Greetings from Portsmouth, New Hampshire!
Freshly back to New England from a fantastic P.S.R. conference in Las Vegas this week — admittedly, a bit groggy as I write these words — I'm struck by all the great conversations I had with so many of you throughout the event. It was great to see faces both new and familiar and hear about what's front and center in your day-to-day work. And though the California Consumer Privacy Act isn't the only thing on many of your radars, it certainly is driving much of the conversation right now.
Of course, the big news of the week was the move by Alastair Mactaggart and Californians for Consumer Privacy to place a stronger privacy law on the state's ballot in November 2020. Fortunately, Mactaggart was on hand at P.S.R. to discuss the new initiative, called the California Privacy Rights and Enforcement Act. You can read the draft proposal here.
Boiled down, the CPREA would establish new consumer rights around the use and sale of sensitive personal information, including health, financial, racial and ethnic, as well as precise geolocation information. It would also triple CCPA fines for improper use of children's data, require transparency around automatic decision making and profiling, amend election disclosure laws, and significantly, establish a new enforcement authority in the state. Collectively, the CPREA would, according to Mactaggart, "enshrine these rights by requiring that future amendments be in furtherance of the law, even though I am only setting the threshold to amend at a simple majority of the legislature. While amendments will be necessary given how technically complex and fast-moving this area is, this approach respects the role of the legislature while still providing substantial protections for Californians from attempts to weaken the law and their new human rights."
As if complying with the CCPA wasn't already difficult enough!
During a keynote panel with Mactaggart, Stacey Schesser, of the California attorney general's office, responded to this latest development. She noted that the agency found out about the initiative at the same time as the public, but said the attorney general is "laser focused" on the current CCPA and confirmed the office will soon publish the highly anticipated draft regulations in October. For more on the keynote panel, check out our coverage here.
You can also be assured we'll be rolling out more content and analysis of the CCPA and CPREA in the coming weeks and months.
Of course, it wasn't all CCPA at P.S.R. A team of our writers was there to report on several sessions, covering topics such as data subject access requests, tips for privacy pros when presenting to their board of directors, defining vendor relationships, advice from several bank chief privacy officers and tips for building a strong privacy program in a dynamic regulatory ecosystem. We were also happy to announce that SAP is the winner of the 2019 HPE-IAPP Privacy Innovation Award "for its creation and development of Data Custodian, a multi-cloud software-as-a-service application that provides customers with data protection, transparency and regulatory compliance aid, among other data management functions, within a public cloud." Congrats, SAP!
P.S.R. also featured a bustling exhibit floor. In this LinkedIn Live post, IAPP Editor Angelique Carson took viewers around the hall for a taste of what’s most important to attendees and the kinds of solutions they’re seeking. She also chatted with Frankfurt Kurnit Klein & Selz's Tanya Forsheit to get industry perspective on the latest CCPA amendments and compliance challenges, as well as her thoughts on the new CPREA. Oh, and she covered the keynote speech of former FCC Commissioner Tom Wheeler, who pointed to privacy pros for their role in helping to protect democracy.
The pubs team also got together to recap the event Wednesday afternoon. Though we'll have a more polished video next week, here's the more impromptu, LinkedIn Live version.
Finally, in case you missed it, we released the 2019 IAPP-EY Privacy Governance Report. There's lots of insightful data in there about the profession, so be sure to check it out! And last, but not least, we published a follow-up survey, together with OneTrust, to see where organizations currently stand with their CCPA-readiness initiatives. Notably, only 2% of respondents said they are fully compliant with the law, which, to be honest, seems a bit high, doesn't it?
OK, I'm about ready for a nap. Clearly, we've got a busy fall season ahead of us.
If you want to comment on this post, you need to login.