It’s been a wild year in the world of data privacy. Our CEO Cillian put together some thoughts on what the passage of a brand new California privacy law means practically for the business community.
What a year 2020 has been, for the world at large and for the field of data privacy specifically.
US businesses that previously hadn’t thought too hard about the ways they collect and process data will have found the last 10 months felt somewhere between “whirlwind” and “tornado”.
There was the introduction of the California Consumer Privacy Act (CCPA) on January 1st. Then, around mid-March, global lockdown, work from home, and a million little disruptions to data management practices. In summer, EU-US data flows were thrown into chaos.
And finally this morning, Californians and businesses at large wake up to the passage of Proposition 24, the California Privacy Rights Act. It’s a brand new privacy law less than a year after the enactment of CCPA, a law that has split the privacy community into starkly divided camps, and a law that runs 52 dense, technical pages. In these eventful times, spare a thought for the general counsels and privacy engineers of the world, just trying to do the best they can.
In all seriousness, there’s no shortage of reporting on where Prop 24/CPRA is strong, where it’s weak, and where it’s got holes. In writing this note I want to focus on two simple points that should reassure anyone who will be seeking to operationalize CPRA requirements in the coming months.
First: if you spent long months getting CCPA-ready, the heaviest lift is already done.
The “treasure hunt” of data discovery in your business remains the lynchpin of any privacy operation – CCPA, CPRA, GDPR, you name it.
Once you’ve mapped where your business data lives and how it flows through the systems in your tech stack, you’re left only with the task of leveraging that data map in the application of any individual law’s requirements. But the map is paramount, and if you already built it, congratulations: you’ve already fought your hardest privacy battle.
Second: the work you’ll do for CPRA will reflect well on your business in the eyes of customers.
It’s not just that Prop 24 has passed with a strong mandate from the Californian electorate. It’s what we see across any number of touchpoints here at Ethyca and in the world at large.
There’s a reason Apple is rolling out a massive ad campaign around privacy features in the new iPhone.
There’s a reason why we at Ethyca have seen a 467% spike in privacy requests filed via our product since July, and a 215% increase in the number of Ethyca Privacy Centers in production during this same time.
The reason is that users want more privacy protection. You will build brand capital by offering it to them in an easy-to-navigate experience, and by placing data transparency at the center of your customer experience.
We’re committed to helping make the nuts and bolts of operationalizing privacy easy. Platforms like ours allow your teams to stop sweating the day-to-day and focus on the bigger privacy picture.
The passage of CPRA might serve as a moment for your business to take stock. A moment, before plunging back into another sprint, to think holistically about where your team wants to spend its energy in the management of an ever-changing data privacy landscape.
If you think you want to get out of the weeds and into the fast-lane, let’s chat.
-CK
Ethyca hosted its second P.x session with the Fides Slack Community earlier this week. Our Senior Software Engineer Thomas La Piana gave a live walkthrough of the open-source privacy engineering platform, Fides 2.0. He demonstrated how users can easily deploy Fides and go from 0 to full DSR automation in less than 15 minutes. If you weren’t able to attend, here are the three main points addressed during the session.
Introducing consent management in Fides 2.0. With the coming state privacy laws in 2023, your business needs to have granular control over users’ data and their consent preferences. Learn more about how Fides can enable this for your business, for free.
Ethyca launched its privacy engineering meetup, P.x, where Fides Slack Community members met and interacted with the Fides developer team. Two of our Senior Software Engineers, Dawn and Steve, gave presentations and demos on the importance of data minimization, and how Fides can make data minimization easier for teams. Here, we’ll recap the three main points of discussion.
We enjoyed two great days of security and privacy talks at this year’s Symposium on Usable Privacy and Security, aka SOUPS Conference! Presenters from all over the world spoke both in-person and virtually on the latest findings in privacy and security research.
At Ethyca, we believe that software engineers are becoming major privacy stakeholders, but do they feel the same way? To answer this question, we went out and asked 337 software engineers what they think about the state of contemporary privacy… and how they would improve it.
The UK’s new Data Reform Bill is set to ease data privacy compliance burdens on businesses to enable convenience and spark innovation in the country. We explain why convenience should not be the end result of a country’s privacy legislation.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!
Get a Demo