![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
A quick glance at the world 10 years ago reveals a landscape drastically different from that of today. Not only was 2001 a year that saw the seismic events of 9/11, it was a time preceding social networking sites, smartphones and electronic health records—and with that, a time preceding issues like
, online behavioral advertising and facial recognition technology.
In the world of privacy, 2001 stands as a landmark year for the state of California. Out of growing concern that consumer privacy was becoming jeopardized by increased data collection throughout the public and private sectors, the California Legislature established the first state agency in the U.S. for the explicit purpose of protecting consumer privacy.
Enacted in 2000 and authored by Sen. Steve Peace, SB 129 created the California Office of Privacy Protection (OPP) with the intention of “protecting the privacy of individuals’ personal information in a manner consistent with the California Constitution by identifying consumer problems in the privacy area and facilitating (the) development of fair information practices.”
“At the time of the creation of the OPP, the Internet was just becoming effectively commercialized,” says Dana Mitchell. Originally a member of Peace’s staff, Mitchell is now the chief consultant on California’s Assembly Committee on Arts, Entertainment, Sports, Tourism & Internet Media.
“As we regulated the private sector’s use of personal identifying information,” says Mitchell, “we also realized that the state of California needed to take a leadership role in the information/data collection arena. The state had undisclosed cookies on its websites, sold business licensee information to outside vendors and was considering implementing a biometric identifier as part of our Department of Motor Vehicles Driver’s License and California identification cards.”
Mitchell says the original intent of SB 129 was to place a limitation on the state’s use of personal information, but once it went into conference
, it became “a vehicle” to create the OPP.
“Our goal in creating the OPP was to create permanent change through institutionalizing the concept of privacy protection,” says Mitchell. “Peace felt that laws—while important—were also subject to interpretation, revision and repeal. Creating a new bureaucracy dedicated to protecting privacy would have the dual benefit of being responsive to evolving privacy issues through its relative—to legislation—permanency.”
When asked how consumer and industry approaches to privacy have changed over the past 10 years, OPP Chief Joanne McNabb, CIPP, CIPP/G, CIPP/IT, sees a growing awareness by both entities.
“Businesses pay more attention to how they manage personal information than they did a decade ago—largely, I suspect, as the result of the data breach notification laws that have swept the nation.” She notes that though some businesses “appreciate privacy concerns,” the real catalyst for improving data management has been “fear of a costly breach…”
“I think that consumers are becoming more aware of the pervasiveness of data collection, and both more unhappy about it and more resigned to it,” says McNabb. “The ability of individuals to control their personal information is challenged by the lack of transparency in the online world and by the lack of adequate enforceable legal rights.”
Since its inception, the OPP has responded to protean and rapid changes in the information economy by helping lead privacy initiatives and guiding consumers in the state and across the nation.
Among its many
, the agency assists individuals with identity theft; educates consumers about privacy issues; works with local, state and federal law enforcement on identity theft investigations, and provides policy and practice regulations for the protection of individuals’ privacy.
In 2002, California became the first state to enact a data breach notification law for businesses and organizations. The OPP teamed up with representatives from financial, healthcare, retail, technology and information industries as well as state government, law enforcement and consumer advocates to draft best practice
to help businesses comply with the new law.
Since then, 46 states have enacted breach notification laws, many modeled closely on California.
The OPP also
tools, education and advice on identity theft prevention. Its website features tips and checklists for identity theft victims—including for children, patients and active military personnel.
According to McNabb, “California’s rights and remedies for identity theft victims were adopted by the federal government in amendments to the Fair Credit Reporting Act in 2003.”
After California enacted SB 1, legislation requiring financial institutions to allow consumers to opt out of certain uses of their personal information, the OPP provided an easy-to-read information sheet explaining consumers’ financial privacy
to financial institutions for filing privacy notices.
Not only has the OPP provided consumers with their financial privacy rights and businesses with their obligations, it has also done so on
such as health information privacy, cybersecurity, children’s online safety, social networking and mobile privacy.
In 2007, the OPP was
for its privacy initiatives when it won the HP-IAPP Innovation Award in the Small Organization category.
According to one of the judges, “The California privacy office is a truly innovative approach to consumer protection and business outreach…There is no other state with the same level of outreach, experience and resources aligned to this topic. A business may not always like a particular privacy-related law, but the level of guidance and support given is unmatched.”
Looking ahead, the OPP is delving into the “knotty” issue of medical identity theft. As healthcare providers move toward electronic health records, McNabb says the OPP is “working to ensure that appropriate ‘Red Flags’ are built into the standards for health information exchange that are being developed at the state and federal levels.”
With a decade of achievements under its belt, the OPP faces an uphill battle in tough economic times. “It is now facing a challenge for survival,” says Mitchell, “along with the rest of the state of California government, posed by our budget crisis.”
“As a tax-funded agency,” McNabb points out, “the office is in jeopardy of further significant budget reductions. Like most organizations today, we have fewer resources to work with, necessitating a great reliance on the online dissemination of our educational programs.”
The office has embraced social media “to share information and strategies for coping with rapidly evolving privacy issues,” says McNabb, using social media to educate consumers about the dangers and vulnerabilities of online privacy.
As the OPP celebrates 10 years of educating consumers and assisting organizations with privacy, the world of technology and the palette of corresponding privacy issues will surely grow into facets still unseen and unknown.
“In my opinion, the OPP has met and exceeded each of its goals,” says Mitchell. “Due to their track record of service to the business community, state agencies and consumers of California, we in the Legislature are committed to finding a way to keep this unit around for the next 10 years.”
