws here in the United States. They are kind of wiretapping privacy laws, and there’s a collection of wiretapping like laws. And we’re not going to go too deep. But essentially those old wiretapping laws, there are plaintiffs firms going after different businesses saying you dropped a pixel without my consent, and there violates this law.
Here’s my demand.
John Corcoran: 17:30
Letter. Yeah, which is crazy, because these wiretapping laws date back to, like, I think, like, inspired by, like, mafia activity, like in the 40s and 50s or 20s or something really old. Wow.
Jodi Daniels: 17:41
And so there’s an entire mitigation and defense strategy of how companies can manage that. So some companies say, I want nothing to do with that. I’m going to take a really conservative approach. And they put a cookie banner up.
John Corcoran: 17:54
It seems like a lot of companies.
Jodi Daniels: 17:55
Because they don’t want to deal with that. Other companies say, well, I can’t afford that. I need to be able to have this advertising and I’m perfectly allowed to have it. They’re willing to take the risk. So when it comes to cookie banners, you have to first figure out which law applies to you, what kind of data you have and who you’re targeting.
And then could you be at risk for one of these pixel litigation lawsuits? And what is your risk tolerance? Then you can figure out are you going to have a banner? And if you have a banner, then you decide what it’s going to be. And and so that’s why you have this entire universe of different kinds of cookie banners all over the place.
John Corcoran: 18:34
Wow. Wow. Okay, we’ve gone kind of deep into the privacy stuff. I skipped over a couple things on on a personal level or a business. About the business that I’m curious about.
So, first of all, you started the company, you had this, like you, you said to yourself, I’m going to start it by my daughter’s first day of second grade. I want to hear a little bit about why you decided why. Privacy consultant consultancy. And then secondly, just kind of like the how that was meaningful to you, like deciding to start a business, you know, being determined to start it before your daughter’s first day of second grade. I think that’s so cool.
Jodi Daniels: 19:09
Thank you. I spent I ended up leaving after 19 years in corporate America, but it was a little bit before then when I decided I was just kind of done with corporate America. I had worked for four large companies and a variety of different roles. I had two young kids and decided I wanted more control, I wanted more flexibility, and I wanted to do something different. I was trying to find my happy place.
I knew privacy, I knew it was emerging. I thought there would be an opportunity there. I have always kind of been in some type of consulting like role, and had often been in what I had called then and became more popular, an entrepreneur doing a variety of new kinds of things in companies. And so I decided to, to take that risk, spent a lot of time researching to decide when I would be ready, and basically really just said, I need a date, I need a line in the sand. And what better way for everyone to have a fresh start?
She was starting a new school and that seemed like a good time, and I could work towards that. And it took me a while to be able to get there, but I’m very excited to say that it was six days before That was my last day at my large corporate role, and then my very first phone call was the same day as her first day of second grade.
John Corcoran: 20:30
Oh that’s awesome. I love that. And then you are you serve as a fractional privacy officer. I don’t know if that was the original vision or eventually you evolved into that. But talk a little bit about, you know, that role for companies.
Jodi Daniels: 20:46
Sure. So it actually has always been part of the vision and I believe privacy is you asked about security earlier. I believe privacy is following security except at an accelerated pace. There are a lot of companies that have what’s called a virtual CISO, virtual chief information security officer. It’s for companies who don’t need a full time person.
There’s also not enough full time people to go around in the security space. And so there are virtual. They’re fractional. The same is true in the privacy space. There are a lot of companies that don’t have a need for a full time person, but they need more than zero.
Much like your fractional CFO, fractional CMO. It’s the same philosophy. What are the needs of the company? On some type of part time basis and will be here for some companies. We’re literally meeting once a month and reminding them privacy exists.
And here’s the latest happening in the privacy space. Pay attention to these things. Let’s talk about what’s new and hot in your company. New product features, customer requests, marketing campaigns. Let’s make sure there’s no privacy missteps.
For others, there’s a lot of very tactical operational privacy items to do, and they don’t have the people to do it. We will take those on for them, and we’re very much about meeting companies where they are. I think as there are more privacy laws, it’s getting very complex. You’re going to need that privacy knowledge and support to be able to make sure you’re in compliance with privacy laws. meeting customer expectations, and it’s just going to be a baseline.
It’s not going to be a nice to have. It’s just going to be what you have to have.
John Corcoran: 22:22
Yeah. And you’ve said that one of the kind of bleeding edges is AI things, you know, accounts like ChatGPT and you know, some companies are taking some of their company data, some of their clients company data. And they’re like uploading it to like a free ChatGPT account. And then that information is going and is being used by OpenAI to train future LLM models. So essentially that information is being used in other people’s search results.
So tell me a little bit about how that’s happening and unfolding.
Jodi Daniels: 22:51
Well everyone is trying to figure out how can I use AI and all kinds of software companies have cool bells and whistles and awesome marketing and sales that says it’s going to solve everything for you, and people want to try it out. Well, for some of those features, depending on the kind of data, whether that’s personal data, that’s going to be a privacy side. But we also really talk to companies about the company data and confidential data. It’s where companies really need to understand who is this vendor and what are you going to do with with my data when it comes to AI? So many of them are trying to use data to train the model, and it’s really important to understand are you using the actual data?
So if I give you my I upload my entire customer database to you or I upload personal information, did I literally just give it to this other company and they get to use it for themselves? Before AI, that was a common question, but most companies didn’t think that’s what was going to happen with AI. The whole concept of it trying to train itself will literally how are you actually training it? Those are really common questions. And we’re helping companies think about that.
Think about what is the safe and responsible way to be able to use those AI tools first and foremost. So just in the last couple of weeks, I’ve been working with a company. They are evaluating a couple of different vendors, and we were really asking, well, what kind of data is going to go into that tool, and how is that tool going to use that data that’s going to give the company comfort. Then they’ll also have different policies. Let’s talk about we’re recording this today on a video platform.
There are.
John Corcoran: 24:30
Zoom. Yeah. Like where’s that information. Yeah.
Jodi Daniels: 24:33
There’s a lot of companies that want to use note takers. So some note takers record and store locally some record to the cloud. There are some note takers that are actually in the news because they were also using the data for themselves. Well, if you’re recording a confidential conversation, are you okay with the vendor also having that data not just in your little universe, but potentially full access. Those are the kinds of questions I encourage everyone listening to really think about what kind of data are you collecting and what would you be okay with that company having access to it?
John Corcoran: 25:08
Oh, that’s another thing that’s changed so dramatically. I mean, like, I feel like I’m on group meetings and there’s like more AI note takers than there are people these days. And I hadn’t thought about the fact that, okay, it’s really like this could be leaking that information out to the who who knows who exactly.
Jodi Daniels: 25:24
And some of those note takers announce themselves, and some of the note takers don’t announce themselves.
John Corcoran: 25:29
Wow.
Jodi Daniels: 25:30
There are some note takers, and you won’t know that they’re there. Now imagine if you, listening, are one of those who has a note taker and it doesn’t announce it that it’s there. It does it all in the background. You’re having a confidential conversation. The other person is trusting that confidentiality, and now it’s not confidential anymore.
This is actually very important depending on the kinds of conversations you’re having and especially in a legal context. So in some scenarios, if you needed to count on legal privilege or attorney client privilege, that might be gone. If there’s a note taker that is present and depending on the the scope and the nature of the conversation that you’re having. So I know some of our clients, they won’t let HR conversations have those note takers or be recorded as an example, because the nature of those conversations could be too sensitive and they don’t want to take any risks with that being recorded.
John Corcoran: 26:26
And I know you’ve also said things like presentation software or, you know, the software you use for HR can also be at risk as well. So it’s pretty much any software that we use these days. Almost everyone these days is, is, is could be a source of our private information or could be a tool that is transcribing information or capturing information in some way.
Jodi Daniels: 26:47
It is. And so I’ve reviewed presentation software for companies before. And then some of those when you actually read the terms, some of those terms even say do not upload confidential information in big capital letters, but others are.
John Corcoran: 27:00
Representations.
Jodi Daniels: 27:01
For all kinds of businesses are using your data. So think if everyone thought about, okay, if I have this presentation. Are you okay? Would you put it out to the world? Would you just put it out on the internet for everyone to see?
That’s kind of what you’re doing when you’re giving it to a company like that. And if your answer is no, I wouldn’t want that to happen, then you really want to be vetting the tools. And there’s a lot of tools that do cool and interesting things. Think through what are you okay with doing? Is it confidential data?
Is it just an icon? Do you want any of that to be your own IP? And that’s where I think some of these steps to review who they are kind of gets forgotten. And if there’s a privacy notice that is more than a year old. My favorite is reading privacy notices and it still has an in blocks.
Enter company information. You can just tell they copied it and didn’t do anything with it. Yeah, if it just kind of looks like a page from the 90s and those still exist, they don’t care about your privacy because if they can’t even care to get an outward facing notice, right, They likely aren’t doing the right things internally.
John Corcoran: 28:06
So if your your privacy page has like a page counter on it, or it has like a little blinky emotion type of thing, like that kind of thing, you know, it’s from the 90s and you probably should.
Jodi Daniels: 28:16
Yeah. The formatting is really bad. Yeah. I mean, you can just tell with the.
John Corcoran: 28:19
Margins just straight all the way across. Yeah. Yeah.
Jodi Daniels: 28:22
Those are those are good giveaways.
John Corcoran: 28:25
So of do you have a favorite in terms of all the big AI tools that are out there? The ChatGPT, the Gemini, the perplexity, the claw. Do you do you have a preference between those or.
Jodi Daniels: 28:35
I don’t I don’t have a good favorite. No. They all have their challenges. If I’m really honest. Companies just have to evaluate what’s what’s going to work for them and what it is that you’re trying to do.
I would say to like everything, review your settings and make sure you’re picking the ones that are going to be most applicable for you and for you kind of shared a story. I was talking to a business owner. That business owner has the free ChatGPT account and is sharing client information in that free account to get the benefits of it. Well, is the client okay with that? That’s going to.
For me, that’s what that business owner should be evaluating before they put client information into a free tool. So think about all the tools that you have and what would be okay and what wouldn’t be okay. Look at their terms nowadays. And this is especially true if you listening are a service provider. And maybe you’re a B2B tech company.
Your customers are looking at your website, trying to evaluate can you solve my need? And one of the pieces that they’re looking at now, and I encourage you to put this on your site. And as you’re looking at software, look at this information. Here’s all the features and here’s the privacy features. Here’s the security features.
And many are now answering. We do or don’t use your data in our training right front and center. It’s going to say in this tier we do in this tier we don’t or we don’t use it at all, because those companies know that’s the burning question that people care about these days, and they’re putting it front and center. So again, if you’re a B2B tech company and this could be you, I encourage you to do that. And if you are evaluating companies, just spend a little bit of time.
There should be a privacy page, a trust page, a security page, an AI features page somewhere that they list. Here’s what we’re doing about your data and then privacy and security as well.
John Corcoran: 30:28
And in terms of the AI tools, you know, there’s been this whole movement over the last 20 years, from local software to cloud based software. Everything’s gone to the cloud. And now, I’m going to get a bit outside of my technical depth here. But like, for example, OpenAI has an open source version. I think it’s ChatGPT three or something like that, where some companies I think are like taking those things, taking the open source software and then locally hosting it in order to increase their privacy.
I’m curious whether maybe we this leads to kind of a movement back from the cloud based, you know, system that we’ve been used to for the last 15, 20 years back towards, like local hosting, because you know that you can control your data better.
Jodi Daniels: 31:12
I do I think we’re moving back in that direction. For anyone who’s been here long enough, it kind of reminds me of the AT&T and the the Bell’s companies. They were they were together. They were together. They were.
John Corcoran: 31:24
Yeah.
Jodi Daniels: 31:24
That reminds me of the same thing. Yes. I totally just dated myself in that conversation. Not the point. Yeah, I do think that is the movement that we’re going to because companies want control over that data.
John Corcoran: 31:35
Yeah. Interesting. Well, Jodi, this has been great. I want to wrap things up. My final, final question is my gratitude question.
So I’m a big fan of gratitude and giving our guests a little bit of space at the end here to acknowledge anyone, peers, contemporaries, maybe mentors who’ve helped you in your journey so far. Anyone in particular you want to shout out?
Jodi Daniels: 31:54
Yes. In preparation for this question, I have two. I’m the overachiever here with two examples. So the first one is going to be really early on in my career. And I remember it was a partner when I was working at a big accounting firm, and I underestimated what I could do.
And I always said, no, I don’t think I could run anything. I’m more like the CEO. And he goes, no. And was just really direct. I think you’re selling yourself short, and I think you absolutely have what it takes to be able to do that.
It took me like 15 more years to believe him, but I always remembered that sentence, so I’m really grateful for that. Anyone here, I highly encourage you. I’ve also been a really direct person, and I encourage you to be able to give that type of direct feedback to people because they might not respond right away, but it might stick with them. And then the second is kind of how I got to really believing that I could take this step forward and create Red Clover Advisors. And it was a dinner that my husband and I were having at a birthday party years ago, at a season’s 52 at the bar.
And that was kind of where I made my line in the sand. And it was at that conversation, I think you can do it. And the worst thing that happens is it doesn’t work and you find another job. And so I’m really grateful to Justin for that season’s 52 dinner that encouraged me to to leave and to make the big leap. And here I am eight years later.
John Corcoran: 33:16
Awesome. Jodi. And you, of course. So you and your husband have the She Said Privacy/He Said Security podcast.
He’s the other side of the privacy coin on the security side. So you’ve been going five years strong on that. Done a great job on that. Tell us a little bit about that. And also where others can go to learn more about you and learn more about Red Clover Advisors.
Jodi Daniels: 33:36
Yes. So Justin is a technology corporate lawyer and has a passion for cybersecurity. So we started a podcast, people got Covid, puppies, Covid renovations, Covid podcast still running strong five years in. And we talked to all sides of privacy, security and AI. We’ll have people who are chief privacy officers, various software across all those industries, chief information security officers, general counsels, professionals in the space.
We try and make it really practical. And what people find is we are fun, we make it interesting. And we’re also the commute size podcast. So we have and dog walking. We’ve been told people mow the lawn, dog walk and listen on a commute, so people really like it.
I encourage you to find it on all your favorite podcast platforms, and the best place to find me is on LinkedIn. I put out a lot of content. I really want to help make privacy simple, so please connect with me there.
John Corcoran: 34:33
Excellent, Jodi, thanks so much.
Jodi Daniels: 34:34
Thank you.
Outro: 34:38
Thanks for listening to the Smart Business Revolution Podcast. We’ll see you again next time and be sure to click subscribe to get future episodes.