I gave the opening keynote talk at Global Privacy Leaders Summit @ RSA 2026 about how the role of the Chief Privacy Officer is changing. The thrust of the talk was that because of incoming AI regulation as well as increasing privacy law enforcement (lukewarm take: AI regulation is really just privacy regulation in disguise), the practice of privacy is increasingly becoming a systems problem (as opposed to a policy problem). This means that if you’re leading a privacy program, there is tremendous opportunity to be in the room where it happens inside your company. I argued for privacy professionals to go beyond risk-obsessed thinking and to focus on opportunities and use-cases that can be unlocked with the right privacy systems. I made the following points:

  1. Compliance is not privacy
  2. Regulation is inevitable and incoming
  3. AI and privacy are frenemies

For more details, see the PDF slides!