Watch Our Carpool Consulting Video Series and Featured News Stories
-
-
-
-
• 5/27/26Carpool Confessions: Happy Privacy Day (Part 2)
0:00
Sharon: Have you ever read a privacy policy?
Son: No.
Sharon: Do you know who your mom is?
0:08
8 seconds
Son: Yeah.
Sharon: And you haven't read a privacy policy?
Son: No.
Sharon: Oh god.
0:15
15 seconds
Sharon: So, how often do you actually read the privacy policy?
Blonde Girl: Huh?
Sharon: You are back.
Hudson: I am.
0:25
25 seconds
Sharon: So, do you read privacy policies or do you pretend to read privacy policies?
Hudson: Uh,
0:34
34 seconds
Sharon: It it… do you ever read them?
0:36
36 seconds
You don't? All right. So, how many times have you pretended to read the privacy policy?
0:41
41 seconds
Man in Toque: All of the time. I try to, but it is un incomprehensible. And I think that's a huge problem. Sharon: That is a huge problem..
0:50
50 seconds
Man with Glasses: It's so long, It's so legal. half half you don't even understand. So you know everybody scrolls down and presses accept
0:58
58 seconds
Sharon: most of the work ones like uh
Man in Toque: in terms of conditions for writers and what so I'm an actor and so I want to make sure that I'm not licensing away my
1:05
1 minute, 5 seconds
voice image name or likeness in perpetuity or for use in other projects.
1:09
1 minute, 9 seconds
So I really have to go through it in a fine tooth comb.
Sharon: Okay so do what everyone else does.
Man with Glasses: No, but it's so complicated to read.
1:18
1 minute, 18 seconds
Sharon: If Okay, I will give you $5 if you tell me what a digital cookie is.
Son: I don't know.
1:26
1 minute, 26 seconds
Sharon: You don't know what a cookie is?
Son: Like the things you eat?
Sharon: No. A digital cookie. Like like on the internet.
1:31
1 minute, 31 seconds
Son: Like when I ask you if you're allowed to use cookies or
Sharon: Yeah. To accept cookies.
Son: Can I have my $5 account?
1:38
1 minute, 38 seconds
Hudson: They use cookies to get your information.
1:42
1 minute, 42 seconds
Sharon: Mhm.
Hudson: And then they have all the rights of that information.
Blonde Girl: I have no idea.
Sharon: Okay. Just save myself $5 then.
1:50
1 minute, 50 seconds
Blonde Girl: Yeah. My bets it's um like they just sent you a cookie maybe. Who knows?
1:56
1 minute, 56 seconds
Sharon: Okay. Mhm.
2:01
2 minutes, 1 second
Have you heard of it? A cookie on your browser?
2:04
2 minutes, 4 seconds
Man with Glasses: Yeah. There always says, "Do you accept cookies?"
2:07
2 minutes, 7 seconds
Sharon: And do you accept it or do you decline it?
Man with Glasses: No, I accept it.
2:10
2 minutes, 10 seconds
Sharon: Why? If you have the option to accept or decline, why are you accepting it?
2:14
2 minutes, 14 seconds
Woman with Glasses: There's different kinds of cookies. Do you know how I know this? consulting. Um,
2:21
2 minutes, 21 seconds
Sharon: You have to be a little more specific to get the $5. I don't know.
Hudson: I'll take four.
Sharon: I think you've earned about 50 cents.
2:28
2 minutes, 28 seconds
Sharon: Hudson, how about this? Read the privacy policy. May tell you what a cookie is in there. You can earn $5.
2:35
2 minutes, 35 seconds
Hudson: Siri, what is cookie? What is it?
Sharon: Pulled up a cookie. It pulled up a chocolate chip cookie.
2:41
2 minutes, 41 seconds
Brunette Girl: Isn't it they're like we can we use cookies so we can track your activity throughout these websites and the other websites you use so we can put like
2:49
2 minutes, 49 seconds
targeted ads and stuff like that. Is that what it is? Is that what it is?
2:54
2 minutes, 54 seconds
Sharon: Um, okay. I don't have $5 on me, but I I'll drop it off.
Man in Toque: Digital cookie is a tracker that will
3:03
3 minutes, 3 seconds
go be logged into your history cache so that it can track your movement from website to website and feed it back to
3:11
3 minutes, 11 seconds
the original sources but also can help you self-populate websites that you frequented before.
3:18
3 minutes, 18 seconds
Sharon: That's pretty good. That's much better than most people.
3:22
3 minutes, 22 seconds
Okay, quick tell me what is the last thing that you searched on the internet? No lying.
Son: I don't have a phone.
3:29
3 minutes, 29 seconds
Husband: Hey, babe.
3:31
3 minutes, 31 seconds
Sharon: So, what is the last thing you search on your phone? No lying.
Husband: Nope.
3:38
3 minutes, 38 seconds
Sharon: Hey, what is the last thing that you searched on your phone? And don't lie.
Brunette Girl: I'm not going to lie. Okay, I'm scared.
3:46
3 minutes, 46 seconds
What was the last thing?
Sharon: So am I.
Brunette Girl: What was the last thing I searched?
3:49
3 minutes, 49 seconds
So, the last thing I searched up, like properly searched up, was
Woman with Glasses: Why is my brain not working? Maybe because too much cuz I'm on my screen.
3:57
3 minutes, 57 seconds
It's why it's not and I haven't had my creatine yet this morning
Blonde Girl: probably for school.
Sharon: Oh, how studious of you.
Blonde Girl: Science
4:05
4 minutes, 5 seconds
Sharon: Okay, very good. Is are you lying to me?
4:07
4 minutes, 7 seconds
Blonde Girl: I don't think so. I don't really use Google or Safari.
Sharon: You don’t!
4:12
4 minutes, 12 seconds
Blonde Girl: I use ChatGPT if I need.
Man in Toque: Last thing I looked up on a browser,
4:17
4 minutes, 17 seconds
Air Iceland, because they have a free stopover program in Iceland and they have a sale on right now and you could fly in their premium whatever it is,
4:26
4 minutes, 26 seconds
which is their business for like 1,300 bucks return
Sharon: Great Advertisement.
Man in Toque: The last thing I looked at.
4:33
4 minutes, 33 seconds
Sharon: Okay.
Brunette Girl: The last thing I searched like remember I remember recently was I was a bit strange was like what was the youngest age someone's ever went through menopause?
4:40
4 minutes, 40 seconds
Sharon: Oh, are you are you doing some research for your mom?
Brunette Girl: No, I was just cuz I got heat flashes in the middle of the day at school and I was like, "Oh my god, I feel like I'm going through menopause right now." And I got really stressed out.
4:51
4 minutes, 51 seconds
It was 11, by the way.
Sharon: 11? You can get menopause at 11.
4:55
4 minutes, 55 seconds
Brunette Girl: Yeath. this girl got a menopause when she was 11.
Sharon: Whoa!
Brunette Girl: It was kind of scary.
Woman in Glasses: It was school calendars.
Sharon: Boring.
5:03
5 minutes, 3 seconds
Woman in Glasses: So boring. Oh, it's not exciting at all.
Sharon: What?
5:07
5 minutes, 7 seconds
Woman in Glasses: It wasn't anything exciting. It was actually I honestly was it like honestly ?
5:14
5 minutes, 14 seconds
Sharon: It was when the kids when do the kids go back to school?
Woman in Glasses: It was when the kids when the kids go back to school l for the 2026 27 year. It wasn't even for this year.
5:22
5 minutes, 22 seconds
Sharon: When can I just get rid of them?
Woman in Glasses: When are they out of my house?
Sharon: Yes. Okay. One word of advice.
5:30
5 minutes, 30 seconds
Read the privacy policy. Get to know what a cookie is so you can make some good decisions about what information you're going to give away.
5:38
5 minutes, 38 seconds
Hudson: I will.
Sharon: Okay.
5:41
5 minutes, 41 seconds
Thank you, Hudson. I'll see you when you're 11.
Hudson: Okay.
Sharon: Okay. Closer to the camera. Yep. Mhm.
5:50
5 minutes, 50 seconds
Hey, Dad. Do you know what I do for a living?
Man in Glasses: Yeah.
Sharon: Can you explain it?
-
• 5/27/26Carpool Confessions: Happy Privacy Day (Part 1)
0:00
Sharon: Which is worse, someone reading your texts or seeing your screen time report?
0:05
5 seconds
Son: Mom, I don't have a phone.
Blonde Girl: Screen time report.
Sharon: How much time a day?
0:10
10 seconds
Blonde Girl: I don't know. Maybe like five, seven hours.
Sharon: Oh gosh. Okay.
0:18
18 seconds
Woman with Glasses: Hmm I don't know.
Sharon: You might be one of those people that has their phone to their face.
Woman with Glasses: I often work on my phone as well.
Sharon: Yeah.
0:24
24 seconds
Woman with Glasses: I mean, add that between the mindless scrolling and it's probably pretty I'm probably, you know, reducing my life expectancy with the number of hours on my phone.
0:36
36 seconds
Sharon: Okay. All right
How How many minutes a day are you on your phone?
0:40
40 seconds
Son: Well, if you let me get a phone, maybe I'd be able to tell you.
0:43
43 seconds
Brunette Girl: Does it depend on who the person is who's reading this?
Sharon: Um, okay. Let's just say your parents, cuz those are presumably the most important people in your life
0:52
52 seconds
Brunette Girl: I think that both, if they both saw those things I'd get in in trouble.
0:58
58 seconds
Sharon: Yeah. So, like how much time you spent on your on my phone? Like I as well as the texts. Brunette Girl: Well, my texts, Well, yeah,
1:04
1 minute, 4 seconds
cuz I had screen time and even I'm scared to look at my screen time cuz it's just so shameful probably. Sharon: How many hours a day?
1:11
1 minute, 11 seconds
Brunette Girl: I don't even want to know.
1:12
1 minute, 12 seconds
Sharon: Do you have limits? Like…
Brunette Girl: I used to. I used to. And I think that's why I get anxious because I'm like, "Oh my god, I'm going past my set limit."
1:19
1 minute, 19 seconds
like everything's my mom's going to kill me. But then I figured out a way to change the password. So they know that
1:28
1 minute, 28 seconds
though cuz it's I figured out the password.
Sharon: Be honest.
1:31
1 minute, 31 seconds
Do you use the same password for at least two accounts?
Man with Glasses: Probably more.
Blonde Girl: Yeah.
Sharon: You know that's terrible, right?
1:39
1 minute, 39 seconds
Blonde Girl: Yeah. But it's like school stuff, so
Man in Toque: I can't say that on camera.
Sharon: Well, that makes me concerned.
Man in Toque: Probably.
1:45
1 minute, 45 seconds
Sharon: Oh jeez. Hi. Mhm.
1:50
1 minute, 50 seconds
Do you know that's very bad? Why do you do it?
1:53
1 minute, 53 seconds
Man with Glasses: Cuz when you're older, you can't remember all the passwords. So, it's much easier to remember one or two passwords.
2:00
2 minutes
Woman with Glasses: I create crazy passwords.
Sharon: And do you remember them all?
2:06
2 minutes, 6 seconds
Woman with Glasses: I remember them because Well, I can't I'll tell you I can't tell you my secret.
Sharon: No, don't tell us your secret.
Woman with Glasses: I do write down a prompt.
Sharon: Mhm.
2:14
2 minutes, 14 seconds
Woman with Glasses: Only I could interpret the prompt. So if if something happens to me, my family is screwed cuz no one's would work it out.
2:20
2 minutes, 20 seconds
Sharon: So do you have like a black book prompt?
2:24
2 minutes, 24 seconds
Woman with Glasses: Oh, I have a couple. So some of them look like, you know, the scribblings of a beautiful mind.
2:31
2 minutes, 31 seconds
Sharon: Mean your parents do not use a very good password.
2:33
2 minutes, 33 seconds
Brunette Girl: They use the same password for everything.
2:38
2 minutes, 38 seconds
Sharon: Uh oh, we need to have a talk with them
Brunette Girl: My mom's going through menopause. Don't do that to her.
2:47
2 minutes, 47 seconds
Sharon: What is the most embarrassing thing that your phone knows about you?
Son: Mom, I don't have a phone.
2:53
2 minutes, 53 seconds
Sharon: Do you like throw in all sorts of your like embarrassing private symptoms on chat GPT?
Man in Toque: No.
Sharon: Oh,
2:59
2 minutes, 59 seconds
Man in Toque: never. No.
Sharon: Really
Man in Toque: Chat GPT is not a therapist. Chat GPT is not a therapist.
3:06
3 minutes, 6 seconds
Sharon: What is the most embarrassing thing your phone knows about you?
Blonde Girl: Probably like my random searches.
3:13
3 minutes, 13 seconds
Sharon: Mhm.
3:16
3 minutes, 16 seconds
Woman with Glasses: If anyone did a deep dive into my pictures, my photos, I got moles, I got body parts.
3:22
3 minutes, 22 seconds
Man in Toque: Well, I'm going to assume it knows everything about me because the phone is like at least my primary source of all electronic communications.
3:31
3 minutes, 31 seconds
Woman in Glasses: All medical appointment purposes.
Sharon: Oh,ok
Woman in Glasses: you know, for followup.
3:35
3 minutes, 35 seconds
Brunette Girl: Sometimes I like bring it with me on the toilet and like it's just like probably not the best thing ever. And I also like write like the silly things to my friends.
3:44
3 minutes, 44 seconds
Blonde Girl: They're just like,
3:45
3 minutes, 45 seconds
"Can I put the dishwasher on with like this in it or something like that?"
3:49
3 minutes, 49 seconds
Sharon: Oh, like, "What do you put in your dishwasher that you need to look at?"
3:52
3 minutes, 52 seconds
Blonde Girl: Like, random like stuff that doesn't have like a label on it like
Sharon: Oh, okay. That's the most embarrassing thing on your phone.
Blonde Girl: Maybe. I don't know.
3:59
3 minutes, 59 seconds
Sharon: Maybe you just don't want to tell us.
Blonde Girl: Who knows?
Sharon: Yeah.
4:02
4 minutes, 2 seconds
Brunette Girl: I think my phone knows too much about me.
Sharon: Too much about you.
4:04
4 minutes, 4 seconds
Brunette Girl: But then sometimes I feel like I also lie to my phone cuz sometimes I write things in my notes app and then I lie about it even though that's not true.
Sharon: Oh, like you try to trick your phone.
4:12
4 minutes, 12 seconds
Brunette Girl: Yeah. No, I try to trick myself
Sharon: Explain this to me.
4:15
4 minutes, 15 seconds
Brunette Girl: Like if I'm just like, "Oh, that really bothered me, but in reality it didn't."
4:19
4 minutes, 19 seconds
And I just like felt like it should have bothered me. I would write down it that bothered me to like kind of trick myself into making it bother me. Does that make sense?
Sharon: No.
4:27
4 minutes, 27 seconds
Man in Toque: I am also a pretty private person in terms of not wanting to leave a huge electronic footprint. So, I have disabled all of the tracking.
4:35
4 minutes, 35 seconds
Woman in Glasses: I've deleted them all. But are they ever really deleted? Are they really gone?
4:40
4 minutes, 40 seconds
Sharon: I mean, depends on the retention of those deleted photos.
Woman in Glasses: Yeah.
4:44
4 minutes, 44 seconds
Sharon: Yeah. It's photos that you don't necessarily want everyone to see.
4:47
4 minutes, 47 seconds
Woman in Glasses: No. Well, no one wants to see those photos.
-
• 6/8/26Carpool Consulting: Futurist Nikolas Badminton (SEASON FINALE)
0.00
0:01
1 second
Sharon: My god. Can I not turn here?
Nikolas: I don't know. Oh, okay.
Sharon: Well, we did.
0:04
4 seconds
Nikolas: Yeah. There you go. Well, we we're we're rule breakers, right? So, let's let's go. If we get arrested, we'll do it on camera. That's right.
0:11
11 seconds
Sharon: And that's all right.
Nikolas: I I'm all about rule breaking.
0:14
14 seconds
Sharon: Still not quite sure if I'm even allowed to drive here.
Nikolas: I tell you what, let's go down here, take a left, take a right down the hill, and then we'll find a
0:22
22 seconds
quiet spot down there where we're where we can hide from the police that are now significantly looking for us cuz we've broken the rules
Sharon: like five times.
0:30
30 seconds
I have such a special treat again. My next guest is Nicholas Badminton. He is a world-renowned global futurist and hope engineer.
0:38
38 seconds
He mentors top executives in highest levels of government to create bold visions by exploring hopeful
0:45
45 seconds
futures, anticipating disruption, and of course, supercharging strategic planning. I see him right there.
Let's get him in the car. Hey, Nick. Need a ride? Hi.
0:56
56 seconds
Nikolas: Hi. How are you?
Sharon: I'm great.
Nikolas: And it's taken us some time to get here, so I'm ready.
1:01
1 minute, 1 second
Sharon: But you you've been busy. You have been predicting the future.
Nikolas: We don't predict futures.
Sharon: So tell me, what the heck is a futurist? Who am I actually speaking to?
1:09
1 minute, 9 seconds
Nikolas: Yeah. So, since I was really young, I've been really obsessed with, you know, science fiction, what might come next,
1:15
1 minute, 15 seconds
technology and whatever. And really, all of this is signals. Signals that indicate the change is coming. And when they start to interact and you start to join the dots between them, it means
1:24
1 minute, 24 seconds
that we we can see the trends. And the trends indicate a trajectory forward.
1:28
1 minute, 28 seconds
And then when we start to combine them in scenarios, what if in 2045 we see these systems, these places, these people, these regulations,
1:37
1 minute, 37 seconds
uh these cultural and societal effects,
1:40
1 minute, 40 seconds
you can start to see the dynamics of change and and the final piece is around storytelling. But what we don't do is we don't predict. So we don't say in year X technology Y is going to be, you know,
1:51
1 minute, 51 seconds
doing this and this and this and this.
Sharon: So you're not a psychic.
1:54
1 minute, 54 seconds
Nikolas: We're not a psychic. But what we do is we we take the data, we take the ideas and we take the the sort of the narratives and what's happening in the
2:01
2 minutes, 1 second
world. We qualify it and then we sort of speculate on what might happen.
2:05
2 minutes, 5 seconds
Sharon: What does a truly privacy respecting future look like and is it even possible in a world driven by data?
2:12
2 minutes, 12 seconds
Nikolas: Anyone can make their house a privacy respecting uh space by making everyone turn off their phones.
2:19
2 minutes, 19 seconds
Sharon: So you you can never really be uh fully protected. I I suppose
Nikolas: well you can if you turn off your phones and you don't have any internet
2:28
2 minutes, 28 seconds
connection in your house and you basically don't have connected devices and
Sharon: you put tin foil around you.
Nikolas: Well yeah you can put them in, you know,
2:35
2 minutes, 35 seconds
boxes that that stop signals from getting in and out of. Yeah. Yeah. Yeah,
2:39
2 minutes, 39 seconds
you could do that. I know people that do. Yeah
Sharon: . Are they happy?
Nikolas: Sure
Sharon:. Okay. Is it you?
2:46
2 minutes, 46 seconds
My house is very analog.
Sharon: I have a serious question though.
Nikolas: Yes.
2:50
2 minutes, 50 seconds
Sharon: Where are the flying cars that we've been promised?
Nikolas: They keep trying to do it. So if you're somewhere like LA, you know, eight lanes of traffic, eight lanes of traffic, and if you're going to
2:59
2 minutes, 59 seconds
solve that commute and that sort of that congestion, you literally have to have nearly like 1,600 drones in the sky at any one point in time.
3:07
3 minutes, 7 seconds
Sharon: Oh wow.
3:08
3 minutes, 8 seconds
Nikolas: It's just it just it's not it's not something that's really practical. But at the same time, you know, all exploration of ideas of what might be is
3:17
3 minutes, 17 seconds
relevant in a way. There's lots of things that need to be overcome. But you know, futurists always say, you know,
3:22
3 minutes, 22 seconds
never say never. But like, you know, the glittering lure of the future is around flying cars and robotics and AI and not about the mundane things that I think
3:31
3 minutes, 31 seconds
that we need to be uh bearing in mind like how to improve recycling and waste,
3:35
3 minutes, 35 seconds
how to improve the water, energy, food nexus. Right.
3:38
3 minutes, 38 seconds
Sharon: We are obviously here because I want to talk about privacy.
Nikolas: Yes.
3:43
3 minutes, 43 seconds
Sharon: Tell me how do you know what privacy is going to look like in 50 years from now?
3:48
3 minutes, 48 seconds
Nikolas: Yeah. So it it's all about understanding the history of how we got to today, the signals and the trends and what's emerging and then speculating on what
3:56
3 minutes, 56 seconds
comes next. Now we see an acceleration of sensors and sensor fusion. We see an acceleration of artificial intelligence and the processing of data. We're seeing
4:04
4 minutes, 4 seconds
an acceleration of a culture in business where they want you to sign off terms and conditions where they ultimately own your identity. They own all of your
4:12
4 minutes, 12 seconds
behavior and they want to use all of that with analytics to understand, you know, the constellation of your family,
4:20
4 minutes, 20 seconds
the constellation of your work and build a full tilt profile of everything you do. Ultimately to sell you more stuff from an intelligence community
4:28
4 minutes, 28 seconds
perspective to understand you to the nth degree so they can understand if you're,
4:33
4 minutes, 33 seconds
you know, a vector of risk, right? um we're kind of we've we're sleepwalking into corporate surveillance and we're
4:41
4 minutes, 41 seconds
just signing our life away and we don't have a choice anymore. It takes something like 9 hours to read uh
4:49
4 minutes, 49 seconds
Amazon's terms and conditions for Prime like if you read them out loud and at any one point in time after that point
4:57
4 minutes, 57 seconds
of maybe you understanding it they can just change them all as well because there are clauses within that
Sharon: Is privacy dead
5:02
5 minutes, 2 seconds
Nikolas: Yeah. But it doesn't mean that we don't have to care deeply about our own privacy and what we put out into the world. You won't ever find a picture of me and my wife and my kid online.
5:11
5 minutes, 11 seconds
Sharon: Is that right?
Nikolas: Yeah. And that's a choice.. Um but at the same time,
Sharon: Explain that to me.
5:16
5 minutes, 16 seconds
Nikolas: How come? Why would I want to share that with anyone outside of a trusted friend group that people have got this, you know,
5:24
5 minutes, 24 seconds
online digital platforms like therapy for people that don't want to invest in therapy, right? They they they just want to like somehow share that
5:32
5 minutes, 32 seconds
they're doing okay rather than actually doing okay, right? Look how good we're doing. Look what we're doing. Look where we're on vacation. Look what I'm eating
5:40
5 minutes, 40 seconds
for lunch. Look at my kid. Aren't they amazing?
5:42
5 minutes, 42 seconds
Sharon: There could be two things. So, you don't want to share because you kind of feel like, well, it's just like me showing off, you know, all these things that's
5:51
5 minutes, 51 seconds
not really necessary. Or is it that you're actually concerned about not what the public can see, but maybe what
5:59
5 minutes, 59 seconds
companies can see of you and your family? Is is that also at play here?
Nikolas: It it's actually the primary concern. The
6:06
6 minutes, 6 seconds
targeting that can happen uh through the platforms that we have. Uh it's incredible, right? Yeah. I I've got a
6:15
6 minutes, 15 seconds
huge problem with it. I've got a huge huge problem with it. Google Gemini,
6:18
6 minutes, 18 seconds
their their generative AI platform is being rolled out to most countries around the world for kids under the age of 13, which is terrifying because it's
6:27
6 minutes, 27 seconds
ingested all of the information in the world and it's it's going to be, you know, hallucinating and providing opportunity for kids to shortcut thinking and learning and and whatever.
6:36
6 minutes, 36 seconds
But not in Switzerland, not in not in the European Union, not in the UK.
6:41
6 minutes, 41 seconds
Sharon: Meaning they're not they're not they're not they're not allowed to roll out because you're not allowed to influence children like via
6:48
6 minutes, 48 seconds
tech platforms like that. But everyone's trying to get to the kids, right? And why? Because they want to indoctrinate them in a new way of like, it's okay,
6:57
6 minutes, 57 seconds
just fall asleep at the wheel. Um bleed bleed data every day. In fact, give us more information. Your life's going to be more convenient.
7:07
7 minutes, 7 seconds
It's going to be better. And and there's a real problem with that.
7:08
7 minutes, 8 seconds
Sharon: Let let me ask you this. So I mean AI is not going anywhere.
7:11
7 minutes, 11 seconds
Is it not better to train your children on how to use it responsibly, therefore allowing them to use it within the
7:20
7 minutes, 20 seconds
schools rather than pretend it doesn't exist and not let them on those platforms.
7:26
7 minutes, 26 seconds
Nikolas: So having just come off the back of an education keynote, this is perfect.
7:29
7 minutes, 29 seconds
There's something called productive struggle. So you can be productive, you can learn, you can use tools but you have to struggle through it so that you learn.
7:37
7 minutes, 37 seconds
Sharon: You also call yourself a hope engineer.
Nikolas: Yes.
7:40
7 minutes, 40 seconds
Sharon: So where is the hope? Where is you know the good stories that we can expect from our future.
7:46
7 minutes, 46 seconds
Nikolas: Hope is an energy for change and also futures help us explore you know a hope for a better world and also hope to make a change today towards that world as well..
7:56
7 minutes, 56 seconds
So that's why I call myself a hope engineer.
Sharon: I love that.
7:59
7 minutes, 59 seconds
Nikolas: Yeah.
Sharon: And we should all be hope engineers.
8:01
8 minutes, 1 second
Nikolas: Exactly. And and people are gravitating towards it. I talk about, you know,
8:05
8 minutes, 5 seconds
future to set the direction and the vision. Hope to be the energy of change and wisdom to be the guidance.
8:12
8 minutes, 12 seconds
Sharon: That's beautiful. What are your thoughts on super intelligence?
8:15
8 minutes, 15 seconds
Nikolas: It's going to be incredibly difficult to get to that point. Um does that mean that any of these big tech companies are not going to redefine what it really
8:24
8 minutes, 24 seconds
what it is to them and say that they've achieved it? That's what's going to happen in the next 5 years. Sharon: Oh, really?
8:29
8 minutes, 29 seconds
Nikolas: Yeah. We've achieved AGI, but it's not going to be true artificial general intelligence. If you if you think about it, it's that idea that it's smarter
8:36
8 minutes, 36 seconds
than the whole of the human race. It's autonomous in its ways. It it it's got an ability to to truly
8:43
8 minutes, 43 seconds
in a way be sentient and to be aware and to be conscious.
8:47
8 minutes, 47 seconds
We can't define consciousness like we can't it's difficult. There's a million definitions of like intelligence.
Sharon: Now,
8:54
8 minutes, 54 seconds
a lot of uh well-known executives say that super intelligence is going to pretty much wipe away humans and make us extinct. Do you think that's the case?
9:06
9 minutes, 6 seconds
Nikolas: Let me fix that for you. Tech executives selling you solutions that promise to do this say that. Um let's be honest, like
9:15
9 minutes, 15 seconds
you know, in a world where I sell sell red paint, you know, I see a world that's painted red and you should too, right? That's That's bad futurism.
9:23
9 minutes, 23 seconds
Sharon: I want to talk about the art on your arm.
Nikolas: Yes.
9:26
9 minutes, 26 seconds
Sharon: Tell tell me. Is there a story behind it?
9:29
9 minutes, 29 seconds
I mean, you you have two full sleeves here
Nikolas:. Yeah, I've got more than that.
Sharon: Oh, really?
Nikolas: Yeah. No, I'm completely covered.
Sharon: No. Wow.
Nikolas: Why not?
9:36
9 minutes, 36 seconds
Sharon: Oh, I don't know. Tell me.
9:38
9 minutes, 38 seconds
Nikolas: In uh in the late '90s, I was in San Francisco in a Japanese bookstore called Kinuka, and I picked up a book called The Bashidilo, and it was about the
9:46
9 minutes, 46 seconds
japanese bodysuits. Now, what they don't tell you is that these guys are 5'1 and 140 lb..
9:53
9 minutes, 53 seconds
I'm like 6'4 and 260, right? Um it like it takes like three times as long to tattoo me
10:02
10 minutes, 2 second
So So whilst I'm not a full Japanese bodysuit, it's just because it hurts a lot and uh I and I just don't have the time to make it all happen.
10:10
10 minutes, 10 seconds
It's one of those things. It just takes a long time to get that.
10:13
10 minutes, 13 seconds
Sharon: Well, it took me all of like five minutes to do my arms.
Nikolas: Come on. Yeah. Okay, there you go.
10:19
10 minutes, 19 seconds
Sharon: I I didn't I don't want you to feel like you
Nikolas: That's That's pretty cool. You've got some like You've got some cool
10:26
10 minutes, 26 seconds
writing on there. I don't know what it says. What does it say?
10:30
10 minutes, 30 seconds
Choppers. You bike it. You got some flames and some stars.
10:34
10 minutes, 34 seconds
Sharon: Can we talk a little bit about zero trust?
Nikolas: Yeah. So, there are stories out there.
10:37
10 minutes, 37 seconds
So, I I tell a story, a cyber security story. Um engineering firm in Hong Kong.
10:42
10 minutes, 42 seconds
Um the the the the chief finance officer calls in. He's on a trip with a couple of his team for the next two weeks. Um,
10:50
10 minutes, 50 seconds
actually, you know, that's happening in the world. And and he's on this he's on this trip and he calls into HQ and says,
10:56
10 minutes, 56 seconds
"Look, I need to move like 200 million Hong Kong dollars to these five entities and it's because, you know, I'm building these partnerships. I'm traveling around
11:05
11 minutes, 5 seconds
mainland China. We have to do this." and they're like, "Well, we can't take that phone call as a as a as a signature, as
11:14
11 minutes, 14 seconds
a as a, you know, an absolute permission or or a sort of signed off part of our process. You have to be in the office to do that." Mhm.
11:22
11 minutes, 22 seconds
And uh he said, "Well, I'm going to be on the road. These really important relationships. How about we have uh a
11:29
11 minutes, 29 seconds
call, a conference call, a video call uh with me and my team, and we'll verbally we'll go through everything and verbally we'll give you the go ahead." And they
11:37
11 minutes, 37 seconds
did about 2 or 3 days later they they went ahead and they did that. And um it was only after a day or two of starting to move money around that HQ realized
11:46
11 minutes, 46 seconds
that they their human intuition said it didn't feel right. And it wasn't actually turned out after an
investigation um that there had been a
11:54
11 minutes, 54 seconds
number of um identities and compromises on uh on certain accounts internally including like the the chief chief
12:03
12 minutes, 3 seconds
financial officer and his team and uh all of the people on that video conference were not real.
12:11
12 minutes, 11 seconds
Sharon: Oh my god.
Nikolas: So, so zero trust literally we're we're coming back to absolute trust from standing in the same room
12:20
12 minutes, 20 seconds
absolutely verifying who that human is through biometrics or whatever and then taking going through due process and
12:28
12 minutes, 28 seconds
then checking again and again shake your hand see you record you understand the situation.
Sharon: So like if this is happening
12:36
12 minutes, 36 seconds
now what is going to happen in the next 20 years when things get even more intelligent?.
12:44
12 minutes, 44 seconds
Like how do you prevent this from happening?
Nikolas: So we are at the sharp end of the stick.
12:48
12 minutes, 48 seconds
So we have to make the decision on whether something is real or not. So uh the government of Finland are actually teaching this in school. They're teaching people how to determine if something is um true, false,
12:59
12 minutes, 59 seconds
misinformation, whatever. Um because we're the filters. the tech companies aren't coming to help us or so.
Sharon: Is there any hope there?
13:05
13 minutes, 5 seconds
Nikolas: Hope lies with humanity and humanity's ability to cut through that noise.
Sharon: So, we talked about privacy is dead.
13:12
13 minutes, 12 seconds
And for companies who are listening to us is in saying privacy is dead,
13:16
13 minutes, 16 seconds
they may be saying, well, why do we need to comply with privacy regulations?
13:20
13 minutes, 20 seconds
Privacy is dead. Why should we even care? Um if even people don't care about their information, they're giving it
13:28
13 minutes, 28 seconds
away so easily. Why should we care? So what do you say to that?
13:32
13 minutes, 32 seconds
Nikolas: You know, the the most valued companies in the world will be those that truly empower the people that they serve.
13:38
13 minutes, 38 seconds
Sharon: I know you and I may actually care about our privacy and how we're sharing our information, but the average consumer, the average individual, do they care?
13:47
13 minutes, 47 seconds
Nikolas: When you chat to people, I've got nothing to hide. It's like, sure, but are you going to give me enough information so I can create a story about you that fundamentally changes how
13:56
13 minutes, 56 seconds
people see you? That's what you really have to care about. And you don't need that much data to basically create a story that isn't necessarily 100% true that changes an opinion of someone.
14:06
14 minutes, 6 seconds
Sharon: One thing that surprises me about you,
14:09
14 minutes, 9 seconds
Nik, is your trust in artificial ingredients.
Nikolas: Artificial ingredients.
14:15
14 minutes, 15 seconds
Sharon: Artificial ingredients. Cuz I found out that on a road trip you like to eat pepperoni. So, in a world of zero trust,
14:24
14 minutes, 24 seconds
We know Nick does trust these artificial ingredients.
14:29
14 minutes, 29 seconds
Nikolas: Give me it. Depends.
Sharon: It I don't know. A a piece of meat that cannot that is not refrigerated for months. It scares me.
14:38
14 minutes, 38 seconds
Nikolas: Really?
14:39
14 minutes, 39 seconds
Sharon: Yes. There has to be some preservatives
Nikolas: But I'm European. This is normal. This is good stuff, right?
14:45
14 minutes, 45 seconds
Sharon: Zero trust with everything else. But pepperoni stick.
14:49
14 minutes, 49 seconds
Nikolas: Yeah, but you can read the You can read the ingredients. Imagine
Sharon: that they tell you is in there.
Nikolas: Yeah. And they make it easy to read.
14:55
14 minutes, 55 seconds
Imagine if that's what that's what data and privacy policy was like.
-
• 6/9/26Carpool Consulting: Cookie Edition
0:01
1 second
Sonia: Well, this was a private conversation though, right?
Sharon: No, no, you read the privacy policy.
0:05
5 seconds
This is definitely not a private conversation.
0:08
8 seconds
My next guest is a digital marketing leader. She has led award-winning global campaigns for top brands like Heineken,
0:16
16 seconds
Gillette, Coca-Cola, and now she's the president of IAB Canada, the Interactive Advertising Bureau. I can't wait to get
0:24
24 seconds
her in the car. Let's ask her all of the important questions around cookies,
0:29
29 seconds
around As tech, around real-time bidding. What does it all mean for privacy? I see her right there. Let's get her in the car. Hey, need a ride.
0:37
37 seconds
Let's start off with cookies.
0:39
39 seconds
And not the ones that you eat, of course, the ones that are on your browser and the ones that most companies
0:47
47 seconds
have no idea how to deal with. Do you need ro give notice? Do you need a banner? Can it be on? Can it be off by default? What is a cookie?
0:56
56 seconds
Sonia: Imagine like a tiny little file and every time you visit a website, a tiny little file is given to you. And so that's a first party cookie. But then
1:04
1 minute, 4 seconds
there is the neighbours who are outside and they're kind of watching what's going on in the house and they also have cookies to give you.
1:14
1 minute, 14 seconds
That's a third party cookie. And that's the cookie that is probably a little bit more, I don't know, nosy. Let's just say
1:23
1 minute, 23 seconds
it's the It's the nosy neighbor cookies.
1:26
1 minute, 26 seconds
Sharon: Okay. Must you take them or can you say no thanks, not that flavor?
1:31
1 minute, 31 seconds
Sonia: Well, it's interesting. You may have noticed uh a popup uh coming up. It's it's basically the the world's least fun popup
1:38
1 minute, 38 seconds
Sharon: like these kind of pop popup things.
Sonia: Um,
1:42
1 minute, 42 seconds
so the popup that you get is basically you swiping right or swiping left
1:50
1 minute, 50 seconds
on how much data you're willing to give this host, right? So like when you go to a website,
1:57
1 minute, 57 seconds
you have a decision to make. Are you going to trust that person or are you not going to trust them? Swipe left, swipe right.
2:03
2 minutes, 3 seconds
Sharon: Trust them with what? So So we talked about, okay, you're given a cookie, but what what does the cookie collect?
Sonia: So the cookie just I mean a first party
2:11
2 minutes, 11 seconds
cookie is just there to make your life easier right so this is the sweet kind right the one that belongs to a publisher who wants to make your life
2:18
2 minutes, 18 seconds
easier by remembering your login
Sharon: Okay, for those who don't know what you're talking about when you say publisher, what do you mean
Sonia: So, like let's say that you read the news
2:26
2 minutes, 26 seconds
and you go to your favorite newspaper website that is a publisher okay so any sort of website um you know .com
2:34
2 minutes, 34 seconds
Property or uh any sort of app that you use is basically like a publisher So, think of it that way. And you're going to their house,
2:42
2 minutes, 42 seconds
So, there is the the kind of cookie that that is there because they want you to feel comfortable in their house and they
2:50
2 minutes, 50 seconds
want you to not have to log in every time, right?
2:53
2 minutes, 53 seconds
And they are wanting to remember what language you speak. And in Canada,
2:58
2 minutes, 58 seconds
that's important.
Sharon: So, for most consumers, that's convenient.
Sonia: Totally. Oh, yeah.
3:02
3 minutes, 2 seconds
Sharon: You don't want to keep putting in uh certain information about yourself. You want that website to remember some things about you to make your life a lot more convenient.
3:11
3 minutes, 11 seconds
Sonia: Yeah.
3:12
3 minutes, 12 seconds
Sharon: So that's a good cookie. First party cookie.
3:15
3 minutes, 15 seconds
Sonia: This only collects information on what you've done on that website in my house.
3:19
3 minutes, 19 seconds
So imagine you're at my house and I see what you're doing in my house and that's fairly understandable.
3:27
3 minutes, 27 seconds
So you're a reasonable person, right? a reasonable five five-year-old would would understand that when you're in their house um you know you're being not
3:36
3 minutes, 36 seconds
watched but that you are being hosted let's just say right the publisher or the website that you're on has these
3:43
3 minutes, 43 seconds
first party cookies to better understand what you're doing in the house
Sharon: Okay
Sonia: Right
Sharon: Then the third party cookies the nosy
3:50
3 minutes, 50 seconds
neighbor what do they collect about you
Sonia: information about what you have done leading into going into that house
3:59
3 minutes, 59 seconds
as well as what you're doing in the house, right? So that's basically so that they can get a better understanding
4:06
4 minutes, 6 seconds
of who you are by triangulating information. So it's like, oh, I see that uh Sharon just walked from the swimming pool over to the house.
4:16
4 minutes, 16 seconds
Therefore, Sharon is a swimmer.
Sharon: Right.
4:18
4 minutes, 18 seconds
Sonia: And also friends with the person who lives at this house.
Sharon: Okay.
Sonia: Right.
Sharon: Okay.
4:23
4 minutes, 23 seconds
Sonia: Oh, Sharon tends to go to this house a lot. She must be good friends with whoever or whatever is going on in that house.
4:30
4 minutes, 30 seconds
Sharon: So, let me ask you a question. The host, the first party host,
Sonia: Yeah.
4:35
4 minutes, 35 seconds
Sharon: Do they let that third party nosy neighbor into their house? Do they say,
4:41
4 minutes, 41 seconds
"Sure, come and get that all this information about my guests?"
4:45
4 minutes, 45 seconds
Sonia: Yeah. With conditions, right? So, uh so first of all, that third party has to be uh legitimate, right? and not the kind of nosy neighbor that's nefarious.
Sharon: Okay.
4:56
4 minutes, 56 seconds
Sonia: Right. Or um creating some damage or like you know basically casing the joint.
Sharon: Okay. Yes.
5:02
5 minutes, 2 seconds
Sonia: Right. So that nosy neighbor um needs to have a like a certain relationship with that house that is you know comfortable
5:10
5 minutes, 10 seconds
and uh and also they have to have a similar or you know sort of like a like an adequate uh privacy policy uh to know
5:19
5 minutes, 19 seconds
that you know it's safe for the guests of that house to be interacting with that nosy neighbor.
Sharon: And so isn’t the um
5:27
5 minutes, 27 seconds
the first party, the host that needs to inform the guest that I'm also going to invite all these third party nosy neighbors to our dinner party?
5:36
5 minutes, 36 seconds
Sonia: That's a good idea. Wouldn't you agree? Right.
Sharon: Of course.
Sonia: Yeah.
5:39
5 minutes, 39 seconds
Sharon: So then how do they do that? How do they inform the guests? Hey, I'm also going to be inviting my nosy neighbors.
5:44
5 minutes, 44 seconds
Sonia: Well, this is where the analogy becomes really, you know, uh quite funny, right? Because it's like a surprise party.
5:51
5 minutes, 51 seconds
Surprise, we have cookies, right? like and so the popup enter the popup. Okay, right
Sharon: The annoying popup, right?
Sonia: Which can be shocking, right?
5:59
5 minutes, 59 seconds
When you enter a house, right? So, it's like surprise, we're using cookies. Do you accept? So, you're
you're notifying the the people, your guests that um there may be some nosy neighbors around,
6:10
6 minutes, 10 seconds
but don't mind them, right? We're cool, right?
6:13
6 minutes, 13 seconds
Sharon: So, are the popups also for the first party cookies or are they just for third party cookies?
6:18
6 minutes, 18 seconds
Sonia: Well, I mean, that's an interesting question. And I think that it depends on what the first party is doing. And if the first party is collecting uh information that falls under, you know,
6:27
6 minutes, 27 seconds
pretty significant first party data or sensitive data, then it's their responsibility really to make that
known. Right. And to be transparent about that. That's right.
6:36
6 minutes, 36 seconds
Sharon: Are there privacy laws that dictate whether you must provide transparency or it's a nice to have?
6:43
6 minutes, 43 seconds
Sonia: Well, I mean, that brings us to to a a framework that IAB ebuilt out with uh with Europe. So there the first law that
6:50
6 minutes, 50 seconds
came out that really made that abundantly clear was the GDPR which is the the general data protection regulation in Europe. Yeah. And and that
6:59
6 minutes, 59 seconds
one um came out in 2018 and required there to be transparency not only about the fact that um these organizations or
7:07
7 minutes, 7 seconds
the websites were collecting uh data but also what purposes they were using that data for and
Sharon: so irrespective of whether you're first or third party.
7:15
7 minutes, 15 seconds
Sonia: Correct.
Sharon: Okay.
7:16
7 minutes, 16 seconds
Sonia: Right. So it was it it was a matter of uh you know and that's where really the popup was born right so that notification there is no
7:24
7 minutes, 24 seconds
other way to notify somebody unless you're using a popup and you know I I'm waiting for the day that there's a new system but that's just not here
7:32
7 minutes, 32 seconds
Sharon: And when we're talking about popup just to be clear we're talking about a cookie banner
Sonia: It's a cookie banner or it's something that's persistent right so I mean you
7:40
7 minutes, 40 seconds
may find it annoying but uh but it's actually necessary I mean not you but you know the general public might find it annoying, but it's a necessary, you
7:49
7 minutes, 49 seconds
know, evil. And some publications have been able to really do a good job of integrating it into the content or making it so that it's not as annoying.
7:58
7 minutes, 58 seconds
But if the name of the game is transparency, unfortunately, there has to be a level of annoyance there.
Sharon: It has to be obvious.
8:04
8 minutes, 4 seconds
Sonia: It has to be obvious. And so that's the that's the story behind them. And in Canada,
8:10
8 minutes, 10 seconds
it's less severe than the GDPR requirement. um you know save for Quebec which has recently introduced a
8:19
8 minutes, 19 seconds
regulation called law 25 and law 25 requires you to notify at time of collecting data
Sharon: Setting law 25 aside because that you're
8:28
8 minutes, 28 seconds
right is kind of high stakes now you got to have that cookie banner for the rest of Canada it's not so clear
8:35
8 minutes, 35 seconds
whether you actually need the cookie banner or not what is your take on it
Sonia: The world is now using pop-ups
8:42
8 minutes, 42 seconds
anyways or using cookie banners as some sort of notification for you not to be is almost feeling not nefarious
8:51
8 minutes, 51 seconds
but it's feeling a little strange if you're not somehow communicating what you're doing.
Sharon: Um, I've obviously worked with many clients, right?
8:58
8 minutes, 58 seconds
And this conversation always comes up. Well, must we have this banner? Because if we don't need it, we don't want to put it up because we
9:07
9 minutes, 7 seconds
actually want to collect as much information from our customers as we can. And if we put up that banner, well,
9:12
9 minutes, 12 seconds
it gives them the option to opt out and that hurts our business. So, in that situation, what advice would you give to
9:19
9 minutes, 19 seconds
those companies that would prefer not to put them in
Sonia: in Canada currently? rest of Canada, you
9:26
9 minutes, 26 seconds
don't need to have that popup. You don't. However, you need to have prominent placement for somebody to be able to opt out.
9:34
9 minutes, 34 seconds
Sharon: Once the company has this information through cookies or once their nosy neighbors have this information about the guests, what happens next?
9:44
9 minutes, 44 seconds
Sonia: You're looking for a cookie recipe. okay you go to a website and let's say it's a recipes website and that recipe
9:52
9 minutes, 52 seconds
website um you know once you land on the site there's a series of kind of phone calls that go on behind the scenes okay and those phone calls are going to
10:00
10 minutes
servers right so the web page like the .com is making phone calls to a server and that phone call says hey somebody's
10:08
10 minutes, 8 seconds
here looking for uh the cookie recipe can you just bring me the recipe stuff right so pictures, videos whatever it is
10:16
10 minutes, 16 seconds
Also, the person who's visiting is registered with a cookie that is XYZ and has XYZ in it..
10:23
10 minutes, 23 seconds
So, that phone call goes to an ad server.
Sharon: Okay.
10:27
10 minutes, 27 seconds
Sonia: And once it's in the ad server, there's a marketplace that happens within a split second. So, it's like an auction.
10:33
10 minutes, 33 seconds
Who of all the advertisers currently looking for an audience on this website or with this cookie is willing to bid on this cookie? And that cookie has information. So that cookie may have,
10:42
10 minutes, 42 seconds
you know, uh so and so is a dog lover or so and so is uh you know, works in the online advertising industry. Uh and or
10:49
10 minutes, 49 seconds
so and so likes to skate in the wintertime. Um and so the highest bidder wins and as the cookie recipe gets
10:56
10 minutes, 56 seconds
loaded the winning advertiser
Sharon: the highest bidder
Sonia: the highest bidder appears on the website and that was based on and so that's why when you are downloading a
11:05
11 minutes, 5 seconds
cookie recipe sometimes it's curious that you see an ad for skates or
Sharon: that you know I like skating.
11:12
11 minutes, 12 seconds
Sonia: I like skating. So and that can feel creepy but it's actually really personalization done done right. Look at it from a very practical perspective.
11:20
11 minutes, 20 seconds
I go to uh to four different car manufacturing sites within a week.
11:25
11 minutes, 25 seconds
Therefore, I'm probably in the market for a car. I don't think that that's creepy or nefarious. I think
that's just good business. Knowing who's in the market for a car is really valuable. And
11:33
11 minutes, 33 seconds
it's valuable to me, the buyer, because I want to see new options that I may not have thought of. And the advertiser wants to put an ad in front of somebody
11:41
11 minutes, 41 seconds
who's a like a very like imminent car buyer.
11:43
11 minutes, 43 seconds
Sharon: Sure. That's what advertisement is all about, right? Trying to get to your customer.
Sonia: I mean, is it following you around? It's, let's say, it's greeting you, right?
11:52
11 minutes, 52 seconds
Or it's it's uh it's it's recording some of some very fundamental like information like sites that you've gone to, but it's against an IP address.
12:02
12 minutes, 2 seconds
It's not against Sharon.
12:03
12 minutes, 3 seconds
Sharon: So, it doesn't know who you are specifically. There's no personally identifiable information. Sonia: No. In the main, no. In the main, no.
12:12
12 minutes, 12 seconds
Right. So where it gets complicated is when it's a first party that is using the third party data and doing matching, right?
12:20
12 minutes, 20 seconds
So you're getting a much better understanding of your user based on that kind of thing.
12:26
12 minutes, 26 seconds
Sharon: I think if I were to kind of take it back and really think through it, it is the fear that there's all these kind of cookie crumbs that we leave behind,
12:37
12 minutes, 37 seconds
right? And cookies may be collecting some of those crumbs and it's not the whole cookie. They don't know who we are, but they know pieces of us. But
12:45
12 minutes, 45 seconds
it's the potential matching with other information that could reveal a lot more about us and what can be done with that
12:54
12 minutes, 54 seconds
information. And yes, I understand like showing me an advertisement for Dyson,
12:58
12 minutes, 58 seconds
it's not going to hurt me. But then when it is combined with other information about what I've said or what I've seen
13:06
13 minutes, 6 seconds
or where I've gone, that's where you start to think, huh, it's becoming more and more identifiable. And once that is
13:13
13 minutes, 13 seconds
the case, what can be done with that information? But then also, and I know you're a parent as I am as well, like
13:21
13 minutes, 21 seconds
what um manipulative practices may be involved, especially around children and the information that's being collected through cookies of our children.
13:32
13 minutes, 32 seconds
Sonia: This is where it's really important to have general awareness out there, right?
13:36
13 minutes, 36 seconds
And to um to teach media literacy in a more meaningful way than we do. And also for us as individuals to think more carefully about our own data hygiene,
13:45
13 minutes, 45 seconds
right? swapping up your passwords, um,
13:48
13 minutes, 48 seconds
you know, maybe using more than one browser, maybe clearing your cash from from time to time, right? Like there's so there's
Sharon: not accepting cookies.
13:54
13 minutes, 54 seconds
Sonia: Not accepting cookies. But I can tell you that that you know, nine times out of 10, you're actually grateful and you don't even know it. And the reason why I
14:02
14 minutes, 2 seconds
know that you're grateful is because you have a pretty seamless experience of the online environment. And when that goes away, I mean, you imagine you have to
14:10
14 minutes, 10 seconds
log in to everything again. Do you remember any of your passwords? It's like most people don't.. Right. So, so I think that there's like,
14:17
14 minutes, 17 seconds
you know, and Canada, it's Canada has done such a great job of really leading the charge on balanced regulation. It
14:26
14 minutes, 26 seconds
would be a real shame if in the fall when they reconvene and and talk about,
14:30
14 minutes, 30 seconds
you know, the new C-27, if that came out as being something that doesn't really respect the the balance that we've
14:38
14 minutes, 38 seconds
become so famous for maintaining in Canada with regards to privacy. I think that that's really important.
14:46
14 minutes, 46 seconds
Sharon: Rapid-fire questions. Here we go.
14:48
14 minutes, 48 seconds
Cookies
Sonia: still. Okay. All right.
14:55
14 minutes, 55 seconds
Sharon: Oh my god. I can't get over this cookie face.
-
• 6/10/26🚘 Carpool Consulting: Privacy Commissioner Edition (Part 2)! 🚘
0:01
1second
Sharon: So, um, you talked about, you know, data theft and it being on the rise, and I find it
so, um, interesting the
0:07
7 seconds
similarities between data theft and material theft.
Um, I read not long ago that police stations had toilet seats,
0:16
16 seconds
uh, being stolen from their police stations and, and when, uh, they were asked about this, they said that they have nothing to go on.
0:31
31 seconds
Patricia: Oh my gosh.
0:34
34 seconds
I was very excited to show off my new sunglasses.
0:37
37 seconds
Sharon: Well, they are lovely. Do you I know you like my sunglasses. Would you like to try them on?
Patricia: I would love to.
Sharon: Do you mind if I try?
0:45
45 seconds
Patricia: No, let's try them.
0:46
46 seconds
Sharon: Okay. You know, I have like a little face.
0:49
49 seconds
Patricia: My husband has these aviators and he I call them his Joe Biden glasses and now we could be matching. Quite nice. They look very movie starish.
0:57
57 seconds
Sharon: I I want to talk about AI. I know that you've been a little bit vocal about the AI portion of Bill 194 and you critiqued
1:06
1 minute, 6 seconds
it and so tell us what what your beef is with AI in Bill 194.
Patricia: First of all, I thought it was great that Ontario
1:15
1 minute, 15 seconds
actually, you know, turned its mind, the legislature and the government and uh and then the legislature turned their minds to addressing this important
1:24
1 minute, 24 seconds
Issue.
Sharon: of course
Patricia: AI, cyber security, digital technologies uh aimed at children and youth. So uh
1:31
1 minute, 31 seconds
kudos for having uh developed and adopted and passed schedule one of Bill 194. Um the
1:41
1 minute, 41 seconds
issue we had was that the law as it stands is really just a framework..
1:48
1 minute, 48 seconds
It actually has no rules. It just says that we will have rules.
1:53
1 minute, 53 seconds
Sharon: We will have regulations.
Patricia: We'll have regulations and standard technical standards and ministerial directives to
2:01
2 minutes, 1 second
regulate all this really high-risk activity which is wonderful but we wanted to see more in the law itself.
2:07
2 minutes, 7 seconds
We wanted to see first of all principles. So when it comes to AI we said you know you should put those principles in the law itself. This is
2:15
2 minutes, 15 seconds
not the you know this is not stuff for regulation. These are universal principles that should be legally anchored..
2:25
2 minutes, 25 seconds
You know, in stat statute. So, we we we strongly recommended that there be principles um governing AIs such that they be at the very least reliable,
2:37
2 minutes, 37 seconds
valid and reliable, that they be safe, that they be privacy protective,
2:41
2 minutes, 41 seconds
transparent, accountable, and human rights affirming.
Sharon: What advice would you give to those provincial agencies
2:48
2 minutes, 48 seconds
incorporating AI into their daily practices uh or AI tools?
2:56
2 minutes, 56 seconds
What what should they do?
2:58
2 minutes, 58 seconds
Patricia: Uh the Ontario government did issue a what's called the trustworthy AI framework where they have um and they
3:07
3 minutes, 7 seconds
did actually I think listen to uh some of the principles that we were putting forth and recommended. So we're happy to
3:15
3 minutes, 15 seconds
see those in the framework. Now of course that's not a law. It's not a regulation but it is binding in so far as it is the government telling its
3:23
3 minutes, 23 seconds
employees which is public servants uh how they should approach uh AI including the kinds of uh impacts assessments and
3:33
3 minutes, 33 seconds
the kinds of transparency principles etc. So there is a framework that exists and I think public institutions would be
3:41
3 minutes, 41 seconds
well advised to follow that framework to consult with our office in so far as there are you know personal information
3:49
3 minutes, 49 seconds
implications and as there often are uh when you're dealing with AI and and and u using personal data in the process
3:57
3 minutes, 57 seconds
Sharon: just because AI principles are not legislated uh it doesn't mean that personal information is not implicated
4:05
4 minutes, 5 seconds
by the use of AI tools and therefore you know whether it's FIPPA or any other privacy legislations may be breached and
4:13
4 minutes, 13 seconds
so always thinking about privacy when implementing AI is going to be essential.
4:19
4 minutes, 19 seconds
Patricia: Yeah, you said it really well and there's you know a lot of regulators,
4:24
4 minutes, 24 seconds
data protection regulators make the point and and I agree that you know AI is not a completely unregulated space.
4:31
4 minutes, 31 seconds
If personal information is implicated either at the front end in terms of training the AI or at the at the end of
4:39
4 minutes, 39 seconds
the process in terms of drawing inferences or observations and making decisions about people based on accurate or inaccurate information uh imputed to
4:48
4 minutes, 48 seconds
them. Those are privacy aspects that are already governed. So there there is um there is already
4:57
4 minutes, 57 seconds
existing legislation but of course as you know AI is even broader than privacy and so that's why uh I think there are
5:05
5 minutes, 5 seconds
benefits to regulating the space in a more holistic manner.
5:08
5 minutes, 8 seconds
Sharon: We're going to play a little game. We just talked about AI and um I I want to see how well you know AI.
5:17
5 minutes, 17 seconds
Oh yeah. Don't worry. Don't worry. It's going to be very difficult. Um, so this game is called I or AI.
5:28
5 minutes, 28 seconds
I'm going to read you a quote and I want you to tell me if you said it or if AI said it.
Patricia: I have a story about that.
5:36
5 minutes, 36 seconds
Sharon: Go for it.
5:36
5 minutes, 36 seconds
Patricia: So I had to give a speech um on the regulation of AI and I was up late and
5:44
5 minutes, 44 seconds
my son who's a university student comes up and said, "What are you doing up so late?" I said, "Oh, I'm giving a speech and I'm just putting finishing touches
5:51
5 minutes, 51 seconds
on it." He says, "What's the speech about?" I said, "Regulation of AI." And he says, "Well, mom." And he just, of course, types in chat GPT, give me a speech on regulation of AI
6:03
6 minutes, 3 seconds
And what came out was pretty darn good. And as I read it, I said, "Oh my god, that could be me." Like, I could be saying those things
6:10
6 minutes, 10 seconds
In fact, I think I've probably said it in the past.
6:13
6 minutes, 13 seconds
Sharon: Borrowed some of your talking points and created another speech. Yeah.
Patricia: And so this is a very fun game. It's gonna be hard.
6:21
6 minutes, 21 seconds
Sharon:It It might be hard.
Patricia: Okay, let's go for it.
6:24
6 minutes, 24 seconds
Sharon: In a world where trust is increasingly hard to come by, Ontarians deserve clear rules, strong safeguards, and full
6:32
6 minutes, 32 seconds
transparency from their institutions. I or AI.
Patricia: I.
Sharon: You know yourself. I love it. Boom.
6:39
6 minutes, 39 seconds
Whether it's how decisions are made, how personal data is used, or how emerging technologies are
governed, our office will continue pushing for real
6:47
6 minutes, 47 seconds
accountability. And we will remind the public that when your technology is not serving you, turn it off and on again.
6:56
6 minutes, 56 seconds
Patricia: AI,
Sharon: you're right.
6:57
6 minutes, 57 seconds
Patricia: It's it's quite good, but I don't remember reviewing that quote.
7:01
7 minutes, 1 second
Sharon: Okay. Next. To foster greater trust in artificial intelligence, we need a robust regulatory framework, we need a
7:10
7 minutes, 10 seconds
policy environment that is supportive of the technology yet safe.
7:14
7 minutes, 14 seconds
Patricia: Ooh, that's a tough one. That that I/ we
Sharon: That's not an option.
7:22
7 minutes, 22 seconds
It's I or AI.
7:23
7 minutes, 23 seconds
Patricia: Uh I I'm going to Oh, that see. It's something I could have said. I think I'm going to say I.
Sharon: Ding ding ding you got it. All
7:32
7 minutes, 32 seconds
right. Okay, here we go. We live in a data-driven world propelled by AI that may feel very scary and overwhelming at times, but we can't give up the good
7:40
7 minutes, 40 seconds
fight. By collaborating, being flexible in our approach, and stepping forward with courage and perseverance, we can
7:47
7 minutes, 47 seconds
help build a better future where robots cook our dinners and clean our toilets like George Jetson promised.
7:54
7 minutes, 54 seconds
Patricia: You had me right up till the end. That first part I think is I and then you switched to AI. Is that right?
Sharon: You got it.
8:02
8 minutes, 2 seconds
Yeah. Wow. You You know yourself really well,
8:05
8 minutes, 5 seconds
I have to say. Okay. So, Patricia, you just finished your first term as commissioner. Congratulations. Patricia: Thank you so much.
8:12
8 minutes, 12 seconds
Sharon: And entering or you have already entered your second term. I would love to hear what are like the top three highlights of the first term and you are welcome to brag. This is a safe space.
8:24
8 minutes, 24 seconds
Patricia: What really stands out for me are the things that we did that were different. First of all, Info Matters podcast.
8:29
8 minutes, 29 seconds
Everybody listening to Info Matters podcast.
8:32
8 minutes, 32 seconds
Sharon: It is Fantastic. You have excellent guests in great discussions.
8:36
8 minutes, 36 seconds
Patricia: And you know what? It is so valuable because it's all about real world conversations with, you know, people experiencing homelessness, women,
8:45
8 minutes, 45 seconds
children, young teens, uh, racialized populations, indigenous populations, you
8:52
8 minutes, 52 seconds
know, law enforcement issues and health issues that we talk about. and and I I learned so much from that as a data
9:01
9 minutes, 1 second
protection regulator. Uh we are up to now the the first and only to have a youth advisory council.
9:08
9 minutes, 8 seconds
Sharon: I love this. Tell us more about it.
9:13
9 minutes, 13 seconds
Patricia: We have a strategic advisory council and again I told my my amazing team I think we should have a youth member on this
9:20
9 minutes, 20 seconds
council for to bring the youth perspective and they came back and they said we'll up you one commissioner. we think we should have a whole youth advisory council. And I thought, oh my god,
9:29
9 minutes, 29 seconds
you're absolutely right. And off we went. And they really, really did help us tremendously in understanding the youth perspective, in giving us advice
9:38
9 minutes, 38 seconds
on how we can um make our educational initiatives more relevant to them and speak to them in
9:46
9 minutes, 46 seconds
their language. Um, and they've helped us and given us such great advice. It's amazing.
Sharon: Did you find um like did they say anything that was surprising to you?
9:56
9 minutes, 56 seconds
Like did they do they actually care about privacy? Are they thinking about privacy?
10:00
10 minutes
Patricia: They absolutely are and they're what's surprising is how smart they are and how insightful
10:07
10 minutes, 7 seconds
and um how courageous they are. Like you know they say it like it is.
10:12
10 minutes, 12 seconds
Sharon: How old do you have to be to be on the council?
10:15
10 minutes, 15 seconds
Patricia: Between 15 and 25.
Sharon: I was I was going to offer uh for you to recruit my uh previous guests in the car for privacy
10:24
10 minutes, 24 seconds
day. I had a 10-year-old sit in my car and talk about what privacy means to him. And uh it's mind-blowing.
10:33
10 minutes, 33 seconds
It really is. But I guess he's a bit too young for this..
10:36
10 minutes, 36 seconds
Patricia: For this uh ok . Uh the third thing I thought um that was really neat was another
10:43
10 minutes, 43 seconds
initiative we did uh a little bit out of the you know uh trodden path and that is
10:50
10 minutes, 50 seconds
a transparency showcase where we you know as regulators we tend really to focus often because we're are we're
10:59
10 minutes, 59 seconds
about all about compliance and we tend to draw a lot of attention to situations where there's
11:05
11 minutes, 5 seconds
non-compliance. and and trying to um you know pull the lessons out for others to
11:12
11 minutes, 12 seconds
learn from others mistakes. So we tend to focus a lot on mistakes but sometimes you know uh we need to focus on the positive models.
11:20
11 minutes, 20 seconds
Sharon: I love that yes
Patricia: and encourage others not only to learn from mistakes but to learn from good
11:27
11 minutes, 27 seconds
Best in best class examples of how you do transparency well. great submissions from provincial institutions,
11:37
11 minutes, 37 seconds
governments, municipal governments, law enforcement, municipalities and um universities and so we have been
11:47
11 minutes, 47 seconds
very pleased with the uptake and we have created a online 3D virtual gallery
11:55
11 minutes, 55 seconds
where you can go and see each submission in the form of an exhibit just as you would through a virtual museum. You walk
12:02
12 minutes, 2 seconds
through the gallery and you see all these exhibits.
Sharon: This is on your website. I
Patricia: t's on our website.
Sharon: I love that.
12:08
12 minutes, 8 seconds
Patricia: And so it's 3D and you can walk around and read more about Oh, this is interesting. And most importantly, what impacts has had what what has that
12:17
12 minutes, 17 seconds
information or the transparency of that information actually had as an impact, a positive impact on people's on Ontarian's lives.
12:25
12 minutes, 25 seconds
Sharon: I love that you're using this positive reinforcement as opposed to doom and gloom. you want to emphasize, look at the incredible work that people do and
12:34
12 minutes, 34 seconds
motivate others to do great work as well. So, I absolutely love that idea.
12:40
12 minutes, 40 seconds
Thank you so much for sharing that with us.
Patricia: Thank you.
12:46
12 minutes, 46 seconds
Sharon: Thank you. I do feel very um like a big celebrity. Well, I'm like sitting beside the celebrity, so yeah. Um
-
• 6/10/26Carpool Consulting: Privacy Commissioner Edition (Part 1)
0:01
1 second
Sharon: Someone told me that when you go on a road trip, you have a road trip snack that you really like. It's
Patricia: Yes.
0:08
8 seconds
Sharon: Vitamin water.
0:09
9 seconds
Patricia: That's exactly with no sugar. Oh, you found one with zero sugar. Amazing.
Sharon: Well, can I just tell you, Patricia,
0:18
18 seconds
that this was no easy task.
0:21
21 seconds
And I think I got the last one in the city.
Patricia: I love this. It gives me such energy.
0:27
27 seconds
And this is my favorite snack or drink or whatever. That is so nice. Thank you.
0:32
32 seconds
Sharon: Oh, you're welcome. And you know, when my guests come on and I give them a road trip snack, they usually crack it open and they share it with me.
0:41
41 seconds
And I thought, okay, well, I'm not going to ask the privacy commissioner to let me share her bottle of vitamin water. That might be a little weird, right? I mean,
0:48
48 seconds
like, you wouldn't want to share the bottle with me, right?
Patricia: You have a straw?
0:52
52 seconds
Sharon: Um, no, I don't. But I didn't want you to drink vitamin water by yourself. So,
0:58
58 seconds
um, if you don't mind helping me out here, just hold this bottle of water for me. And I have, um, a few vitamins that
1:06
1 minute, 6 seconds
I'm just going to take and then and then we can both have vitamin water and it'll be
1:13
1 minute, 13 seconds
great. Here are all my vitamins. Um, do you just mind cracking that open for me?
1:18
1 minute, 18 seconds
These are vitamins, by the way, so we're going to be okay. This is where the vitamin water comes in. So, excuse me while I You're welcome to drink your vitamin water if you want.
1:29
1 minute, 29 seconds
Patricia: Vitamin water and real life vitamins all going on here in this car.
1:33
1 minute, 33 seconds
Sharon: Yeah. Um Yeah. And then that way we're both feeling energized and and healthy.
1:39
1 minute, 39 seconds
And you know, if I start glowing in the dark, it's okay. Don't worry about it. It's just vitamins.
1:43
1 minute, 43 seconds
Patricia: This is great. I'm going to have such a good day
Sharon: . Um I just have I think five more to go. So, so that should be enough.
1:51
1 minute, 51 seconds
Ever wonder what it's like to sit shotgun with a privacy regulator? Well,
1:57
1 minute, 57 seconds
buckle up and wish me good luck, cuz I'm about to find out. I see one right there. Let's go get her. Hey, need a ride.
2:05
2 minutes, 5 seconds
Patricia: So nice to see you.
Sharon: So nice to see you, too, Commissioner.
Patricia: Oh my goodness. I'm so excited.
2:11
2 minutes, 11 seconds
Sharon: Well, thank you so much for joining me on Carpool Consulting.
2:14
2 minutes, 14 seconds
Patricia: Thank you for having me and taking me out of my regular day to do such a fun outing with you.
Sharon: My pleasure. So,
2:20
2 minutes, 20 seconds
Commissioner, I'm one of
Patricia: You can call me Patricia, by the way.
Sharon: Okay. All right. Thank you. So,
2:25
2 minutes, 25 seconds
Patricia, as Ontario's information and privacy commissioner, uh, for some, that is a very official kind of mysterious
2:34
2 minutes, 34 seconds
role. Can you tell us what do you actually do and and who falls under your watch?
2:39
2 minutes, 39 seconds
Patricia: Okay. Well, first of all, it shouldn't be mysterious, which is a great reason for doing this to explain what I do in
2:46
2 minutes, 46 seconds
very simple terms. And um generally, I am an officer of the legislature. That means I don't report to the government.
2:55
2 minutes, 55 seconds
Uh I along with other officers oversee government and other public institutions, health sector, etc. in
3:01
3 minutes, 1 second
respect of their access to information obligations to make available information to the public to the media
3:08
3 minutes, 8 seconds
on uh matters of of public interest and also on their privacy obligations to ensure that they're collecting using and
3:17
3 minutes, 17 seconds
disclosing and safeguarding personal information of Ontarians.
3:20
3 minutes, 20 seconds
Sharon: Okay, that's a really important role especially in this data driven world.
3:24
3 minutes, 24 seconds
I'd love for you to tell us what are some quirky unexpected things that people may not know about you.
3:31
3 minutes, 31 seconds
Patricia: Oh, that's a good question. One quirky thing is I have terrible sense of direction.
Sharon: You and I both.
3:38
3 minutes, 38 seconds
Patricia: Oh my gosh. Don't ask me to take you anywhere, but I have an amazing quality of judging three-dimensional sizes. So,
3:47
3 minutes, 47 seconds
I'm amazing guesser at the right size Tupperware for leftovers. And I I once
3:54
3 minutes, 54 seconds
told my staff about this and or so many people with the same hidden talent. We're starting like a group.
3:59
3 minutes, 59 seconds
Sharon: Patricia, you've had an incredible career. You Are a lawyer of course, including being a privacy commissioner, you are in health, you were in ethics,
4:08
4 minutes, 8 seconds
you're in AI, you've touched it all. If you were not in the privacy and legal space, what would you do?
4:17
4 minutes, 17 seconds
Patricia: I've always wanted to be a jeweler., yeah. To craft like original jewelry.
4:22
4 minutes, 22 seconds
Not necessarily the most expensive or exquisite, but natural stones, and I've always admired jewelers.
4:30
4 minutes, 30 seconds
Sharon: Okay , I do want to turn to Bill 194.
Patricia: Bill 194 has two parts.
4:37
4 minutes, 37 seconds
One part is about introducing a framework for future regulations on AI, cyber security, and digital
4:45
4 minutes, 45 seconds
technologies affecting youth and children.
And then the second part is about modernizing the provincial public sector law, right? We call it FIPPA. As
4:55
4 minutes, 55 seconds
you said, it it amends FIPPA for provincial institutions, but unfortunately did not amend the
5:01
5 minutes, 1 second
municipal equivalent of uh MFIPPA. So, municipal institutions are not covered
5:08
5 minutes, 8 seconds
by this yet. I say yet because it's my continuing hope that the same provisions in bill 194 will eventually make their way into MFIPPA as well.
5:19
5 minutes, 19 seconds
Sharon: Can I ask you a question just before you move on? Why didn't it impact MFIPPA? Why is it why was it just FIPPA?
Patricia: I think you need to ask government that.
5:28
5 minutes, 28 seconds
I also I mean what I understand is that they wanted more time to consult with
5:35
5 minutes, 35 seconds
municipal institutions um before imposing new obligations on them which is fair you know as long as they carry
5:43
5 minutes, 43 seconds
through you know and uh and and have those consultations. Soon uh we come up with uh a version of MFIPPA amendments
5:53
5 minutes, 53 seconds
that is well-suited for the municipal sector and that is aligned with the changes in bill 194. So the main changes
6:02
6 minutes, 2 seconds
In Bill 194 are provincial institutions now have to um do PIA
6:11
6 minutes, 11 seconds
before they collect personal information for new uh initiatives and that was
6:19
6 minutes, 19 seconds
always an aspect of safeguarding obligation but now it's explicit in the law so we're very happy about that and
6:28
6 minutes, 28 seconds
it'll encourage that upfront thinking to make sure that you know they're designing new projects and initiatives
6:36
6 minutes, 36 seconds
with privacy in mind and mitigating against privacy risks and we as a data
6:43
6 minutes, 43 seconds
regulator the IPC we could ask to see the PIA right so
Sharon: What situations would you ask an agency
6:52
6 minutes, 52 seconds
to see their PIA
Patricia: There's a couple one is if something goes wrong um then we get a complaint or there's a
7:00
7 minutes
breach or we might want to see the PIA and what was the conceptual thinking that led up to such and such a a design
7:08
7 minutes, 8 seconds
and ha has the institution really thought through and done the due diligence.
7:14
7 minutes, 14 seconds
Um so that's one. Another is institutions sometimes come to us and ask us for advice. We have a an advisory
7:22
7 minutes, 22 seconds
function as well and they may want to set a you know new precedent setting uh
7:29
7 minutes, 29 seconds
initiative and come to us for some advice on how they can do it in a privacy protective way. In those situations we'll say well show us your
7:36
7 minutes, 36 seconds
PIA your thinking so far and we'll give you comments.
7:40
7 minutes, 40 seconds
Sharon: Would you do that in every situation? So anytime someone comes to you with a PIA that's a lot of work a lot of free work.
7:50
7 minutes, 50 seconds
Patricia: You know cuz you consult on that so you know how many there are. No, we we really um focus on uh initiatives that
7:59
7 minutes, 59 seconds
are novel that are precedent setting that are high risk..
8:03
8 minutes, 3 seconds
And that we can invest our time and our resources in in order to set a hopefully a positive path for others to follow.
8:14
8 minutes, 14 seconds
Sharon: part of schedule two that was just just enforced July 1st was the mandatory breach reporting. We see it under PIPEDA.
8:24
8 minutes, 24 seconds
Uh I I think that the bill borrowed the real risk of significant harm threshold from PIPEDA use it in bill 194. So what
8:33
8 minutes, 33 seconds
are your expectations of agencies reporting to your office? Now,
8:38
8 minutes, 38 seconds
Patricia: On July 1st, uh, my great team has put up on our website a landing page on everything people need to know about bill 194 that explains the changes,
8:48
8 minutes, 48 seconds
including PIAs and breach notification and uh our expectations on uh how to
8:57
8 minutes, 57 seconds
notify when and how to notify our office in the event of breaches. um we've updated all of our previous breach
9:04
9 minutes, 4 seconds
guidance so it's all up there and so it's um it's important and timely and I'm happy
9:12
9 minutes, 12 seconds
about it because sometimes you know uh institutions would tell us about a breach but kind of
9:21
9 minutes, 21 seconds
haltingly or say well you know we're just telling you out of courtesy and then we'd say okay and then we'd want to work with them and then you'd kind of
9:29
9 minutes, 29 seconds
shut down and say no no no this was just a courtesy call. We're under no obligation.
Sharon: And right cuz there because it wasn't mandatory.
9:35
9 minutes, 35 seconds
Patricia: It wasn't mandatory. So I think this is good because it's clear that it is mandatory and that we can get notified
9:44
9 minutes, 44 seconds
earlier because it there is a time element in there. It has to be done as soon as feasible and uh we can work together with them on the breach response.
9:53
9 minutes, 53 seconds
Sharon: Once it's reported to your office,
9:55
9 minutes, 55 seconds
what's the first thing that the agency can expect?
Patricia: First, we always encourage them to fill out a breach notification
10:03
10 minutes, 3 seconds
form. And that's important because it's it's a step-by-step process that gets them to really think through deliberately
10:10
10 minutes, 10 seconds
all the relevant facts uh in order for us to be able to assess the risks. Second, our team is very
10:18
10 minutes, 18 seconds
proficient on the list of follow-up questions. So we have a very well-used
10:25
10 minutes, 25 seconds
and trodden list of of questions that we will follow up with and ask for more details on uh certain aspects. Answering
10:34
10 minutes, 34 seconds
those questions is again just one step further in fleshing out all the facts that we need to know in order to be able to assess.
10:43
10 minutes, 43 seconds
Sharon: Is that follow-up list available for the public?
10:46
10 minutes, 46 seconds
Patricia: Certainly the breach notification form has it all. it's public and uh the the followup sometimes is what's not on the form. So, it's customized in every case.
10:56
10 minutes, 56 seconds
A vast majority of breaches reported to our office and even more so now with Bill 194 get resolved at what we call early
11:05
11 minutes, 5 seconds
resolution. You know, they they work with the institution as I said to contain, investigate, notify and remediate and most cases and vast
11:14
11 minutes, 14 seconds
majority as I said are resolved at that point. Um, sometimes there's a clo, like in every case there's a closing letter.
11:21
11 minutes, 21 seconds
Sometimes we publish the closing letter because, you know, it's a good educational story for others.
11:28
11 minutes, 28 seconds
Um, in cases where it doesn't go so well because there's not agreement to do XY Z or we discover that there's a lot of
11:38
11 minutes, 38 seconds
remediate remedial steps that need to be taken and that are going to take time or we don't get agreement from the institution at first. Then we'll open an
11:47
11 minutes, 47 seconds
investigation and that's where we go much deeper in terms of you know um
11:54
11 minutes, 54 seconds
seeking submissions, interviews, uh analyzing documents, systems etc. And in that case we publish a report. Now,
12:04
12 minutes, 4 seconds
under Bill 194, if I may, the third big change is that that investigation
12:11
12 minutes, 11 seconds
process that we used to always do um is now laid out in the law explicitly.
12:18
12 minutes, 18 seconds
Before we used to do it, but it was based on a very nebulous provision in our act that
12:25
12 minutes, 25 seconds
allows us to report to the legislature on matters of risk. And the courts have said, well, that gives you a, you know,
12:31
12 minutes, 31 seconds
the mandate to investigate. But it really wasn't in the law anywhere. There was no regime. There was no explicit powers.
12:39
12 minutes, 39 seconds
There was no steps. There was no And now Bill 194 thankfully lays out a whole investigative regime with investigative powers and order-making powers.
12:51
12 minutes, 51 seconds
So for the rare cases I'm happy to say where institutions don't want to you know follow our recommendations on how
13:00
13 minutes
to remediate for instance following a breach we can now order them to do something or to stop doing something
13:06
13 minutes, 6 seconds
Sharon: With Bill 194 I can imagine that there's going to be an influx of work within your office currently. how many breaches
13:14
13 minutes, 14 seconds
are reported before July 1st and what do you expect after July 1st and how are you going to handle all of that?
13:23
13 minutes, 23 seconds
Patricia: We had to think about that um and we did our research of other jurisdictions uh that got breach mandatory breach
13:32
13 minutes, 32 seconds
reporting as part of their legislative reforms including Ontario under PHIPA..
13:38
13 minutes, 38 seconds
Uh as you know breach reporting mandatory breach reporting came into effect I think 2018.
So in all of those instances, we went back either in our
13:47
13 minutes, 47 seconds
case to uh our own records or we asked our FBT colleagues. And in all instances
13:54
13 minutes, 54 seconds
it was uh at least a doubling of breach reports from the time it was
14:01
14 minutes, 1 second
voluntary to the year it became mandatory.
Sharon: So, Commissioner, if school boards accidentally post student health
14:10
14 minutes, 10 seconds
records on a public website, if the ministry rolls out an a data sharing initiative without doing a PIA, uh when
14:19
14 minutes, 19 seconds
someone replies all which includes an attachment with millions of people's personal information, I just want you to
14:28
14 minutes, 28 seconds
know that you can shine this signal and I will come running to you
14:33
14 minutes, 33 seconds
[Music]
14:39
14 minutes, 39 seconds
[Applause]
14:41
14 minutes, 41 seconds
[Music]
-
• 5/26/26Carpool Consulting Carwash with Mike Branch from Geotab
0:00
0:01
1 second
Sharon: A traffic jam is like privacy because
0:08
8 seconds
Mike: you have to stunt me on that one. Eh a traffic jam is, Do you have an answer to this? You do, don't you? There's a It's a little
0:15
15 seconds
I don't know, Sharon. Why is a traffic jam
Sharon: I'm not telling you, You have to come up with it on your own. I'll let you think about it. How about that?
Mike: Okay. Um
Sharon: You think
0:23
23 seconds
about it while I drive us to the car wash. My next guest is Mike Branch from Geotab. Mike is VP of data and
0:32
32 seconds
analytics. Geotab is one of the greatest telematics companies ever. He also helped to launch an AI assistant for Geotab,
0:41
41 seconds
making fleet data a lot more accessible and transparent. I see him. Let me get him in the car. Hey, need a ride?I
0:48
48 seconds
Mike: I think I might. I think I might.
Sharon: Come on in. Let's do this.
Mike: Thank you.
Sharon: What is Geotab? What do you guys do?
Mike: We're a connected vehicle platform. So, uh, if
0:56
56 seconds
you want to know anything about your vehicle as a fleet, ever if you're harsh braking, if you're speeding, um, if there's a problem with the battery in
1:03
1 minute, 3 seconds
your car, all that kind of stuff, we connect up to the OBD port in your vehicle. That little plug that's usually the side of
I don't think you have a Geotab device in here. It doesn't look like it, but you should
Sharon: No I dont, . But, well,
1:13
1 minute, 13 seconds
well, after this episode, I may. Maybe I have now a connection.
Mike: Yeah. Exa Exactly. And, and so we help fleets across the whole globe, giants, uh, Giants like
1:20
1 minute, 20 seconds
UPS and PepsiCo all the way through to mom and pop shops. Um, you know, we have over 4.7 million connected vehicles
1:29
1 minute, 29 seconds
across the globe. So, we're managing all that data at scale, helping them uh drive down collisions, helping them reduce downtime, helping them reduce emissions. Transition to EV is a big thing
1:37
1 minute, 37 seconds
Sharon: Okay. So, Mike, I I know that you have a lot of really good information about your industry, about telematics,
1:48
1 minute, 48 seconds
about what you can do with this information. Like, give me the top secrets. Like, I know everyone just
1:55
1 minute, 55 seconds
wants to hear all the juicy juicy details. Tell us everything.
Mike: Oh, you want to hear everything?
Sharon: I want everything.
2:02
2 minutes, 2 seconds
But but the good stuff. Like the juicy stuff.
Mike: The juicy stuff. All right. Here we go. Okay. So, here.
Carwash Noise
2:18
2 minutes, 18 seconds
Sharon: That was amazing. And I'm really glad my viewers got to hear that directly from your mouth. Mike: Not too many people know this story, Sharon.
2:29
2 minutes, 29 seconds
Sharon: Wow. So, this segment is called Yay or Nay. Okay.
So, is it smart safety or
2:37
2 minutes, 37 seconds
surveillance overkill? So, your telematic system alters your fitness app every time you visit a fast food drive-thru?
2:47
2 minutes, 47 seconds
Mike: hohoho Absolutely. Nay. Nay.
Sharon : Really?
Mike: Yeah.
Sharon: Why?
2:51
2 minutes, 51 seconds
Mike: Well, you know what? I wouldn't want my um telmatic system to know anything about my fitness. Those two worlds
2:57
2 minutes, 57 seconds
should not be intertwined. Uh unless
Sharon: what if it helped your fitness?
Mike: I mean,
3:03
3 minutes, 3 seconds
Sharon: it could it could be a good thing
Mike: It it could be a good thing, but you need a proper consent. You want that to happen. But I would say if
Sharon: You're very responsible
3:10
3 minutes, 10 seconds
Mike: Absolutely.
Sharon: Yes. I mean, you're you're in the business of being responsible.
3:14
3 minutes, 14 seconds
All right. Next one. Your parents get a notification every time you break hard.
3:18
3 minutes, 18 seconds
Even if you're 42 years old and paying off a mortgage, yay or nay?
Mike: I would say yay as long as there’s consent. Like I you know
3:25
3 minutes, 25 seconds
what? Specifically, if it was for my kids uh and I had a device in the vehicle, I want to know that they're they're driving. Well, if and
Sharon: What if
3:33
3 minutes, 33 seconds
they're 42 years old?
Mike: They're 40 years old and and they consent, then fine. But I I can't imagine many 42 year olds
3:41
3 minutes, 41 seconds
consenting with that.
Sharon: Exactly.
All right. Your seat detects crinkling chip bags and asks if you prefer apple slices
3:49
3 minutes, 49 seconds
instead. Yay or nay?
Mike: Uh, that's that's a nay. That's a huge invasion of privacy there. I think
Sharon: really that you like
3:57
3 minutes, 57 seconds
Chips.
Mike: But that it's detected the fact that I've got, you know, this these chips on the and and then I say, "Hey,
4:04
4 minutes, 4 seconds
you should you should have a fruit instead."
Sharon: Yeah. That's a good thing.
Mike: It is a good thing.
Sharon: Maybe having fruit will will waken you up and you can drive
4:11
4 minutes, 11 seconds
better.
Mike: Yeah. Right. I still think I still think they get a lot of nays here. I'm probably a little bit more responsible than you
Sharon:. I
4:19
4 minutes, 19 seconds
think you're too responsible.
Your telematics logs every time you honk,
4:23
4 minutes, 23 seconds
rates it on justified or petty, and sends you a monthly summary. Yay or nay?
4:29
4 minutes, 29 seconds
Mike: I I kind of think yay to that. I think so. Um
Sharon: I think so, too. Yeah.
Mike: You could pick up some. There might be some aggressive behaviour there that is
4:38
4 minutes, 38 seconds
unwarranted, right?
Sharon: That's right. And then you get a summary and you learn.
4:41
4 minutes, 41 seconds
Mike: Yeah. You get a summary. You learn from that as she comes into your app. Right.
4:44
4 minutes, 44 seconds
Sharon: Exactly. Last one. If you cut someone off or speed, your car sends an apology tweet on your behalf saying, "Sorry,
4:53
4 minutes, 53 seconds
that's on me. I'm working on being better." Yay or nay?
Mike: Oh, yay. Yay. And uh it should uh maybe give them a little
5:02
5 minutes, 2 seconds
gift certificate to Tim Horton at the same time. Starbucks. Come on.
Mike: Starbucks.
Sharon: Yeah. Uh well, again.
5:09
5 minutes, 9 seconds
Okay. So, first of all, congratulations.
5:12
5 minutes, 12 seconds
I know you are a, Geotab won the Picasso award about a year ago or so
Mike: We did we did, very excited
Sharon:. So,
5:18
5 minutes, 18 seconds
congratulations. Which means that you're obviously doing something really well with privacy. So, explain to me with the
5:25
5 minutes, 25 seconds
data that you're collecting, uh, what personal information are you collecting that you're even thinking about privacy?
5:31
5 minutes, 31 seconds
Mike: Uh, you know what, a lot of people don't think about that right away cuz they think, oh, you're, you know, your personal information is your credit card information, right? It's your healthcare
5:38
5 minutes, 38 seconds
information. Uh but uh your vehicle lays a bit of a track, right? So uh your
5:45
5 minutes, 45 seconds
vehicle driving habits if you're coming from home to work every single day,
5:48
5 minutes, 48 seconds
there's a pattern in that data and uh that pattern can divulge a little bit about you uh from a privacy perspective.
5:56
5 minutes, 56 seconds
So that is the geospatial element is the biggest concern for us when it comes to privacy. Um you know there's other pseudo identifiers like VIN as well too.
6:05
6 minutes, 5 seconds
Yeah. Where it's traveling. Um that's that's our biggest um risk area.
Sharon: If you're a fleet company, isn't that the information that you want to collect?
6:14
6 minutes, 14 seconds
Mike: That's exactly it. And there in lies a conundrum, right? You you absolutely need that data to do your business. Um but you have to also give privacy
6:22
6 minutes, 22 seconds
measures to the fleet uh to allow them to turn off um uh GPS data whenever somebody's in say like a personal mode.
6:30
6 minutes, 30 seconds
For us, it's really important to uh to understand if we're dealing with uh data that might be personal or not. Um and
6:39
6 minutes, 39 seconds
you know, you have a driver that works for a company, they may take that vehicle home. You shouldn't be tracking the data that is in that kind of personal mode. Um and so as we're
6:47
6 minutes, 47 seconds
developing new data and insights for a lot of our customers, we can't be doing it based on a lot of this personal data.
6:53
6 minutes, 53 seconds
But to your point, absolutely our customers want to know where their vehicles are. It helps for routing,
6:59
6 minutes, 59 seconds
right? helps for uh a whole series of things. They couldn't run their business if they didn't have that GPS data.
Sharon: Are you using that data for any other
7:07
7 minutes, 7 seconds
purpose or sharing that data for insights for other organizations or municipalities or anything like that?
7:14
7 minutes, 14 seconds
Mike: Yeah, we believe that you know there's certainly um a whole host of reasons that you can use this data for that can really benefit society.
Um you know we
7:23
7 minutes, 23 seconds
recently did our platform Altitude which we take all this data privacy compliant and made it available um for municipalities to look at you know areas
7:32
7 minutes, 32 seconds
and cities where there's congestion and where you might look at better planning for uh for freight. Um we did a study with uh on the Gardener Expressway which
7:40
7 minutes, 40 seconds
as we're all familiar with you know there's three lanes in uh three lanes out and now construction has been done and you've got two lanes in two lanes
7:47
7 minutes, 47 seconds
That has a huge impact on uh on productivity in the whole city. And so as a result of some of the study we did
7:55
7 minutes, 55 seconds
to show that impact it was able to bring down the construction time. So I think another $73 million was put um into that
8:03
8 minutes, 3 seconds
project to bring down the time. But you can't do that without privacy compliant data. And that's why I always say like not all GPS data is is created equal.
8:11
8 minutes, 11 seconds
Sharon: Yeah. So what do you mean by that?
Mike: So you could you could slam on your brakes at an intersection. A whole bunch of people do that. You want to be able to understand is that a dangerous
8:20
8 minutes, 20 seconds
intersection or not. Um and that is an okay use. You're not divulging private data at that point if it's happening from multiple vehicles in a common area.
8:30
8 minutes, 30 seconds
Dangerous driving. But you don't want to start divulging things like Mike drove from his home to the office every single day.
There was that New York Times
8:39
8 minutes, 39 seconds
expose. It was, do you remember that? It was like one data set, zero trust. And so in that data set, what they exposed was individual vehicle driving patterns.
8:50
8 minutes, 50 seconds
Sharon: Okay.
Mike: And he was able to very clearly see when somebody was um going to maybe change their job. They went from their home to Microsoft, home to Microsoft,
8:59
8 minutes, 59 seconds
then they went home to Amazon, then home to Microsoft. you could see that that pattern dulged information that it that
9:06
9 minutes, 6 seconds
it shouldn't.
Sharon: So Mike, I understand you were instrumental in launching the um ACE platform, which is Geotab's AI
9:14
9 minutes, 14 seconds
assistant.
Tell me about it.
Mike: Our our theory was if we launched ACE um that a lot of our fleet customers want to just be able to ask a question about their
9:23
9 minutes, 23 seconds
vehicles or their fleet cuz you're you have this data deluge, right? So you got these dashboards every which way. Um,
9:30
9 minutes, 30 seconds
you know, we're streaming 100 billion data points a day into our ecosystem.
9:34
9 minutes, 34 seconds
Sharon: God that’s crazy
Mike: a hundred billion with a B and uh we have got 55,000 you know customers across so many different verticals.
So to be able to
9:42
9 minutes, 42 seconds
create this oneizefits-all dashboard for everyone doesn't really make sense. So similar to chat GPT like can I ask a question about my fleet and have it give
9:50
9 minutes, 50 seconds
me the answer and that was the theory and and so when we ran some initial tests with customers they love this this idea right being able to ask you know
9:58
9 minutes, 58 seconds
who are my safest drivers you know um uh do I have a problem with you know any of my vehicles um batteries just anything
10:05
10 minutes, 5 seconds
you could think about for your fleet ask it
Sharon: I imagine though with any generative AI tools there are risks never
10:14
10 minutes, 14 seconds
Sharon: Never. Wow. I think everyone needs to come to you and figure out what you
Mike: Absolutely. We made, you know, AI that never hallucinates.
Sharon: So,
10:23
10 minutes, 23 seconds
how do you make it responsible? Tell me about it. What was your journey?
Mike: The whole concept of responsible is, I think, an interesting one cuz there's so many different kind of facets to it. So,
10:32
10 minutes, 32 seconds
you want to make sure that it doesn't go off on a tangent, right, and answer questions that it it it really shouldn't. So, we've done a lot of
10:41
10 minutes, 41 seconds
training there is it can't answer a question like, "Who should I fire?" it can or it can’t.
Sharon: Okay. Okay. It cannot.
Mike: Um and we have to make sure that that it
1
0:50
10 minutes, 50 seconds
doesn't, right? And so we implement a whole series of things like red teaming.
10:54
10 minutes, 54 seconds
So we've got um a small team of folks uh at the uh at the office who will go in and try to debunk it, right? And try to
11:01
11 minutes, 1 second
trick it into giving it.
Sharon: This is like their full-time job.
Mike: This is pretty much their full-time job
Sharon: That’s amazing
Mike; . Yeah. Um
Sharon: how do you get a job doing that?
Mike: It's pretty cool,
11:09
11 minutes, 9 seconds
Right?
Sharon: Yeah
Mike: It takes because it takes a little bit of understanding what's going on behind the hood and some creativity as well too. Um, so we're looking at ways to automate that a little bit more,
11:20
11 minutes, 20 seconds
which would be really interesting.
11:22
11 minutes, 22 seconds
Um, but yeah, it can't answer things like that. It can't answer things that are completely off base as well. We've had people ask it, you know, uh, who's going
11:29
11 minutes, 29 seconds
to win the World Series? Sorry, I'm a fleet data science uh, agent. I can't answer these kinds of things. Sharon: So, it's okay.
11:37
11 minutes, 37 seconds
So I know a lot of our viewers are thinking about AI. They are thinking about implementing AI and they are also
11:44
11 minutes, 44 seconds
hearing a lot of buzzwords like responsible AI. So what advice would you give them if they're just getting
11:52
11 minutes, 52 seconds
started um and they want to do the right thing? They may not know how to do the right thing.
Mike: I I think a lot of it is a people thing uh to begin with. You have to buy in throughout the organization.
12:02
12 minutes, 2 seconds
So you know we created a responsible AI policy, right? And that grounds how you make a whole series of decisions going
12:09
12 minutes, 9 seconds
forward. Uh so you have to come together as a leadership team because you can have a policy that's drafted but if you don't have full buy in throughout the organization it's not going to really go
12:18
12 minutes, 18 seconds
Anywhere.
Sharon: Where is it? It's on your website.
Mike: It's on our website. You look up Geotab.com and look up responsible AI policy and you'll you'll find it in there. Ad we also have some tips and tricks of what we did for Geotab ACE.
12:28
12 minutes, 28 seconds
There's a whole document in there shows how we apply a responsible uh AI policy in the implementation uh of ACE. So I
12:35
12 minutes, 35 seconds
encourage all the viewers to go check it out.
Sharon: Check it out. Um so someone told me
Mike: Okay
Sharon: That you um you like uh
12:45
12 minutes, 45 seconds
Chocolate-covered almonds.
Mike: Oh yeah.
Sharon: Uh when you go on a road trip.
Mike: 100% I do.
12:51
12 minutes, 51 seconds
Sharon: So here you go. Feel free to bust it open. We are on a road trip after all.
12:55
12 minutes, 55 seconds
Mike: All right. Like I can do this now.
Sharon: You can totally do this now if you want.
12:59
12 minutes, 59 seconds
Mike: Sharon, I mean, you've given me something here that I'm absolutely going to,
Sharon: but you know, you have to share.
13:04
13 minutes, 4 seconds
Mike: 100%. What do you think I am? Here you go. There you go. You get the first one, too.
Sharon: Aw, thank you. All right.
Mike: Awesome.
13:16
13 minutes, 16 seconds
That's a great question. Who's a better driver? My me or my wife?
Sharon: Oh, do you both have Geotab devices in your vehicles?
Mike: Uh, we don't, but I but I have
13:24
13 minutes, 24 seconds
to get one in on her vehicle. I have it on mine. I don't have it on hers yet. So we can So we can So I can So I can ask it in her time.
Sharon: Maybe she doesn’t want it in her car, She doesn't want you to track her.
Mike: So I can ask Ace that question.
-
• 5/25/26Carpool Consulting - Employees and Porn!
0:00
[Music]
0:01
1 second
Sharon: it's highly embarrassing um to be monitored when you're going to look at porn
Lauren: sounds like you have experience with this
0:10
10 seconds
Sharon: I do not have
0:22
22 seconds
experience
Ross: getting like loosened up are we
Sharon: we loosen yeah okay feeling good all right. so guys here's the situation we
0:30
30 seconds
have a client we work closely with the security team they're actually wonderful
0:36
36 seconds
and it came out that they're looking at who's going on various websites that
0:45
45 seconds
they should not be going on and the topic of porn came up
0:56
56 seconds
Lauren: How did it come up did it come up when they like actively monitoring
Sharon: their security
1:02
1 minute, 2 seconds
lead was actively looking at who is going on prohibited websites
Ross: it's not
1:10
1 minute, 10 seconds
unheard of though because you know part of the protections is actually looking at repeat offenders and
1:19
1 minute, 19 seconds
things like that so you've got to have some sort of discipline there I guess
Lauren: but is it necessary to sit there and watch what everyone's doing like we no
1:27
1 minute, 27 seconds
Ross: Well that's a fair point that's probably not what you should be doing
Sharon: well I mean okay so the issue that I had
1:33
1 minute, 33 seconds
with it was that he knew exactly which employee was going on what site um and
1:43
1 minute, 43 seconds
my concern was that these employees have no idea that they're being monitored and
1:50
1 minute, 50 seconds
it's highly embarrassing um to be monitored when you're going to look at porn
1:57
1 minute, 57 seconds
Lauren: sounds like you have experience with this shit
Sharon: I do not have
2:04
2 minutes, 4 seconds
experience.
okay so as a uh security professional within a company are you
2:11
2 minutes, 11 seconds
allowed to look at which websites your employees are going on or at least
2:19
2 minutes, 19 seconds
trying to go on
Ross: providing that there is you know correct notice and that it's perhaps in your employment contract that
2:27
2 minutes, 27 seconds
you've got security aspects of it like that. In all honesty I think if you're employed by a company in a lot of ways you know you shouldn't expect that
2:35
2 minutes, 35 seconds
degree of privacy on a company-owned piece of equipment. I think personal equipment just gets a whole lot hazier but company owned equipment you know I I
2:44
2 minutes, 44 seconds
wouldn't be wanting to go on porn and things that I shouldn't be going on to on company owned equipment, and I think I should expect that someone would monitor
2:51
2 minutes, 51 seconds
it but that's maybe me coming from the security background. I I think it's it's fair providing those notice
Lauren: there has to be noticed
Sharon: right so like what kind of
2:59
2 minutes, 59 seconds
notice cuz what is sufficient notice
Lauren: are they in Ontario cuz then they if it's above 25 employees they need a policy
3:07
3 minutes, 7 seconds
employee employe monitoring policy
Ross: I think you know as much as there's notice in email I don't think that's necessarily effective because of exactly
3:15
3 minutes, 15 seconds
what you're saying. But if it's in even in your employment contract that like okay here's the deal as to what happens
3:22
3 minutes, 22 seconds
as as part of your employment here maybe that's our first point of notice um but yeah speaking to Lauren's point employee
3:30
3 minutes, 30 seconds
notice policies that actually detail this
Sharon: but I mean if those websites are already blocked you cannot actually go on.
3:38
3 minutes, 38 seconds
You can attempt to but you can't then do you still need to Monitor and attempt to go on something that you can't
3:46
3 minutes, 46 seconds
actually even browse or go on
Lauren: so hang on he was monitoring just people are attempting
Sharon: yes
3:54
3 minutes, 54 seconds
Lauren: I'm to someone they may do something wrong
Ross: no it's not that it's not that they may do something wrong like they
4:01
4 minutes, 1 second
are actively trying to get to a a blocked site but like you know once or twice is an accident um more than that
4:10
4 minutes, 10 seconds
is deliberate and when you're starting to deliberately do this or you start looking at trends of someone going to multiple sites that they shouldn't be going to that then I think is a security
4:20
4 minutes, 20 seconds
thing that the company should look at
Lauren: but would that person still be attempting if they knew they were being monitored? I think that's also the we
4:28
4 minutes, 28 seconds
can't just decide things on based on what's wrong or what we feel is like morally incorrect we've got to break it
4:36
4 minutes, 36 seconds
down into what's allowed in privacy legislation and otherwise.
Ross: like I think there's ways and means of doing it cuz I
4:43
4 minutes, 43 seconds
mean it's also it's what would be very subversive is if you were monitoring and still allowing people to get to the
4:50
4 minutes, 50 seconds
Lauren: sites like um like entrapment
Ross: yeah whereas like this at least would show a screen saying you know you're not going
5:00
5 minutes
To the site surprise you please see
5:06
5 minutes, 6 seconds
HR I personally think that on a reactive side like if someone is frequently doing this then it should be I don't think it should be actively monitoring, like Hmmmm
5:15
5 minutes, 15 seconds
where is Jimmy going today um I think it would be you know okay well this user has reached a threshold of 16 blocked
5:23
5 minutes, 23 seconds
sites in the last 24 hours what do you want to do
Lauren: if only you could have a policy that said to employees don't be Dumb we won't be
5:31
5 minutes, 31 seconds
creepy
Ross: I love that I think we should title our policy that
Sharon: very creative
Ross: don't be dumb we won't be creepy I like it
5:39
5 minutes, 39 seconds
Sharon: Speed Bump
Lauren: whoa these are the guard rails just stay within them don't do anything that you wouldn't want your mom knowing
5:47
5 minutes, 47 seconds
that you're doing
Sharon: all right I think that solves the problem
so if uh if you're an employee
5:55
5 minutes, 55 seconds
going on some porn sites on company devices don't be an idiot just don't do
6:03
6 minutes, 3 seconds
it if you
Lauren: that's a professional
Sharon: great Consulting
Ross: use a
6:12
6 minutes, 12 seconds
VPN
Sharon: and then if you are the employer monitoring your employees just give
6:19
6 minutes, 19 seconds
notice man right yeah
Ross: set the expectations yeah
6:29
6 minutes, 29 seconds
Sharon: Ross are you monitoring us
Ross: not yet
Sharon: um okay
-
• 5/27/26Carpool Consulting - Cyber Insurance with Kyle Nichols
0:01
1 second
Kyle: a hacker will hack into their thermostat their IOT thermostat and they will crank up the heat and lock the owner out and
0:08
8 seconds
they will say if you don't get us
Sharon: Oh my God
Kyle: uh you know a Bitcoin or some sort of digital currency ransom payment we're going to
0:17
17 seconds
cook your house, yeah.
0:28
28 seconds
Sharon: Okay so my next guest is a managing director at-risk Strategies. He's worked in the insurance industry for 25 years
0:37
37 seconds
um and I see him so let's go see if we can get him in the car. Hey, you need a ride
0:45
45 seconds
ride
Kyle: hey Sharon fancy running into you
Sharon: how are you
Kyle: in my neighborhood
Sharon: very nice to see you
Kyle: or your neighbor our neighborhood
0:53
53 seconds
Sharon: both our neighborhood and I have a ton of questions for you
Kyle: fire away
Sharon: Can you tell us what cyber insurance is
Kyle: Cyber insurance is a policy that comes with a
1:03
1 minute, 3 seconds
suite of services to protect companies and individuals from cyber threats
Sharon: okay
1:10
1 minute, 10 seconds
Kyle: from hackers extortions accidental um release of information data all that
1:18
1 minute, 18 seconds
good stuff um and they have a component of first party. So if there's a claim they write a check to you or third
1:25
1 minute, 25 seconds
parties who who if they write a check it goes to not you, it goes to the Third third party who was injured or uh had
1:32
1 minute, 32 seconds
the claim happen against them
Sharon: so when we're talking about cyber Insurance most people think oh a cyber security
1:40
1 minute, 40 seconds
incident occurred
Kyle: right
Sharon: would it still apply to something that was a privacy incident ? I'm talking more like um misuse
1:49
1 minute, 49 seconds
of personal information by the company that was collecting it
Kyle: oh sure, yeah
Sharon: so would that be covered through cyber Insurance
1:56
1 minute, 56 seconds
Kyle: there are coverage grants that allow for, to protect the company against such accidental releases
Sharon: okay
Kyle: uh for sure i
2:05
2 minutes, 5 seconds
Sharon: If you wanted to get Cyber Insurance do you need to prove anything to the insurance company like walk me through it
Kyle: yeah the
2:12
2 minutes, 12 seconds
privacy posture the IT security landscape with and how the company operates uh are all looked at. How do you
2:20
2 minutes, 20 seconds
handle and treat uh sensitive information uh do you have like when I say clean desk policy, it's like hey at night like where are these files going
2:28
2 minutes, 28 seconds
that contain private information
Sharon: Right, okay they do like an assessment on you to determine you know whether you're worthy
2:36
2 minutes, 36 seconds
of insurance like how does that work
Kyle: Yeah it's kind of like uh going to Canada's Wonderland you have to be this tall to ride
Sharon: okay yeah thanks I know what you're
2:45
2 minutes, 45 seconds
trying to do, I know most of you don't know but I am very sure, so thanks for trying to bring that in Kyle
Kyle: no problem
2:54
2 minutes, 54 seconds
no problem
Sharon: That was rude
Kyle: we go way back so we're fine
Sharon: yeah you have to be worthy of getting cyber insurance. Why is that?
3:02
3 minutes, 2 seconds
It used to be really simple
Kyle: yeah uh we've seen an a lot of losses take place
3:08
3 minutes, 8 seconds
and insurance companies act on data so when they have all this information then they can start underwriting for it
Sharon: okay
3:17
3 minutes, 17 seconds
Kyle: and asking those questions and then as you go into more what I would say crucial Industries like healthcare
3:25
3 minutes, 25 seconds
technology data center type stuff um the underwriting gets uh pretty significant and so you do need, if I can do a little plug here, you do
3:34
3 minutes, 34 seconds
need a broker who understands what is required in those Industries in order to get insurance but also get the best
3:43
3 minutes, 43 seconds
insurance most appropriate insurance and the right cost coverage and limit in place
Sharon: right
Kyle: very shameful plug
Sharon: very shameful. Well okay all this talk is
3:51
3 minutes, 51 seconds
getting me hungry and someone told me that when you're on a road trip you like team McDonald's Kyle: yeah I do
Sharon: all right um
3:59
3 minutes, 59 seconds
so we're we're at McDonald's um hi there what can I get you
Kyle: small coffee small fries
Sharon: That's it
Kyle: That's it
Sharon: What about Big Mac
4:07
4 minutes, 7 seconds
Kyle: no way
Sharon: can we have extra ketchup
Mcdonalds: ketchup on the side
Sharon: yes please did she just ask me if I want a ketchup on the side
Kyle: yeah
Sharon: what what's my other option
4:16
4 minutes, 16 seconds
ketchup on my fries? do they do that?
Kyle: no I no they
Sharon: then why did she ask me that
Kyle: I don't know
Sharon: that seems like a useless.
4:23
4 minutes, 23 seconds
question kind of a waste of time do insurance companies ask useless questions what what what one useless
4:30
4 minutes, 30 seconds
question does an insurance company ask I know they do this for sure
Kyle: um I mean I'd like to say that all the questions have
4:37
4 minutes, 37 seconds
a meaning behind them
Sharon: okay pretend none of your insurance friends are watching this
Kyle: don't worry none of them will watch this. I think sometimes they ask.
4:46
4 minutes, 46 seconds
questions to to get more information around the company that might appear as being useless but they always have a
4:54
4 minutes, 54 seconds
have a they don't ask questions that don't have a meaning behind them
Sharon: so there's always a reason
Kyle: there's always a reason okay
Sharon: uh oh you're paying
Kyle: I'll pay
5:03
5 minutes, 3 seconds
oh thank you okay
Kyle: it's the most I can do
Sharon: what's what's your password
Kyle: uh yeah password is
Sharon: no no okay
Kyle: I'm now insurable
5:12
5 minutes, 12 seconds
Sharon: yes premiums um so they used to be extremely affordable
Kyle: yes
Sharon: um now it seems
5:19
5 minutes, 19 seconds
like those premiums have gone up uh what is going on with that
Kyle: premiums are a function of the capital deployment costs
5:27
5 minutes, 27 seconds
that insurance companies have and then they kind of narrow that down into industry and what the loss profiles look like and then down into the individual
5:36
5 minutes, 36 seconds
company itself
Sharon: okay
Kyle: and how they're handling their cyber exposure
Sharon: can you negotiate premiums by the way
Kyle: 100%
Sharon: okay so how do you get your premiums to go
5:45
5 minutes, 45 seconds
down, how do you negotiate that? like I understand okay you need to have good privacy posture or privacy security posture Etc
okay let's bust out the
5:54
5 minutes, 54 seconds
fries um but how do you like it
Kyle: I have to get through all this ketchup that you car there's your ketchup with the side of
6:02
6 minutes, 2 seconds
fries french fries, and coffee can't go wrong
Sharon: Privacy is like a french fry because
Kyle: it's the perfect compliment for
6:11
6 minutes, 11 seconds
your business meal it's that good
Sharon: I love that
Kyle: all right there you go
Sharon: um okay so okay how
6:19
6 minutes, 19 seconds
do you so give us the tricks how do you um negotiate your premiums
Kyle: for someone who has never bought cyber before
Sharon: mhm
6:27
6 minutes, 27 seconds
Kyle: are you are you putting ketchup on individual fries
Sharon: yeah how else am I going to do this in the car I wish we oh we do have napkins
Kyle: what we look for is
6:35
6 minutes, 35 seconds
how do we show their policies and procedures and their history in the best light and what resources have they
6:42
6 minutes, 42 seconds
committed to their IT systems and also what do they do to educate and train their employees
Sharon: so you you just have to
6:50
6 minutes, 50 seconds
hide all of the breaches that you've experienced have
Kyle: if you haven't been breached um just wait for it, right
6:58
6 minutes, 58 seconds
Sharon: So you're saying it's not a matter of
Kyle: if
Sharon: if it's a matter of when someone in your company is going to click on an email
7:06
7 minutes, 6 seconds
from the prince of Nigeria
Kyle: correct okay that that's a great case scenario to say okay let's game this out
Sharon: okay
7:13
7 minutes, 13 seconds
Kyle: If there was a breach what is your response; we establish what they do with their actual
7:21
7 minutes, 21 seconds
IT infrastructure what would they do with their uh colleagues and how they train and educate them what I like to say is like the best defense against
7:29
7 minutes, 29 seconds
cyber uh threats
Sharon: yes
Kyle: it’s a really well educated Workforce and a culture of risk awareness so it's the the front end and
7:37
7 minutes, 37 seconds
then the back end right if there is a breach how are you protecting yourself how are you responding yeah and that's
7:44
7 minutes, 44 seconds
Sharon: Yeah
Kyle: That’s one of the advantages of cyber Insurance because a lot of companies don't have a lawyer on retainer or a PR firm on
7:52
7 minutes, 52 seconds
retainer
Sharon: yeah
Kyle: but the insurance companies do
Sharon: this is where we need to like have a conversation, when is it
8:00
8 minutes
a bad idea to call your broker when you may not be sure if you experience a
8:08
8 minutes, 8 seconds
breach
Kyle: never a bad time to call your broker
Sharon: okay
Kyle: what we can do is let's suppose you think there might be a breach
Sharon: mhm
Kyle: but you don't know so what we
8:17
8 minutes, 17 seconds
like to do is say hey there's a circumstance that may give rise to a claim that checks the box for notification
Sharon: okay
Kyle: and what they would do is then they would say okay give us as
8:25
8 minutes, 25 seconds
much information as possible we would intake and manage the claim and probably get our client to
8:32
8 minutes, 32 seconds
call. We would call them to the adjuster
Sharon: okay
Kyle: and lay out the circumstances and they would say Okay odds are it’s not a
8:39
8 minutes, 39 seconds
claim but we're going to deploy resources to help you
Sharon: will your premiums go up in that situation
Kyle: well great question
Sharon: thank you
8:48
8 minutes, 48 seconds
Kyle: um insurance companies believe it or not are there to pay claims right they are we have had
8:55
8 minutes, 55 seconds
several insurers pay claims on Cyber
Sharon: so are you saying that that cyber insurance claims are paid
9:04
9 minutes, 4 seconds
more than they're not paid do you have any statistics on this
Kyle: I do not have statistics on that. Tenai Moyo is our cyber
9:12
9 minutes, 12 seconds
practice lead here in Canada she could probably tell
Sharon: not a shameful plugin she's actually awesome
Kyle: she is amazing
Sharon: okay here's another question for you
9:20
9 minutes, 20 seconds
You experience an incident not necessarily a breach yet I report a breach to you or
9:27
9 minutes, 27 seconds
an incident you're not contractually obligated to notify the insurer
Kyle: we would
9:34
9 minutes, 34 seconds
take direction from you to say
Sharon: okay
Kyle: we have your authority to notify the insurer we would then discuss the pros
9:41
9 minutes, 41 seconds
and cons of reporting it versus not reporting it
Sharon: do you have an obligation to report it to the insurer you must
Kyle: so,
9:49
9 minutes, 49 seconds
Sharon: you can't keep it a secret
Kyle: well I mean you you can but don't expect to get coverage 3 months later when you're like hey we've tried to figure all this stuff
9:58
9 minutes, 58 seconds
out we can't now we're going to claim against the insurance coverage
Sharon: you know tell me some examples of um breaches or
10:06
10 minutes, 6 seconds
incidents that occurred that the insurance company refused to cover
Kyle: so willful negligence like gross negligence
10:15
10 minutes, 15 seconds
Sharon: like what
Kyle: like telling us that you had multiactor authentication but in actual fact you didn't have it on certain
10:23
10 minutes, 23 seconds
aspects of your business
Sharon: one more example
Kyle: like notifications, so delay notification so we have had incidences
10:29
10 minutes, 29 seconds
in the industry where a client has tried to solve their own problem
Sharon: mhm
Kyle: and then 6 months later they say okay we have
10:38
10 minutes, 38 seconds
tried to negotiate with this bad actor and you know they're not listening to us we can't get them the money we're going
10:47
10 minutes, 47 seconds
to get you guys to pay for it now
Sharon: every time you submit a claim does your insurance go up your premiums
Kyle: uh not
10:53
10 minutes, 53 seconds
necessarily but more often than not yes
Sharon: hey if you were doing carpool karaoke
11:01
11 minutes, 1 second
which artist would you want coming in your car
Kyle: oh Bob Dylan
Sharon: oh that's a good one
Kyle: yeah
Sharon: do you know why
11:08
11 minutes, 8 seconds
so many people love Snoop Dogg's presence?
Kyle: oh boy this is going to be bad
11:15
11 minutes, 15 seconds
Sharon: why cuz he's a great rapper.
what I've never heard of Quishing
11:22
11 minutes, 22 seconds
Kyle: yea
Sharon: I'm probably like the last to hear of it for those of you like no idea what he's talking about
Kyle: I'm going to assume your audience
11:29
11 minutes, 29 seconds
is familiar with a QR code
Sharon: yeah I think
Kyle: so so you take your camera and you take a picture of a QR code and that enters
11:38
11 minutes, 38 seconds
you into a different website a portal whatever and they'll say hey get a coupon. scan this QR code but behind the
11:46
11 minutes, 46 seconds
QR code is actually malicious software that allows them to enter your operating system
Sharon: oh
Kyle: yeah and
Sharon: we're seeing more and
11:55
11 minutes, 55 seconds
more QR codes like everywhere like menus QR
Kyle: yeah your your commercials on YouTube
12:03
12 minutes, 3 seconds
right like they'll show an ad for a company or product and next to it is a QR code
Sharon: you're like on carpool Consulting and there's a QR code
Kyle: right
12:12
12 minutes, 12 seconds
Sharon: yeah pull out your camera let's see let's see is he actually going to do this
Kyle: it's taking me to a verified email
12:22
12 minutes, 22 seconds
address Rick rolls Rick rolls Playbook getting
12:29
12 minutes, 29 seconds
Sharon: I hoped you have insurance for that
Kyle: right this has been going on for years they find the most vulnerable uh place within the
12:38
12 minutes, 38 seconds
network to attack
Sharon: okay
Kyle: and a lot of the times it's actually through the most unexpected ways. there was a um a claim
12:47
12 minutes, 47 seconds
in the industry where um they came in through the um IOT connection of the
12:54
12 minutes, 54 seconds
company's aquarium
Sharon: wow
Kyle: talk about fishing yeah
Sharon: Ha! oh
Kyle: yeah we we've seen that and like you know HVAC systems, the
13:02
13 minutes, 2 seconds
target hack ages ago actually came through their provider so when we when we have subcontractors who are going
13:09
13 minutes, 9 seconds
into large Fortune 1,000 companies they get a a request for insurance right they say they send it to us we review the contract and it says oh you need to
13:18
13 minutes, 18 seconds
carry cyber insurance and they're like but we just we're hammering Nails right
Sharon: yeah
Kyle: and but the company is so concerned that if they ever plug into a system
13:27
13 minutes, 27 seconds
that they're not covered
Sharon: so so we're going to play game this is going to be so easy for you . don't look at it all right. on a risk rating from 1 to 5
13:36
13 minutes, 36 seconds
one being the lowest five being the highest risk
your IT guy naps through every cyber security training session
13:44
13 minutes, 44 seconds
because he says hackers would never dare target us do we call this optimism or denial
Kyle: ignorance is bliss
Sharon: what's that
13:53
13 minutes, 53 seconds
Kyle: it's denial denial
Sharon: so how would you break this you did talk a lot about like the awareness the culture and the training
Kyle: yeah it's a five cuz cuz that's
14:02
14 minutes, 2 seconds
part of the culture and it comes from leaders within the organization and leaders of that IT department
Sharon: Absolutely
Kyle: if they don't take it seriously
Sharon: no one will.
14:09
14 minutes, 9 seconds
Kyle: why should they
Sharon: yeah all right here we go your office toaster gets hacked because it's connected to the company WiFi and now it's emailing ransomware
14:18
14 minutes, 18 seconds
demands to HR; is this a crumb size risk are we looking at a full loaf of one
14:25
14 minutes, 25 seconds
Kyle: you're looking at um a full loaf of risk oh yeah and who buys an IOT
14:32
14 minutes, 32 seconds
toaster
Sharon: don't shame those people
Kyle: don't yuck my yum
Sharon: yeah yeah okay thank you Kyle this was thanks for the pleasure
14:41
14 minutes, 41 seconds
Kyle: Thanks for the lift and for the french fries and for the coffee
Sharon: thanks for covering it all
Kyle: yeah why am I thanking you
Sharon: yeah I don't know
Kyle: well you remember my password
14:50
14 minutes, 50 seconds
Sharon: right yeah safe with me
Kyle: good
14:54
14 minutes, 54 seconds
[Music]
-
• 6/9/26Carpool Consulting: Doing Privacy like Beyonce
0:00
all right ask a question should I not get in the car like how he does it oh does he get in the car have you never watched Carle karaoke Paul thing in the
0:08
8 seconds
beginning he's like hey Beyonce like oh I need a lift please come like or do you want to lift someone or whatever and then he like goes and picks them up and
0:16
16 seconds
then they like get in the car and he's like oh thanks so much for helping me out oh do you want to do you want to act that out do you want to pretend to be
0:24
24 seconds
beon no no
0:36
36 seconds
how's it guys hello how's everyone who is that hey Lauren ready to go on a road
0:43
43 seconds
trip I am all right let's do it don't hit that car
0:51
51 seconds
[Music]