Privacy in Practice

Gabe Maldoff is a Partner in Goodwin Procter, where he helps companies navigate privacy, cybersecurity, and AI governance in the context of data-driven products, corporate transactions, and regulatory investigations. He’s worked across the U.S. and the UK and advises clients on cross-border data transfers, international frameworks, and emerging technologies like AI, virtual and augmented reality. Gabe is also an Adjunct Professor at the University of Maine School of Law, where he teaches Global Privacy Law. This episode focuses on privacy considerations in M&A, especially from the perspective of startups preparing for acquisition and what acquirers really look for when evaluating privacy programs.

In this episode of Privacy in Practice, Kellie du Preez and Danie Strachan speak with Gabe Maldoff, a partner in Goodwin’s Data, Privacy, and Cybersecurity practice, about privacy in mergers and acquisitions Together, they discuss why startups and fast-growth companies should address privacy early, how to navigate privacy due diligence without derailing deals, and how clear confident answers about data practices can help build trust during a transaction.

In this episode of Privacy in Practice, Kellie du Preez and Danie Strachan speak with Leah Camilla R. Besa-Jimenez, Group Head, Enterprise Risk Management at PLDT, about how she approaches privacy inside one of the largest Southeast Asian telecommunications companies. The discussion focuses on privacy as an operational practice and the importance of using risk matrices to structure decisions, coaching teams to exercise judgment, raising privacy issues early in project conversations, and shifting the company mindset from data ownership to data stewardship.

California continues to set the pace for U.S. privacy enforcement, and 2025 is proving to be a pivotal year. In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan sit down with Daniel Goldberg, Partner and Chair of the Data Strategy, Privacy, and Security Group at Frankfurt Kurnit Klein & Selz and 2025 California Privacy Lawyer of the Year, to unpack what’s really happening behind the scenes of CCPA enforcement.
Drawing on his direct experiences defending companies facing California privacy enforcements, Daniel shares firsthand insights from public and non-public investigations, including trends emerging from actions involving companies like Sephora, DoorDash, and Jam City. The conversation explores what regulators actually prioritize, why misconfigured opt-outs and vendor oversight remain the most common pitfalls, and how the new Delete Act and data broker rules could dramatically shift compliance obligations.

In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan sit down with Lisa Sotto, Chair of the Global Privacy and Cybersecurity Practice at Hunton Andrews Kurth, for a practitioner-level conversation on the full arc of a cyber incident, from first detection through board notification and the regulatory long tail that follows.
Drawing on Lisa’s decades of advising Fortune 500 companies and global regulators, the conversation examines why incident response efforts often fail when confined to IT and how organizations can meet complex international notification requirements with imperfect information.. Lisa breaks down real‑world ransomware negotiation dynamics and touches on the Bybit investigation, which has received significant media attention worldwide, as well as high‑profile cases like the Uber criminal conviction and the Drizly FTC consent order signal for executive accountability. Kellie draws on VeraSafe’s own client experience with cyber insurance and cross-boarder breach notification, while Danie bridges the US liability to Europe’s NIS 2 Directive and its implications for executive oversight.

This episode goes far beyond cybersecurity basics. It’s a strategic, practitioner‑level briefing for leadership teams who need to understand not just how incidents unfold, but how to respond effectively under intense regulatory and operational pressure.

In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan welcome Charmian Aw, Partner at Hogan Lovells, to examine the growing relevance of the Cross-Border Privacy Rules (CBPR) System in an increasingly global data economy. Learn why organizations such as Cisco, Mastercard, and Alibaba have obtained certification, why the framework is gaining renewed attention among multinational organizations, and how it complements existing transfer mechanisms such as Standard Contractual Clauses (SCCs). The conversation also explores how CBPR certification plays a role in procurement, regulatory cooperation, and the evolution of responsible data processing.