The Privacy Advisor Podcast was a little experiment my boss wanted me to pursue back in 2016. He's a podcast consumer, saw the market for podcasts growing and felt it was something in which we should invest resources. I really wasn't a podcast person, and I definitely didn't know anything about how to create one. 

A year and a half later, we've built a significant community around the podcast. We're posed to hit 90,000 downloads by year's end, with listeners from countries spanning the globe, including the United Arab Emirates, Kenya, Ethiopia. Some of us recently decided to come together in a LinkedIn Group to feel a little closer together and have the opportunity to converse about particular podcasts or provocative points a guest made.

As we close the year at the IAPP and look back on the content we've produced in our mission to help privacy professionals like yourselves do your jobs better, we've compiled a list of the top 10 podcasts of the year, ranked by total listens. Listeners were really invested in hearing about how they'll comply with the GDPR, of course. Some kind of hacker interference would surely be to blame should any list out of the IAPP omit that four-letter word. But I was glad to see a couple of the top 10 were the kind of podcasts that generated some big-picture conversations about our profession and what kind of industry we want to build in coming years. My chat with Tracy Ann Kosa about whether the privacy profession should adopt a code of ethics generated some conversation online, and that's a topic that seems worthy of our further examination. Some say a code's impossible given the myriad professionals comprising the field; others say it's such a specialized expertise — like that of a doctor, for example — that it's past due. 

I'm learning the art of podcasting is getting out of the way and letting your guest tell their tale, assuming you've done your job vetting and know a speaker can hold her or his own. But there are a couple guests I don't have to try at all with. You know, like those old friends you only see at the holidays but it's totally not awkward when you see them? One of those is Rachel Tobac, who's basically a legend now in the social engineering DEFCON scene. She's one of those people who's just so jazzed up about life that talking to her about most things seems like it would be fun. But listening to her relive her DEFCON experience proved to be something not only I enjoyed, but others did, too. She's in the top 10 twice this year, with a special slot in second place for all-time listens. 

The best performing podcast was Johnny Ryan of PageFair, discussing what the ad tech industry is up against in coming years under Europe's new privacy regime. 

I hope you enjoy listening to these as much as I enjoyed making them. 

10. The Privacy Advisor Podcast: Gilad Rosner on solving the problems IoT presents: 1,693 listens

Gilad Rosner discusses his work as the founder of the Internet of Things Privacy Forum. Before he started the forum, he worked in academic research and studied the privacy issues that plagued the U.S.'s attempt to create online identities in the name of e-government. When those efforts sank, he looked around and saw a need in the IoT space to find solutions to some of the privacy concerns related to the proliferation of IoT-connected devices. "The solutions are always a mix of regulatory, technical and business choice," Rosner said, adding that also essential is public discourse.

9. The Privacy Advisor Podcast: Tracy Ann Kosa on why the privacy profession needs a code of ethics: 1,769 listens

Tracy Ann Kosa sees a problem here. She sees the privacy profession turning into a compliance-based function, despite its early beginnings in advocacy. "I think we're losing the face of the data subject," she says in this episode of The Privacy Advisor Podcast. She sees the solution to this, at least in part, being that the profession develop a code of ethics that brings together the ideals privacy professionals want to stand for. Doing so, as well as using metrics to evaluate a privacy program's efficacy and making the process more scientific than simply conducting a PIA and calling it a day, is how the privacy profession will evolve to the next level. "These things are interconnected," she says. "The notion of measurement and where we go next."  

8. The Privacy Advisor Podcast: José Alejandro Bermudez on what's happening in Latin America: 1,841 listens

In this episode of the podcast, José Alejandro Bermudez of Nymity — and formerly the inaugural deputy superintendent for the protection of personal data in Colombia — talks to Angelique Carson about the data protection and privacy landscape in Latin America. Bermudez discusses what it was like to help create Colombia's first data protection authority, emerging laws and regulations, private companies' resistance to investing in privacy, and the fact that, as he says, the privacy profession isn't quite thriving in Latin America as it is elsewhere, but rather is still a "part-time" position in most cases. 

7. The Privacy Advisor Podcast: Rachel Tobac on winning big at DEFCON: 1,936 listens

This episode of The Privacy Advisor Podcast features Rachel Tobac. Tobac won last year’s Social Engineering Capture The Flag contest at DEFCON in Las Vegas, Nevada. She’s got this great story about it, partly because she doesn’t work in privacy or security. She’s a senior community manager at Course Hero, a crowed sourced online learning platform. But her husband was at DEFCON the year prior, and immediately knew Rachel would love the competition. Despite her complete lack of experience in the field, she was selected to make it to the actual competition live at DEFCON. Hear her describe her experience in a glass phone booth, trying to get random, unsuspecting people to give up their personal information. Winning the contest led her to the nonprofit group Women in Security and Privacy, which she now actively works within.

6. The Privacy Advisor Podcast special edition: The Equifax breach: 2,027 listens

In September, consumer credit reporting agency Equifax announced it had been hacked, and 143 million consumers' personal information had been accessed. That information included Social Security numbers, birth dates and credit card numbers. It's early days, and we're still learning the details of how the breach happened, why the public notification took so many weeks, and how far-reaching the implications will be for consumers. But The Privacy Advisor's Angelique Carson caught up with UnitedLex's Jason Straight, CIPP/US, who has been helping companies prevent or overcome breaches for the last 10 years, to discuss the Equifax breach and what privacy professionals should take away from the incident to protect their own brands. 

5. The Privacy Advisor Podcast: What's it like to be just starting out?: 2,073 listens

It seems to be the experience of many privacy pro newbies, anecdotally at least, that many employers are looking for pros who have at least a few years of experience to start, and, typically, they want them to be lawyers. But if everyone wants someone with experience, how does anyone get their start? In this episode of The Privacy Advisor Podcast, IAPP Westin Fellows Cobun Keegan, CIPP/US, CIPM, and Calli Schroeder, CIPP/C, CIPP/E, CIPP/US, CIPM, discuss what it's like to be just starting out in privacy and the strategies they've employed to get their feet in the door of this relatively nascent field.

4. The Privacy Advisor Podcast: What to do if you know you won't be ready for the GDPR: 2,251 listens

This episode of The Privacy Advisor Podcast features a return guest. Chris Zoladz, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, owns Navigate, a consultancy. His podcast is the most-listened-to episode since we started this thing, with almost 1,900 listens at the time of this writing. Besides the fact that Zoladz is a likable and smart guy, the reason for that is likely because his first podcast with us was about how to prep for the EU General Data Protection Regulation. He told us all about the ways companies were getting ahead, or, in many cases, falling behind, and where privacy professionals should get started. In this follow-up episode, Zoladz talks to host Angelique Carson, CIPP/US, on what he advises privacy professionals to do if they know they're not ready for the GDPR. Hint: It's not a bad idea to prioritize your regulator- and consumer-facing processes.

3. The Privacy Advisor Podcast: Chris Zoladz on why no one's ready for GDPR: 2,254 listens

In this episode of The Privacy Advisor Podcast, Chris Zoladz, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, of Navigate talks about what he’s seeing on the ground as he advises clients who’re aiming to comply with the GDPR as its effective date rapidly approaches. Zoladz says based on his experience, organizations are largely not going to be completely compliant by May 2018, in part due to budget cycles. He’ll explain. He also describes how to be strategic about big data and the GDPR’s new consent requirements. A big part of it is data mapping, first, but it’s also about strategic communications with analytics teams. “I really think the conversation with the analytics team has to be about them, not about privacy,” he said. Of course, the endgame is privacy, but it’s all in the approach. 

2. The Privacy Advisor Podcast: Her job was to infiltrate: 2,256 listens

Last year, Rachel Tobac went to Def Con — the well-known hacker's convention held in Las Vegas annually — to try her luck in a competition. The game? Get in a glass booth, and in front of a live audience, call unsuspecting targets and trick them into giving you details about their company; details which, if obtained by the wrong person, could be used in very nefarious ways. It's called Social Engineering Capture the Flag. While it's gaining steam as a fun competition, its aim is to create awareness about the importance of data protection; exposing the ways in which companies put themselves at risk when employees aren't properly trained on data protection. Last year, as a total newcomer to the game, Tobac won. This year, she went back to defend her title. The key to the game? Partly some good acting chops, and a whole lot of Vegas luck.

1. The Privacy Advisor Podcast: Johnny Ryan on why ad tech's in trouble: 2,382 listens

We've all heard ad nauseam the phrase "consent is king" under the GDPR and the ePrivacy Regulation. But one industry for whom that's particularly relevant is ad tech. The model under which the industry has been operating faces a significant shift, particularly given recent surveys indicating consumers are keen to opt out when given the option to under tracking preferences. In this episode of The Privacy Advisor Podcast, PageFair's Johnny Ryan discusses the industry's necessary shift. "When I read the GDPR I had a huge smile," Ryan says. "Because I realized, finally, this was a reward for playing well. If you have any respect for data rights at all, than this regulation backs you up. And if you have had a cavalier attitude … the GDPR shakes that up entirely.”