Alan L. Friel is Chair of Squire Patton Boggs’ Data Privacy, Cybersecurity & Digital Assets Practice. He is tier-1 ranked by Chambers, and BTI Consulting Group has named Alan a Client Service All-Star, recognizing lawyers who stand above all others in delivering exceptional client service.

Evolving privacy regulations like the California Consumer Privacy Act (CCPA) are reshaping the way companies approach data management and compliance. CCPA’s proposed draft regulations would require certain businesses to conduct cybersecurity audits, privacy risk assessments, and implement governance surrounding automated decision-making and AI technologies. While these frameworks help protect consumer data, they also introduce operational challenges and increased expenses for companies. How can companies prepare for compliance while effectively managing data and reducing costs?

Privacy compliance is more than a legal requirement — it’s a vital part of sound business strategy. Navigating compliance obligations requires companies to adopt a proactive approach to data governance. Businesses need to implement good data hygiene practices and conduct privacy risk assessments to identify and mitigate risks. These processes help businesses maintain their data inventory, respond to consumer privacy rights requests, and manage information assets. However, the legal landscape remains complicated, with questions about whether some regulatory requirements may conflict with First Amendment protections.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Alan Friel, Chair of the Data Privacy, Cybersecurity & Digital Assets Practice at Squire Patton Boggs, about the costs, benefits, and legal implications of regulatory compliance. Alan explains why businesses should adopt privacy risk assessments as a best practice, regardless of ongoing legal uncertainties, and discusses the intersection of privacy regulations with free speech rights under the First Amendment. He emphasizes the importance of proactive data management practices and governance to navigate compliance challenges and position businesses for long-term success in a shifting regulatory environment.

Anna Hall is an educator, mother of two, and Co-founder of Embody, a privacy-forward menstrual health and wellness app.

As awareness grows around health data privacy, misconceptions about protecting menstrual health data remain widespread. That’s because menstrual health data is often commodified and can be shared or sold without explicit user consent, exposing sensitive information to third parties. With recent legal changes affecting reproductive rights, there is a greater need than ever for secure, user-controlled solutions. What steps should companies take to prioritize and protect sensitive health data?

In a rapidly changing health tech landscape, most regulations haven’t adapted to cover personal wellness apps effectively, especially those designed for menstrual health tracking. Companies like Embody address this by implementing local encryption and avoiding default cloud storage, which safeguards privacy and encourages a user-first approach. By eliminating the need for logins and accounts, Embody limits data access, allowing users to track personal health information privately and securely.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Anna Hall, Co-founder of Embody, about developing a privacy- and security-focused menstrual health app. Anna shares the story behind Embody and how the app prioritizes user privacy by eliminating user logins and passwords, keeping user data stored offline and locally on user devices. She highlights misconceptions about menstrual health data privacy and shares how Embody’s design directly addresses these challenges. With features like local encryption and plans to open-source their code, Embody aims to provide secure, user-controlled health tracking that upholds privacy standards.

Christin McMeley is the SVP and Chief Privacy and Data Strategy Officer at Comcast, a role that involves partnering across Comcast's business units and spearheading the execution of enterprise privacy and data governance strategies, focusing on responsible use of data and artificial intelligence. As an attorney, Christin is experienced in privacy compliance, public policy, and government affairs.

As companies navigate the fast-changing landscape of privacy regulations, many are focusing on integrating privacy practices into business strategies, made more complex by the rise of new technologies like generative AI. To maintain consumer trust and ensure compliance, companies need to understand how to align privacy obligations with business innovation. How can privacy and business teams collaborate to navigate this evolving space?

For businesses to succeed, privacy can’t work in isolation — it needs to be integrated with broader business strategies. Embedding privacy by design principles and fostering a culture of consumer trust are key to achieving this. Educating teams on privacy principles and building strong internal relationships ensures privacy becomes a natural part of the business workflow rather than an afterthought.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Christin McMeley, SVP & Chief Privacy and Data Strategy Officer at Comcast, about how privacy teams can collaborate with business units to address privacy risks. Christin highlights the importance of practices like privacy tabletop exercises, which allow teams to proactively address privacy concerns during product and service development. She stresses that integrating privacy into the company culture, along with the right mix of automation and human oversight, is key to long-term success.