20 Burst results for "CCPA"
"ccpa" Discussed on eCommerce Badassery
"ccpa" Discussed on The Big Story
"Everything and you know. Businesses have put in already a lot of work to comply with a cpa. So does it all go out the window. Or even if they can use the epa preparations are there any additional things that businesses must now do with cpr. A around the corner and a couple of years so for sure not in terms of work. You've done for ccpa going out the window if you've already started to prepare for c. c. Which all businesses should have done than you. All you have to do is add to that effort. If you haven't done anything to prepare them like god help you etta. god bless you But like we were just saying right. So data. Minimisation is a new concept. Not in the world but in cpr. A so you have to think about that now and you have to think about how you're going to handle sensitive category data which is a new one so you have to just think about some of the new things that are being added and layered into your existing compliance process. What's a little awkward for ed. Tech companies is that do not sell or share addition a j friedman from the good way group. He put it like this to me. So it's an elimination of the lupo or businesses like weren't selling data but they were sharing it in kind of like a roundabout way Kind of playing with the language but that's not compliant anymore without an option and. I think it's not going to be the easiest thing for companies which are not consumer facing to get that ogden so you've got to rely on those publisher partnerships. I guess yeah. Are there any mulligans for like you. Know if you collect the data but you aggregate it to to a non demise it or anything like that or you're just not allowed to to collect data that that you don't need there's no freebies like you got. Yeah like it's a law and it's set out in the statute and you have to follow it so if you don't i mean it's not one hundred percent that you're gonna get enforced against but you could be but you're exposing yourself. How should we think about and cpr in terms of like federal legislation. I know it's confined to california but obviously that's a huge number of consumers so you know is this sort of like because it. It applies to california consumers. It's like the default. It's going to be sort of like the default privacy legislation. No matter no matter where in the united states you are or should we be thinking about this as sort of like the foundation for potential federal In the in the future basically that right. I mean it's not totally clear how. Cpr will influence the broader privacy landscape. I think yet but It's pretty significant and cs. Like i really don't know what will happen with the federal privacy law but almost regardless of what happens because there is no federal privacy law businesses might start to treat california as the defacto standard and then states could start to use it as a blueprint of sorts for their own laws. And then the more State privacy laws. There are the more ground swell and momentum there might be for something at the federal level. So it's it's very much like watch this space but it's a really interesting development for sure all right well let's Let's take a little bit of a break. And when we get back we'll talk about the election. Which is the exact opposite of the moment of calm that we started out with sorry about that..
"ccpa" Discussed on Run With It
"Number two, you've got to go out and get the skills that it takes whether it entails becoming a a digital privacy expert off or becoming kind of a legal junkie studying up on other gdpr all the CCPA stuff understanding exactly kind of all the rules regulations technical skills for me personally what that entailed was actually spending about three years learning Ruby on Rails. I fortunately before starting Avail had a good understanding of the problem that we were trying to solve..
"ccpa" Discussed on The Big Story
"But it's more general concept basically means that a private citizen or citizens can take action to enforce their own rights so most of the can only be enforced by the ag but there is a private right of action for data breaches specifically so regular plaintiffs can sue companies for data breaches on their own and they can also come together in class action lawsuits. Which a lot of businesses are really afraid of. There was a lot of lobbying against having a private right of action in the cpa but it ultimately maiden would you mention is specifically for for data breaches so not just if you feel companies being careless. You can bring a private right of action. It has to be specifically like your data has been Has been compromised. It has yeah right. But i mean if there's Something that you're not happy with even always complain to the g. but then it's up to the ages office whether or not to take action on other parts of the law that might have been violated all right so ccpa's just obviously getting up with starter. But then we've already got a sequel. Cpa dot ak the california privacy rights act aka c. p. r. a. I understand a stricter than ccpa. How how so. In in a way it brings back a lot of the stuff that got sort of stripped out of cpa during Like a bit of a lobbying process and also just process of getting it passed so cpr. a is You know ccpa plus and it's a bunch of things that it brings. That is a little stricter than cpa i think this is what alison mctaggart. The father of cpa pretty much had in mind for c. Cpa when it was on the ballot back in the day The so the cpr. A establishes a new category of sensitive personal information. So things like social security number passport number driver's license number of course but then it would also classify things like precise geo location race ethnicity biometric data sexual orientation. All of those things would be classified as sensitive personal information which is just a an added in there'd be added protections for that and it would also give consumers new rights related to that information. So they would have the right to correct that information of a business has on The cpr a would also enhance children's privacy by tripling fines for violations of the ogden and it would also require that you get consent for any consumer under sixteen to sell or share their data which i assume means a parent. Unless you've emancipated yourself or something and And then one of the biggest would be the establishment of a california privacy protection agency to enforce the law to the the cpr so the california ag enforces the cpa. But they also enforce a lot of other things in. They're busy in their under staffed. So this new agency would just be doing privacy stuff. So they'd have a lot more time to focus on it and they'd have a ten million dollar annual budget probably around fifty people or more at their disposal and all they'd be doing his privacy so you would expect them to bring more enforcement actions because it's their number.
"ccpa" Discussed on Cyber Work
"Enjoying that Trying to think. Spent a Lotta time working with it. We've got a number of data scientists on the team in, and there are some new concepts in theories that spent the last two years really getting very deep into an understanding how how they operate you know how adversarial networks are created in those different types of emo models or building Sarah. I think the the easy easy. The short answer is regardless of where you want to end up I think it has to be A. Passion so much so that you have to enjoy getting really deep into the study of it as opposed to just the practice of it, but that does need to be be healthy balance of both studied MMG this. Yeah. Okay. Can you talk a little bit about? Ongoing learning what you know. You say you're you're working on some new you know languages and so forth. But like what sort of. Tell me about your your sort of like you're learning preferred methods. Do you I mean, what do you do use books? Do you do labs online? Do you like? You know take active courses of study. Do you sort like? Through things after dinner like you know, what how, how do you keep your your skills fresh? The answer to that is yes, L. Those. Okay. I everything. Yeah. So I'm I do still enjoy some some dead trees once in a while. So for example, I was on vacation I took my rather thick. Four hundred or so pages. Go Lang Book with me. Also I do I do leverage things like a core Sarah in in other online learning? In I probably spend a few hours. In, those every week..
"ccpa" Discussed on Cyber Work
"Lot of our listeners, , the main slant of cyber cyber. . Listener, , working out what type of careers they want to enter? So ? I wanted to sort of. . You. . Know some of the career steps that you took to get to the position you're at now what types of positions experiences skills learning that you need to do to become a chief innovation officer? ? The sort of past signposts. . Yeah. . Well it certainly. . Routes that is decided in wake up one morning any number of years ago. . A vats where I want to be specific ob although you know it was it was in general arena if you would. . Terms of getting to that place a large part of by. . Three quarters of my my career path was very much on the practitioner side of the House. . So let's say I was actively. . Putting together the programs in medium security solutions to solve problems directly for the business. . So in this capacity, , it's it's. . A lot of the skills learned from there kind of blow it out to do on a larger scale for for numerous organizations hundreds of. . Thousands written <unk>, , that scale, , and so some of the things that really helped me along the way was a very. . Very, , early understanding of technology and its interconnection point. . So I. . Don't know that everyone needs to necessarily you know the the different layers of the model, , but it's helpful. . Know that everyone needs to to know how to programs, , but certainly advocate for it <hes>, , and so you know picking up those types of deep technology skill sets along the way along with the swerve just managerial skill sets. . You know by the time you talk about you might <unk> position on is very helpful but. . I still spend a lot of time learning a lot of time learning and I think not so much what? ? What the steps were to get here so much as the steps to to be good at what one does win they're they're not does require constant learning. . So you programming for example. . So I've been I've been getting my hands dirty in learning. . Golan, , for example. . I'm actually really enjoying that <hes>. . Trying to think. . Spent a Lotta time working with it. . We've got a number of data scientists on the team in, , and there are some new concepts in theories that spent the last two years really getting very deep into an understanding how how they operate you know how adversarial networks are created in those different types of emo models or building Sarah. . I think the the easy easy. . The short answer is regardless of where you want to end up I think it has to be A. . Passion so much so that you have to enjoy getting really deep into the study of it as opposed to just the practice of it, , but that does need to be be healthy balance of both studied MMG this. . Yeah.
Data privacy careers: A passion for learning
"Lot of our listeners, the main slant of cyber cyber. Listener, working out what type of careers they want to enter? So I wanted to sort of. You. Know some of the career steps that you took to get to the position you're at now what types of positions experiences skills learning that you need to do to become a chief innovation officer? The sort of past signposts. Yeah. Well it certainly. Routes that is decided in wake up one morning any number of years ago. A vats where I want to be specific ob although you know it was it was in general arena if you would. Terms of getting to that place a large part of by. Three quarters of my my career path was very much on the practitioner side of the House. So let's say I was actively. Putting together the programs in medium security solutions to solve problems directly for the business. So in this capacity, it's it's. A lot of the skills learned from there kind of blow it out to do on a larger scale for for numerous organizations hundreds of. Thousands written that scale, and so some of the things that really helped me along the way was a very. Very, early understanding of technology and its interconnection point. So I. Don't know that everyone needs to necessarily you know the the different layers of the model, but it's helpful. Know that everyone needs to to know how to programs, but certainly advocate for it and so you know picking up those types of deep technology skill sets along the way along with the swerve just managerial skill sets. You know by the time you talk about you might position on is very helpful but. I still spend a lot of time learning a lot of time learning and I think not so much what? What the steps were to get here so much as the steps to to be good at what one does win they're they're not does require constant learning. So you programming for example. So I've been I've been getting my hands dirty in learning. Golan, for example. I'm actually really enjoying that Trying to think. Spent a Lotta time working with it. We've got a number of data scientists on the team in, and there are some new concepts in theories that spent the last two years really getting very deep into an understanding how how they operate you know how adversarial networks are created in those different types of emo models or building Sarah. I think the the easy easy. The short answer is regardless of where you want to end up I think it has to be A. Passion so much so that you have to enjoy getting really deep into the study of it as opposed to just the practice of it, but that does need to be be healthy balance of both studied MMG this. Yeah.
"ccpa" Discussed on > Better Series
"I just want to reiterate. <Speech_Male> We don't know <Speech_Male> how the California <Speech_Male> Attorney General. <Speech_Male> What kind of <Speech_Male> enforcement posture <Speech_Male> the office is <Speech_Male> GonNa take, <Speech_Male> but certainly <Speech_Male> the statements that are <Speech_Male> coming out of that office <Silence> have been you <Speech_Male> know. <Speech_Male> Have signaled that <Speech_Male> there will be active enforcement, <Speech_Male> <SpeakerChange> and that <Speech_Male> you know <Speech_Male> maybe <Speech_Male> maybe <Speech_Male> the the attorney <Speech_Male> general, <Speech_Male> as of July first <Speech_Male> has already <Speech_Male> taken some actions, <Speech_Male> the CCPA contains <Speech_Male> the <Speech_Male> thirty eight year period <Speech_Male> <Speech_Male> and so the <Speech_Male> first step would be to <Speech_Male> notify a business <Speech_Male> that they're in violation <Speech_Male> before actually <Speech_Male> bringing kind <Speech_Male> of a an enforcement <Speech_Male> action, and then making <Speech_Male> that public <Speech_Male> but <Speech_Male> it may have <SpeakerChange> started already <Silence> <Advertisement> so. <Speech_Male> <Speech_Male> You Know I. Think <SpeakerChange> Businesses. <Speech_Male> <Speech_Male> Really need a drill down <Speech_Male> in. Make sure that <Speech_Male> they <Speech_Male> kind of check. The boxes <Speech_Male> of CCPA <Speech_Male> make sure that <Speech_Male> they have rights request <Speech_Male> processes in place, <Speech_Male> and as well that <Speech_Male> they're <Speech_Male> you know disclosures <Speech_Male> comply <Speech_Male> with the CPA, <Speech_Male> and <Speech_Male> then, of course <Speech_Male> you know if <Speech_Male> the <Speech_Male> the C., p. r. <Speech_Male> a. gets passed <Speech_Male> in November. <Speech_Male> They kind of <Speech_Male> get to start all over <Speech_Male> again. <Speech_Music_Male> To <Speech_Male> to kind of <Speech_Male> update their <Speech_Male> internal processes, <Speech_Male> and to make <Speech_Male> sure that you <Speech_Male> know, they update their disclosures <Speech_Male> to meet the requirements <Speech_Male> of that <Speech_Male> law. <Speech_Male> And so this is kind <Speech_Male> of just a continuing <Speech_Male> thing. <Speech_Male> <hes> and so <Speech_Male> fundamentals <Speech_Male> is a good place <Speech_Male> to start, but <Speech_Male> as well <Speech_Male> there are some particularities <Speech_Male> in these laws, <Speech_Male> and especially as <Speech_Male> they developed with regulations <Speech_Male> <Advertisement> that <Speech_Male> <Advertisement> really need to be <Speech_Male> <Advertisement> drilled down on <Silence> <Advertisement> as well. <Speech_Male> <Advertisement> And Heather <Speech_Male> <Advertisement> <SpeakerChange> you get <Silence> <Advertisement> the last word. <Speech_Female> <Speech_Female> Yeah! <Speech_Female> Julian brings up a great <Speech_Female> point while I'm all about <Speech_Female> the fundamentals <Speech_Female> I wouldn't say <Speech_Female> the particularities <Speech_Female> of the <Speech_Female> law either <SpeakerChange> of <Speech_Female> course. <Speech_Female> I <Speech_Female> think it's just really. <Speech_Female> <Speech_Female> Having <SpeakerChange> to become <Speech_Female> okay <Speech_Female> with the sense of gray <Speech_Female> nece, <Speech_Female> especially for those <Speech_Female> who work in as <Speech_Female> a privacy practitioner <Speech_Female> <Speech_Female> be, there's <Speech_Female> never <SpeakerChange> anything that's <Speech_Female> going to be black <Speech_Female> and white about what <Speech_Female> it is that we do <Speech_Female> and as <Speech_Female> much as we'd like. <Speech_Female> Are the the the <Speech_Female> laws that were trying to buy <Speech_Female> two black and <Speech_Female> white? That's definitely <Speech_Female> not the case <Speech_Female> here <Speech_Female> and I think when <Speech_Female> it comes to <Speech_Female> enforcement. <SpeakerChange> <Speech_Female> You know I think we <Speech_Female> will see the a g. <Speech_Female> go after <Speech_Female> perhaps several. Several, egregious <Speech_Female> cases, <Speech_Female> but <Speech_Female> we have to keep in mind that <Speech_Female> no. His office <Speech_Female> has limited <Speech_Female> size limited <Speech_Female> budget. They have <Speech_Female> a political agenda. <Speech_Female> What I think <Speech_Female> will be interesting to <Speech_Female> see <SpeakerChange> if <Speech_Female> the CPR <Speech_Female> a does get passed <Speech_Female> in November <Speech_Female> that requires <Speech_Female> a dedicated <Speech_Female> state <Speech_Female> agency <SpeakerChange> <Speech_Female> for enforcing <Speech_Female> this law, <Speech_Female> and then if <Speech_Female> that becomes the case, <Speech_Female> then we really <Speech_Female> will need to thank <Speech_Female> well. How do <Speech_Female> these fundamentals <Speech_Female> plus particular <Speech_Female> aspects really <Speech_Female> come into full force <Speech_Female> because <SpeakerChange> that could be <Silence> a Well thanks everyone. <Speech_Male> <Speech_Male> I'm very much <Speech_Male> looking forward to our next <Speech_Male> conversation. <Speech_Male> We find out <Speech_Male> what actually happened with <Speech_Male> CPR a because <Speech_Male> I can only imagine <Speech_Male> <Speech_Male> what <hes> what will <Speech_Male> be the the the <Speech_Male> actions. Everyone has <Speech_Male> to take after that particularly. <Speech_Male> If you have the first <Speech_Male> in the Nation <Speech_Male> State, Privacy <Speech_Male> Enforcement <Speech_Male> Agency so that it <Speech_Male> will be fascinating <Speech_Male> conversation <Speech_Male> if it passes <Speech_Male> and we'll still have plenty <Speech_Male> to talk about even a dozen <Speech_Male> and <Speech_Male> thank you <Speech_Male> for listening to the BB <Speech_Male> national programs <Speech_Male> better series.
"ccpa" Discussed on > Better Series
"Some of the practices that have been bedrock in digital advertising for example. Because you can't. You can't get notice in a meaningful way from consumers every time they click on a link every time they go to a particular website, so it has been very disruptive in some areas when we look at the CCPA CPA, and we look at what may be coming down the road with CPI CPR a assuming it. It does pass in November. Is there anything in these to the one existing long one proposed that has the potential to be that kind of disruptor. I can. This is Julian I can jump in on this one. which is that I think we're already seeing that disruption so I. Think you're right, James that. GDP, are Maybe not precluded, but really you know created an impasse for a lot of businesses, or or at least force them to think of new ways to deliver services, and to maybe delivered different services, and and a lot of that was based on the consent requirement. That's that's something that's kind of implicit in the CPA because of the way it limits sharing with third parties. It it takes a different approach which is that it allows consumers to opt out of the types of sharing that Why I guess it's still arguable you know the exact scope of of what's covered under the CPA in terms of whether you know cross contextual advertising. Is You know always? GonNa be a sale. But but certainly giving consumers the ability to opt out of that, and also requiring that businesses provide disclosure specifically. Related to those types of you know that type of sharing with third parties I think it can be a big disruptor. And also mentioned that you know in the lead up to implementation of the CCPA we saw a number of bodies and large service providers. Release functionality associated with the tools. that you know. That that businesses can kind of. Adopt or enable that would. Seriously affect the functioning of. A know the services they provide, so example is Google's restricted data processing functionality, and then more recently, the facebook limited data use functionality You know under both of those when a business. Enables the tool..
"ccpa" Discussed on > Better Series
"You know commentators or people in in this community. that. States would kind of race to implemented would be able to approve. And enact. CCPA type laws so that first of all that didn't that didn't happen. Certainly not as quickly as as some expected now in addition in this current legislative session you in the in the various legislators across the states a. There were again as with last year. bills you know probably in ten privacy bills and ten plus states and. Those. In most cases didn't gain too much traction. And then you had this Cova complication where a lot of the legislators had to close, and then not only did they have to close, but they closed or on kind of a public safety related hiatus, until after their legislative session ended and so because of that I think it's unlikely that at least this year we're going to see. You know we're going to see any meaningful privacy legislation emerge I'm not I. can't you know talk about next year? I don't know what would come back. I think I. think another important piece to talk about with. This is the Washington Privacy Act. Which? You know we got pretty close to passing twice now. It didn't include the sales. Piece of you know that the CCPA has an really was kind of more of a of a law. kind of a GDP are spin. Offer a you know a law similar to the General Data Protection Regulation in Europe, and even that you know. Did. Not Pass even though when up twice and actually this year in the second go round received approval from the House and approval from the Senate. And then you know the the two. Houses who had amended their own versions of the bill were unable to reach a resolution. You know citing really the key difference being on enforcement whether to include a private right of action or not and so. Well while I agree with what you said that. You know in some ways, it's kicking. The can down the road not to implement the CCPA more broadly. It's actually not clear the exact shape that privacy laws in other places or at the federal level will take, and so I think you know a lot of businesses feel like while they're required to do this now. In California and maybe some implementation of that more broadly, which is what I reference with for example giving you know maybe providing some of the rights more broadly possible really really doing CPA type implementation more brawley than California may be unnecessarily burdensome. Right on I. I hear you there that makes total sense especially when. I think it is the general consensus that CCPA as we've been continuing to have these policy discussions. CPA does feel more and more. Like a one off it. It does feel a little different than where consensus is on. It's kind of always felt that way it was. It was who sort of uniquely. Crafted and conceptual. Focused on sale. And let let me jump in here, so make sure we cover this because we're we're. We are coming close on time. There were provisions of GDP are which were very disruptive, particularly around notice, and it is effectively killed some.
"ccpa" Discussed on > Better Series
"The C. P., R., A. The California Consumer Privacy Rights at so it's going to if it passes through a whole new set of regulations and whole new set of obligations onto business and rights given to consumers. What do we do about that? Yen before. We even get into that James into the details. Of I, think that that raises a really good point to what Hetherington and Julian. We're just talking about which is a it feels to me that. Doing. The California only approach sort of the can down. The Road many times because we know that. Most of these. Like access, rights and deletion, rights are going to be included an are included in basically every draft legislation at privacy legislation that we're seeing right now and so especially when you're already going through the motions of implementing a verification system and trying to like. Figure out specifically how you're going to honor deletion requests for Californians it just to some extent strikes me as funny that you make that extra move of I. Don't know of of. Only applying that to certain people although I guess I mean at the end of the day there's there's work required for each deletion reclassification requests, so you can try to to limit that to some extent, but for me it seems that the PR benefit the kind of thinking of it as a customer service, aspects of away of building trust with consumers actually outweighs that. so it's just interesting to hear how how businesses have been approaching that at this time. So, how will that change when we get additional? Requirements or will it. Right exactly and so yeah, and we can certainly move into the CPR issue then as well. I think I just wanted to pick up on that on your point. which is that you know, you characterize not providing CCPA. Rights more broadly than to California consumers as kicking the can down the road. You know it's it's certainly true that. Privacy new privacy. Laws are really I guess what we refer to as baseline privacy legislation, which is legislation that would regulate data. Across various industries are are emerging in various places and are being considered. You know in a number of states. What's unclear is how similar to the CPA. Those will be so certainly you know, see CPA spinoff, which is kind of a term people like to use is a thing and and. Various states have considered laws that really look a lot like the CCPA. The thing is and you characterize the CPA kind of at the opening of this podcast It's really a law that's focused on sales, so that's disclosures of personal information. To third parties for? Monetary or other valuable consideration and so. It's it's not clear to me whether this kind of sales focused, legislation is really the way privacy laws are going to develop in other places. And James also mentioned the the covert aspect I. Mean I think I think it's important to note that wants? The CCPA came out..
"ccpa" Discussed on > Better Series
"Of you know. The the CCP contains a pretty broad definition of the types of information it covers which are personal information in those that's the information related, not only to individual consumers, but as well to households, which is undefined in the statute. And initially. Was Not defined. Clearly in in the regulations they were just defined as you know individuals in in single dwelling. But as the drafts evolved that definition as well evolved with some clarity now. You know kind of limiting the scope of household, and so this very much is something that has been evolving. Since that while since the CCPA was in engine, twenty eighteen, but certainly since the initial regulations came out in October twenty nineteen and assuming that those now our final. You know there shouldn't be any more changes but businesses. In a way still don't have clarity on what exactly is required of them. Because what's happened is that the Attorney General submitted final regulations for approval by the California Office of Administrative Law, but the away out. That office has not yet approved and implemented the regulations, and so we're in a situation now. Where as of July first, which at the time of recording was yesterday, the attorney general could start enforcing the CPA but all of the clarifications that came through and the additional requirements or I guess the clarified requirements that came through in the rags, technically are not yet implemented. And so this is. Kind of further. The uncertainty that businesses are facing related to the exact obligations under the CPA. Uncertainty is the word of the boarding. It sounds like that. Yeah. A heather businesses hate uncertainty. They need that level of stability to be able to plan and do the things that successful businesses do on a daily basis. What have they been doing to get ready to comply with clearly something that they're not really sure what they need to do to comply with. And the I mean you're. You're right James and thank you for having me. It's been a bit of a cluster because there hasn't really been any certainty as to. What can you do and in a business context? You typically want to know how you're going to execute how you could operationalize something. That isn't always clear right now. So one thing that I've heard from other businesses in stakeholders, and and myself as well is just a essentially applying the eighty twenty rule of just understanding that you probably won't be able to achieve one hundred percent compliance with this law, because there's a lot going on here and as we've been saying this law is, it seems to be constantly changing and the only constant in life is change. We can get the main core competencies in features of this law built in to our privacy program.
"ccpa" Discussed on > Better Series
"ccpa" Discussed on > Better Series
"Continue to push the envelope in today's marketplace. Thank you for joining us today. On better series. Podcast I'm James Late. For the past several episodes of the better series. We have largely focused on the rapidly changing privacy landscape in the United States. Today we're going to ramp these episodes of a nice boat that you can think of Valentine's Day gift without the calories on January. First the California Consumer Privacy Act or CPA with into effect and next month in March. New York's new privacy and cyber security law known as New York Shield will also go into effect the CPA began as a one person crusade in twenty eighteen to give California residents more access to and control over their personal information. We explore the history of how the CCPA became a law with Christian. Audie a privacy expert with the Bryan Cave Law firm the impetus for this law was a ballot initiative that was then pending and was even more. I think it's fair to say unfavorable to the business community and this law was passed in reaction to that and unfortunately it was drafted and passed a very quickly. It was written in. I think a week. That's almost yeah. That's almost unheard of. It's kind of the legislative equivalent of not studying for the entire semester and then cramming the night before and and the consequence of that is that there's a lot of errors omissions downright drafting errors in the law. And not all of those have been cured by the amendment process. So unfortunately we're going to go with the effective date of this laws January first twenty twenty. We're going to go with a law that is In less than pristine condition. I think it's fair to say what started in California has now turned into a full blown trend. New York Nevada and Maine have all passed new privacy laws and lawmakers in Washington State and Virginia have introduced state privacy legislation this year that matches or exceeds the CPA and there is still talk of Congress getting on the Privacy Act as well all of these laws and proposals have one thing in common. They apply to all businesses no matter where they're located if they collect us or sell the personal information of a given state's residents and they greatly expand consumers data privacy rights and businesses obligations as we learned from John Brescia of the BBB national programs the CPA but as a state law applies to in this case California residents. And what's interesting to note about that? Right out of the gate is that it appears that it applies to California residents regardless of where they are so you can be a California resident and be on vacation or spend months working on a contract in in different state. Seems like you're still covered by this And it confers. The statute does an should say. The rigs are also out for people to reference. So there's two parts to this but rights of notice access deletion opt out non-discrimination and there's additional work around the edges with the data security breach notification piece where they're elaborating their existing data breach notification posture legally to allow for private rights of action in case of breaches. And that's the only place where that exists with the CCPA now effect but enforcement not due to begin until July of this year when the businesses have to comply Christian audiences it's a heavy lift for many businesses requires businesses to first of all and this sounds very fundamental but it's actually quite challenging. First of all they have to understand where all their data it. Because of course if you get valid Right tax s request. You know a consumer says. Hey I want to see all of the pieces of personal information you have about me. You have to know where to look. You have to know where to go. You have to know where to find it within all the systems That that you have and oftentimes clients Businesses especially large businesses really. Don't have a good handle on. Where all their data is so the the first Wade impacts you is. It's functionally requires you to go out and do a date inventory and find and find that data and the second way to impact. She was of course. You gotta put together a method for responding to and collecting that data and also put together a method for authenticating the request for making sure that the person asking for the data is that per is is in fact the person or their authorized agent There are a lot of hackers out. There you know nefarious folks that are lagging indicator requests. Right now under. Gdp are but no doubt they're going to do it under CCPA to Four individuals that they just want to find out about or maybe they want to try and steal their password. Or maybe they want to figure out what their social security number is it Cetera and and it's a real risk gone Brescia Kobe's wife Keegan the BBB. National programs agreed compliance. Will be complex. Or buzzy is John. Describes it the number one thing is of course and I think this is just the best practice generally whether it's for CCP GDP are any internally motivated privacy regime. Whatever it is you gotTa know what you've got y you've got it where it comes from what you're doing with it where it goes things like that. What data is even in Your Business? If you ask a business today what. They've got a good chance. Many of them can't tell you what they've got not in a really thoroughgoing way and it's important to note that this ties directly indices EPA for the access and deletion rights. That people get and this is a really vexing area for businesses. As I understand it you know someone contacts you and says dear business pursuant to this legal regime. I have the right to have all the information you've got on me. Give it to me. Tell me what you have about me. How do they knew who that person is? How do they verify the identity of this person? What data internally is linked to this person? What reasonable efforts do they have to make to link that data to this person? This is all very fuzzy stuff. And so that's an area where a lot of energy goes to figuring out. What is the reasonable approach to compliance? Here yeah and I think that's where we're seeing a lot of discussion among businesses about the difficulties that they are having in coming into compliance with this law or at least lining their practices with C. CPA and thinking proactively hopefully about other privacy legislation. That may be on the horizon. It's been important to start thinking through some of these practices and I think we haven't yet seen all of this standardization that we will probably see very soon in terms of how to in terms of implementation. There's a lot of vendors. There's a lot of options for companies that do want to Make strides in terms of adopting best practices one of the key provisions of the. Cpa is the do not sell my data but that is required to appear on a company's homepage. Some businesses are interpreting the requirement to me and prominent button in a conspicuous place and others believe they can comply by putting the opt out link in small letters at the bottom of a webpage regulators. No doubt will decide. Which is the compliant practice. But meantime business just trying to figure out what stealing the me. Here's Christian audie again. I think that this is probably the most significant portion of the act ultimately. It's going to be the area in which we see the most enforcement I in in sort of all of its all of its variations from The AG and let's keep the minded only the California AG can enforce this portion of the act that we're talking about right now. But I think the first thing to recognize it and that's really important is sale does not mean sale in any you know colloquial sense which we use it. Sale is much broader than that Birch. Really any interaction or any transfer of data to a third party in which you're getting anything any type of valuable consideration back from them in any way is gonNA probably meet the definition of sale under CCPA John Russia and Copeland's life. Okay can also note the need for some standardization and how businesses are expected to make the opt out of selling data actually work. You may not think of yourself as being in data salesman but perhaps on the statute you are right exactly. Yeah and and already. You're kind of up right. And you've seen a lot of website. Notices privacy policies sort of wrestling with as many many companies have said. Well we don't think we sell your personal information but California thinks that maybe we do so in so far as we sell your personal information under California you can ask us not to by clicking this button but a lot of companies have asked the Attorney General California who's implementing the Legislation. The has asked for a feedback. It's been a comment period. We heard By actively engaging in that we've heard from businesses they would really appreciate there'd be standards in the button design just even in terms of design or or And exactly how it's expected to function any standardization around that would be really helpful because otherwise you end up with a proliferation of different ways of doing it. Which could be fine but may.
"ccpa" Discussed on Data Engineering Podcast
"Variance has a company has a product called Bimbo flex ex that generates the data vault style scheme as as well and there's others coming up all the time Consulting firms around the world who are doing. Data both implementations many of them are developing their own tooling to accelerate the time time to value of implementing a data vault style warehouse. So definitely worth looking into. especially if you're looking at data all to try to be more agile and more flexible in your approach than throwing automation tool or automation framework on top off of that Just makes sense to me Lord well for anybody who wants to follow along with you and get in touch. I'll have you had your preferred contact information to the show notes and as a final question. I'd just like to get your perspective on what you see is being the biggest gap in the tooling or technology. That's available for data management today. The biggest gap rate now is really early on the on the data governance side and the data lineage side especially with all of the privacy regulations that are coming out. CCPA in California GDP are over Europe. We have a fairly well known best practices for data governance and data management. That have been around and for for a decade or more people implementing it it has become the challenge and now people have to implement that trying to put together a full end to end tool. Set that you know. There's a couple of companies Irwin. Aaron has some data governance tools. There's a number of others out there. That are their stuff. Like partners as well as data cataloging from elation nation but trying to put that all together into a solid into an program so yes great generating data vault miles and we've rec- retained all the data. We have all that data available for the lineage and traceability no putting the right tooling and place around that so it makes excuse me for people to find that. Ask the questions. Say where did this data come from. Where where did the data go all those sorts of things? That's a challenge day. I'm I'm getting a lot of questions about that. These days you know. How do people go about doing that? It is It's something that's a problem. That's that's being solved has been solved in part over the years but now people really have to start paying attention to it and making sure it's part of their overall Data Management Program. Well thank you very much for taking the time I'm today and sharing your experience and expertise on data vault modeling. It's definitely very interesting and useful approach to handling data particularly in the current day and age of having so many different data sources that we have to deal with. So thank you for all of your time and effort on that and I hope you enjoy the rest of the day all right thank you very much. Thanks for having me listening. Don't forget the checkout or other show podcast dot net at.
"ccpa" Discussed on Data Engineering Podcast
"Variance has a company has a product called Bimbo flex ex that generates the data vault style scheme as as well and there's others coming up all the time Consulting firms around the world who are doing. Data both implementations many of them are developing their own tooling to accelerate the time time to value of implementing a data vault style warehouse. So definitely worth looking into. especially if you're looking at data all to try to be more agile and more flexible in your approach than throwing automation tool or automation framework on top off of that Just makes sense to me Lord well for anybody who wants to follow along with you and get in touch. I'll have you had your preferred contact information to the show notes and as a final question. I'd just like to get your perspective on what you see is being the biggest gap in the tooling or technology. That's available for data management today. The biggest gap rate now is really early on the on the data governance side and the data lineage side especially with all of the privacy regulations that are coming out. CCPA in California GDP are over Europe. We have a fairly well known best practices for data governance and data management. That have been around and for for a decade or more people implementing it it has become the challenge and now people have to implement that trying to put together a full end to end tool. Set that you know. There's a couple of companies Irwin. Aaron has some data governance tools. There's a number of others out there. That are their stuff. Like partners as well as data cataloging from elation nation but trying to put that all together into a solid into an program so yes great generating data vault miles and we've rec- retained all the data. We have all that data available for the lineage and traceability now putting the right tooling and place around that so it makes excuse me for people to find that. Ask the questions. Say where did this data come from. Where where did the data go all those sorts of things? That's a challenge day. I'm I'm getting a lot of questions about that. These days you know. How do people go about doing that? It is It's something that's a problem. That's that's being solved has been solved in part over the years but now people really have to start paying attention to it and making sure it's part of their overall Data Management Program. Well thank you very much for taking the time I'm today and sharing your experience and expertise on data vault modeling. It's definitely very interesting and useful approach to handling data particularly in the current day and age of having so many different data sources that we have to deal with. So thank you for all of your time and effort on that and I hope you enjoy the rest of the day all right thank you very much. Thanks for having me listening. Don't forget the checkout or other show podcast dot net at.
"ccpa" Discussed on > Better Series
"You know the idea is this could be very disruptive to that The advertising and Marketing Space John That your world digital advertising accountability ability. So what. What is it that you believe we're going to see in this marketplace now? And what what do you think that The the law of the real impact of the law is got to be sure. So I mean at this point there. I'm going to say three things that I think I can comfortably say the first thing is no one knows exactly what we're going to see. It's highly provisional We don't have the final rigs even though the telegraphing from the office that the draft Riggs basically are the final rigs you know but that remains to be seen not done till it's done And so then we've got to look to what's going to be considered compliant under those and that's an ongoing ongoing process right that's like saying what the section five violation or does this particular property fall under the domain of the Children's online privacy protection act or something like that. Those are questions that get asked answered on a continuous basis. So I can't prognosticate about what the single ultimate final answer isn't that don't know but what I do know is that adaptation is going to be the rule Going forward on this people are going to be trying out as we've just discussed a variety of compliance strategies So I for my Primary Work Enforce The digital advertising alliance's self-regulatory principles that deal with targeted ads on the Internet. That same outfit has recently put out. Some compliance tools of a new icon. Looks like they're old blue addresses icon but it is now in a refreshing California Green and Is Meant to signal that California Privacy Rights and potentially other privacy rights for other jurisdictions as those come online if they do you can be found through this iconic signal to consumers. Hey a here's where you can learn about your privacy rights and they've built a version of their opt out tool which has traditionally been around ten years or so now Is is traditionally been a an opt out from interest based advertising on a company by company level pursuant essentially to the terms of their principles right. There's a new page functions the same way but there's meant to affect your weight the do not sell my information requests. This is sort of aimed at the publisher end end of things. The website owner operator end of things And so this is a potential compliance solution for them and and those tools are out there as of this week. We also have the like the Interactive Advertising Bureau has put out a their framework for how they think the Ad Tech third parties for example could grapple with this and so that involves loves Barring logic from Europe in a way like binding model contract scenario where you have standard form contracts that everybody signs onto set set out the terms basically recapitulating. Anyone who signed this contract follows California law you got to follow the law. Here are the requirements this matches the law. I'm I'M GONNA do it now everybody's on the hook contractually. And then they've they're developing in moving in the direction of better technical standards for or identifying people making sure that do not sell requests or properly affected and those standards have been released. I don't know for still in a comment period. Is there finally feel like their final but don't quote me on that right now Last question for both of you. Because clearly this is going to evolved both in California and those impacts are GonNa ripple but what do you think we're gonna see across the country. You Know Virginia just this week. Lawmakers there said they're going to propose a CPA style privacy law in Virginia. You've had New York signal the same thing you actually have New York passing a law law late in the year which strengthened their breach. Notice law turn it into a cybersecurity law along with the privacy law and they're going to go for a second that can bite at the apple this year. You've got a number of states other states talking about it so what do you guys see as What is going to happen As this worked its way through the state legislative process this year and then ultimately the the federal legislative process. That's a good question obviously Looking to the future we're seeing movement on both of those sides on both the state level and the federal level. I think it's important to remember I that just because this is the strongest privacy law. Aw that's the argument. Strongest General On the United States exactly Just because that's true doesn't mean that it is a gold standard in privacy privacy law and I think it's gotten a lot of flack for the fact that it was drafted very quickly that it has some internal inconsistencies and that it really is. It's focused on certain in consumer harms It's it's definitely focused very much on this idea of selling people's information but it doesn't necessarily encompass some other things that Consumer Zimmer advocates are very concerned about especially certain types of collecting certain types of information like biometric information. It doesn't really distinguish between types of information very much and and Kobe to piggyback on. I mean that's why we're seeing draft. CCPA to language rate coming out of California Where advocates are saying? Maybe we need to go ahead and strengthen this right away. We haven't even gotten to compliance with the original one and there's proposed Not even amendments but essentially a wholesale rewrite right so there's really discussion on both sides from both on the industry side into the consumer advocate in terms of how this lock could be made better for everyone Whether through other states or in a federal law I mean the one thing that can be said for. CCPA's it certainly kick started a lot of the discussion on the federal level level in terms of saying well. We don't want fifty different state laws. That aren't going to be compatible with one another so maybe we should have federal legislation. Well it sounds. How's it going to be talking about this all year so I I appreciate John and Copen. You know all of your remarks today and coming in discussing this with us us and helping educate us on what's going to be a lengthy process of everybody getting used to and I want to thank all of you for listening today To the BBB BB national programs better series. Don't miss an episode by subscribing to.
"ccpa" Discussed on > Better Series
"One episode. And today we're going to look at the issues. Issues of consumer data access and Control Kobe's wife Keegan is the deputy director of the BBB National Programs Privacy initiatives and John Russia Russia is the vice president of the BBB National Programs Digital Advertising Accountability Program. You're joining us today to talk about what the CPA means to businesses inside and outside California. Thanks for joining us today. Guys thanks so much James Thank you well. Let's let's get started. I mean this is. This is a rich vein. We can mind for awhile but I'll I'll start with with With you coburn. Privacy is one of those topics were just about. Everyone has an opinion. How do we get to the point? where the CPA becomes the strongest privacy law in the United States? Well that's a very good question at a very long story if we want to go into a lot of detail which we won't on this podcast but I think to talk about where the CPA originates you have to think about some of the trends that we've seen over the past decade toward respecting consumers rights to control and have more ownership of their information and so in the United States. We've had historically a more sectoral approach to privacy and California just happens happens to be the first state to take a jump towards a overall approach to privacy swords treating all data the same regardless of whether it's it's collected online offline and regardless of the industry sector that it originating in doing that. You know this is. This is a train California. When you kinda started? Didn't they if we go back to two thousand four two thousand five. They really sort of started down this path of the US With the breach notice lost. Didn't they yeah. They were one of the first To adopt breach notification laws which now are all over the country. So that's a good point and points to the fact that they traditionally have led the way with a lot of consumer protection issues and also highlights the fact that we may end up with additional privacy laws just like we have with Data breach edification. Laws has other states try to emulate the rights that the California consumers are enjoying after this law went into effect. Well let's let's talk talk about that What those rights are? 'cause this is a fundamentally different kind of approach to privacy as you noted so I'm in San Diego today. Can I walked into a Bagel shop this morning and there in the window before you walk in was a a poster that said notice notice of consumer information collection so that's part of the CCPA you know the consumers get For more information about what data's being collected now it's being used etc but by definition if consumers have more rights that means businesses have more obligations. So what is actually being Obligated in the C- CPA. And who is it. That's going to to get these actual rights that are being created. Sure so this. Is John Jumping on that one. This EP as a state law applies to in this case he's California residents and what's interesting to note about that right out of the gate is that it appears it applies to California residents regardless of where they are so you can be a California resident. Be On vacation or spend month working on a contract in a different state. Seems like you're still covered by this And and it confers the statute does and I should say the rigs are also out for people to reference. So there's two parts to this but rights of notice access has deletion opt out non-discrimination and there's additional work around the edges with the data security breach notification piece where they're elaborating elaborating on their existing data breach notification posture legally to allow for private rights of action in the case of breaches as the only place where that exists and we can go into as much or as little little details. You want at any of those specific points. Yeah I think your point. Your story is an interesting with the bagels store because I think CCB does apply both to to Online and offline collection of information so I think the Bagel store is is taking a very Real look at the at the law and realizing that they do have possibly have an obligation to inform people that maybe they are collecting and sharing information and to be fair businesses. have been doing something like this for years. When it comes to in store surveillance that's right notifying people that they're on closed circuit television? That's being recorded notifying people more recently if they are tracking beacons in their stores Bluetooth Beacons Sir Wi fi beacons note where shoppers are going to construct heat maps of activity in store there frequently disclosure placards that tell people about that always no So this is a much more systematic approach to deploying these sorts of things in the retail space. or at least. That's what I'm expecting is you're going to start to see more and more of those appointing people almost certainly to the company's website where the note is will be pleased and there are a lot of things that tie into a company's website their alternative physical disclosures. You can give people think when you sign up for his cell phone line or something and all that sheaves the paper that you go through to sign. But I'm I'm guessing the standard commercial situation actually going to be very similar to what you experienced so that that's a very broad law. You just outlined there John with a lot of moving parts a lot of components opponents and this particular law was passed a couple of years ago there were some amendments made in the second year by the legislature as you said You know the regulations have now been proposed This is pretty complex for businesses to understand. What's the what are the key points they need to make? I'm sure they're focusing on today that they don't get into trouble. So copen I guess you and I can sort of trade off on this as things occur to us but the the number one thing is of course and I think this is just the best practice generally whether it's for CCPA GDP are any internally motivated. You know privacy regime whatever it is you gotTa know what you've got why you've got it. Where comes from what you're doing with it where it goes things like that? What data is even in your business? If you ask a business today what God there's a good chance many can't tell you what they've got not in a really thoroughgoing way away and It's important to note that this ties directly indices EPA for the deletion rights that people get and this is a really really vexing area for businesses. As I understand it You know someone contacts you and says dear business pursuant to his legal regime I have the right to have all the information. You've got on me. Give it to me. Tell me what you have about me. How do they knew who that person is? How to verify the identity of this person? What data internally internally is linked to this person what reasonable efforts to they have to make to link that data to this person? This is all very fuzzy stuff. And so that's an area area where a lot of energy goes to figuring out. What is the reasonable approach to compliance here? And I think that's where we're seeing a lot of discussion among businesses about the difficulties faculties that they are having in coming into compliance with this law or at least lining their practices with C.. CPA and thinking proactively hopefully about other privacy legislation that may be on the horizon. It's been important to start thinking through some of these practices and and I think we haven't yet seen all of this standardization that we will probably see very soon in terms of how to implement in terms of implementation and there's a lot of vendors there's a lot of options for companies that do want to make strides in terms of adopting best practices but Especially when she put it into a law. It's sort of ossified. Is it a little bit and and yet suddenly you have strict requirements but in the case of the CPA not necessarily specific acidic requirements That leave it open to interpretation in some instances like for example. The requires a notice that you have to add a notice to your website website. If you're collecting data online you have to make up front a button that lets you opt out. Do not sell my information button and has only by the way. If you sell the California residents data to third parties sell being defined very broadly in the statute you may not think of yourself as being data salesman but perhaps perhaps under this statute you are right exactly. Yeah and and yeah so already. You're kind of up. And you've seen a lot of website. Notices and privacy policies sort of wrestling with this as many many companies have said well. We don't think we all your personal information but California thinks that maybe we do so in so far as we sell your personal information under California you can ask us not to by clicking this button but a lot of companies have asked the the Attorney General California who's implementing legislation the has asked for feedback and there's been a comment period we heard By actively engaging in that we've we've heard from businesses they would really appreciate their to be standards in the button designed just even in terms of design or or And exactly exactly how it's expected to function any standardization around that would be really helpful because otherwise you might end up with a proliferation of different ways of doing it which could be fine but may cause problems down the road especially as more laws come into effect and that's absolutely right the if we have other jurisdictions passing somewhat somewhat similar laws. Then you have to start say we'll which of these pass muster under California and also comport with Washington State or Texas or wherever wherever it's going to happen and I wanNA come back to that because that's I mean that is almost inevitable at this point it's GonNa question is to what degree they either try to one up California Gornja or they just kinda follow in their wake. But you know this this concept of the do not sell. But that's one of the things that I you know. A lot of consumers have kind of it's easy for them to visualize but now that it's being implemented you know Every everybody has their own view of how do that some of it's very obvious and buy some of it's very subtle but it all goes to the same point of disrupting what has been the marketplace if you will because this is all aimed at giving people control over what they used for marketing In December we had to marketing experts on the better series. PODCAST and one of them you used used the term cookie pacalypse As a result of the European privacy law the GDP are its effect on the marketing world And now everybody's waiting to see what happens here in the US because under CCPA if people opt out of the ability to sell marketing data..
There's a New Chinese Government Podcast and Other PodNews
"The Chinese press agencies in one report that the government in the que- shoe province. The south west of the country has launched a podcast to raise people's awareness of the protection of endangered species recent given nor how to download it focused quantifications normally tears. PODCAST has had guest hosts for the last wild on December. Thirty first sky. Pillsbury talked about perfecting your podcast. Pr The our page and today's episode features me talking about spot speakers French newspaper. Liberal Garcia is launching three podcasts. This month two of which will only only be available to subscribers. We link to an article with more details and French podcast. Host pod must gives its podcast predictions for twenty see twenty one now really among their predictions free hosting for everyone podcast today given the new. CCPA regulations you might enjoy terms and conditions apply which discusses many Subjects Relevance to online data collection and privacy and the Beagle presents the last post our new daily satirical news news fantasy podcast hosted by an fraser off. The bugle launched yesterday
'Do Not Sell My Info': U.S. retailers rush to comply with California privacy law
"On January first Wednesday the California consumer privacy act or CCPA goes into effect it's a California data privacy law yes but some companies plan to apply their new policies nationwide the law lets people opt out of the sale of their personal information but businesses are still trying to figure out exactly what that means and how to implement it market place's Jack Stewart has more of its most basic the CCPA says companies have to show you all the data they collect on you for free twice a year if you are asked you can request they not sell it or even to liters Marista Ross of the electronic privacy information center is one of the authors of the law its basis is transparency so I as a Californian can go to any business and say what do you know about me what do you know about my devices and what do you know about my children business is the report Dave only had a few months to figure out how to deal with those requests and they're finding it tough Sir John because with the law firm Dickinson right she says she gets questions from clients about whether they need a web form or if they have to read a privacy notice before phone conversations I'm working with probably over a hundred and fifty to two hundred companies just on this issue I get weird questions day in and day out the law applies to big companies with at least twenty five million dollars in revenue but also those that have information on over fifty thousand customers and that could mean small firms with things like email sign up lists and upping