Web Conference: What to Do When Consent Doesn’t Work under CCPA

Original broadcast date: January 16, 2020

Join us for this educational web conference to hear from experienced privacy professionals about how companies can implement safeguards that reduce data privacy risk from occurring and leverage new technically enforced, risk-based deidentification controls.

Benefits of Non-Consent Processing (via DeIdentification)

Processing data under the CCPA’s deidentification requirements brings many benefits. They include:

For individuals and society:

  • Consumer benefits from data processing that is not well supported via opt-in/consent requirements because of the complexity of processing and difficulty of explanation.
  • Societal benefits from having more representative, non-discriminatory data to train accurate and representative artificial intelligence and machine learning models.

For data controllers and processors:

  • Greater flexibility in complying with data subject requests to delete data.
  • Enhanced ability to lawfully share and combine data with third parties.

Requirements for Non-Consent Processing (via DeIdentification)

Processing protected personal information via CCPA deidentification exceptions requires that proper technical and organizational safeguards are in place. Those requirements include:

  • CCPA increases deidentification standards to a new “2020 De-ID Standard”

The 2020 De-ID Standard under the CCPA now requires:

  • Technical safeguards to prevent recipients of protected information from inadmissibly re-identifying individuals when used on a distributed, multi-party basis.
  • Greater protection than otherwise required under laws that were enacted almost a quarter century ago, like the Health Insurance Portability and Accountability Act.
  • Context-aware, risk-based management of re-identification risk.
  • Protection against re-identification risk from data in the hands of third parties.

Dave Cohen, CIPP/E, CIPP/US, Knowledge Manager, IAPP

Gary LaFever, CEO, Anonos
Justin Antonipillai, CEO, WireWheel
Deven McGraw, Chief Compliance Officer, Ciitizen (former healthcare privacy official at the Department of Health and Human Services)
Khaled El Emam, Professor, University of Ottawa/CHEO Research Institute