Greetings from Portsmouth, New Hampshire.
This week was marked by some good news on the COVID-19 front, as several states, including New York, New Jersey, Massachusetts and Michigan, have started to experience a decrease in new cases of the novel coronavirus. Unfortunately, in many others, such as Illinois, Texas, and Georgia, the IAPP’s home state of New Hampshire and neighboring Maine, there have been increases. Meanwhile, cases have flattened in several large states, such as California, Pennsylvania, and Florida, according to The New York Times.
Yet, despite the pandemic, there seems to have been no slowdown of activity in the world of privacy. Rather, news at the intersection of the COVID-19 pandemic and privacy continued to dominate headlines this week.
Across the pond, the U.K. government revealed details about a contact tracing app that is part of its plan to rescind lockdown measures. On Tuesday, the app went live on the Isle of Wight for preliminary testing before it is rolled out nationwide. Yesterday, however, the U.K. Parliament’s Joint Committee on Human Rights published a report that noted that there remain “significant concerns regarding surveillance and the impact on other human rights which must be addressed first.”
Closer to home, on Monday, Star Wars Day ("May the 4th be with you"), Californians for Consumer Privacy announced that it has begun submitting more than 900,000 signatures in order to add the California Privacy Rights Act to the November 2020 ballot — no small feat in the era of social distancing! The IAPP published an infographic to highlight the most impactful provisions of the ballot initiative, which include a new definition of “sensitive data,” the establishment of a new enforcement agency (California Privacy Protection Agency) and expanded liability for data breaches.
U.S. privacy pros can be prepared for even more developments at both the state and the federal levels this year. Indeed, proposals for a federal privacy law continue to be put forth in Congress, with the announcement of the "COVID-19 Consumer Data Protection Act" last week and the introduction of the "Consumer Data Privacy and Security Act" in March. Indeed, as pointed out in a recent analysis of the CPRA, the increasing state activity we continue to see may actually be “generat[ing] new interest in a federal privacy law.” This analysis is well worth reading, as it delivers the “good news” and “bad news” regarding the CPRA for businesses that are currently regulated under the CCPA.
On a lighter note, given that so many new pieces of abbreviated legislation are making the rounds, IAPP Vice President & Chief Knowledge Officer Omer Tene did a public service for privacy pros by conducting a Twitter poll to decide on the proper pronunciation of “CPRA,” the new California ballot initiative. The results are in, showing that the majority the Twittersphere believe that “Sipra” is the way to go!
I hope you all have a nice weekend.