Sheila Cole Klaser (3:08)

I'm home. Based out of my home office in Little Rock, Arkansas. I.

Alan Chappelle (3:13)

Wonderful, wonderful. So I was actually in Little Rock about three years ago. I did an opening band gig with a band called the Gin Blossoms in a place called. I think it was called the Hall.

Sheila Cole Klaser (3:24)

The Hall? Yeah. Gin Blossoms, as in the Gin Blossoms?

Alan Chappelle (3:28)

Yeah. Yeah. I was. I was touring with them for a little while a couple years ago.

Sheila Cole Klaser (3:33)

Gosh, Alan, that's hot.

Alan Chappelle (3:35)

Oh, it was. It was. It was a lot of fun. What a great venue, too.

Sheila Cole Klaser (3:38)

Oh, my gosh. Well, I'd love to hear it. And how did you find Little Rock?

Alan Chappelle (3:41)

I loved it. You know, the tough thing with. With the touring like that, if I spent a day and a half in total in Little Rock, that would be a lot. And so you don't really get to enjoy, like, my favorite thing was the. The next morning, just kind of being able to wander around a bit. It was a Sunday, though, but just wander around a little bit, get a cup of coffee and just kind of embrace the city.

Sheila Cole Klaser (4:05)

Did they have you staying anywhere special or.

Alan Chappelle (4:08)

I know I was at a hotel. I don't remember what it was. It was perfectly nice, but I don't remember exactly.

Sheila Cole Klaser (4:14)

Oh, man. We have a lovely, historic renovated one downtown, which you should always stay at when you get. They're all lovely, all the hotels are, but the Capitol Hotel is very special, so try that next time.

Alan Chappelle (4:28)

Okay. All right. Well, hopefully they asked me back. It was a. It was a really fun show.

Sheila Cole Klaser (4:33)

Well, I'll ask you back, Alan.

Alan Chappelle (4:35)

All right. So, Sheila, what is your privacy origin story and how did you find your way into the privacy space?

Sheila Cole Klaser (4:44)

Oh, you know, dumb luck, I suppose. But really, it was back in 1997, I was hired out of Washington, D.C. where I was working for the amazing American Institute of Certified Public Accountants. I was managing their congressional and political affairs, so doing policy and politics. And I left D.C. and went into the world of data and technology, where I became Acxiom's America's Chief Privacy Officer. And my charter from my then boss, the amazing Jennifer Barrett Glasgow, who was actually on record as the first Chief Privacy Officer in the world. Her role as CPO was formalized in 1991, and so she has the distinct honor, as does Axiom, for having the first program, formal program, and the first CPO. So I was brought in in 97 as the Americas chief and my charter was to take the principles and turn it into a governance process practice to figure everything out, what the policy should be and what the corresponding practice, oversight enforcement should be. And then ultimately what I'm really proud of is I turned it into a cultural and practice excellence for Axiom that helped us really sell our solutions and became a primary reason why clients wanted to do business with us.

Alan Chappelle (6:22)

I would say that you and Jennifer, this is my recollection, in fact, we met, it's been a while and a number of years ago, but the sense from the work that you and Jennifer had done is that you guys were really good at designing a compliance approach to directly address some of the concerns. And boy, Axiom back in the day was certainly a company that the advocates like to scrutinize. And so I'm curious, what did that experience teach you about building privacy programs under that level of pressure? And then, and then how did that experience follow you to your work at ipg?

Sheila Cole Klaser (6:58)

Well, I'll frame one, you know, if you don't go look and see what's going on, you cannot be certain. Meaning I could write a great policy that said we will do this and we won't do that and we are doing X, Y, Z, but if you don't go examine the practice, you can't be certain it's true. And I'll give you two quick examples. One, it was the year 2004 and there was a new flavor of data that my data team wanted to bring in. And we'd never used that kind of data before. And it was digitally collected, curated data. And I said, well, let me, let me have a look. And I looked at the source had 42 different online sources and they were scraping. So I said, I can't take your word for it. I, because I've never dealt with this before, so I'm going to go look personally. And I went to all 42 source sites and read every bit of policy terms and all of it. And then I dug into the technology they were using to scrape with and there's a variety. Front door knocks, there's a lot robot taxes that you could do. And what I figured out where there were of the 42, there were only seven sources that were actually permissible. The next thing I did is said team, we Source from about 184,000 original sources now through compilers and whatnot, but we need to go look at all of that. So I launched an ethical data sourcing Review. I, you know, designed it, launched it, and we looked at all of those source, original source files, and we mapped them and read every piece of verbiage. And we discovered about A third, about 33% of all the source files were black market impermissible. And we did a dramatic cleanup of our data assets. And that was so we could represent that we were ethically sourcing and they were reliably legally permissible for the uses we were putting them to. So one huge lesson, if you don't look, you don't know if it's true or not. And then the second thing I learned is if you don't have it written down, it doesn't count. It didn't happen. And, you know, that test came when the FTC brought a inquiry. It was not a consent decree. It was a special order where we had to document our full, entire practice at Acxiom, all of our service work, every client we have, what we were doing, how we were transforming data, how we were joining it, what our identity resolution practice looked like. And of course, we submitted to the ftc, along with, I don't know, they had about eight other information service providers in the mix, and we got a clean bill of health. And in fact, then FTC Commissioner Julie Brill later that summer, got up in front of the Conference of Western Attorneys General and talked about data providers and said they have scurrilous practices. All except one axiom is a white hat. Yep, audible gasp from the audience. But my. My dear friend and colleague Jordan Abbott and I were sitting and we shouted hooray when Commissioner Brill gave us the white hat badge in front of that esteemed audience. Anyway.

Alan Chappelle (10:25)

Wow.

Sheila Cole Klaser (10:27)

Well.

Alan Chappelle (10:27)

But okay, so there's really two things I just want to emphasize here, because these are just so key. Key number one, there's a lot of organizations that to this day kind of have this privacy person or privacy team that they hold out, you know, as, oh, we really, really, really care about privacy. But then they don't give them budget, and they always hire people who are willing to kick down a door or two in order to figure out what is actually going on. So kudos to you for that. But the second observation might even be more important. You guys documented everything. There is an endemic data governance issue within the ad space that exists today, despite the fact that we have so many now, what, Four state laws which require a privacy impact assessment. And that's leaving aside that GDPR has been in place for what, eight years? But you guys were doing this stuff in 2005. Six, seven. So way to go. And you guys were really were kind of ahead of the curve there. So I don't really have a question there other than to say, wow, well done.

Sheila Cole Klaser (11:33)

Thank you for the shout out. I will say Axiom has been ahead of all of this data governance stuff for ages. And you know, the rest of my story was, I'll tell you who I learned this from. President George Bush said personnel is fallacy and nothing is truer. You hire good people with a good set of values and good work ethic and the want to and the can do and the will do. You hire those kind of people. And I'm going to put myself in that category. My CEO and boss told me to figure it out and make it right. We wanted to not just say what we did, but do what we said. And Axiom was way ahead of governance. And I had the blessing of an executive team that funded me and all the program work I wanted to do. Now I positioned everything as business enablement. We never told anybody no. And that was my rule. We, we never tell anybody no. We say yes. And here's how you can do it legally and ethically.

Alan Chappelle (12:35)

It is so easy just to have a no. There are a tremendous amount of lazy nos, historically within the privacy profession. And so I'm going to move outside of Axiom. Axiom was ultimately purchased by ipg and then. And you're running the data ethics and privacy team over there now. You know, IPG operates a whole bunch of different agencies and each one has their own culture and client relationships and even their own data practices. So from the outside looking in, the agency Holdco culture appears to involve like a lot of herding cats. And so I'm curious, how do you even begin to build a coherent privacy framework across an entire, you know, organization that's that sprawling?

Sheila Cole Klaser (13:22)

My goodness, Alan, what a great question. And you're absolutely right. I came from privacy paradise at Axiom, where it was so, you know, that was my mission, when the hearts and the minds will follow. And it was so highly acculturated. And of course, I'd been there a long while and every year I made it as fun as possible. I brought people in, I rewarded good behavior, good thinking, good communication, good outreach and good practice. We gave umbrellas away and T shirts and paperweights and coffee cups. We did all, we played games, we had privacy treasure hunts coming from privacy parents. I swear, it was so highly acculturated to be brave enough to do the right thing always into the agency world that had grown up Organically in this extremely federated, as you say, culture. And at ipg, which, what an amazing company with amazing leadership. That executive team was just absolutely blue chips. Smart, good, capable, the whole thing. And they love their people. IPG's claim to fame is we value people. And truly they did. But to your point, not only was the organization a composition of roughly between 80 and 90 different companies on any given day, week, month, because, you know, that was pretty fluid, but they all did different things differently. They were loosely grouped into networks of, like, skills. But what they were up to and what their culture was and what their control system, very, very different. So how did I do it? First of all, I think that words matter. And I did two things. I did top down and bottom up strategy. I wanted to repeat the exercises that had been so successful at Axiom. So instead of privacy, because that has really become rather check the box. And I wanted something larger that really embraced a way of working, a way of thinking about your work and thinking about serving the client. So I launched a digital responsibility program. And I did it at the executive level and I did it at the operational level with the different teams. And, and because my assignment when I joined at the corporate level at ipg, I was assigned to their digital startup, Kineso. We were doing all the algorithms and the early AI adoption. And the way an algorithm functions really is important. It can do good or it can do bad. It can be fair, it can be unfair, it can be offensive or inoffensive. So I started the governance really grassroots, with each of the teams doing the work. And then I did the evangelism from the top down, not just the top executives, but the next down, the next down, the next down. And I reached them and advocated with things like my program, words matter, where I began to get people to use different words that more appropriately described what we were doing in respectful language and responsible language. That was just one of many things. And that's how I attacked this big, unwieldy 10,000 cats, if you will.

Alan Chappelle (16:44)

Wow. Well, and it's helpful to have, you know, you have a certain gravitas and you really also, you have a certain charm. And both of those things are really important if you want to move people to do things that, that maybe they aren't always inclined to do.

Sheila Cole Klaser (17:02)

You know that. Thank you for that lovely compliment. Gravitas and charm. And I may just use that. I want to say Alan Chappelle said, but, you know, I, it, it does go back to we're all people. One of the things that you know, I was super proud of is helping everybody think, you know, all the people I work with think about the person behind the data or the person that is going to be impacted by the algorithm. So you've heard me say it a hundred times. And the program I was running at Axiom was called Data Ethics. And we did ethical data sourcing and we did the ethical use of data and the use of data. And I know you know, this cold Alan, you and I've talked for so many years, is how data is used creates an impact on people. There is consequence and that consequence should be legal, it should be just so, no bias, no discrimination, and it should be fair. And the fairness test is, does the person about which the data relates and the use effects, do they agree this is a fair use of their data? And how do you govern for that? You know, that takes some creativity. And that is not a simple checkbox, a legal checkbox. I did X, Y and Z. It requires deep thought and creative governance to get to the impact and use of data. It does require accountability. So that was a, that was the way that I was approaching all this.

Alan Chappelle (18:31)

Wow. Well, okay, so there's been so much scrutiny being placed on the data broker industry and now you've got Cal Privacy is sort of leading the charge and, and with the, the new drop mechanism. And we had Tom Kemp on the pod a few weeks ago and it was just great to talk to him.

Sheila Cole Klaser (18:47)

But.

Alan Chappelle (18:48)

But that level of scrutiny isn't necessarily new. I mean, data brokers were a big focus for the FTC going back to at least as far as the John Leibowitz era. And so I'm curious, from your perspective, how has the regulatory focus on data brokers evolved over the past 15 to 20 years? And what did regulators or advocates get right and what did they get wrong?

Sheila Cole Klaser (19:13)

Yes. So first, the term data broker is pejorative and I don't like it. And it's not fair. Now there are data brokers, but in the information services industry, which is what we were. Now look at Axiom, the data that they sourced and compiled was very specific to solve a business problem. They didn't create dossiers on all of the people in the world. And it was never used for bad purpose. It was always a very specific, limited set of data that helped a company solve a business challenge so they could serve their customer, the person better. So very, very different. Now we did know and have a category of providers in the space we called data brokers. Now what has changed? Yes, there I've had to like suck it up buttercup, and accept the label. I don't like it, but I've had to accept it. And yes, there's more scrutiny today and I think that is part deflection. It's a tale of two sides of the same coin. We want more fairness and more competition and more service to people in the digital world. And guess what? It requires data. So there's more appetite for data right now in 2026 than there has ever been. And data is key to survivability and competitiveness in the digital age. If you don't have data, you can't know or serve your customer. If you don't have sufficient data, you can't take advantage of AI. And if you don't have all the data, the AI doesn't work very well. So that's one side of the coin. The other side of the coin is the fear and the concern and it all must be addressed. Where there is fear, there are concerns that need to be looked at, unpacked and addressed. I will say, you know, not just Axiom, but the other companies that work at that scale and that space, you know, the tier ones, the tier twos, the tier threes, very good actors, very careful sourcing the data and using it for clients. However, the advocate community, it's, you know, they're easy targets, data brokers are, because they do not have a one to one relationship with an individual. So that makes them a target. And yes, they're a target, an easy target and I think in many ways unfair. Let me give one example to illustrate and it's an axiom example and it was a handful of years ago and one of the, without naming names, it was a large association of people that are retired, it's a retirement community and they published their newsletter and retired people tend to read newsletters and the back page of the newsletter, and I'm going to paraphrase said, if you want to eliminate all identity theft and fraud in one motion, opt out of Axiom.

Alan Chappelle (22:15)

I'm sorry, what?

Sheila Cole Klaser (22:16)

Yeah, so first of all, it was highly read and we at our phone lines lit up like a Christmas tree and it swept. We could tell when the mail was dropping and people were getting that, that newsletter out of their mailbox and reading it because our phones were lighting up from the east coast to the west coast that we'd have a pocket in Kansas and then a pocket in Michigan. And people thought that they could save themselves, that's what the article said, from all identity theft and all fraud if they only opted out of Axiom. Well, the opt out of Axiom was an opt out of a marketing data product, which meant, you know, you, if you lived in an apartment, our data would say, this is an apartment dweller doesn't own his home. Don't promote a new roof to the apartment dweller. That's the kind of stuff our data did and the way we allowed it to be used anyway, it was incorrect. It actually did not. An opt out would not have met the promises of that newsletter. Just an example of a misdirection and misinformation that made it sound like data brokers were doing bad things, which in fact, data brokers are competition to big platform, what you know, is called the vlop, very large operating platforms in euros and then parlance. So the smaller boutiques that typically have way more rigor, way more line of sight and are much more careful about the uses of the data that they compile, they are competition to the big guys. But that's a very hard argument to make when you're talking to a Tom Kemp, for example.

Alan Chappelle (23:55)

It's funny. So I took a look at the 575 data brokers who were registered in California because the narrative, and this isn't, I'm not here to pick on Tom. I think this is a narrative that has come from a lot of advocates in the press, is that the data brokers are responsible for identity theft. The data brokers are responsible, you know, for all of these data breaches. Now, if you look at that registry, like 10% of the data brokers are processing the type of data that would even trigger a state data breach notification law. So. And it. But it's weird because the other 90% are just routinely being tarred with that same brush. And I'm not here to beat up on the 10%, but I am here to, quote, question the fairness of, you know, continuing to beat the 90% over with that stick.

Sheila Cole Klaser (24:48)

I've frequently felt beaten, Alan, but I don't know, rationalize it. It's just, it's that the narrative is too good. It's too inflammatory and provocative and, you know, reasoning it out and, you know, demonstrating all the controls. I mean, that's why, you know, the rigor with which we practice, both in my axiom tenure and my IPG tenure really mattered. It mattered to clients, it mattered to people. But the lawmakers and the activist community, it didn't matter too so much.

Alan Chappelle (25:24)

So we're recording this on March 2nd. So we are officially into the March Madness period, which is really one of my favorite times of the year. Because if nothing else, it allows me to pretend that once Again, I am 18 years old and I'm hanging and watching the big hoops game with lifelong friends. So a few years ago, you had coined the term March fairness, and I think you alluded to that just a minute ago. But before we get into the details, can you walk us through where that concept came from? I think I get the answer already just based on some of your previous answers. And then maybe I can get you to make a prediction about who's going to win the actual hoops games this year.

Sheila Cole Klaser (26:04)

Well, at the outset, let me say, Alan, I love hoops. I love, I love hoops so much. My, I've got two kiddos and they're both very tall people. And my daughter played hoops through high school and she's six foot one now. She's doing pre veterinarian work. You know, she's off at university. But she was a phenom and that just, I think I was a lot sadder than she was when she quit playing ball. That was, that was my joy in balance. I'll say that. My son is 6 foot 5 and he played college baseball. And you know what a phenom and a force of nature you've got to be to play college baseball. So. Oh yeah, that, that guy is just, it just both my kids are ferocious. But anyway, he's launching a, a nootropic company. I think his launch is in April and he's going gangbuster anyway.

Alan Chappelle (26:56)

Wonderful, wonderful.

Sheila Cole Klaser (26:57)

I know, Newsy, you heard it here first. Okay, so what is March fairness? It was a way to level up the concept of fair. My fairness story was when I was a little kid, little bitty girl, and it was just my older sister and I, my parents hadn't had the rest of us yet, and they were in their early 20s with these two little kids and they didn't have a. Just a penny to rub together. They were starting out, you know, my dad was working three jobs and there were no luxuries in life. We had a house, we had one car, and my mother would buy gum and it was a treat. And a pack, a five stick pack of gum was for the adults. And I remember the day she said that my sister and I were old enough we could have a stick and we, we split a stick of gum. And the first time my mother split it exactly in half and gave each of us a half. The second time she let my big sister split it in half and offer me the choice which half did I want all fair was my turn. And little Sheila was like. And I split the gum where my half was going to be a little bit bigger than my sister's. And when I offered it to her, she cried. And my mother said, now if you split the gum and it's not equal, you have to let the other person choose first. So I had to put both pieces out and my older sister chose the bigger piece and I cried.

Alan Chappelle (28:27)

I am so sorry.

Sheila Cole Klaser (28:29)

Yeah, so the punchline of my fairness story is after my sister picked the bigger piece and I cried. My mother explained, both people have to agree what is fair. It has to be fully transparent and both have to agree. And from then on, I'd give her the bigger piece or give her the whole piece if she would do a chore for me. So I figured out what the exchange rate was for fairness and which required full transparency and independent choice. And that's where it all came to me. So March Fairness was a way to really imbue or pollinate this notion of fairness and do it in conjunction with the very exciting March Madness.

Alan Chappelle (29:13)

Well, I love that because I think sometimes that gets lost in discussions of rights, that there is a countervailing concept called responsibilities. And nothing ever operates completely in a vacuum. And I think people would be wise to keep that in mind.

Sheila Cole Klaser (29:31)

You know, it's. I'll give a shout out to the wonderful Marty Abrams, who is an anthropologist by training, by, you know, his degrees, and has practiced in our field, now retired, but I just love him. And I remember early days, late 90s, early 2000s, we were talking about this concept of trade offs, of balance, of is it people an individual or is it people society? And in the uses of data for marketing and advertising, that's one bucket. But in the uses of data for identity authentication, fraud detection and prevention, security, it's another. So I may be a bad guy and have stolen money or embezzled or done a bunch of fraud, and your use of my data to detect me would get me caught. So I, the bad guy, don't like that. But it's better for people as a collective, if the bad guys get caught, it keeps our system trustworthy, and that's super, super important. So this anthropological term of trade off and balance, and it takes deep conversation, it takes rational dialogue where we exchange ideas, and it absolutely depends on transparency and a choice mechanism that is contextual.

Alan Chappelle (30:49)

Well said. Very well said, Sheila. I want to shift gears just a bit here and talk about AI. We've got AI now embedded in virtually every layer of the Advertising stack, you've got it in creative generation to audience targeting to measurement. So from a privacy standpoint, does AI represent a new category of risk, or is it sort of the same old data problems moving faster and at greater scale?

Sheila Cole Klaser (31:15)

Both.

Alan Chappelle (31:18)

Both.

Sheila Cole Klaser (31:18)

And I think it's. We have underestimated the degree of change, the degree of impact, and the timing. So, you know, a creative team, or a creative department of 100 with skilled AI users, you can reduce that team of 100 to, I don't know, a team of five, maybe, maybe less, maybe more. We still need thinkers, we still need creatives, and I don't know the answer, but AI is going to replace not just a lot of the advertising function and the creative function, which does make me a little sad because I far prefer the domestic robot that'll take all my unfun chores and do those for me and leave all the fun stuff to me. But I do think it's, you know, all the data, all the uses, what are the controls, what are the governance, and how quickly do we need to put that in place? And then I'll introduce this one. Alan, what about Q Day when Quantum comes online?

Alan Chappelle (32:24)

Ah, right, yeah.

Sheila Cole Klaser (32:25)

So I'm worried about, I'm, I'm on a board and I chair the AI and Cyber subcommittee, and we're worried about Q Day. That's what we're this for. A, a health insurance company. Wonderful company. Wonderful company. Very smart team working on these matters. And we're getting ready for Q Day already when Quantum comes online and there is no encryption software that, or, or security feature. Unless you have Quantum on your side, you will not be able to protect or govern.

Alan Chappelle (32:58)

Wow. And I hadn't really thought that through. It's, it's not like there aren't enough things to be concerned about, but you just gave me one more to really be thinking about, so, so thank you very much for that. One thing that I've noticed is, you know, for most of the last 20 years of my career, the first time, if you walk into a regulator's office like the ftc, everything is focused on behavioral advertising or some variant of that. And over the last couple of years, that has shifted. See, everything is focused on AI. And that's sort of an interesting thing to point out for this podcast because there's a lot of companies out there who have some flavor of AI infused contextual ads that they are, you know, kind of diluting themselves into thinking that a, they're not creating profiles or that they're not even processing personal data. And I think that that approach is a bit misguided.

Sheila Cole Klaser (33:55)

I would agree with that. I remember one that this came years ago when. And it was a. It was a dog fight. It was a dog fight between me and my internal people that had a great innovative product idea. They were not going to actually provide data to the market. They were going to take a set of data and create inferences. And those were not data. And my point was, if you're using data to create data, it's an interest signal of some sort of you've created a new data element about a person. I think that was my position. And of course, I dialogued with the Federal Trade Commission, and they agreed with me that inferences are data. I've told this story in public, but my point was there are certain inferences we shouldn't make and we shouldn't sell. And the health and wellness category was very exciting. And you know, Alan, when you have innovators that are very excited about a new product offering, they are zealous. So I just thought maybe erectile dysfunction scores and vaginal itch scores were a bridge too far. I just didn't think that we should be selling those two scores on the entire American population. So I went to my executive team and I made the case. And the way that I made the case was I pulled everyone's erectile dysfunction score for the men and women and vaginal itch score for the women. And, you know, it was, it's legal. We, you know, the team, the product team thinks we can make money. Why would we not make money? And I said, well, I don't know how I'm going to defend this when they get their access report and we've returned their erectile dysfunction and vaginal itch. But if you think you'll be comfortable, let me read. Everyone's out. I've got them right here. I'll read them to the room. And the, the executive team said, stop. That's okay. Your point is well made. We won't offer those particular inferences to the market.

Alan Chappelle (35:59)

You know, as a supporter of the ad space, I've come around to the idea that there are just certain types of data that we really shouldn't be touching. I think the sensitive health data is one. I think it's going to be very difficult to operate a precise location data now that Virginia has just passed a law basically prohibiting it seems like, like, just from a pragmatic way of looking at this, it seems like the paint is on the wall or whatever, whatever that phrase is. So anyway, the point I'm making is it's incumbent upon privacy people to point these types of things out. Because. Because there is an impact when the advocates and the regulators can hit you over the head with something. And I kind of feel like the ad space would be better off if we could just narrow in on what we're doing, focus solely on pseudonymous. Then we could have a debate about identifiability versus pseudonymous. Maybe stay away from the precise location data, stay away from sensitive health data. I just think that's a much more defensible stance for the ad space more generally.

Sheila Cole Klaser (37:08)

Yes, but I think there is some nuance here that really matters. Let's talk about health and wellness for just a moment. First of all, rare disease. So, you know, if you're in a rare disease category, you yourself, your spouse, your child, your mother, your father, your, you know, your best friend, your sister, your brother, you want all the information. So today you'll go out to the Internet and you'll do searches, or you'll use one of the AI engines and you'll do searches, searches. But in the advertising space, they can reach you based on an interest signal. And if it's rare disease, there is a case that those people that are desperately searching for as much info as possible might be well served if they received a related ad on rare disease, the one that they've searched around and they're interested in. So I think we have to be careful with the practical effect of these laws and what it's eliminating. I would argue this marketing and advertising uses of data are the least potentially harmful. Right? It's a promotion. It's helping me find companies that might have a product or service and helping them find me. That is probably, I'm going to argue, least consequential use of data out there. Let me tell one quick story. You remember Fabulous Joe Aladeth?

Alan Chappelle (38:39)

Oh, of course. Yeah.

Sheila Cole Klaser (38:41)

So fabulous Joe, dear friend to many of us, dear friend to me and Joe and I and a European colleague, we'd come back. I forgot what we were doing in Europe. We were coming back, we were landing in the Phoenix airport and we were all going to rent cars and Joe and I went to the counter. We're giggling, laughing, tired, of course, and we, we. They give us the thing to sign and of course I look for the Sig box, as does Joe, and we sign it. The European colleague flips that thing around and is reading it word for word for word for word. And Joe and I are like, wait, what, What, what, what are you doing? And he Said, well, they're going to be collecting my data. And Joe, you know, Joe, he said, they just want to rent you a car. May I ask, do you do this in, in Europe? What do you do when the government asks for data? And the European said, well, well, the government's there for my benefit, so of course I would give them whatever they ask for. But it's those corporations. And I think in America, at least historically, you know, we have a slightly different regard. If government sent me a form, I'd read it word for word. But when someone wants to rent me a car, you know, mark it to me later. Not consequential. Government collecting data about me. Consequential. Now, AI changes all of that. We are approaching and soon will be beyond the smartest human on earth. So they can that engines are programmed or will become functional in a way that's beyond our smartest person, that's beyond a million of our smartest people that an engine. And you know, we already have examples of the AI engines inventing language to talk to themselves and computing answers and outcomes that we don't understand. So AI is really, I think we are vastly underestimating the potential consequence of, well, AI deployment. I think we need to really focus there. I think advertising uses of data are the most delightful and beneficial uses of data. And I think it's the obvious use. So it gets hammered on all the time.

Alan Chappelle (40:46)

So this has been a fantastic discussion. I've only got a couple more questions if you'll bear with me. If you could go back and give yourself one piece of advice at the start of your career, what would it be?

Sheila Cole Klaser (40:58)

Think bigger than you thought initially. You know, the things I learned later in career that I would have told my early young self is I had to learn that it had. Whatever you did, whatever your practice area, whatever was in your portfolio, had to map to the enterprise strategy. Because businesses are in business to be in business and to make money. And that is probably for a young person starting out in our field, mapping their work to the enterprise. Let me give you one examples. One of the pieces of work I'm doing now is a risk maturity model. So does the corporation, on a scale of one to five, do they want to be a zero? Like we don't care, we're going to run, we'll take the hit if it comes. Or do they want to be perfect? They want to be a five, which means they're going to have to make choices about some of the products and services they do and don't offer to market which goes to money. So you need to understand the corporate strategy, the risk appetite, and then the front end budget. You're going to have to solve whatever business challenges they put before you. And that's really the way to think about these kinds of governance roles that you and I have had our whole careers. Yeah.

Alan Chappelle (42:11)

What brilliant. I mean, just fantastic advice for somebody who's just coming into the space, by the way. For me, I would say two things I wish I had known. First is you don't necessarily take it as gospel that even the most senior people in the room know what they're talking about. And, and then number two is with that knowledge, find the people who do know what they're talking about and then those become your allies and your mentors.

Sheila Cole Klaser (42:42)

Very nice. Love that so much. Very good.

Alan Chappelle (42:46)

Sheila, where can people find you today?

Sheila Cole Klaser (42:49)

Well, they can find me personally@sheilacalclasuregmail.com. sheila Coldclazier. All one word, a lot of letters. And then professionally I've hung a little shingle out at Red Barn Strategy as a principal and I'm getting to do really, really fun work in data and technology with a special focus on AI governance.

Alan Chappelle (43:11)

Well, fantastic. And I can't think of anybody who would be better suited for that type of role. And so I am sure that's going to be wildly successful.

Sheila Cole Klaser (43:20)

Thank you so much, Alan. And I wish, I wish I could take you on a walk this morning. We need to go out and check the apiary. I work at that time of year when you begin to work your bees and I would bring you out into the bee yard and then send you home with some fresh honey off the hives.

Alan Chappelle (43:36)

I would love that. I have a close friend and a former bandmate who has a farm, I think somewhere down in Virginia. And so every year I could look, I still look forward to getting a, a little supply and so just wonderful.

Sheila Cole Klaser (43:52)

Well, good. Well, thank you so much for having me, Alan. I appreciate it. And congratulations on your new baby.

Alan Chappelle (43:58)

Well, thank you. Thank you so much, Sheila.

Sheila Cole Klaser (44:01)

Keep me posted. I want all the pictures.

Alan Chappelle (44:03)

Fantastic. I will. That was a great conversation. I haven't caught up with Sheila in a while and she is just always so much fun and always so insightful. A couple of moments from this conversation that I think are worth emphasizing. First, Sheila's point about documentation. She said it plainly, if you don't have it written down, it didn't happen. If you're looking to create a sound data governance mechanism, you need to document your data flows and evaluate your risks by the way I misspoke earlier, there are closer to a dozen state privacy laws in the us, not four, and those laws require some flavor of a privacy impact assessment. And of course, GDPR has been on the books for eight years. And despite that, the data governance and documentation gap inside the ad industry remains enormous. Second, the data Broker conversation I want to be direct here because I think the framing matters, and it hits directly at some of my concerns with the approach being taken in California. When you look at the California Data broker registry, roughly 10% of registered brokers are processing the kind of data that's sensitive and that would even trigger a state breach notification law. The other 90% are routinely getting painted with the same brush, and that's a bit misleading. Companies that are not processing sensitive data should face a certain amount of scrutiny, absolutely. But I just don't think it's helpful to collapse the narrative so that every company on the data broker registry is viewed as if they are linked to identity theft. Good policy requires that one make those kinds of distinctions. Sheila made a point I thought was particularly sharp. Data brokers as a category are actually competition to the very large platforms operated by big tech. The ADS community are in many, many ways a check on platform consolidation. Now, that's a much more difficult argument to make when the headline writes itself as data broker bad. I'd encourage anyone covering this space to go deep, because there's a lot of nuance here. Third, and this is one I'd encourage you to think about most carefully, AI. Sheila's framing here was precise. She didn't say that AI is a new category of risk. She said that it's both a new category and the same old data problems moving faster and at greater scale. That distinction matters for how you build governance. If you treat AI purely as a novel threat, you'll build frameworks that don't connect to the data infrastructure already underneath it. If you treat it purely as a speed problem, you'll miss the genuinely new failure modes, including the ones she flagged around Q Day. For those who didn't catch the reference, Q Day is the point at which quantum computing comes online at sufficient scale to break current encryption standards. At that moment, virtually every security and privacy control built on conventional cryptography becomes vulnerable. You may remember the show Silicon Valley, which explored that concept in a way that was both poignant and pretty darn funny. Sheila chairs an AI and cyber subcommittee for a health insurance company's board, and they are already preparing for Q Day. Finally, Sheila's concept of March fairness. The idea that fairness requires full transparency and genuine independent choice, not just a checkbox is a great way of thinking about privacy and data governance. The GUM story Sheila told is disarmingly simple, but the principle underneath it is worth highlighting. Both parties have to agree that a use is fair. That's a much higher bar than you know, we just disclosed it in our privacy policy. But it's also, I would argue, a more durable standard because it's the one that holds up when a regulator or a journalist starts asking difficult questions. If you found this episode useful, please share it. And we've got a bunch of other fantastic guests coming up on the Monopreport podcast over the next few weeks. We'll have Tony Katzer from the IB Tech Lab on, and I'll have the uber insightful Allison Schiff from Ad Exchanger on, and we've got some really smart people from some of the big tech companies talking about their new content marketplaces. And if that's not enough, we've got a few representatives from the state AG offices to talk about enforcement. Please subscribe to the show@monopolyreportpod.com or on Spotify, Apple, YouTube, or wherever you listen to your podcasts. And thanks for listening.