The digital media and ad ecosystem doesn’t work if marketers don’t understand who they’re selling to and what the customer might need next. That’s the power of data.
But it also doesn’t work if marketers violate an ever-expanding set of state-by-state data privacy regulations.
Solving the tension between these ideas is a significant question, and technology is part of the solution.
“Compliance,” says Richy Glassberg, the co-founder and CEO of SafeGuard Privacy, “is one of the most complicated things that a marketer has to worry about,” and he points out that “these laws don’t care what kind of digital advertising you do. They ask one question: ‘do you have data on a consumer, and what are you doing with it?’” And who, these days, with a company website, a product to sell, or a brand to promote, doesn’t rely on consumer data?
That’s why Glassberg set out to build a cloud-based platform that provides standardized data privacy assessments. “We wanted to help companies manage compliance more quickly and easily given the constantly evolving consumer data protection laws,” he said on a recent podcast episode of “Insider Interviews.” The platform reflects the input of scores of human attorneys, as well as AI, to help brands and publishers navigate what could otherwise be a compliance nightmare.
A Cloud-Based Answer to Compliance Chaos
With rules and regulations varying across 19 or 20 states, and counting, SafeGuard Privacy has rolled out what is described as groundbreaking US Multi-State Comprehensive Assessment, as well as two new legal AI products: Privacy Assist™ AI and Privacy Assist™ RFI to improve the speed and accuracy of vendor diligence and assessment sharing.
The tools allow companies from ad-tech to healthcare to complete privacy RFIs and onboard vendors more quickly. Their respective attorneys then have more manageable, pre-vetted, and standardized assessments to review and approve,versus starting from scratch. And quickly is an operative word: the global chief privacy officer at one of the largest ad-tech companies in the world beta-tested the Privacy Assist™ system and reported to Glassberg that they went from needing two to three days to answer all regulatory questions to about 80 minutes.
Additionally, SafeGuard Privacy has released a new CCPA Regulations Risk Assessment template. This is a timely addition, given that, as of January 1, 2026, the California Consumer Privacy Act (CCPA) can require businesses to produce their Risk Assessment Reports (RAs) upon request. These risk assessments must be completed for any data processing, including the sale or sharing of data, as well as for any sensitive data use. They are similar to Data Privacy Impact Assessments (DPIA), typically internal documents created to assess data usage, but use specific wording and must be signed by an executive with knowledge of the data processing. This report includes a penalty for perjury that a company’s senior executive must attest to. Hence the need for speed…and accuracy.
From First Pixel to Privacy Pioneer
Glassberg has decades of experience adapting and improving the advertising ecosystem. He was on the founding team and helped launch CNN.com. He was also one of the co-founders of the IAB, the industry’s trade association for digital advertising, and served as its first Vice-Chairman during its formative years. During that era he famously agreed to carry the first tracking pixel for a major ad campaign. He acknowledges, on the episode, that he is now perhaps having to help tame the beast he helped birth!
He went on to build or manage many other parts of the digital ecosystem throughout his decorated career, leading innovation in digital, mobile, and the broader integrated data space. It was the passage of GDPR that struck Glassberg as an existential crisis for the entire digital and marketing industry, which drove him to found SafeGuard Privacy to help solve this issue.
Standardization as Strategy
Glassberg knows firsthand that having industry standards can even the playing field. Standardization helped save – and even grow – the digital advertising industry in the early years. He recalls how agencies, publishers, and brands came together in an IAB consortium he spearheaded to form an agreement on digital ad sizes and best practices. He believes it’s the key to managing compliance complexity now and can again help drive scale. “Data privacy doesn’t have to slow growth. If you standardize it, make it auditable, and prove it once, it becomes a competitive advantage. Standards have always equaled scale.” The IAB agrees and has made SafeGuard Privacy the spine of its IAB Diligence Platform, servingas an industry “single source of truth” for vendor privacy reused across deals, rather than bespoke questionnaires per partner.
This Isn’t Just Legal’s Problem.
Certainly, “if you’re a CMO,” Glassberg points out soberly, “you don’t want to risk a California regulator saying that you violated the privacy of consumers.” But, it’s not just the marketers that might face the music. As Glassberg also points out, data privacy laws aren’t just legal issues, but structural ones. “If you work in marketing, advertising, media, or tech, these laws apply to you whether you realize it or not. This takes lawyers. This takes data people. This takes product people. This literally touches almost every part of your organization,” he cautions. That is why the SafeGuard Privacy Platform is built as a continuity and collaboration platform.
But it doesn’t stop there. Enforcement is picking up, and brands are now responsible not only for themselves but for ensuring the daisy chain of their entire partner ecosystem is compliant. Or as Glassberg quips, borrowing from a biblical reference, “you ARE your vendors’ keeper.”
In a sense, Glassberg has been focused on protecting both people and their data. As a co-founder of the Breastcancer.org board, which supports over 23 million unique women each year with peer-reviewed medical information, he helped build the site from scratch that democratizes healthcare knowledge. “The internet should democratically distribute information,” he says, whether that’s empowering breast cancer patients with reliable answers or helping marketers navigate compliance efficiently. Even his “@PrivacyBuddha” social media handle reflects this protective instinct, with a nod to his 30 years of martial arts training and 5th degree black belt in Shorin-Ryu karate, where discipline and vigilance are paramount.
Now, with SafeGuard Privacy, he’s applying the same discipline to consumer data protection.
AI Automation That Keeps Lawyers in the Loop
That’s where AI has been a major asset, but where SafeGuard Privacy keeps the human touch in play. While their Privacy Assist™ AI can pre-populate assessments with suggested answers and evidence based on a company’s documentation, it doesn’t replace a law firm. It does, however, reduce legal research burdens and billable hours. By easing the burden on legal teams and providing a robust, standardized framework, companies can focus on growth and innovation, with confidence that their compliance practices are up to scratch.
That should ease the minds of many CEOs and CFOs, especially in light of recent enforcement actions that have targeted both big names and smaller entities, levying fines and launching investigations. Glassberg was able to list half a dozen Fortune 1000 companies fined or facing regulatory review.
But it’s not just the growing scrutiny from regulators. Equally alarming is the rise of lawsuits by plaintiff firms that use current laws to question businesses about their privacy practices.
It’s Your Move
So, with a new year, companies large and small should adopt forward-thinking strategies to stay compliant and competitive. SafeGuard Privacy itself is rolling out a Privacy Assist Vendor tool this year, designed to process vendor assessments, and continuously updates its free compliance “playbook” to help educate and inform. “We are your privacy ninjas,” Glassberg quips, underscoring their commitment to staying ahead of legislative changes.
As the alphabet soup of privacy regulations continues to multiply, from CCPA to CPRA, and whatever comes next, per Glassberg, the way forward is clear: integrate standardization, leverage cutting-edge AI tools, and stay transparent. In an industry built on data, privacy compliance isn’t optional anymore. It’s “AAI”: All About the Infrastructure.
E.B. Moss is an award-winning marketer, journalist, and content consultant for leading media organizations, entertainment brands, and technology companies. She frequently reports on the media industry for trade publications, produces executive profiles and branded podcasts, and hosts the award-winning B2B show, “Insider Interviews: With Media & Marketing Pros.”
Photo by Jason Dent on Unsplash
