Privacy in Practice

California continues to set the pace for U.S. privacy enforcement, and 2025 is proving to be a pivotal year. In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan sit down with Daniel Goldberg, Partner and Chair of the Data Strategy, Privacy, and Security Group at Frankfurt Kurnit Klein & Selz and 2025 California Privacy Lawyer of the Year, to unpack what’s really happening behind the scenes of CCPA enforcement.
Drawing on his direct experiences defending companies facing California privacy enforcements, Daniel shares firsthand insights from public and non-public investigations, including trends emerging from actions involving companies like Sephora, DoorDash, and Jam City. The conversation explores what regulators actually prioritize, why misconfigured opt-outs and vendor oversight remain the most common pitfalls, and how the new Delete Act and data broker rules could dramatically shift compliance obligations.

In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan sit down with Lisa Sotto, Chair of the Global Privacy and Cybersecurity Practice at Hunton Andrews Kurth, for a practitioner-level conversation on the full arc of a cyber incident, from first detection through board notification and the regulatory long tail that follows.
Drawing on Lisa’s decades of advising Fortune 500 companies and global regulators, the conversation examines why incident response efforts often fail when confined to IT and how organizations can meet complex international notification requirements with imperfect information.. Lisa breaks down real‑world ransomware negotiation dynamics and touches on the Bybit investigation, which has received significant media attention worldwide, as well as high‑profile cases like the Uber criminal conviction and the Drizly FTC consent order signal for executive accountability. Kellie draws on VeraSafe’s own client experience with cyber insurance and cross-boarder breach notification, while Danie bridges the US liability to Europe’s NIS 2 Directive and its implications for executive oversight.

This episode goes far beyond cybersecurity basics. It’s a strategic, practitioner‑level briefing for leadership teams who need to understand not just how incidents unfold, but how to respond effectively under intense regulatory and operational pressure.

In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan welcome Charmian Aw, Partner at Hogan Lovells, to examine the growing relevance of the Cross-Border Privacy Rules (CBPR) System in an increasingly global data economy. Learn why organizations such as Cisco, Mastercard, and Alibaba have obtained certification, why the framework is gaining renewed attention among multinational organizations, and how it complements existing transfer mechanisms such as Standard Contractual Clauses (SCCs). The conversation also explores how CBPR certification plays a role in procurement, regulatory cooperation, and the evolution of responsible data processing.

Gaming is now one of the world's biggest entertainment industries, and with growth comes scrutiny. In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan sit down with Alex Roberts, Partner and Head of TMT in China at Linklaters, to explore how gaming companies navigate privacy compliance across multiple jurisdictions. From children's online safety requirements in APAC to class action litigation trends in the U.S., the discussion offers practical insights on building privacy programs that work globally. Whether you're managing vendor relationships, responding to data subject requests, or trying to understand regional regulatory variations, this episode sheds light on how to approach privacy compliance in one of the world's most dynamic and complex industries.

What does a regulator really want to see when they investigate your company? In this episode of Privacy in Practice, hosts Kellie du Preez and Danie Strachan sit down with Helen Dixon, Ireland's former Data Protection Commissioner, for an unprecedented conversation about privacy compliance from the regulator's perspective. Helen shares practical insights on building effective privacy programs with limited budgets, handling data subject access requests without triggering complaints, and what actually matters when regulators assess compliance efforts. Whether you're running a growing SME or managing privacy for a larger organization, this episode offers invaluable guidance on navigating GDPR requirements with common sense, fairness, and pragmatism.