Greetings from Portsmouth, New Hampshire.
Happy International Women’s Day to all the women out there!
I am filling in this week for IAPP Editorial Director Jedidiah Bracy, who is traveling to London to prepare for the IAPP Data Protection Intensive: UK 2019, which takes place next week.
On this side of the pond, the National Institute of Standards and Technology launched a new privacy tool, the Collaboration Space, as part of its Privacy Engineering Program. The space is designed as a resource for de-identification and privacy risk management. We’ll be curious to hear whether this is something you’ll plan to interact with.
The U.S. Federal Trade Commission announced it was seeking public comments on its proposed amendments to the Privacy Rule and Safeguards Rule of the Gramm-Leach-Bliley Act. In addition to expanding the definition of “financial institution,” these amendments would “add more detailed requirements for what should be included in the comprehensive information security program mandated by the Rule,” such as requiring financial institutions to encrypt all customer data, implement access controls, and use multifactor authentication.
The RSA Conference 2019, which has been taking place in San Francisco this week, also wraps up today. The IAPP’s Angelique Carson moderated a panel featuring Julie Brill, Sarah Holland, and Nithan Sannappa that focused on the possibility of a U.S. federal-level privacy law being passed. Later in the week, IAPP CEO Trevor Hughes hosted Uber Chief Privacy Officer Ruby Zefo and LinkedIn Head of Global Privacy Kalinda Raina on the RSA keynote stage.
At the state level, the California Attorney General’s Office, which is at the beginning of its rulemaking process on the CCPA, has continued to solicit public participation through public forums, including one held March 5 at Stanford Law School. The deadline for submitting written comments is today, March 8, and can be sent to PrivacyRegulations@doj.ca.gov.
In other CCPA-related news, Berkeley Law Professor Lothar Determann penned an open letter to the California legislature, urging them to make a set of technical corrections to the law that he outlines in an effort to “rationalize and deconflict California’s myriad privacy statutes, keep California in its leadership role as one of the most advanced and innovative jurisdictions worldwide when it comes to information technologies and privacy laws, make a compelling case against broad federal preemption, allow businesses to understand and comply with applicable law, and achieve the very purpose of privacy laws — to protect the personal information of the people of California.”
As a side note: Given the importance of the CCPA, IAPP and OneTrust are conducting ongoing research into CCPA preparedness. We would appreciate your help if you could take our brief survey. It really will only take a few minutes!
Also in state-level privacy news, the Senate in the nearby state of Washington overwhelmingly passed a “European-style” bill to create a consumer data privacy law. Among other things, the new law would grant consumers rights regarding access, correction, deletion, restriction of processing, data portability, and objection to targeted advertising; mandate controllers to conduct risks assessments under certain circumstances; impose requirements on controllers using facial recognition for profiling; and prohibit the use of facial recognition technology by state and local government agencies “unless in support of law enforcement or in an emergency.”
Wrapping up key developments this week, in a post entitled “A Privacy-Focused Vision for Social Networking,” Facebook CEO Mark Zuckerberg announced publicly Wednesday plans to build a “privacy-focused social platform.” Noting that public trust in Facebook has reached record lows, The Washington Post characterized the reactions to Zuckerberg’s announcement as “swift and skeptical.” On Twitter, Max Schrems called it “a PR masterpiece,” while former FTC official Ashkan Soltani tweeted that the timing of the move “suggests a competition play to head off any potential regulatory efforts to limit data sharing access across services.” Zuckerberg, however, described the move as one in which “We’re building a foundation for social communication aligned with the direction people increasingly care about: messaging each other privately.”
If you want to comment on this post, you need to login.