Talar Herculian Coursey is the GC and VP HR for ComplyAuto, a SaaS company serving auto dealerships in the US. Talar was previously the GC for Vista Ford and a file clerk, associate, and partner at the national labor and employment law firm, Fisher Phillips LLP.

Talar is licensed to practice law in California and Utah. She is also a CIPP, CIPM, certified yoga instructor, certified life coach, and a retired dog walker.

Knowing the types of data a company collects is essential for building strong privacy and security practices. Many organizations collect a wide range of sensitive information, including financial data, identity documents, and data created through connected technologies. Employees often rely on text messages and mobile apps to communicate, creating touchpoints where sensitive information is shared with third parties. So, how can general counsels and privacy pros safeguard sensitive information while accounting for the risks introduced by third-party vendors?

Protecting sensitive information starts with establishing policies and processes that reflect how data flows through an organization and understanding how teams communicate with consumers. That's why it's important to provide employees with secure, encrypted channels when communicating with customers. Customized training is equally important, and using gamification and tailored phishing simulations helps engage employees, deepen their understanding of the sensitive information they handle, and improve their ability to recognize potential privacy and security risks. By pairing these tools with training that is specific to the work environment, general counsels and privacy pros can help employees stay vigilant and reduce the likelihood of privacy and security incidents.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Talar Herculian Coursey, General Counsel and Vice President of Human Resources at ComplyAuto, about managing privacy and security risk tied to data collection practices. Drawing on her experience in the automotive dealership industry, Talar explains why understanding the types of data companies collect is critical to building effective privacy and security programs. She explains how companies can strengthen their defenses through encrypted communication tools and customized employee training programs. Talar also outlines the significant risks posed by third-party vendors and offers practical tips for managing these risks.

Teresa "T" Troester-Falk has over 20 years of experience building privacy programs that work when resources are limited and timelines are real. She led initiatives at DoubleClick (Google), Epsilon, Nielsen, and Nymity (TrustArc) before founding BlueSky Privacy and BlueSky PrivacyStack. Today she creates practical tools and systems that help privacy professionals step into their role with confidence and give executives decisions they can act on. Through her writing and teaching, she brings clarity to complex requirements and shows how privacy can succeed in practice.

Privacy professionals step into their roles with foundational knowledge, yet often without the support needed to apply it in practice. They are sometimes expected to build and maintain privacy programs without a budget, authority, or a clear plan. This gap creates daily uncertainty, especially for newly certified privacy professionals who enter the field with little operational experience. So how can privacy professionals move through these challenges and build programs they can defend with confidence?

Building a functioning privacy program requires making decisions in gray areas and moving forward without waiting for perfect information. Privacy pros can start by focusing on high-risk areas first and documenting their decision-making process using a three-pillar approach. This framework helps professionals explain the decision they made, maintain what was decided, and defend it with evidence. Clear ownership and accountability ensure processes hold over time. With the right operational structure in place, privacy pros can move privacy programs forward even when resources are tight.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Teresa Troester-Falk, Founder of BlueSky Privacy and BlueSky PrivacyStack, about building effective privacy programs with limited resources. Teresa explains how a simple decision-making framework can help new and seasoned privacy professionals work through ambiguity. She also shares strategies for prioritizing privacy work when budgets are tight and expectations are high, and explains why establishing ownership and operational processes are essential for sustaining long-term privacy success.

Monique Priestley is a Vermont State Representative focused on data privacy, AI, right to repair, and the future of work. Monique serves on the House Commerce & Economic Development Committee, Joint IT Oversight Committee, and multiple national tech policy task forces. She was named a 2024 EPIC Champion of Freedom.

State privacy laws are evolving faster than ever, yet the dynamics shaping them often remain out of view for most organizations. Technology shifts quickly, and the issues raised in proposed privacy and AI bills require far more research and preparation than the calendar allows. That's why lawmakers work year-round to understand these complex technologies and collaborate with their peers in other states to refine definitions and bill provisions, ensuring that appropriate privacy protections are in place.

Many states entered 2025 with strong privacy bills on the table, yet progress slowed as industry counterproposals and competing drafts drew support away from stronger models, making it harder for legislators to keep consumer privacy protections intact. Vermont State Representative Monique Priestley has seen this firsthand and brings a unique lens to this dynamic, drawing on her discussions with the public and her collaborative work with lawmakers across the country. As public concerns about privacy and AI grow and privacy laws evolve, companies will need to be proactive about the steps they take to protect people's data and be clear about how those protections work.

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Monique Priestley, Vermont State Representative, about the realities that shape state-level privacy and AI legislation. Monique discusses the behind-the-scenes work required to educate lawmakers and build strong, technology-informed privacy and AI bills, and what might change in the year ahead. She also shares insights into the public's rising concerns about how their data is used, highlighting the steps companies can take to build trust.