A few weeks ago, I made it to Austin, TX for the Privacy Security and Risk Conference being held by the IAPP. As always, it was a great conference with pros and those who have only just begun as privacy professionals. One of the most interesting aspects of the conference was the focus on the newest US based privacy regulation, the California Consumer Protection Act. While not being in California, it was obviously the center of the conversation as many eyed this upcoming regulation as the next possible GDPR.
The first speaker during the general session was none other than Alistair McTaggart, one of the writers of the CCPA. His presentation was rather insightful, providing a look at the requirements to write and pass a bill into law. He also covered how he encountered opposition from, unsurprisingly, ISPs such as Comcast or Verizon, as well as larger data centric tech companies like Google. Even getting funding was difficult as there was some fear that the opposing groups could act negatively towards the backers of this new law. Overall, it was the best opening presentation I had seen at an IAPP event.
As we began working the booth and having many people come to visit us, CCPA was still top of mind for many. Questions about retention, responsibilities to data subjects, and more came up, as well as how to prepare for the law itself. Most of the discussion was only conjecture as of right now. With the law itself going into effect in 2020, there is still time for rewrites, revisions, and even the possibility of the law simply being struck down. While we have made efforts to compile the CCPA in an understandable format for assessments, Privacy Ref continues to review changes to the law.
Once again it was a great conference, minus the usual cold from traveling I always get. Privacy Ref is already planning our booth for Summit 2019 in D.C. and hopes to see you there.