PP #014: State Regulators Are Testing Your Opt-Out Flow - Here's What They Find

Regulators hired PhDs, built audit teams, and are clicking your opt-out buttons to see what actually happens.

Episode Summary

In this episode of Privacy Perspectives, host Jodi Daniels delivers a dense operational briefing from the IAB Public Policy Summit and IAPP US State Privacy Law Workshop. She breaks down CalPrivacy's new enforcement capabilities, the Delete Act's impact on data brokers, and state-by-state nuances tripping up multi-state programs.

You'll learn how regulators are technically testing opt-out flows, why children's data is now an active enforcement priority, and what vendor oversight looks like beyond the DPA.

Question of the Day 🗣️

When was the last time you tested your own opt-out flow end-to-end - not just the UI, but what actually happens downstream? Tell us in the comments.

Key Take-aways

• CalPrivacy hired computer science PhDs and is walking through opt-outs as consumers would
• The California data broker registry hit 270,000 entities with Delete Act fines starting this fall
• Children's data is now an active enforcement priority across 10+ states
• Your cookie banner acknowledging GPC means nothing if your ad tech stack ignores it
• Legacy pixels and stale tags are the biggest source of violations being found right now

Timestamped Outline ⏱️

00:00 - Introduction and summit overview
00:32 - California enforcement - CalPrivacy and Tom Kemp
01:45 - Data brokers and the Delete Act
02:52 - California actionable items
03:30 - State-by-state nuances that actually differ
06:40 - Automated decision-making requirements
07:35 - Children's data as enforcement priority
09:09 - States really talk to each other
09:32 - Regulators are testing your opt-outs
10:23 - Wiretapping, SIPA, and pixel litigation
13:20 - Vendor management beyond the DPA
14:34 - Key takeaways and closing thoughts

Links & Resources 🔗

• Privacy Perspectives newsletter → https://redcloveradvisors.com/

Connect & CTA 🎯

👉 Enjoyed this? Subscribe & leave a review on Apple Podcasts.

🎁 Get weekly privacy insights - what's shifting across the privacy landscape, what it means for your business, and how to stay ahead: https://redcloveradvisors.com/

Credits

Host: Jodi Daniels © 2026 Red Clover Advisors. All rights reserved.

You approved an AI tool 3 months ago. The vendor quietly updated the model. Your documentation is already out of date.

Episode Summary

In this episode of Privacy Perspectives, host Jodi Daniels breaks down the 2026 IAPP Global Privacy Summit.

You'll learn what boards actually want to hear about privacy, how to build AI governance that adapts when vendors update their models, and discover the enforcement shifts reshaping cookies, children's data, and advertising compliance.

Question of the Day 🗣️

What privacy topic from the IAPP Summit are you most focused on for your program this year - AI governance, advertising compliance, children's privacy, or something else? Drop it in the comments.

Key Take-aways

• Why static AI governance programs break within months and what monitoring-based governance actually looks like
• What boards want to hear about privacy, and what loses the room instantly
• How EU cookie enforcement shifted from banner design to technical behavior, with real fines
• CalPrivacy's new Audit division plus FTC priorities on algorithms, children, and deepfakes
• India's DPDPA deadlines and what makes its approach different from GDPR

Timestamped Outline ⏱️

00:00 - Introduction and IAPP Summit overview
01:04 - Opening keynotes: Maya Shankar and Salman Rushdie
02:19 - What boards actually want to hear about privacy
03:36 - Online advertising, wiretapping, and cookie compliance
05:06 - California enforcement and Global Privacy Control
06:21 - CalPrivacy audit division and FTC priorities
08:22 - India's DPDPA deadlines vs GDPR
09:59 - AI governance and why static programs break
11:58 - Age assurance as a global regulatory moment
15:51 - Closing thoughts

Links & Resources 🔗

• Jodi's LinkedIn Learning AI Governance Course → https://www.linkedin.com/learning/building-an-ai-governance-program
• Privacy Perspectives Newsletter → https://redcloveradvisors.com/

Connect & CTA 🎯

👉 Enjoyed this? Subscribe & leave a review on Apple Podcasts.

🎁 Join privacy professionals who get Jodi Daniels' "Practical privacy ops tips" every week:https://redcloveradvisors.com/

Credits

Host: Jodi Daniels © 2026 Red Clover Advisors. All rights reserved.

Your Q1 privacy to-do list is a highlight reel of good intentions - here's how to actually finish it.

Episode Summary

In this episode of Privacy Perspectives, host Jodi Daniels breaks down the 7 privacy tasks that most commonly slip in Q1 and what to do about each one.

You'll learn a specific action step for every gap, how to use Cisco's 2026 Privacy Benchmark data to frame your program's value to leadership, and discover why a simple regulatory calendar replaces reactive scrambling with consistent readiness.

Question of the Day

What is the one privacy task you have been putting off the longest? Drop it in the comments - you are probably not alone.

Key Take-aways

• Your data map is the foundation of almost every other privacy activity
• High training completion rates are not the same as effective training
• 99% of organizations report measurable benefits from privacy investments
• A regulatory calendar is the single habit that keeps your program current
• Q2 is for closing gaps, Q3 for resilience, Q4 for planning 2027

Timestamped Outline

00:00 - Introduction and the DYB philosophy
01:05 - Your Q1 to-do list - a highlight reel of good intentions
01:54 - Data mapping and inventory
02:25 - Vendor contract reviews
02:45 - Employee training
03:27 - Risk assessments and PIAs
04:00 - Privacy notice updates
04:29 - Consumer rights request process
04:56 - Policy reviews
05:44 - Why measuring your program matters
07:56 - Staying ahead with a regulatory calendar
08:49 - Your Q2, Q3, and Q4 roadmap
10:24 - The bottom line

Links & Resources

• Cisco 2026 Data Privacy Benchmark Study - https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-privacy-benchmark-study-2026.pdf
• Red Clover Advisors - https://redcloveradvisors.com/

Connect & CTA

Subscribe and leave a review on Apple Podcasts.

Join privacy professionals who get Jodi Daniels' practical privacy ops tips every week: https://redcloveradvisors.com/

Credits

Host: Jodi Daniels (c) 2026 Red Clover Advisors. All rights reserved.

One unified privacy program beats 20 patchwork state programs every time - here's how to build it.

Episode Summary

In this episode of Privacy Perspectives, host Jodi Daniels tackles the question every multi-state company is asking: do you need a separate privacy program for each state law? With 20 state privacy laws now on the books, Jodi breaks down why one right-sized program built to the strictest standard covers you everywhere - and shares a practical framework for getting there.

Question of the Day 🗣️

Are you building your privacy program to the strictest applicable standard, or are you still managing state-by-state? Drop your approach in the comments.

Key Take-aways

• Build one unified program to the highest standard instead of 20 separate state programs
• The HR and tax analogy makes multi-state privacy compliance click instantly
• Coverage thresholds vary by state and catch companies off guard
• Assign one privacy owner and build a review cadence to stay current
• Use a living tracker to keep pace as new state laws pass

Timestamped Outline ⏱️

00:00 - A thank you to this community
00:23 - The question every company asks
00:52 - The privacy law landscape right now
01:46 - The patchwork is real and growing
02:33 - From 1 state to 20 in seven years
03:07 - Privacy is like HR and tax
04:09 - One program built for variations
04:26 - Build to the highest standard
05:03 - Where state laws actually differ
06:18 - Coverage thresholds that catch companies off guard
06:54 - Where to start depends on where you are
07:25 - Step 1: Assign one owner
07:41 - Step 2: Use the right resources
07:59 - Step 3: Build a review cadence
08:13 - Step 4: Keep a living tracker
08:31 - One program built to last
09:04 - Your starting point this week

Links & Resources 🔗

• Privacy Perspectives newsletter - weekly privacy insights for your business → https://redcloveradvisors.com/

Connect & CTA 🎯

👉 Enjoyed this? Subscribe & leave a review on Apple Podcasts.

🎁 Every week, Privacy Perspectives breaks down what's happening in privacy, what it means for your business, and how to stay ahead. Subscribe so you don't miss the next one: https://redcloveradvisors.com/

Credits

Host: Jodi Daniels © 2026 Red Clover Advisors. All rights reserved.

If you stepped away for two weeks, would your privacy program keep running - or stall completely?

Episode Summary

In this episode of Privacy Perspectives, host Jodi Daniels shares a deeply personal story about losing her father and her dog within 24 hours - and what that unexpected absence revealed about her own business.

You'll learn why most privacy programs are more fragile than they appear, how to spot the warning signs of single-point-of-failure risk, and five practical steps to build a program that keeps moving without you.

Question of the Day 🗣️

If you had to step away from your role for two weeks with no notice, what part of your privacy program would stall first?

Key Take-aways

• Being pulled away unexpectedly reveals if your program is resilient or fragile
• Two warning signs: bottlenecks in approvals and complete misses on requests
• Programs built around a person instead of a process carry hidden risk
• Cross-training, light automation, and documented workflows reduce single-point failures
• The goal is resilience, not perfection - start simple and build from there

Timestamped Outline ⏱️

00:00 - Losing my father and my dog in 24 hours

00:20 - Red Clover's "Chief Canine Officer"

01:11 - A daddy's little girl and what my dad shaped in me

01:41 - My dad was in sales his whole life

02:04 - Saturday afternoons in his office as a kid

03:01 - Learning to build genuine relationships

03:37 - His mantra - Do Your Best (DYB)

04:39 - The week I stepped away from business

04:52 - What happened next - a business owner's dream

05:32 - Shifting from personal to privacy

06:10 - What being pulled away reveals about your program

06:32 - One privacy contact - what happens when they're out?

07:01 - Bottlenecks and complete misses

07:53 - When things go unnoticed until it's too late

08:24 - Built around a person instead of a process

09:01 - Step 1: Create one simple intake point

09:19 - Step 2: Cross-train at least one backup

09:31 - Step 3: Add light automation

09:43 - Step 4: Document the essentials

09:53 - Step 5: Spot check for misses

10:05 - The goal is resilience, not perfection

Links & Resources 🔗

• She Said Privacy, He Said Security podcast → https://redcloveradvisors.com/podcasts/
• Subscribe to Privacy Perspectives → https://redcloveradvisors.com/

Connect & CTA 🎯

👉 Enjoyed this? Subscribe and leave a review on Apple Podcasts.

🎁 Every week, Privacy Perspectives breaks down what's happening in privacy, what it means for your business, and how to stay ahead. Subscribe so you don't miss the next one: https://redcloveradvisors.com/

Credits

Host: Jodi Daniels © 2026 Red Clover Advisors. All rights reserved.

69% of consumers worry their biometric data could be compromised. So should you trust CLEAR with yours?

Episode Summary

In this episode of Privacy Perspectives, host Jodi Daniels walks through exactly how a privacy professional evaluates a company like CLEAR - from cookie banners and privacy policies to trust centers and AI disclosure.

You'll learn what to look for when evaluating any company's privacy practices, why CLEAR's approach mostly impressed but missed on AI transparency, and the framework every privacy decision ultimately comes down to: do you trust the company?

Question of the Day 🗣️

Would you sign up for CLEAR? What would it take for you to trust a company with your biometric data? Share your take in the comments.

Key Take-aways

• CLEAR capitalized on TSA PreCheck uncertainty with targeted, well-timed marketing
• Cookie banners, privacy commitment pages, and FAQs all factor into a privacy evaluation
• The one gap in CLEAR's transparency: no AI disclosure
• Trust centers are the future of customer confidence and competitive differentiation
• Every privacy decision comes down to one question: do you trust the company?

Timestamped Outline ⏱️

00:00 - Would you trade your data to skip the line?
00:57 - TSA PreCheck closure sparks a CLEAR opportunity
01:42 - CLEAR's clever marketing campaign
02:27 - How a privacy pro evaluates CLEAR
02:48 - Cookie banner and consent review
03:35 - CLEAR's privacy commitment page
04:47 - Why CLEAR needs a trust center
05:50 - Reading the actual privacy policy
07:28 - What security and privacy pros think of CLEAR
08:28 - The pinnacle of a privacy program - trust

Links & Resources 🔗

• Identity Theft Resource Center Biometric Data Report - https://www.idtheftcenter.org/publication/itrc-biometric-consumer-attitude-report/
• Mike Hintz's Blog on Washington My Health My Data Act - https://hintzelaw.com/mikehintze
• She Said Privacy, He Said Security Podcast (trust center episode) - https://redcloveradvisors.com/podcasts/
• Jodi Daniels on LinkedIn - https://www.linkedin.com/in/jodihoffmandaniels/

Connect & CTA 🎯

👉 Enjoyed this? Subscribe and leave a review on Apple Podcasts.

🎁 Every week, Privacy Perspectives breaks down what's happening in privacy, what it means for your business, and how to stay ahead. Subscribe so you don't miss the next one: https://redcloveradvisors.com/

Credits

Host: Jodi Daniels © 2026 Red Clover Advisors. All rights reserved.

Your privacy notice is posted and consent banners are live - so why is your organization still carrying unmanaged risk?

Episode Summary

In this episode of Privacy Perspectives, host Jodi Daniels uses a health insurance analogy to expose why most privacy programs look good on paper but fail in practice. Coverage and health are not the same thing.

You'll learn how fragmented ownership across departments creates hidden risk, the 4 practical steps to move from checkbox compliance to coordinated privacy care, and why shared accountability is the only model that scales.

Question of the Day 🗣️

What's one preventative privacy step you'd recommend to a fellow privacy pro? Drop it in the comments!

Key Take-aways

• Having privacy artifacts in place doesn't mean your program is actually healthy
• Fragmented ownership across marketing, legal, IT, and HR creates hidden, unmanaged risk
• Privacy leaders should act as the primary care physician, coordinating across specialists
• Preventative care beats constant firefighting - design for resilience, not reaction
• Four steps: define checkups, establish triggers, simplify intake, measure system health

Timestamped Outline ⏱️

00:00 - Privacy is a lot like health insurance
01:01 - Coverage is not the same as health
01:59 - Real examples of privacy gaps in organizations
03:18 - The fragmented care model
04:53 - Every department manages its own body part
05:42 - Privacy leaders are the primary care physician
06:26 - Preventative care vs. constant firefighting
08:22 - Practical steps to coordinated privacy care
10:05 - Establish clear engagement triggers
11:14 - Measure system health, not just activity
12:03 - Designing for resilience

Links & Resources 🔗

• Jodi Daniels on LinkedIn - https://www.linkedin.com/in/jodihoffmandaniels/

Connect & CTA 🎯

👉 Enjoyed this? Subscribe and leave a review on Apple Podcasts.

🎁 Every week, Privacy Perspectives breaks down what's happening in privacy, what it means for your business, and how to stay ahead. Subscribe so you don't miss the next one: https://redcloveradvisors.com/

Credits

Host: Jodi Daniels © 2026 Red Clover Advisors. All rights reserved.

Ring spent millions on a heartwarming Super Bowl ad. What they didn't mention changes everything.

Episode Summary

In this episode of Privacy Perspectives, host Jodi Daniels breaks down the privacy firestorm behind Ring's Super Bowl ad. Every compatible Ring camera was silently enrolled in an AI-powered neighborhood scanning network - no consent required.

You'll learn how Ring's Search Party feature actually works, why the opt-out design choice turned innovation into a PR crisis, and what privacy professionals can take back to their next business meeting.

Question of the Day 🗣️

What opt-in by default technology have you seen that has you frustrated? Drop a comment - Jodi may feature it in a future episode (your name is optional).

Key Take-aways

• Ring enabled Search Party by default, enrolling millions into an AI scanning network without consent
• Ring has a history of sharing footage with law enforcement without warrants
• The backlash came from customers, not just privacy advocates - a listening problem
• Opt-in vs. opt-out is a design choice with massive trust consequences
• This is the case study privacy pros can use to advocate for privacy inside their organizations

Timestamped Outline ⏱️

00:00 - Ring's Super Bowl ad that backfired
00:58 - How Search Party actually works
01:45 - The opt-out problem - enabled by default
02:34 - Ring's history with law enforcement
03:29 - Ring's response and dropped partnerships
03:57 - Why wasn't Search Party opt-in like Familiar Faces?
04:37 - This is a listening problem
05:38 - The takeaway for privacy professionals
06:48 - Companies that win in the AI era

Links & Resources 🔗

• Jodi Daniels on LinkedIn - https://www.linkedin.com/in/jodihoffmandaniels/

Connect & CTA 🎯

👉 Enjoyed this? Subscribe and leave a review on Apple Podcasts.

🎁 Every week, Privacy Perspectives breaks down what's happening in privacy, what it means for your business, and how to stay ahead. Subscribe so you don't miss the next one: https://redcloveradvisors.com/

Credits

Host: Jodi Daniels © 2026 Red Clover Advisors. All rights reserved.