StackAware

StackAware is the leader in artificial intelligence governance, risk, and compliance. We help you win with AI while protecting your data, your customers, and your reputation.

Founder and CEO

Privacera

AI security is all about data governance. My time at Privacera showed me what it takes to protect sensitive data of Fortune 500 customers like Nike, Autodesk, and Corning. As leader on the product management team, I:

• Drove the product roadmap for Privacera UserSync, merging business and technical insights to ensure release of market-leading platform for identifying, classifying, and protecting sensitive data in cloud- and on premises-based sources.
• Spearheaded the company's Software-as-a-Service (SaaS) improvement effort, developing detailed telemetry, security, and observability requirements.
• Created and implemented the company shared security model, explicitly identifying cybersecurity responsibility for various stakeholders, including customers and third-party service providers.
• Launched our first coordinated vulnerability disclosure program to facilitate confidential receipt of reports from cybersecurity researchers and ensure rapid remediation of identified security issues.
• Developed, coordinated, and oversaw publication of the first official product support policy, clarifying software end-of-life timelines, 3rd party software support plans, and backward/forward compatibility contracts.
• Overhauled the Privacera Platform pricing model to reflect value derived by customers while also capturing maximum revenue possible.

Data Security and Governance Product Manager

Cloud Security Alliance

Managing complex cloud-based software dependencies is table stakes for effective AI governance. And I set industry standards for Software-as-a-Service (SaaS) risk management while spearheading the publication of the software supply chain section of CSA’s widely-hailed and comprehensive guide for securely using SaaS products.

SaaS Governance and Security Expert

Securing data flows is an absolute must for cyber-physical products. And in support of enterprise customers like Caterpillar, Volvo, and Flowserve, I:

• Ensured the secure development and deployment of ThingWorx Industrial IoT platform.
• Coordinated with software engineers, quality assurance testers, and other stakeholders while applying the Agile development process.
• Improved customer security by ensuring delivery of edge device connection monitoring, file upload management, enhanced auditing, and Azure Active Directory integration features.
• Led the company-wide, multi-product identity and access management (IAM) strategy, roadmap, and partner program.
• Supervised implementation of application security program including static, dynamic, and software composition analysis as part of product continuous integration pipeline as well as regular threat modeling, penetration testing, and other vulnerability prevention and detection methods.
• Reduced median time to resolution of potential security defects by 60% through overhaul of company vulnerability management policy and procedures.
• Developed and oversaw implementation of containerized software security, maintenance, and continuous delivery procedures as part of company Software-as-a-Service (SaaS) transition strategy.
• Spearheaded the ThingWorx Compliance Hub, providing detailed guidance for customers seeking compliance with System and Organization Controls (SOC) 2, International Organization for Standardization (ISO) 27001, Department of Defense Cybersecurity Maturity Model Certification (CMMC), and other regulatory frameworks.
• Conceived and launched the ThingWorx Shared Security Model, clarifying cybersecurity responsibilities for PTC, customers, partners, and other stakeholders.
• Designed, built, and implemented an automated bug triage system. I Developed and coded the algorithm that factored in customer satisfaction, past and anticipated bookings, as well as functional and security impacts.

Cybersecurity Product Manager for Internet of Things (IoT) Analytics Platform

U.S. House of Representatives

You know who has the most complex data sets and systems in the world? The federal government. Dealing with this sprawl drove home for me the importance of clear policies and guidance. While working on Capitol Hill, I:

• Advised the Chair of the Committee on Homeland Security, other Members of Congress, and staff regarding cybersecurity and counterterrorism issues. 
• Provided policy analysis briefings to the Committee Chair in preparation for 60+ national media appearances.
• Drafted Public Law 115-331, the Homeland Security Data Framework Act, codifying government data sharing processes.
• Led a yearlong investigation of information exchange among 13 government organizations; authored a report with 34 oversight recommendations entitled "Reviewing the Department of Homeland Security’s Intelligence Enterprise."
• Represented the Committee during bilateral discussions with European Union Commission, Council, and Parliament regarding transatlantic cooperation in the fields of cyber crime, counterterrorism, and border security.

Congressional Staffer, Federal Data Program Oversight

Office of the Director of National Intelligence

Founded after 9/11 to stop future attacks, the National Counterterrorism Center sits at the crossroads of a huge amount of sensitive data. After being personally selected by the senior Marine officer to serve as active duty military detailee to NCTC, I:

• Briefed the NCTC Director – counterterrorism advisor to President of the United States – on key threats.
• Was personally commended by Federal Bureau of Investigation (FBI) Director for “outstanding assistance” to FBI investigative efforts.
• Identified terrorist leaders and operatives by applying financial, communications, and social network analysis techniques to Intelligence Community data; disseminated leads to operational customers.
• Tracked extremist propaganda, messaging, and intentions via social media.
• Trained 10 analysts in novel techniques to parse and analyze intelligence datasets with Palantir’s Gotham software.
• Became and expert in computer network exploitation threats from nation-state, terrorist, and criminal actors as well as digital network intelligence tools, methods, exploitation, and outputs.

Targeting Analyst, National Counterterrorism Center

United States Marine Corps

While serving as second-in-command of a Marine reconnaissance company, I honed my ability to oversee complex programs, synthesize data, and manage risk while I:

• Supervised 53 person cross-functional team, overseeing discipline, training, and readiness for worldwide deployment.
• Led Joint Riverine Training Team on mission to Perú and trained 300+ Infantes de Marina (Peruvian Marines), entirely in Spanish.
• Managed 2000+ weapons, radios, and optics during the transition from a legacy equipment database to its cloud-based replacement.

Company Executive Officer, First Reconnaissance Battalion

I had the honor of commanding 1st Platoon of Charlie Company before and during its overseas deployment. In this capacity, I:

• Led a 23 person cross-functional team during 20 counterinsurgency missions in southwestern Afghanistan.
• Achieved a 100% success rate in avoiding improvised explosive devices by custom building an integrated hardware-software patrol tracking system to analyze Global Positioning System (GPS) data. I developed the product roadmap from existing designs, collected user requirements, built and deployed a prototype, and evaluated performance data prior to real-world employment. Subsequently, I trained additional platoons in system use, increasing adoption by 300%.
• Was awarded the Navy and Marine Corps Achievement Medal with Combat Distinguishing Device.

Platoon Commander, First Reconnaissance Battalion

In preparation for taking command of one of the Marine Corps' most fearsome fighting units, I finished the Basic Reconnaissance Course (BRC) ranked 2 of 36 students and graduated from the Survival, Evasion, Resistance, and Escape (SERE) school.

Reconnaissance Officer-in-Training

During my first overseas tour as new Marine lieutenant, I:

• Drove the operations of a 10,000+ person organization by personally advising its Commanding General.
• Presented him with 200 daily intelligence briefings and 8 detailed battlefield assessments.
• Supervised 5 analysts during the production of 145 daily intelligence summaries, 27 political-military studies, and 10 quantitative visualizations.
• Was awarded the Navy and Marine Corps Achievement Medal for “inspirational leadership.”

Intelligence Officer, First Marine Division

Amazon and Samsung didn't assess their AI-related risk properly, and got burned.

The weakest link?

Lack of processes and guardrails.

- "There's no governance in place, not even an AI policy."
- "We're moving at Mach 7" when it comes to AI products.
- "We're rolling out dozens, if not hundreds, of AI-powered tools."

Sound familiar? These are all things security leaders have said to me.

What they - and you - desperately need is a comprehensive and structured approach to managing the resulting risk.

While revolutionary - and critical to any business that wants to survive - artificial intelligence can create cybersecurity, compliance, and privacy headaches.

You need the right tools to navigate these competing demands.

Dealing with internal and external stakeholders can be even more demanding, requiring not just an understanding of the issues but the ability to communicate them effectively and quickly.

Here's what your plan should look like:

1. Identify the business needs. Successfully automating your operations with AI will probably be the difference between your company's success and failure, so you'll need to look throughout your organization to understand where to deploy these tools, and in what priority.

2. Analyze the security, privacy, and compliance risks. How is your SaaS vendor managing your data? Are you subject to the GDPR, CCPA, or any other data privacy obligations (hint: you probably are)? What frameworks (SOC 2, ISO 27001, FedRAMP) do you need to comply with? You'll need to know these things before heading to the next step.

3. Apply controls. This includes making sure you have a company-wide policy, creating a structured framework for risk decisions, and deploying the right technical safeguards to your AI systems. You'll need to train up your team on all of these things as well.

How do I know all this?

I've been tackling these types of emerging security challenges at both publicly traded and venture-backed companies for years.

So, if you're a CXO or VP in tech, healthcare, and financial services who wants to launch AI-enabled products without fear,

it’s time to look at your AI-related risk NOW.

Need an assessment?

Drop me a DM.

Look Mom, I'm an influencer! That's not a label I sought when I started posting every day on LinkedIn in September of 2021, but here's what I learned:

- Consistency is key: many (most?) posts will get crickets
- Repurposing long form <-> short form <-> video is key
- Doing a lot of stuff means you never run out of content
- Double down on engagement with awesome folks like:
Chris H., Jason Rebholz, Rob Black
Nathaniel Shere, Jesse Miller, Lester Chng
Jeff Cunningham, Ross Haleliuk
Jonathan Todd, Peter Gostev
- Unfollow freely

Here's to the next 5k, 10k, and 35k!

And if you are interested in the intersection of:

- Risk management
- Cybersecurity
- Compliance
- Privacy
- AI

Please head to my profile (Walter Haydock) and ring my bell 🛎!

Walter Haydock

You asked. Here's the answer.

What's the difference between risk appetite and risk tolerance?

1️⃣ RISK APPETITE

A dollar figure over a given time period (usually a year, also known as annual loss expectancy [ALE]) identifying how much a particular business or product line is willing to lose, on average.

Also known as “the cost of doing business.”

Risk quantification legends Richard Seiersen and Doug Hubbard recommend providing a range of possible outcomes (e.g. a 1% chance of a $1,000,000 loss, a 0.1% chance of a $50,000,000 loss, and so forth) to build a loss exceedance curve.

This is an advanced technique.

In any case, this figure should come from a business leader, NOT the security team.

It might be hard to coax exact numbers out of them, but you shouldn’t accept wishy-washiness.

Organizations have acceptable quantitative limits for employee attrition, theft, and other bad things.

U.S. government agencies publish values for a human life (about $10 million).

Cyber risk is just another kind of (business) risk.

So quantify it.

2️⃣ RISK TOLERANCE

The relative speed with which the organization must return to its risk appetite, if exceeded.

Most easily expressed in ALE.

For example, if you identify a vulnerability which poses a risk that - on top of existing ones - would put you over your appetite, your tolerance would tell you how quickly you need to get back to baseline.

So if you have a risk tolerance of $50,000 per year, and a newly identified vulnerability represents an additional $100,000 of ALE (when factoring in likelihood of exploitation and severity), you have six months to mitigate, transfer, or avoid the resulting risk.

If the vulnerability poses $18,000,000 per year of marginal risk (think log4shell), then you have about a day to resolve it.

$18,000,000 of excess ALE per year * 1 year per 365 days = $49,315 of excess ALE per day, meaning you have slightly more than 24 hours before you exceed your risk tolerance.

This is is all cumulative.

So if you identify two instances of log4shell (assuming they pose the same risk), you'll need to fix both in 12 hours or one almost immediately and another one by the next day.

TL:DR:
1️⃣ RISK APPETITE: the annual risk (in dollars) your organization will accept as part of normal operations.
2️⃣ RISK TOLERANCE: the speed with which you need to get back to that baseline, if exceeded.

ISO 42001 is hot off the presses. And already there is a lot of hype about the new standard for an Artificial Intelligence Management System. My question:

Is it legit to claim you are "ISO 42001 Ready"?

I have started seeing things like this pop up, and don't know what to make of it.

Sure, companies slap seals on their sites all the time for:

- HIPAA
- GDPR 
- CCPA

despite the fact that there is no "certification" per se for any of these. So these are just self-attestations.

But with ISO 42001 there is actually a standard that you can be certified against.

I've even seen some companies get auditors to sign off on their compliance with the DRAFT of this standard.

So now prospective customers need to contend with 3 different claims regarding ISO 42001:

- "Ready"
- Certified against draft standard
- Certified against official standard

What should I make of this?

A quick guide to how you can spend $108,000 per year instead of building an AI governance program (but not really):

ChatGPT Enterprise costs (at least) $108,000 annually.

And a company considering bringing StackAware on for an AI risk assessment and governance program decided to just buy the software instead of working with us.

AI risk solved, right?

Unfortunately not.

AI IS MORE THAN JUST CHATGPT

Don’t get me wrong, ChatGPT Enterprise seems pretty cool. It:

- Prevents all organizational user inputs from being used for model training
- Gives administrators granular control over data retention and deletion
- Doesn’t make you choose between limited retention and custom GPTs

But there are a lot of things it doesn’t do for you, like:

- Build a customized AI policy and procedure for your organization
- Evaluate vendor AI processing, training, and security procedures
- Help communicate to customers about how you use AI
- Map AI-related controls to compliance frameworks
- Negotiate with partners about model ownership
- Manage risk NOT related to OpenAI
- Inventory your AI systems and tools
- Penetration test AI applications
- Give you vendor-neutral advice

And my point of contact at this particular company understood all of the above and made the case internally (you know who you are - thanks!).

But to no avail.

YOU CAN TRY TO ADDRESS AI RISKS PIECEMEAL, BUT IT WILL COST YOU

Some business and security teams seem to view AI as magic. Something to both harness but also fear.

In the end, though, it’s just a technology.

The same principles of risk management apply here, like they do everywhere else in life. You only have four options:

1. Mitigate
2. Transfer
3. Avoid
4. Accept

In the race to deploy AI systems while not exposing sensitive data or suffering reputation damage, many companies seem to be blindly defaulting to option #1, regardless of cost.

Others are just going all in on #3, blocking every AI tool they learn about. They don’t seem to worry about:

- Slamming the brakes on innovation
- Losing competitive advantage
- Scaring off AI talent

The thing is, there is no way to know which of these (or combination) will have the highest return-on-investment without doing a comprehensive assessment.

And if you don’t even know about a risk, you are defaulting to #4, by accident.

TOOLS ARE THE FINAL PIECE OF THE PUZZLE, NOT THE FIRST ONE

AI security tools certainly have their place. StackAware has plenty of partners who sell them.

But deploying one of these is the last step you should take in your AI governance, risk, and compliance journey.

Once you have:

- established your business goals for AI
- mapped the landscape of threats
- built a governance framework

then it’s time to start considering what software you should buy (if any).

But don’t put the cart before the horse.

P.S. We cost a lot less than $108,000 annually.

Is your AI certified?

Well, pretty soon it can be. Thanks to the release of a new standard:

ISO 42001.

I did a teardown of this new framework, looking at key aspects like:

- What it means to build an AI management system
- How you would actually implement it
- The impact of looming regulations
- References to the NIST AI RMF
- Its similarity to ISO 27001

Want the full story?

Check out this issue of Deploy Securely👇

Open article: Certify your AI with ISO 42001 by blog.stackaware.com • 4 min read

https://blog.stackaware.com/p/iso-42001-ai-management-system

"I have no budget for AI governance, risk, and compliance."

☝ A common refrain from security leaders I speak with. If you find yourself here,

it might make sense to sense to ask your:

- engineering
- product
- finance

colleagues the following questions:

1️⃣ Do we have budget to lose deals to competitors because we cannot explain our AI security posture to prospects (while you are also blasting out blogs and social posts about how we use AI throughout the company!)

2️⃣ Do we have budget to address lost competitive advantage from employees unintentionally training SaaS generative AI models on our intellectual property?

3️⃣ Do we have budget to jump through our a** before our next audit to document how we are meeting compliance requirements while using AI?

Money is money.

But sometimes spending it earlier - and in the right place - can save you a lot more later down the road.

Need help making the case internally?

DM me "GRC."

The U.S. Securities and Exchange Commission has entered the chat (bot regulation game) with its first "AI washing" cases. It settled charges with two firms related to:

- Fraud
- Marketing rule violations
- Compliance rule violations

Debevoise & Plimpton wrote an excellent summary of the issues on their blog (debevoisedatablog [dot] com) with some great recommendations (which are eerily similar to what StackAware helps you implement).

They focus on:

DISCLOSURE

1️⃣ Be clear as to what you do (and don’t) use AI for.

2️⃣ Avoid using hypothetical language for actual AI practices. 

3️⃣ Understand and accurately disclose risks associated with AI 

GOVERNANCE

1️⃣ Define AI Internally, Including for marketing.

2️⃣ Train personnel on the risks of overselling AI capabilities. 

3️⃣ Establish a process for reviewing and approving disclosures.

4️⃣ Vet and verify claims about AI use in your supply chain (vendors).

BOTTOM LINE

Like it or not, regulators are coming for your AI.

Have a plan.

Hold on, I thought banks liked money! A recent survey by American Banker suggests otherwise, though. The stats that amazed me:

➡ 15% think they have completely banned generative AI.

Notice I said "think they have," because there is zero chance no one is using generative AI with company data at any of these financial institutions.

And the vast majority of this shadow AI is certain to be happening off of company networks, leading to:

- Unintended training on sensitive data
- Excessive data retention
- Compliance risk

All of these are liabilities on your balance sheet, whether you track them or not.

➡ 26% are CONSIDERING putting a policy into place.

In 2024, if you are just thinking about a policy, you are way behind the curve.

If it's the wild west in your networks, then you are facing the same risks as above but you can't hold anyone accountable for incurring them.

Another hit to the bottom line.

➡ Here's the good news:

StackAware has a free AI policy template you can grab.

Head to:

policy [dot] stackaware [dot] com

How I enhance security and privacy for healthcare, financial services, and enterprise software customers using data classification levels but without extra complexity:

I separate types NOT by the value of the data they describe but rather the handling procedures for the information, e.g.:

1/ Public
2/ Confidential-Internal
3/ Confidential-External
4/ Confidential-Personal Data
5/ Restricted

1️⃣ PUBLIC

Can be posted on the open internet without restriction.

At StackAware, we take the additional step of trying affirmatively to publish anything classified as “Public.” That’s because, if there is no risk in getting out there, then it might as well serve as marketing collateral.

Building in public is part of our competitive advantage.

2️⃣ CONFIDENTIAL-INTERNAL

Belonging to us not currently meant to be public, but which can be disclosed unilaterally with the approval of the data owner, without further coordination outside of our company.

Below are some examples. If you were especially concerned about compartmenting data, you could create nested sub-categories using some or all of the below to restrict dissemination even further:

- Material financial information
- Internal source code
- Machine telemetry
- Business plans
- Credentials

3️⃣  CONFIDENTIAL-EXTERNAL

Information belonging to another organization not meant to be public, which our company is bound by confidentiality requirements to protect and cannot release without external coordination.

While there should be an internally designated data owner, that person cannot release the information in question without permission from the relevant external party.

4️⃣ CONFIDENTIAL-PERSONAL DATA

There are a variety of regulations governing the use of data which can identify natural persons (i.e. human beings), such as:

- Personal information (PI), defined by the California Consumer Privacy Act (CCPA).
- Personally identifiable information (PII), defined by various U.S. state laws and federal regulations.
- Personal data, defined by the European Union (EU) General Data Protection Regulation (GDPR).

The GDPR is the most restrictive and expansive of all of these categories. Thus, we use the blanket term of Confidential-Personal Data for everything that falls under this rubric.

Different jurisdictions, however, have specialized requirements for handling different types of data, so it might make sense to create nested categories under the general category of Confidential-Personal Data.

5️⃣ RESTRICTED

This is simply a way of collectively describing the aforementioned three types of Confidential information.

For policy and procedure purposes, it can be helpful to have a single unifying term to describe all categories of data that can not be processed in a certain way (e.g. using uncertified systems per StackAware’s AI security policy).

TL;DR - At StackAware, we use the data classifications:
1/ Public
2/ Confidential-Internal
3/ Confidential-External
4/ Confidential-Personal Data
5/ Restricted

Security and data leaders: if Microsoft Azure OpenAI service's abuse monitoring and retention terms were a surprise, I hate to break it to you, but...

...you have more "gotchas" like this headed your way.

You know who this wasn't news to?

Any of StackAware's AI risk assessment or governance clients.

That's because we go through vendor terms and conditions with a fine-tooth comb to sniff out risks related to:

- Cybersecurity
- Compliance
- Privacy

Want a free resource for staying on top of evolving vendor AI capabilities and policies?

Head to:

vendors [dot] stackaware [dot] com

How are you designing (and securing) your AI-powered applications when dealing with sensitive data from different customers?

Are you clearly communicating what you are doing?

Is the data protected?

Check out this video for an in-depth discussion of AI training and processing best practices 👇

Open video: Secure your AI architecture on youtube.com

https://www.youtube.com/watch?v=OhUml3XnsLE

If you are part of this 40%, you are way behind. Even though the SEC can't secure its own Twitter account, they are going "hard in the paint" on AI issues related to:

- Cybersecurity
- Compliance
- Privacy

Some key steps for firms (especially SEC-regulated ones):

1. Vet your vendors' AI training and data retention
2. Establish an AI policy and train your staff on it.
3. Inventory all of your AI models and apps
4. Have an AI risk management procedure
5. Be clear in your messaging about AI

Need more detail?

Check out the StackAware AI security model:

govern [dot] stackaware [dot] com

Are you blocking generative AI tools from accessing your site? Should you? Will they even follow your instructions? Well, as usual:

it depends.

Check out this issue of Deploy Securely where I go in depth on:

- How to use robots.txt to block GenAI tools from scraping
- Why this could be a double-edged sword
- The effectiveness of browsewrap terms

and a bunch more.

Want the full details?

Check it out 👇

Open article: Block AI tools from scraping your site in 3 minutes by blog.stackaware.com • 1 min read

https://blog.stackaware.com/p/block-generative-ai-tools-robots-txt-terms-use

“Existential risk” is a pretty scary phrase, both when it comes to AI and otherwise.

But it's important to grapple with the risks of artificial intelligence to make sure we are carefully weighing them against the (huge) potential rewards.

That's why I think OpenAI did a pretty good job with their Preparedness Framework, which focuses on threat vectors like:

- Chemical, Biological, Nuclear, and Radiological (CBRN)
- Cybersecurity
- Persuasion
- Autonomy

Although their qualitative ("High," "Low," etc.) risk scoring system could use some work, the Framework provides a solid basis for risk decisions.

It's also a good general framework for an information security governance program.

Want the details?

Check out this analysis in Deploy Securely:

Open article: OpenAI's solid preparedness framework by blog.stackaware.com • 6 min read

https://blog.stackaware.com/p/ai-governance-risk-management-preparedness

Worth the read! Very well done Walter Haydock

In light of YouTube's new policy requiring content creators to disclose when their content has been created with AI or altered "synthetic" media, linking to another great a post from a very good follow on AI x information security Walter Haydock on authenticity tagging. 

tldr; the practice of watermarking and authenticity tags is problematic and  unlikely to guarantee the authenticity of content absolutely, and at best offers a probabilistic estimate.


YouTube's announcement, here: https://lnkd.in/eSyb8_qd

Ready...set...panic!

Is that what your incident response plan looks like in practice? Well, with AI, it's only going to get worse.

On top of the usual things like:

- Data breach notifications
- Regulatory interactions
- Forensics

You'll need to look at:

- Whether the model(s) have been tainted with unacceptable data.
- If the AI application always provides the same (bad) response.
- The need for emergency decommissioning.

Do yourself a favor.

Have an incident response standard operating procedure (SOP) that takes into account AI considerations.

---

Hi - I'm Walter. Need more AI security and governance tips like this? Ring my bell to never miss a post!

Some AI-powered companies overlook asset inventory, thinking it's trivial...


...but after facing unanticipated risks and compliance issues, they realize they are operating in the dark.

At a minimum, you'll need a single source of truth for all company (AI) assets.

Optimally something exists here already. If so, you can layer on top:

- Data provenance
- Subprocessor status
- Trust boundaries and third parties

Although it's not sexy, asset inventory is a critical AI risk management tool.

That's why it's one of the seven modules of the StackAware AI Security Model:

1. Develop clear business and security requirements
2. Address privacy and compliance needs
3. Publish and enforce an AI policy
4. Create an (AI) asset inventory <=== YOU ARE HERE
5. Develop SOPs and standards
6. Communicate externally
7. Audit and improve

Want to see the full thing?

Head to:

govern [dot] stackaware [dot] com

So you're getting ready to roll out an AI chatbot - awesome! Here are some things to consider before rolling them out into production:

(h/t to Peter Gostev for his excellent example from Amazon)

How to handle AI training high-risk/high-reward situations? Traditional de-identification techniques are likely to miss unstructured sensitive data like:

- Financial projections for a company undergoing a merger or acquisition
- Descriptions of trade secrets sold from one party to another
- Personal information embedded into images rather text

I think the best way forward here is to require customers to confirm the results of such de-identification before training AI on the redacted material.

Companies can incentivize this by compensating customers for each page (or other unit of data) approved or corrected (if not properly de-identified).

And if the company is using AI for de-identification, that algorithm gets better every time.

This will form a virtuous cycle over time, where

- the de-identification process will continuously improve
- customers will get rewarded for their data and efforts
- the company can sell its AI product with confidence

(h/t Jonathan Todd for the inspiration)

Taplio

Walter Haydock's Linkedin Analytics

Walter Haydock

What is Walter talking about?

Walter Haydock's Best Posts (last 30 days)

Want to drive more opportunities from LinkedIn?

Taplio

.css-1jgreyo{background-image:linear-gradient(284deg, rgba(39,43,72,1) 0%, rgba(33,47,183,1) 100%);color:transparent;-webkit-background-clip:text;background-clip:text;}Walter Haydock's Linkedin Analytics

Walter Haydock

What is Walter talking about?

Walter Haydock's Best Posts .css-qqfgvy{font-size:var(--chakra-fontSizes-md);}(last 30 days)

Want to drive more opportunities from LinkedIn?

Walter Haydock's Linkedin Analytics

Walter Haydock's Best Posts (last 30 days)