At last week’s two-day PSR event from IAPP, I was energized and impressed by the diverse group of attendees. It was unlike any other tech-related event I’ve been to in decades. Unlike typical tech events, this one brought together a unique blend of attorneys, privacy officers, engineers, startup founders, management consultants, security professionals, regulators, and academics from all backgrounds and career stages. It was a refreshing departure from the young, male-dominated spaces we've seen in the tech world recently, such as the OpenAI engineering video.
It was inspiring to see so many people dedicated to privacy, security, and risk—roles that often work in the background and do not always get the spotlight or funding they deserve. A well-known recruiter at the event summed it up perfectly: this community is truly driven by purpose, with a shared commitment to building a safer digital future.
Personal takeaways
The power of podcasting
I can't believe I've been missing out on Hard Fork, a podcast whose hosts moderated an incredibly engaging keynote. They brought on three dynamic guests for a lively panel discussion and ended the session with a playful but insightful game (fork, marry, kill). It’s definitely a podcast I’ll be adding to my list.
Privacy and security as pillars
One of the big announcements at the conference was the launch of the IAPP Cybersecurity Law Center—a move that reinforces just how essential security is in today’s governance discussions. While AI was the shiny new topic, privacy and security still provide the foundation for everything, including AI governance. Without these pillars, we wouldn't even have the groundwork to address the complexities AI brings.
The AI hype: governance and ethics
AI governance and ethics were dominant themes throughout the event, but despite the buzz, I noticed a lack of real-world, end-to-end examples of successful AI implementations. We all agree on the importance of governance, but it seems the industry is still searching for success stories that can prove it works.
A major question remains: who should lead AI governance? The legal team? The security office? Or maybe the privacy office? Privacy professionals are certainly in a strong position to take the reins, but with the rapid growth of privacy laws and now AI governance, burnout is becoming a real issue.
Key insights from regulators
Regulators stressed the importance of proactive governance programs. Organizations must prioritize vendor assessments, conduct privacy impact assessments, and be transparent about data collection. Several attorneys highlighted increasing litigation risks related to tracking technologies like pixels. Organizations need to move beyond checklists and demonstrate real compliance through thoughtful governance.
Standout quotes from the event:
- "Data mapping can facilitate compliance with our obligations."
- "Consumers care, and we are listening to them."
- "Enforcement is coming."
Foundations for AI governance
While the AI landscape is rapidly evolving, AI governance can build on existing security and data governance frameworks. There's no need to reinvent the wheel. With solid infrastructures in place, organizations can approach AI governance more efficiently and effectively.
Vendor landscape and AI tools
The exhibit hall was packed with vendors offering AI governance solutions. I was impressed by the maturity of data mapping tools, and it's clear that AI governance tools are becoming more practical. Some tools, however, seem too focused on checklists and risk categorizations—almost formulaic in their approach. Instead, they may benefit from aligning leadership and fostering human collaboration before diving into technical solutions.
That said, simpler AI governance tools seem to have more practical applications. For instance, TrustWorks, a privacy management and AI governance platform took a straightforward approach. Their tool connects AI use cases to an AI asset inventory and highlights potential risks, which felt like a manageable and logical solution.
The future of AI model auditing
One of the more thought-provoking panels discussed the future of AI model auditing, with a particular focus on model deletion. There’s a growing conversation around the possibility of public audits for large AI models, particularly those serving as foundational models.
Governments leading the way in AI governance
In informal chats with government representatives, I was surprised to learn that city and state governments are further along in developing AI governance frameworks than many of us realize. While the patchwork of state privacy laws remains an issue, government teams are proactively collecting citizen data and shaping governance policies. Many attendees agreed that the current state-by-state approach is unsustainable and that the audience at PSR24 is among the few groups that unanimously support a comprehensive federal privacy law.
Final Thoughts
A big thank you to IAPP for hosting such a professionally run event, full of thoughtful discussions and cutting-edge insights. My only wish? That it was a bit more accessible to a broader audience, given the price point.
It’s clear that privacy and security professionals are playing an increasingly central role in these conversations. As AI governance continues to evolve, this community will be instrumental in shaping the digital world of tomorrow.
To learn more about our AI governance platform, register for a free demo or speak to our team!
Roberta Kowalishin
