Privacy Huddle: A Data Privacy & AI Governance Podcast
Privacy Huddle: A Data Privacy & AI Governance Podcast
Colleen Barry
Privacy Huddle breaks down what actually matters in the fast-moving world of data privacy — GDPR, CCPA, AI regulation, consent management, enforcement actions, litigations, and the expert shaping the future of privacy law and tech.
Ep. 99 - What 80 Chief Privacy Officers are Worried about Right Now
Privacy leaders are facing more pressure than ever—and the old approaches to compliance may no longer be enough.In this episode of The Privacy Huddle, Colleen Barry is joined by Alisa Hutnik and Maxwell Anderson to discuss the biggest conversations coming out of the Cincero Chief Privacy Officer Forum in Chicago.Topics include:- Why traditional data mapping projects often fail - Modern approaches to privacy risk management - Why many organizations are frustrated with legacy privacy vendors - The misconception that cookie banners alone satisfy compliance - California privacy enforcement trends - Consent management best practices - Do Not Sell/Share requirements - Identity resolution and advertising technology - How marketing technology creates hidden privacy obligationsWhether you're a Chief Privacy Officer, privacy engineer, legal counsel, compliance professional, or marketing leader, this conversation offers practical insights into today's evolving privacy landscape.
Jul 1
24 min
Video
Ep. 98 - Your Cookie Banner Won’t Save You From Demand Letters
Raise your hand if you've received a demand letter. Spoiler: you’re not alone. When we ask in privacy conference sessions, 70 - 80% of the room shoots their hand up. Dealing with demand letters has become part of the privacy program norm. In this week's Privacy Huddle, Host and Head of Marketing Colleen Barry and Co-founder & Head of Product Maxwell Anderson break down exactly what privacy teams should have in place before one lands on their desk. What they cover: Why plaintiff's attorneys are targeting companies that look easy to settle, The spectrum of notice & consent approaches, from disclosure-only to full opt-in, What a HAR file is, why it shows up in demand letters, and how to fact-check one, The auditability practices that make your program harder to attack.
Jun 17
15 min
Video
Ep. 97 - Buy your CISO a coffee: Advice on CCPA, Amendments, Identity & More
Privacy enforcement is evolving quickly — and brands can no longer rely on “vendor limitations” as an excuse. In this episode of The Privacy Huddle, Colleen Barry sits down with Ezra Sternstein (AMC Global Media) and Max Anderson (Ketch) to unpack the latest privacy enforcement trends, identity management challenges, vendor accountability, and the growing convergence of privacy and cybersecurity. Ezra shares unique insights from his background at the New York Attorney General’s Bureau of Internet & Technology, where he investigated privacy and cybersecurity violations firsthand. The conversation dives into recent Disney and Sling settlements, cross-device identity requirements, CCPA cybersecurity amendments, data mapping strategies, and how privacy leaders should prepare for the next wave of regulation. If you work in privacy, security, compliance, adtech, martech, or legal operations, this episode offers practical guidance on what regulators actually care about — and what organizations must do now to stay ahead.
May 26
23 min
Video
Ep. 96 - The SECURE Data Act, Demand Letters & the U.S. Privacy Summit
In this Privacy Huddle episode, Colleen Barry of Ketch and Alysa Hudnick of Kelley Drye discuss the Secure Data Act, rising privacy demand letters, wiretap litigation risks, consent management, tracking technologies, California privacy requirements, AI transparency, and the upcoming US Privacy Summit in San Francisco.
May 19
14 min
Video
Ep. 95 - What Regulators Are Saying Now (IAPP Privacy Summit 2026)
Frictionless opt-outs keep coming up. Now we’re hearing what that actually means in practice. In this week’s Privacy Huddle, Maxwell Anderson joins Colleen Barry live from the Ketch booth at IAPP to break down what’s coming directly from regulators and recent enforcement conversations. The headline isn’t new. The expectations are just getting more specific. Regulators are focused on how opt-outs are implemented, not just whether they exist. And that’s where things start to break down. Frictionless doesn’t mean “easier UX.” It means removing barriers entirely: ✔️ One-click opt-outs, not multi-step flows ✔️ No unnecessary data collection to process a request ✔️ No redirect loops or buried links ✔️ No conflicting paths between banners, forms, and systems Because if the process introduces friction, it introduces risk. There’s also a broader signal behind all of this: responsibility sits with the business, not the vendor. If your implementation doesn’t hold up, it’s your name on the investigation. We also got into a recurring source of confusion across teams: this isn’t a cookie banner problem. It’s about how clearly you present “Do Not Sell or Share,” and whether that choice is actually enforced across your environment.
May 12
7 min
Video
Ep. 94 - What the Latest Enforcement Actions Signal
Everyone predicted the enforcement wave. Now it’s here. In this week’s Privacy Huddle, Alysa Hutnik, from Kelley Drye, joins Colleen Barry to break down what the latest settlements from Texas and California are signaling for privacy teams.
May 5
12 min
Video
Ep. 93 - Inside the CLA annual privacy summit: hot topics
Privacy enforcement in California is accelerating — and companies are feeling the pressure. In this episode of Privacy Huddle, recorded at the California Lawyers Association Annual Privacy Summit at UCLA, Ketch Head of Marketing Colleen sits down with privacy experts Celine and Max to break down the biggest themes emerging from the conference. The conversation covers the growing role of regulators, why enforcement actions are increasing, and what companies are getting wrong about consent management platforms (CMPs) and privacy vendors. They also discuss why storing consent signals only in the browser may not meet regulatory expectations — and how companies should rethink record-keeping, vendor accountability, and technical architecture. The episode also explores an important new development: California’s DELETE Act, the state’s data broker law introducing the upcoming DROP deletion mechanism and new compliance obligations starting August 1. If you work in privacy, legal, compliance, or data governance, this discussion highlights key risks regulators are focusing on and how organizations should prepare.
Apr 28
9 min
Video
Ep. 92 - Children's Privacy (U.S. requirements)
In this week's episode of the Privacy Huddle, we’re diving into the topic that kept resurfacing at Privacy State of the Union: children’s privacy and age signals. If you think this is just a COPPA (under 13) issue, think again. Between app store age verification laws, state-level opt-in requirements, and evolving enforcement expectations, brands are now dealing with: Jurisdiction-specific obligations (under 13, 15, 16, 17… it depends) Age signals flowing in from app stores and potentially browsers The reality that “we’re 18+” is no longer a strategy And perhaps the hardest part? There’s no “easy button.” Age gating isn’t just a widget. It touches consent, identity, data use, and downstream enforcement. If you can tie identity together for advertising, regulators will expect you to do it for compliance, too. Watch as Alysa Hutnik, Maxwell Anderson, and Colleen Barry break down what brand leaders should be thinking about now, and why 2026 is shaping up to be a pivotal year for kids’ privacy.
Apr 21
9 min
Video
Load more