IAPP Global Privacy Summit Buzz with Myna Partners

Recorded live at IAPP Global Privacy Summit, this episode reflects on the dramatic evolution of the privacy profession through the lens of someone who has attended seventeen consecutive summits. What started as a 500-person gathering dominated by law firms has grown into a massive industry event with a significant shift toward technology providers — a reflection of how privacy has moved from a purely legal risk management concern to an operational and data challenge requiring tooling, implementation, and cross-functional teams. That evolution mirrors the broader journey practitioners have taken, from improvising in early days without established frameworks to building a mature discipline with certifications, career paths, and organizational structure. AI governance was the dominant conference theme, though still early in its development. The areas drawing the most attention are high-stakes AI outputs — hiring decisions, insurance underwriting, credit scoring — where errors can cause real consumer harm and regulatory scrutiny is sharpest. Privacy professionals are well-positioned to lead AI governance work because many first principles translate directly: data mapping, purpose limitation, vendor oversight, and impact assessments all carry over. The IAPP has leaned into this overlap by building AI governance certification tracks alongside its privacy credentials. A notable structural gap in the AI governance space is the shortage of operational, day-to-day program managers — senior strategy exists and individual contributors are emerging, but mid-level practitioners with implementation experience are still scarce. On the privacy operations side, the field is maturing: companies are discovering new data stores and unlocking new compliant use cases as a byproduct of organizing for legal compliance. Younger professionals are now entering the field intentionally rather than accidentally, with a clear credential path that mirrors what IAPP built for privacy law over the past two decades.

**Colleen:** Hi, Dave. How are you doing today? **Dave:** Fantastic. Yeah. Really good. **Colleen:** Good. It's such a pleasure to have you here in the Ketch booth. **Dave:** It's nice to be here. Good. Yeah. It was just a few weeks ago. We were in New York City together for our event. We're on the circuit together. **Colleen:** We are. It's the event circuit. On tour. Yes. So stay tuned for our next time. It will be coming. So yes. That's exactly. Oh my gosh. How's your conference been so far? **Dave:** It's been a whirlwind. You know? As we were talking about just a moment ago, Colleen, I was doing the math, and I think this is my seventeenth Global Crisis Summit. So, go way back. So it's very much feels like a high school reunion or something. Seeing the same people year after year. It's been it's really a treat. Absolutely. And, of course, the privacy community is so great. **Colleen:** Well, Dave, I think, you've been in this industry a long time. Probably everybody watching this knows who you are. But just in case there's one person, give a little intro. Talk to us about what you're doing. **Dave:** Very kind, Colleen. So I'm a director at Mina Partners, and, Mina Partners does provide operational privacy services, managed services. So as a matter of fact, it's been great working with you guys. Yeah. Our folks help configure privacy assessments, data mapping exercises, set up consent and preference management. Really, I like to say, like, we're hands on keyboard kind of people. And just helping companies really operationalize get the privacy requirements done and get them in a put them in action. Yeah. Great. Yeah. Great. **Colleen:** Well, tell us about the evolution. I mean, seventeen years is a long time. How how has the Global Privacy Summit changed from your perspective? How has the attendees changed? Just talk to us about it. **Dave:** Yeah. Great. Absolutely. It's been fascinating to watch, first of all. So, my first Global Privacy Summit was at a different location. It was at the Wardman Hotel in another part of town here. Quite a bit smaller as you might imagine. I don't know. Maybe five hundred or so people. This is, you know, somewhere in o eight and o nine. Yeah. And, so to move over here to the American Marquis has been incredible and into the conference center. Originally, it was a lot of law firms. Yeah. The origins of the privacy profession were in in law, in privacy law. And so there used to be a lot of firms represented here, and it's really there's been a major shift over to technology providers, like like you guys. So, just seeing a lot of technology, and it's been fascinating to watch technology grow up alongside the legal profession and just provide complimentary, abilities to get the the work done. **Colleen:** No doubt. I mean, two thousand eight, two thousand nine, the problem of privacy must have been largely it was legal. Right? It was legal teams Right. And not so much tech teams involved as much or even marketing teams involved. Right? It was risk management. **Dave:** Exactly. It was legal risk management, and it was, trying to figure it out, and and it was a lot of inventing because there were no solutions since relatively early days. And so I think with the growth privacy laws globally, that created the demand for companies to get the guidance. And then what followed from that were firms like ours that can actually implement the controls. And, of course, the technology saw market opportunity and then moved into the space, and then that grew. And that, along with the proliferation of personal information, every organization doing business from a mom and pop shop to a global enterprise is just the data flows have increased. That has all just lended to the growth of the industry. Yeah. The the start in legal and then move into tech and data has been such a growing pain for the industry. This is more of a data problem than a legal problem. Yeah. It really creates some transition and growing pain there. **Dave:** Absolutely. One interesting thing that I've discovered since I've been on the operational side of things is when we go in to help implement privacy requirements for legal compliance, we're basically organizing the in the house. We're basically finding new data stores and, you know, you're in marketing. So it's like you find new ways to use data legally and ethically by kind of tightening things up and finding out where things are and who's responsible for what. That's part of the work that I really enjoy is just helping companies become more efficient as a byproduct, really, of the legal compliance requirements. **Colleen:** I have to ask. Everyone's talking about AI still. Like, it's just such a topic. Yeah. From my perspective, certainly from Ketch and our customers Mhmm. Who are interested in AI use cases. They're interested in making sure that the data going into AI models is permission and privacy safe. But but largely, we're still trying to figure out what AI governance means. Yep. It's very early days. Yeah. So what are you hearing from? What people's concern is? **Dave:** So I think, first of all, it varies widely by industry, and it varies widely by the extent to which these tools are being used within organizations. I think where you're really hearing there to be a need for governance is when the AI tools are being used for output that has significant potential for risk or harm. Things like the potential to discriminate, hiring practices. If you've looked for a job recently, you know, and you applied through LinkedIn or whatever and and AI tools are sifting through resumes, they don't always get it right. Other use cases are insurance or credit rating, where people can actually really suffer from a bad output. Mhmm. Those are the places where you're seeing people needing and wanting to put in AI governance. And how it relates to privacy has been really fascinating to watch over the last couple of years. Obviously, the IAPP has made a big pivot over to embrace AI governance. And one of the great things is that they've been able to leverage the work of privacy professionals over the last couple decades. Yeah. And a lot of the procedures and policies and techniques that have grown up, can be ported over into analytics. It actually is kind of amazing how many first principles still apply. Right. Mhmm. Yeah. And then as we were talking about earlier too, there are a good number of folks at the highest level of management, you know, senior people that can help help with the strategy for all that, and there's a lot of people kinda getting into it. But, it's it's still really a growing growing, there's a need for kind of middle management program managers, operational day to day managers in the AI governance space. That's something as I was just having a chat with with somebody earlier today as well. So, it's gonna be fascinating to see how it continues to grow and and what the needs are. Yeah. Yeah. **Colleen:** The younger folks coming into the industry really is so interesting because when I speak with seasoned privacy pros and I often ask how did you get into privacy, it always was an accident. Yeah. But now I think it's gonna be intentional. Right? **Dave:** Absolutely. And big credit to the IAPP for that by creating doing such a good job creating the certifications. I think the certifications and the trainings and that collegiality and that needing to take an exam to prove that you have the knowledge and then having those credentials, it really helps solidify, the professionalism of all of that. So that has created a clear and kind of concrete entry path for folks to take advantage of. **Colleen:** That's a great point. Yeah. Well, Dave, it's such a pleasure chat talking with you. Thank you for making time for Ketch. **Dave:** Absolutely. Appreciate it. Yeah. It's good to be here, Pauline. Thanks.