Data Security Decoded – "AI Moves Fast. Privacy Has to Move Faster."

Host: Caleb Tolan (A)
Guest: Ojus Raji, SVP & GM of Privacy and Data Governance at OneTrust (B)
Release Date: March 3, 2026

Episode Overview

In this episode, host Caleb Tolan sits down with Ojus Raji of OneTrust to explore the evolving challenges of data privacy and governance in an age where AI technologies are deployed at scale within enterprises. Their conversation covers the intensified risk landscape brought by agentic AI systems, the complexities of cloud and data sovereignty—especially in a shifting geopolitical climate—and actionable advice for cybersecurity and IT professionals seeking to keep pace with rapid changes. The episode’s central argument: organizations must develop proactive, adaptable approaches to privacy and governance to enable responsible innovation and maintain trust, rather than seeing regulation as a brake on progress.

Key Discussion Points & Insights

1. The Accelerating Risk Landscape with AI

[03:33]

Scale Multiplies Both Opportunity and Harm:
- "It just scales up the good and it can scale up the bad, right?" (B, 03:33)
- With agentic AI systems, enterprises are deploying AI at speed and scope unprecedented in data governance history.
- AI enables new use cases for data, but also accelerates and amplifies the impact of privacy missteps that might have previously emerged more slowly.
- Mishandled AI-driven data processing can rapidly erode customer trust and expose organizations to regulatory and reputational risk.

2. Purpose Limitation and Consent in an AI World

[04:49—07:13]

Purpose Limitation Explained:
- Each use of personal data requires explicit consent for a specific, transparent purpose.
- "If you are applying AI to that data set to do the same thing you got consent for... you're probably okay. But if you're training that AI system, those AI models on that personal data, now you got a problem..." (B, 06:13)
AI’s Challenge:
- General-purpose AI models risk re-purposing data beyond originally agreed upon purposes—often in opaque ways.
- Organizations must clarify which data uses stay within the boundaries of original consent, and which require new, explicit consent.
Trust & Transparency:
- Beyond legal compliance, transparent practices that clarify data use (“consumer trust, customer trust becomes increasingly important”—B, 07:17) are essential. Damaged trust is hard to rebuild.

3. Cloud & Data Sovereignty in the Geopolitical Arena

[07:56—14:39]

Why Data Sovereignty Matters More Than Ever:
- Cloud sovereignty concerns are longstanding but now amplified by new geopolitical tensions and the technical realities of global cloud infrastructure.
- Organizations must track not just where their own data is stored, but also understand the data flows within their software supply chains—a challenge made harder by AI.
Actionable Steps:
- Inventory sensitive data and map where it resides and flows.
- Prioritize attention on the most critical data and systems—apply the 90/10 rule if you can't achieve 100% transparency.
- "The big blind spot for organizations is the software supply chain. And AI actually makes this more complicated." (B, 10:08)
The New Economic Aspect:
- Nation-states are now focused not just on potential harm from data misuse, but on retaining the economic value of citizens’ data for domestic benefit.
- "Countries are also realizing that the data of their citizenry needs to be protected... because that data has economic value for AI." (B, 13:08)

4. Is Strong Governance an Obstacle or Accelerator for AI?

[14:42—19:29]

Debunking the Innovation Brake Myth:
- Good governance and privacy-by-design are not at odds with AI innovation—they are essential for sustainable, scalable success.
- "We have to Govern well and move fast. It's not or, it has to be an and. And if the governance organizations cannot do that, they will fail, right?" (B, 15:23)
The Software Bug Analogy:
- Finding and addressing risks early in the development cycle is always cheaper and less damaging than remediating issues after deployment.
- "The sooner you find a bug, the cheaper it is to fix... AI is the same way." (B, 15:49)
Practical Mindset Shift:
- Regulation should be seen as proactive guidance, not a last-stage hurdle.
- Take a regulation-agnostic approach to AI risk, focusing on operational and business impacts first; adapt compliance as specific regs arise.

5. Actionable Advice: Steps to Improve AI Governance

[19:41—22:00]

1. Organizational Literacy:
- Everyone involved in governance must achieve “organizational literacy in AI”—you don’t have to be a data scientist, but must credibly converse with one.
- "If you're responsible for governing AI, you gotta use AI, you gotta understand AI... you gotta understand the inputs and the outputs." (B, 19:45)
2. Accept AI’s Ubiquity:
- AI will touch every data set and process—build this awareness into governance and risk strategies.
3. Prioritization Framework:
- Don’t try to govern everything at once. Fast-path low-risk applications, focus deeply on initiatives involving high-sensitivity data or mission-critical processes.
- "Spend 90% of your time on that." (B, 21:36)

6. A Final Reflection: Thriving Amid Ambiguity

[22:13—22:54]

We are at a true “inflection point” in human–machine interactions; ambiguity and uncertainty are now fixed realities in professional life.
"Our ability to tolerate ambiguity and to operate in a fast moving, ambiguous world may be more important now... than it’s ever been." (B, 22:30)

Selected Notable Quotes

"If you haven't thought about safety and privacy in advance and built it into the system, then you haven't really gotten understanding of your risk and inevitably you will not be able to sustain the long term value of that operation." (B, 17:49)
"Transparency drives trust. You can't have trust without transparency." (B, 07:17)
"Regulation will slow you down if you look at regulation as a gatekeeper at the end of the process. If you look at regulation as a set of guidelines... then it’s actually going to speed you up." (B, 18:30)

Timestamps for Major Segments

[03:33] — The scale of AI: opportunity and risk
[04:49] — Purpose limitation and AI’s challenge to consent
[07:17] — Trust, transparency, and business risk
[08:50] — Data and cloud sovereignty: tracking the data and supply chain
[13:05] — Data sovereignty’s economic dimension in the AI era
[15:14] — Breaking the “privacy vs. innovation” false dichotomy
[19:41] — Three actionable steps for stronger AI governance
[22:13] — Reflections on thriving in uncertainty

Conclusion

This episode of Data Security Decoded is an essential listen for security, privacy, and IT leaders grappling with AI’s complexities. Ojus Raji, with clear analogies and practical advice, urges organizations to see governance and privacy as keys not just to compliance, but to maintaining trust and accelerating safe, innovative AI deployment—even as regulations and risks continue to evolve. The conversation underscores the need for literacy, prioritization, and adaptability amid ambiguity, making the episode both timely and deeply actionable.

Data Security Decoded – "AI Moves Fast. Privacy Has to Move Faster."

Host: Caleb Tolan (A)
Guest: Ojus Raji, SVP & GM of Privacy and Data Governance at OneTrust (B)
Release Date: March 3, 2026

Episode Overview

Key Discussion Points & Insights

1. The Accelerating Risk Landscape with AI

[03:33]

Scale Multiplies Both Opportunity and Harm:
- "It just scales up the good and it can scale up the bad, right?" (B, 03:33)
- With agentic AI systems, enterprises are deploying AI at speed and scope unprecedented in data governance history.
- AI enables new use cases for data, but also accelerates and amplifies the impact of privacy missteps that might have previously emerged more slowly.
- Mishandled AI-driven data processing can rapidly erode customer trust and expose organizations to regulatory and reputational risk.

2. Purpose Limitation and Consent in an AI World

[04:49—07:13]

Purpose Limitation Explained:
- Each use of personal data requires explicit consent for a specific, transparent purpose.
- "If you are applying AI to that data set to do the same thing you got consent for... you're probably okay. But if you're training that AI system, those AI models on that personal data, now you got a problem..." (B, 06:13)
AI’s Challenge:
- General-purpose AI models risk re-purposing data beyond originally agreed upon purposes—often in opaque ways.
- Organizations must clarify which data uses stay within the boundaries of original consent, and which require new, explicit consent.
Trust & Transparency:
- Beyond legal compliance, transparent practices that clarify data use (“consumer trust, customer trust becomes increasingly important”—B, 07:17) are essential. Damaged trust is hard to rebuild.

3. Cloud & Data Sovereignty in the Geopolitical Arena

[07:56—14:39]

Why Data Sovereignty Matters More Than Ever:
- Cloud sovereignty concerns are longstanding but now amplified by new geopolitical tensions and the technical realities of global cloud infrastructure.
- Organizations must track not just where their own data is stored, but also understand the data flows within their software supply chains—a challenge made harder by AI.
Actionable Steps:
- Inventory sensitive data and map where it resides and flows.
- Prioritize attention on the most critical data and systems—apply the 90/10 rule if you can't achieve 100% transparency.
- "The big blind spot for organizations is the software supply chain. And AI actually makes this more complicated." (B, 10:08)
The New Economic Aspect:
- Nation-states are now focused not just on potential harm from data misuse, but on retaining the economic value of citizens’ data for domestic benefit.
- "Countries are also realizing that the data of their citizenry needs to be protected... because that data has economic value for AI." (B, 13:08)

4. Is Strong Governance an Obstacle or Accelerator for AI?

[14:42—19:29]

Debunking the Innovation Brake Myth:
- Good governance and privacy-by-design are not at odds with AI innovation—they are essential for sustainable, scalable success.
- "We have to Govern well and move fast. It's not or, it has to be an and. And if the governance organizations cannot do that, they will fail, right?" (B, 15:23)
The Software Bug Analogy:
- Finding and addressing risks early in the development cycle is always cheaper and less damaging than remediating issues after deployment.
- "The sooner you find a bug, the cheaper it is to fix... AI is the same way." (B, 15:49)
Practical Mindset Shift:
- Regulation should be seen as proactive guidance, not a last-stage hurdle.
- Take a regulation-agnostic approach to AI risk, focusing on operational and business impacts first; adapt compliance as specific regs arise.

5. Actionable Advice: Steps to Improve AI Governance

[19:41—22:00]

1. Organizational Literacy:
- Everyone involved in governance must achieve “organizational literacy in AI”—you don’t have to be a data scientist, but must credibly converse with one.
- "If you're responsible for governing AI, you gotta use AI, you gotta understand AI... you gotta understand the inputs and the outputs." (B, 19:45)
2. Accept AI’s Ubiquity:
- AI will touch every data set and process—build this awareness into governance and risk strategies.
3. Prioritization Framework:
- Don’t try to govern everything at once. Fast-path low-risk applications, focus deeply on initiatives involving high-sensitivity data or mission-critical processes.
- "Spend 90% of your time on that." (B, 21:36)

6. A Final Reflection: Thriving Amid Ambiguity

[22:13—22:54]

We are at a true “inflection point” in human–machine interactions; ambiguity and uncertainty are now fixed realities in professional life.
"Our ability to tolerate ambiguity and to operate in a fast moving, ambiguous world may be more important now... than it’s ever been." (B, 22:30)

Selected Notable Quotes

"If you haven't thought about safety and privacy in advance and built it into the system, then you haven't really gotten understanding of your risk and inevitably you will not be able to sustain the long term value of that operation." (B, 17:49)
"Transparency drives trust. You can't have trust without transparency." (B, 07:17)
"Regulation will slow you down if you look at regulation as a gatekeeper at the end of the process. If you look at regulation as a set of guidelines... then it’s actually going to speed you up." (B, 18:30)

Timestamps for Major Segments

[03:33] — The scale of AI: opportunity and risk
[04:49] — Purpose limitation and AI’s challenge to consent
[07:17] — Trust, transparency, and business risk
[08:50] — Data and cloud sovereignty: tracking the data and supply chain
[13:05] — Data sovereignty’s economic dimension in the AI era
[15:14] — Breaking the “privacy vs. innovation” false dichotomy
[19:41] — Three actionable steps for stronger AI governance
[22:13] — Reflections on thriving in uncertainty

wavePod

AI Moves Fast. Privacy Has to Move Faster.

Powered by Wave AI

Summary

Data Security Decoded – "AI Moves Fast. Privacy Has to Move Faster."

Episode Overview

Key Discussion Points & Insights

1. The Accelerating Risk Landscape with AI

2. Purpose Limitation and Consent in an AI World

3. Cloud & Data Sovereignty in the Geopolitical Arena

4. Is Strong Governance an Obstacle or Accelerator for AI?

5. Actionable Advice: Steps to Improve AI Governance

6. A Final Reflection: Thriving Amid Ambiguity

Selected Notable Quotes

Timestamps for Major Segments

Conclusion

Summary

Data Security Decoded – "AI Moves Fast. Privacy Has to Move Faster."

Episode Overview

Key Discussion Points & Insights

1. The Accelerating Risk Landscape with AI

2. Purpose Limitation and Consent in an AI World

3. Cloud & Data Sovereignty in the Geopolitical Arena

4. Is Strong Governance an Obstacle or Accelerator for AI?

5. Actionable Advice: Steps to Improve AI Governance

6. A Final Reflection: Thriving Amid Ambiguity

Selected Notable Quotes

Timestamps for Major Segments

Conclusion