Gabrielle Kohlmeier is a lawyer, tech whisperer, and transformation executive in a lifelong love affair with growth mindset and sustainable innovation. From building a Fortune 30 legal and policy approach to antitrust, to navigating retail risk, to leading global legal AI adoption and outperforming teams. She helps organizations rightsize risk and turn disruption into strategic value.

Many companies are rushing to adopt AI tools and publish AI policies, yet far fewer are investing in AI fluency across their workforce. Knowing how to use an AI tool is not the same as understanding what it is doing, what data it collects and uses, and the privacy, security, and compliance obligations that come with using it. Without that level of understanding, organizations risk using AI without fully grasping its impact. So, what does true AI fluency look like in practice?

Organizations spend time creating AI governance policies, and sometimes those policies are not operationalized. Governance then becomes "precious" when it is documented and published but not embedded into how teams actually work. That gap becomes more pronounced when teams lack the AI fluency needed to apply governance to their day-to-day use of AI tools. To be effective, governance needs to be lived, with clear accountability, ongoing feedback loops, and policies and processes regularly revisited as AI use cases evolve. It also requires establishing privacy and security guardrails that allow teams to experiment with AI responsibly, while right-sizing risks.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Gabrielle Kohlmeier, Legal and Innovation Executive, about building AI fluency and operationalizing responsible AI use. Gabrielle explains why AI fluency goes beyond simply using AI tools and requires a deeper understanding of the ethical and legal obligations that come with them. She shares how AI governance often breaks down in practice and what it takes to truly operationalize it, while enabling responsible AI experimentation with clear guardrails. Gabrielle also highlights numerous curated resources to help companies stay grounded as AI evolves and offers a practical privacy tip that applies to everyday internet and AI use.

Kelly Peterson is the Chief Privacy and Compliance Officer for Yobi AI, a company dedicated to building models based on consented data to democratize access to data in an ethical and privacy-respecting manner. As CPO, Kelly establishes the strategy for the company's compliance programs and advises on product development utilizing PbDD. She collaborates cross-functionally with key internal stakeholders and external partners to explain Yobi's unique approach to AI development.

Building trust around how companies collect and use consumer personal information has become a defining challenge. Companies need to be upfront with the types of personal information they collect from consumers, why they collect it, and how it is used. Making that information easy to access can help people better understand a company's privacy and security practices. And one way to do that is through a trust center.

Trust centers do more than build credibility. They can also serve as an efficient sales and marketing tool that quickly answers questions about an organization's privacy and security practices. Building one often starts with an internal advocate. That advocate can work with sales and marketing teams to demonstrate how having privacy and security information in one place enables more effective responses to requests from organizations evaluating potential business partnerships. When building AI tools or other new products and features, companies should treat trust as a design choice and be transparent about how behavioral data is used and the benefits consumers receive from it.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Kelly Peterson, Chief Privacy and Compliance Officer at Yobi AI, about building trust-centered approaches to privacy and security practices. Kelly explains the role trust centers play in demonstrating transparency to consumers and business partners. She shares how businesses benefit from building new products, features, and AI tools with trust in mind, and why demonstrating the benefits of using consumer behavioral data helps build trust. Kelly also discusses the challenges companies face when navigating overlapping privacy laws, AI regulations, and other privacy-adjacent regulations.

Tom Kemp is the Executive Director of CalPrivacy. Previously, he was a Silicon Valley tech entrepreneur and CEO. He volunteered on the California Privacy Rights Act campaign and has advised on major tech policy legislation nationwide, including the Delete Act (SB 362) and AI Transparency Act (SB 942). He is the author of Containing Big Tech.

California's privacy law evolves once again as its new regulations push companies to move from policy to proof. Privacy risk assessments, cybersecurity audits, and automated decision-making technology requirements introduce new obligations for businesses that process personal information at certain thresholds. Alongside recent CCPA enforcement actions, these new rules reinforce the importance of establishing governance, ensuring technical compliance, and demonstrating accountability. So, what do businesses need to do to stay ahead?

CCPA enforcement actions do not happen in a vacuum. Consumer complaints, website and data flow reviews, and media reports influence investigations that can trigger enforcement actions. Tom Kemp, Executive Director of CalPrivacy, knows this firsthand as he oversees these efforts, along with the rollout of the new CCPA rules. Companies are being evaluated based on real-world user experience. That's why they need to establish governance and strong operational processes that ensure compliance as regulations and consumer expectations evolve. Companies also need to walk a mile in a consumer's shoes and test their websites and mobile applications to ensure they are free of dark patterns and that access, deletion, and opt-out rights function without friction. And when it comes to AI use, companies need to keep in mind that existing CCPA obligations still apply whenever personal information is involved.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Tom Kemp, Executive Director of CalPrivacy, about the new CCPA regulations, enforcement, and what's next for businesses. Tom explains why the California Privacy Protection Agency transitioned to the CalPrivacy name and how the agency focuses on raising privacy awareness and making it easier for consumers to operationalize their privacy rights. He outlines key timelines and thresholds tied to risk assessments, cybersecurity audits, and automated decision-making obligations and discusses how businesses can leverage existing processes to meet the new requirements. Tom also shares how California's collaboration with other state attorneys general and international regulators is shaping enforcement coordination and privacy oversight.