From Gatekeeper To Architect: How General Counsel Are Shaping Innovation in the AI Era

Intro: 00:01

Welcome to the She Said Privacy/He Said Security podcast. Like any good marriage, we will debate, evaluate and sometimes quarrel about how privacy and security impact business in the 21st century.

Jodi Daniels: 00:21

Hi Jodi Daniels here. I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified information privacy professional providing practical privacy advice to overwhelmed companies.

Justin Daniels: 00:35

Hi, I am Justin Daniels. I am a shareholder and corporate M&A and tech transaction lawyer at the law firm Baker Donelson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cybersecurity risk, and when needed, I lead the legal Cyber Data Breach Response Brigade.

Jodi Daniels: 01:01

In this episode is brought to you by really, really bunny ears behind me. Red Clover Advisors we help companies to comply with data privacy laws and establish customer trust so that they can grow and nurture integrity. We work with companies in a variety of fields, including technology, e-commerce, professional services, and digital media. In short, we use data privacy to transform the way companies do business together. We’re creating a future where there’s greater trust between companies and consumers. To learn more and to check out our best selling book, Data Reimagined: Building Trust One Byte at a Time, visit Redcloveradvisors.com.

And I have a case of the giggles that was very hard to get through. I don’t know why you have done.

Justin Daniels: 01:06

Why not? It’s spring.

Jodi Daniels: 01:45

Because you’re the one who keeps trying to make me laugh. And so then. Then I have a case of giggles. See?

Justin Daniels: 01:56

Okay. well, who doesn’t Like laughing?

Jodi Daniels: 01:59

Laughing is great. Giggles is something else. When I’m supposed to be serious and introduce our super awesome pun intended new. Our guest for for this episode because we have Smrithi Mohan, who is general counsel at Awesome, the parent company of SmugMug and Flickr, where she oversees all legal IP, privacy and compliance matters for two of the world’s most recognized photo sharing platforms. She previously spent a decade at Dun and Bradstreet, where she built the company’s first global IP and innovation practice and elected Board of Education member and recognized top woman leader.

She speaks and writes on legal operations, IP strategy, leadership and building legal functions from the ground up. So welcome to the show.

Smrithi Mohan: 02:50

Thank you so much, Jodi. First of all, thank you both for inviting me as a guest. I’ve I’ve really I’ve watched so many of your episodes and I really enjoy the content. So it’s really an honor to be a guest.

Jodi Daniels: 03:03

Well, we’re so glad you’re here. And when I was reading Dun and Bradstreet, it reminded me of one of the arms they had a long time ago called Dun and Bradstreet Software. And that was my very first, I’m going to call it sort of real job I had in, in I, I worked there part time in college in the accounting function.

Smrithi Mohan: 03:22

Really.

Jodi Daniels: 03:22

Interviewed with Dun and Bradstreet software. But then by the time I started, they had a spin out and I was at the new spin out and the father office location. But anytime I see Bradstreet, it always reminds me.

Smrithi Mohan: 03:37

Wow.

Jodi Daniels: 03:39

I remember everything like my desk and what I did. Really old computer. All right. We I digress. We’re supposed to be talking about privacy giggles oh your turn.

Justin Daniels: 03:53

Why don’t we start and have you tell us a little bit about your career journey?

Smrithi Mohan: 03:58

Yeah. I love telling the story of my career journey because I don’t think it follows a straight line. I, I very often say that the thread that sort of runs through everything in my career is that I’m a builder. I started in a very traditional law firm path and worked at a couple of firms and very quickly realized that that is not for me. I really wanted to be in-house.

And so my first in-house role was at a cybersecurity company as their first and only legal counsel. There was no legal function when I got there. The VP of operations, who was a lawyer by training, was kind of reviewing contracts, but no real templates, no processes, no frameworks. So I built a lot of that from scratch. And then from there, I spent a decade at Dun and Bradstreet, which is where I feel like my career really scaled.

I kind of started at the bottom of the totem pole in the legal department, and as I proved myself and kept taking on more responsibility. Eventually I took on a role that nobody had had before, and that was the head of the Global Innovation and Intellectual Property Strategy and Practice. And DAB had been around for over 180 years and had never had a dedicated IP and innovation practice as part of their legal department. And so I got to build that from scratch. And then along the way, I also took on a promotion where I continued heading innovation and IP.

But then I was also head of legal and compliance for Dun and Bradstreet India, where I was overseeing all of the legal and compliance across our entire India entity, handled corporate board matters as their company secretary. So there was a lot of building there, a lot of new processes. I started there, and now I am general counsel at Awesome, which is the parent company for SmugMug and Flickr. And if you’re a photographer or you’ve researched photo sharing platforms at any point, you most likely know those names. SmugMug was launched back in 2002, and Flickr, which SmugMug bought from yahoo in 2018, holds one of the most significant collections of digital photography.

And I love it here I same thing I walked in, started building the company’s first privacy and data protection programs, their first IP and innovation program, first AI governance framework, a lot of it. So yeah, that’s my career in a nutshell.

Jodi Daniels: 06:17

One of my very good friends is a photographer and posts a lot of his pictures on Flickr. So oh.

Smrithi Mohan: 06:23

That’s amazing.

Jodi Daniels: 06:25

Long time user for sure. And I love the concept of building. I, I might borrow that because I feel like I’ve actually done very, very similar.

Smrithi Mohan: 06:34

I love that.

Jodi Daniels: 06:35

Within, within companies now general councils are increasingly expected to be business drivers, not just legal gatekeepers. How do you see that role evolving?

Smrithi Mohan: 06:50

Yeah, I, I really like This question because I think the framing itself tells you where the profession is headed. The fact that we’re even asking whether GCS should be business drivers means we’ve kind of accepted the fact that, you know, the old model of legal gatekeeping is over. Here’s my experience based on three very different companies that I’ve worked at, right at my first in-house role at the cybersecurity startup, I feel like I wasn’t just legal counsel. Yes, I was starting up the legal processes and building the legal function, but I was also doing things like helping open new markets. I drafted the agreements that let us enter Central America and Latin America.

So that to me is not legal gatekeeping. That’s revenue generation. And at D and B, Dun and Bradstreet, which you know, is that 180 year old plus, you know, data and analytics company, I worked directly with so many people across the business, the chief data scientists, the C-suite on commercial strategy and IP strategy and business strategy, product development here at Awesome, where I’m overseeing, you know, the legal review for SmugMug and Flickr. Same thing. I’m sitting in product meetings.

I’m sitting in trust and safety discussions, engineering reviews. So I, I’m doing that not because someone’s inviting me, but because the legal questions and the business questions, I feel like oftentimes are the same questions. And you know, when you’re the general counsel for platforms that hold billions of photographs and serve photographers all over the world, every product decision has legal dimensions and vice versa. Every legal decision has product implications. So you’re looking at content moderation and creator rights and data protection, AI policy licensing, all of it.

These aren’t legal topics that happen to affect the business, right? These are very, quite frankly, what are making the business. And so I think the evolution I see is that the GC is becoming less of an advisor who reviews what other people built and provides feedback or risk assessment, and more of an architect who is helping shape what gets built. I will very honestly say that my my best days aren’t the ones where I caught a problem or I was reactive and I was fixing a problem. My best days are definitely the ones where I helped design something that never had a problem to begin with, where I was partnering with my counterparts in marketing or product or engineering or sales, and we’re creating something new and cool together.

And honestly, not to be blunt, but I think the geeks who are still kind of waiting to be asked for input are going to find themselves increasingly irrelevant. I don’t think the business is going to slow down for you. You have to be in the room where the decisions are being made.

Jodi Daniels: 10:05

I love that concept of the architect.

Smrithi Mohan: 10:09

Yeah.

Jodi Daniels: 10:10

That makes that makes so much sense.

Smrithi Mohan: 10:12

Yeah. Builder. Architect. You know, all of these. Yeah.

Jodi Daniels: 10:15

That’s true. Let’s all go together. You need both.

Justin Daniels: 10:19

So how can legal teams better align their priorities with broader business goals, especially around AI and product development?

Smrithi Mohan: 10:29

I, I think this is actually a really good transition from what I was just saying, because like I was saying, the mistake that I see legal teams make in full transparency, I’ve made it early in my career to is, is what I was just talking about, you know, waiting to be asked. You sit back and wait for product or engineering to come to you with a finished spec and ask, you know, is this okay? But I think the problem is by that point, you’re playing defense and you’re trying to justify whatever they’ve brought to you to fit within a legal framework, whether or not the shoe really fits. And it becomes more about justification than being there from the beginning and building it openly with legal frameworks in mind as you’re building it. So you’ve now become the person who slows things down.

And I think that’s what starts this slow shift, where the business kind of starts to route around you and find ways to avoid you and exclude you. So what I try to do is I work on embedding the legal thinking into the product development cycle from the very beginning. Relationship building is very, very important to me. It’s core. Regardless of where I work.

So I want strong and open and trusting relationships with all of my business partners across all functions. Otherwise, I feel like you’re not going to be able to maximize effectiveness and efficiency and build the best thing possible together. So when our teams are exploring new AI features for Flickr or SmugMug, whether that’s photo organization or content recommendations, or maybe they’re working on a new app, you know, refresh as a whole, whatever it is, I’m trying to be in those conversations early not to say no, which I know can be a common perception of legal, but I’m there to sort of educate and help them understand the legal framework that’s relevant for whatever we’re trying to implement and in the jurisdictions where we’re trying to implement it. Because let’s be honest, the regulatory, you know, requirements all over the world are just vast and, and a lot. So taking all of that into consideration and, and I’m there to ask questions that make the product better and more defensible.

So, you know, what, what data are we using? Where did it come from? What did our users agree to when they uploaded their photos? And what’s our position? If a third party wants to use our users content for AI training?

And I think that last one is a very living issue for us. Flickr hosts one of the most significant collections of digital photography, and AI companies are extremely interested in that content. And our position is basically, we’re here to protect photographers and their work, not to feed it into someone else’s model. So that’s a business decision and a legal decision that works in lockstep. We’ve basically built contractual protections into our licensing agreements, and we’ve been very deliberate about our terms of service.

And we’ve taken that position that the photographs that sit on our platform are not to be used by any other company to train their AI. And these are photography communities built by real photographers creating real work. And so for us, protecting that integrity is both a legal obligation and a brand promise. So that’s what I think alignment looks like in practice. It’s not legal telling product that they can and cannot do something.

It’s about that mutual understanding that there may be more than one direction that we can take technically and legal product, the business at large, agreeing on what the company stands for, and then building the legal architecture to back that up. And I think when you do that well, the business stops seeing legal as a bottleneck and starts seeing you as the person who’s making the company values enforceable.

Justin Daniels: 14:43

Well, based on that example that you gave when you said that general counsels who wait to be asked are irrelevant, maybe based on what you’re saying, they’re not irrelevant. It’s really malpractice. And what I mean by that is, in your example, just listening to you, my head is thinking, wow, if an LLM gets Ahold of that, you talk, you put facial recognition on top of that, there’s all kinds of things that could be done with those photos. So if you’re not in the room while design decisions are getting made and maybe certain compromises might get made, you see the Instagram trial and things like that. Now a record is being created that if something were to happen later.

Now, those are exhibits in a deposition for a trial that maybe that all could have been avoided had the general counsel where you were obviously in the room to be. Hey, guys, we’ve got to understand what are the broader legal implications, because I’d love to hear your view on the fact that when I talk to builders, people who don’t necessarily have legal training, they’re so focused on the features of the product and how this helps. They kind of don’t think about what are some of the broader legal ramifications and how they might be stepping on a landmine without realizing unless, again, you are in the room to be part of that development team?

Smrithi Mohan: 16:08

I’m 100% agree with you. I think the risk when legal isn’t in the room in those early stage decisions, the business makes compromises that it doesn’t fully understand. And, you know, an engineer might agree to a third party API’s terms that grants broad rights over your data. A product manager might ship a feature that collects user information without proper consent flows. There are just so many different things that can happen.

And and these aren’t hypothetical. They happen every day at companies where legal is, you know, downstream and, and by the time legal finds out the commitment has been made, the feature has been shipped or the partnership has been announced, whatever it is. Right. And unwinding those decisions is very expensive. It damages relationships and sometimes isn’t possible at all.

And so when a GC is sitting back and waiting to be consulted, a lot of times people don’t even know that they’re supposed to go to legal, right? You know, like it’s not something that you can sit back and wait and they’re just missing these opportunities to add value. And, and they’re allowing the business to accumulate that legal exposure that could definitely have been prevented with a five minute conversation at the right moment earlier on. And yeah, that’s that’s definitely I agree it can be considered malpractice. And you’re it’s not that you’re giving bad advice.

You just weren’t giving advice at all. So yeah.

Justin Daniels: 17:36

I’m thinking that maybe the three of us should start doing the him from Hamilton, the room where it.

Jodi Daniels: 17:42

That’s exactly what I thought.

Smrithi Mohan: 17:44

I like it, I like it.

Jodi Daniels: 17:46

But maybe we should bring our daughter. Who who can actually sing?

Smrithi Mohan: 17:49

Yes.

Justin Daniels: 17:51

You can sing, I,

Jodi Daniels: 17:52

Okay, well, that’s very kind of you. So I’m curious for someone listening here, maybe they are newer to their role, and their organization is the kind that doesn’t want to go to legal first. What would you suggest to someone listening who likes this? They want to build those relationships. They don’t have them.

Where might they start?

Smrithi Mohan: 18:17

Think. So where would they start in terms of just.

Jodi Daniels: 18:24

Like being able. To, to if, if, if our point is legal, you, you need to be part of it. And there are some organizations, they’re not invited because previously they had bad advice. They, they redlined too much. The culture wasn’t here. And there’s a lot of people that want to do the right thing.

Yeah. They don’t know quite how to make it over or they’re they’ve tried and whatever they tried didn’t quite work. What might you suggest?

Smrithi Mohan: 18:50

Well, this goes Back to what I was saying before about building relationships. That to me, like I was saying, is the core. So when I started a company or when I’m meeting people across the business, my first and foremost priority is to build the relationship with them. I don’t want to necessarily just dive into whatever the legal work is or whatever project we’re working on. I want to actually like get to know them and, and make them feel comfortable with who I am and what I’m going to offer them.

And I think once you get that relationship setting, it makes all of the work going forward a lot easier because, yeah, sure, everyone’s not perfect and there might be some things that maybe you’re looking at more from a very heavy legal perspective, and you redline something a little bit more. Whatever it is. But but at the end of the day, the people who you have that relationship with aren’t going to use that as like this black mark against you and say, oh my gosh, I’m never going to go to this person again because gosh, I just want to avoid that. They’re going to be a little more understanding about where you might have been coming from, and then picked up the phone and be like, hey, maybe, maybe it’s a good idea for me to explain some context to you. Let me explain where I’m coming from.

Maybe we can come to a compromise. You know, are these things really necessary? Where were you coming from on this? That is where I think the difference is between not building those relationships from the ground up early on versus, you know, taking the time to build those relationships. Ask about their kid, ask about, you know, the game that they went to on Saturday, whatever it is, right?

Like make them feel comfortable with you. And then I feel like the rest of that kind of falls in place that’s worked for me. It’s and I’ve seen the difference between not doing it and doing it.

Jodi Daniels: 20:38

Helpful information. Thank you so much for sharing what has worked for you.

Smrithi Mohan: 20:42

Thank you.

Justin Daniels: 20:43

So when you and I were talking a little bit earlier and we were talking about, you know, what happens if they come in and say, hey, we have all these photos. We could use facial recognition and AI when it comes to AI product development. Maybe that’s just that’s one example. When people come to you or from your perspective, what are the core legal questions that G. C should be asking early on before this AI idea runs wild and becomes irreversible?

Smrithi Mohan: 21:14

I, I really like this question because I think what a lot of people do is jump straight to what regulations apply. And in my opinion, that’s the wrong starting point. I think regulations are important, but they follow the more fundamental questions. The the first question that I would ask is, you know, what data are we training on? Do we have the right to use it in that way?

That, to me, is the sort of threshold question. I think everything else flows from it. At my current company. This is incredibly concrete for us because like I was saying, Flickr hosts billions of photographs and our users uploaded uploaded those images with very, you know, specific expectations about how those photographs would be used. And so before we do anything with AI, we need to understand the license chain and what our terms of service permit and whether our users have meaningful choice.

And then I think the second question would be who owns the outputs? I think traditional SaaS contracts are completely silent on this because the software doesn’t create content. AI does, and you need to decide both contractually and as a matter of product design, whether the user owns what the AI generates, whether the company retains any rights, what happens to outputs that look substantially similar to someone else’s copyrighted work? So you have to push for clear customer ownership of outputs with, you know, narrow exceptions for security, safety monitoring. And then I would ask, you know, what’s the liability framework if the AI produces something inaccurate or biased or infringing, which is very likely it hallucinates, right?

Who bears that risk. How do you cap it? How do you insure against it? And I think this is where your indemnification and limitation of liability provisions and vendor agreements really matter. And, and I feel like, you know, as I’ve as I’ve negotiated some of these, a lot of companies haven’t necessarily updated them for AI.

So, so that’s important to consider as well. And then I think it’s also sort of important to understand what’s your position when you’re the customer, when you buy AI tools from vendors, are you negotiating on your company’s behalf the same way you’d want your customers protected, exclusive commercial rights to your outputs, restrictions on the vendor, reusing anything generated for you, clear data handling and segregation obligations. You have to think about AI from both sides of the table and building your AI governance framework before you actually need it. I co-built along with our IT department Awesome’s first AI governance framework, not because any specific regulation required it, but because I could see, you know, that there was a potential regulatory wave coming. And whatever it is we’re using AI, we need some kind of parameters in place.

And I think it’s much easier to build that structure proactively than to retroactively or reactively incorporate it after you’ve already shipped your product or created your tools or have you’ve incorporated AI into whatever you do.

Justin Daniels: 24:50

So I want to ask an interesting follow up question to what you just said, because you talk about what happens when vendors are doing this. But let’s pinpoint a particular situation. And it’s one thing if you’re going to on, you know, do a deal with a new vendor who may have AI features. But what happens when you have a vendor who your contract goes back to 2000 2018, and now they’re rolling out new AI features. What’s the process for making sure that this doesn’t happen without you being aware of it?

And you’re able to say, hey, wait a second. You know, this new feature predates our, our contract with this vendor addressing any of this. We need to we need to think this through.

Smrithi Mohan: 25:32

I think, sitting down with them and, and kind of getting practical, like when you’re negotiating, like you said, when you’re negotiating with a brand new vendor, you can build those AI provisions into the contract from day one. But I think, you know, a 2018 contract almost certainly says nothing about AI, and it doesn’t address who owns AI generated outputs, doesn’t address where your data is going to be used to train models, doesn’t address any of that. So I think first you need to do an audit. I would pull my. You know, hopefully you have a, I don’t know, a database of your contracts, pull your vendor contracts from certain time periods where and see where the vendors have introduced or announced AI features and flagged those gaps and, and figure out, you know, what do the existing data rights actually permit?

Is the language broad enough that the vendor could argue that they already have the right train training? You know, the right that they have the right to train your models on the data. Indemnification, you know, does it extend to AI related claims? And then engage the vendor. You have to go to the vendor and say, look, we need an AI addendum.

Most likely you can create a template and be able to sort of negotiate with them based on that template. You’re not trying to renegotiate the whole deal. You’re just supplementing it to address a capability that didn’t exist. And so, you know, hopefully, you know, the addendum should cover data use restrictions specific to AI training, ownership of any AI generated outputs. Obviously, like I said, indemnification and, you know, the right to opt out of AI functionality if you’re not comfortable with it.

And then review the updated terms of service from the vendor. I think a lot of vendors are currently introducing AI terms through their terms of service updates, rather than negotiating new amendments. And so if the contract has a clause that says that the vendor can modify its terms without or sorry, with notice, you may already be bound by AI related provisions that you never agreed to. And so that’s something that I would definitely go and take a look at. And, and so those were I think I think that’s sort of the flow that I would sort of follow.

Justin Daniels: 28:11

Well, where do you see the biggest legal gray areas today around AI generated outputs and associated derivative works?

Smrithi Mohan: 28:21

I think there are a few gray areas. The first is the derivative works question. I think AI can generate an image that is clearly inspired by a specific photo. You know, a photo style, a photographer style. It was trained on that photographer’s work, but it doesn’t reproduce any single image pixel for pixel.

So is that a derivative work? Copyright law says that a derivative work has to be based upon a preexisting work, but courts haven’t really drawn a clear line for AI generated outputs that are based on patterns that are extracted from thousands of works simultaneously. So it’s not like a human artist being influenced by Ansel Adams. Right. It’s the AI literally ingesting so much data.

And so I feel like that distinction matters. And we don’t really have case law that resolves it. The second would be authorship. The Copyright Office has been fairly consistent that purely AI generated content can’t be registered for copyright protection, but most real world outputs involve some degree of human direction or selection or curation or something. And so where exactly is the line of sufficient human authorship?

If a photographer on SmugMug uses an AI tool to enhance or edit their work. At what point is the output theirs versus Ise or the machines? You know, nobody has a definitive answer for that. And and I think for a platform like ours that cares so much about creator rights, that uncertainty creates some very real challenges for how we think about content ownership and, and licensing. And I think another gray area is downstream platform liability.

If a user uploads AI generated content to Flickr or SmugMug that infringes someone else’s copyright. What’s the platform’s responsibility? So there’s a law called section 230 of the Communications Decency Act that has historically protected platforms from liability for content that their users post. And then there’s the DMCA Safe Harbor Framework, which protects platforms from copyright claims, as long as they respond to takedown notices and don’t have actual knowledge of infringement. So together, those two frameworks are basically the legal foundation that every user content platform operates on.

But section 230 just turned 30, and it’s currently under enormous pressure from all sides. So the Senate Commerce Committee actually held a hearing on it just last week. And there’s active legislation in Congress to sunset the entire provision. And so there are some people who want reform because they believe platforms have used their content moderation immunity to suppress political speech. And then there are others who want reform because they believe it shields platforms from accountability for harm to children.

And both sides are starting to ask whether section 230 was ever designed to cover a world where AI generates content at scale and. That is directly relevant to us. So any narrowing of section 230 protections. Changes the risk profile for every platform that hosts user content, including ours. And layered on top of that, the DMCA safe harbors were written for a world where humans create and upload content, and they contemplated user generated content and not AI generated content uploaded by users.

So when a person uses an AI tool to generate an image that infringes someone’s copyright and then uploads it to a platform, the questions of knowledge and control and responsibility don’t really map cleanly onto frameworks that assumed a human was doing the creating. So I think the platforms that are kind of thinking carefully right now about their terms of service and their content policies and their notice and takedown procedures in the context of both AI and potential section 230 reform are going to be in a far better position than those who are assuming that the existing frameworks will sort of hold without adaptation, because I’m pretty sure that’s not going to be the case. And I think, you know, there are just no definitive answers to a lot of these questions. I feel like there’s a lot of gray area. And the honest answer I feel like, is that these are very genuinely unsettled areas of the law.

And I think the best thing that legal teams can do is to just build frameworks that are flexible enough to sort of adapt as case law develops, because I feel like there’s going to be a lot of development and it’s going to keep going, and we’re going to have to keep kind of adapting to it.

Jodi Daniels: 33:49

So and I think what you’ve highlighted from what I heard, is a very interconnected, complex web, which really supports the need to have those legal leaders involved early on to help think through all of those various scenarios. And in a land of gray, it’s about balancing risk and risk to one company on one feature might be very different to another company for either similar or just. It’s all about balancing those risks in a land of gray.

Smrithi Mohan: 34:20

Absolutely.

Jodi Daniels: 34:24

I didn’t want to interrupt you.

Justin Daniels: 34:26

Go on to the next question.

Jodi Daniels: 34:27

Oh, okay. Thank you. Yeah, that was mine.

Justin Daniels: 34:31

All right.

Jodi Daniels: 34:31

Next question.

Justin Daniels: 34:33

Okay.

Jodi Daniels: 34:33

Snapping turtle with everything that you know, this is the privacy and security podcast. And I know we’ve we’ve expanded like everything else in the land of AI, but what would be your best privacy or security tip that you might offer? You’re gathered around a party. People know what you do. What would you.

Smrithi Mohan: 34:55

I’m going to give you one that sounds so boring, but I know so many people who still don’t do it. And I say this as someone who’s built privacy programs at two different companies, I’m constantly thinking about data protection. Compartmentalize your email. Use different email addresses for different categories of your digital life because, you know, like have one for your financial accounts, one for shopping and subscriptions, one for your professional networking, whatever it is. Because that way, when the inevitable breach happens at some retailer and it will, the email and password that gets exposed aren’t the same credentials that are near your bank or your work accounts or your personal files.

And I think, you know, it’s sort of the digital equivalent of not putting all your valuables in one room. If someone breaks into one room, they’re not going to get access to everything. And, you know, it’s it’s very easy to set up. It costs nothing. And I think, you know, I’m hoping that everyone watching this podcast already uses a password manager and two factor authentication and all that.

But email compartmentalization, I feel like is so basic. And it’s something that a lot of people miss doing. And it’s probably one of the single highest impact, lowest effort things that you can do. And I’ve dealt with so many breaches along the way. And so it’s, it’s just something that’s like very top of mind for me.

Jodi Daniels: 36:24

That we have not had that shared before, not in that way.

Smrithi Mohan: 36:28

I think like, okay.

Jodi Daniels: 36:29

Slight variation on that one.

Justin Daniels: 36:32

So when you’re not thinking about building these programs, what do you like to do for fun?

Smrithi Mohan: 36:38

So yeah, I would say that doing things for fun is probably a very generous concept with, you know, work and, and like it was mentioned early, I, I’m also an elected public official. I serve on the board of education for my district. And, and it’s a role that I take very seriously. I think, you know, you’re making decisions that directly affect children and families in the community. So it’s something that I’m really proud of.

I really enjoy doing that. But beyond that, I think, you know, what grounds me is my family. I have two daughters who are absolutely amazing. I love them to death. I have a Bijan poodle and the three of them together basically run the household.

And I, I love spending time with my kids, I love cooking, I love traveling, we love doing outdoor activities together. Just being present with my family is really what sort of recharges me. I also love to write, I, I write poetry, I write short stories. It’s something that I have done ever since I was a kid and I just I love creative writing. And so that’s something that I really enjoy doing in my free time drawing and painting.

I’m a very creative person. So it was very, you know, just this job, you know, in photography, it just it was very well aligned for me. I love creativity and so it’s just fun for me. And along with that, I’m also into music. I play a South Indian instrument called the Veena.

And I’ve been learning that since I was, I don’t know, 7 or 8 years old. I perform, I teach, and I really enjoy it. I also am a volunteer at I speak a South Indian language called Tamure. And so I’m a volunteer at a Tamure school here in new Jersey, where I help children learn the language and stay connected to South Indian culture. I am a first generation American, so preserving that cultural heritage is very deeply important to me. So yeah.

Jodi Daniels: 38:36

So very special. And clearly there’s no sleeping in your house.

Smrithi Mohan: 38:41

Sleep is definitely an afterthought.

Jodi Daniels: 38:45

Well, we’re so excited you joined us today. If people would like to connect with you, where is the best place for them to do that?

Smrithi Mohan: 38:52

I am on LinkedIn. You can look me up. I’m very active on LinkedIn. Smrithi Mohan. Definitely look me up.

You know, send me a message. I will write back. I enjoy connecting with people. So yeah, LinkedIn is probably the best way.

Jodi Daniels: 39:06

Awesome. Oh I did, I actually did not mean to do that, but that was so much fun. Well, we are again, so happy that you were here. Thank you very much.

Smrithi Mohan: 39:14

Thank you so much. It was such a pleasure.

Jodi Daniels: 39:17

Will you Stop laughing. At me?

Justin Daniels: 39:19

It’s constant entertainment with you.

Outro: 39:26

Thanks for listening to the She Said Privacy/He Said Security podcast. If you haven’t already, be sure to click subscribe to get future episodes and check us out on LinkedIn. See you next time.