California Attorney General Enforcement

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 41 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Transcription
00:02
Welcome everyone. Toe Lesson 7.2 as we will review how the C c p. A. Is enforced by the California attorney general,
00:09
the current attorney general of California, Javier Becerra,
00:13
he's appearing on your screen. Now
00:15
let's jump right into it.
00:17
The learning goals and objectives for less than 7.2.
00:20
First,
00:21
we will analyze the enforcement provisions of the C c p A.
00:25
I will guide you step by step through what they are.
00:29
Item number two.
00:30
We will review recent comments made by Javier Becerra
00:34
as it relates to C C. P. A enforcement.
00:36
Believe it or not,
00:37
he does occasionally go on TV.
00:40
He sometimes quoted in the print media and ask questions about Mr Becerra. How do you plan on How do you intend on enforcing the C C. P A.
00:48
Those comments are very relevant to this conversation,
00:51
so I have included them in this lesson.
00:54
Then item number three.
00:56
We will review the differences between the C C p a enforcement and how data privacy issues are enforced elsewhere around the world.
01:03
If you recall in the last lesson we had that four layered pyramid where we went through step by step of how a deepa is organized,
01:11
and we will do the compare and contrast session that I promised you a moment ago in this lesson. Right now,
01:18
let's jump into it.
01:19
There are five general key areas you need to be aware of as it relates to the attorney general's enforcement of the C C. P. A.
01:26
Number one.
01:27
The attorney general has the power to enforce any item that relates or any provision that relates to the c c. P. A.
01:34
There are multiple privacy obligations.
01:37
All those things that we reviewed in module 345 and six
01:42
again, that's the consumer request
01:45
the notice n transparency obligations all things related to data privacy issues related to Children and then add text and cookies. All those potential compliance issues fall within the scope of power of enforcement of the California Attorney general.
02:00
You might have heard that the c c p. A. Has data preach provision that fall under class action suit provision.
02:06
That's true.
02:07
We'll get to that in less than 7.3.
02:09
What I really want to drive home here is everything you heard in modules 345 and six
02:15
falls under the purview of the California attorney general, Whoever that may be, because again they are elected
02:23
Item number two
02:24
something you need to be aware of.
02:25
This is good news.
02:28
Any business or third party can actually seek the opinion of Javier Becerra of the California attorney general
02:34
for guidance on how they recommend complying with the c c p. A.
02:38
From what I've understood, companies are already submitting requests to get a regulatory opinion, and the California attorney general has begun already issuing some guidance.
02:49
But it has left a lot to be desired, and we'll get to that in a moment.
02:54
Another thing.
02:55
I think it's very important to mention the drafters of the CCP. A understood that privacy compliance is a journey in many ways.
03:04
And the California Attorney general, actually, under the statute, has to issue a non compliance notice 30 days before pursuing any kind of enforcement action.
03:13
Basically, the California attorney general is going to give any company a 30 day curing period to address whatever c. C. P. A or privacy issue that they have become aware of,
03:23
which I think is really something to call out.
03:25
It is relevant to the conversations you might be having at work.
03:29
Just know my friends that you're not going to get find out of the blue.
03:32
You will at least have a 30 day warning before that happens, because the California attorney general is going to give you the opportunity to address or cure whatever issue is causing them to reach out to you.
03:43
But let's move forward.
03:46
Suppose you are unable to address whatever issue is being brought to your attention within 30 days.
03:51
Here is the hammer that makes the CCP relevant to all the companies of the world.
03:55
This is why Sai Buri has a course on this. And this is why all the companies that collect personal information are expanding their compliance budgets and hiring information, security, data protection and privacy professionals.
04:08
That is because the CCP A provides for a civil penalty of $2500 for each violation of the C c. P. A.
04:17
If it is done intentionally, that number could go up to 7500.
04:21
Some people have argued
04:24
most violations will be 7500 because in order to be find, AH, company would have in theory had to fail to cure the issue within 30 days.
04:32
Either way, this number can add up very quickly because there will be multiple violations on the basis off. Whatever a company is doing wrong.
04:41
It's not just, oh, you happen to not be satisfying consumer request for this group of people. So that's one violation.
04:46
No,
04:47
each is going to be considered a violation, so you can take that number and multiply it
04:53
very quickly.
04:54
And you see how that fine quickly grows into the millions of dollars.
04:59
Also, something to be aware of. Item number five.
05:01
And this is difficult to understand in terms of the motivations of the California attorney general,
05:06
any civil penalty or other proceeds from the CCP, a settlement or action will be deposited into what's called the Consumer Privacy Fund,
05:15
and this fund is going to be used to fully offset past current and future enforcement costs.
05:23
We will get to that in a moment.
05:26
Some general highlights as it relates to the California Attorney general.
05:30
They're elected for four year terms, similar to how the United States elected president
05:35
and again similarly for a maximum of two terms.
05:39
But it's very critical that we really bring this point home for you.
05:43
The California attorney general is responsible for supervising the entire California Department of Justice,
05:48
so that means 1100 attorneys and close to 4000 non attorney employees.
05:55
They address all justice justice related problems within the state, both civil and criminal.
06:00
Before the CCP existed, there was no office that was previously dedicated to privacy enforcement,
06:06
and it was more or less dumped on the California attorney general, who is responsible for all things related to criminal reform, immigration issues, civil lawsuits. The list is endless.
06:17
You can understand how privacy might not necessarily be a main priority,
06:23
and that is one of the shortcomings, as we will address now off enforcement under the C c p A.
06:30
If you take, for example, Ah, look at the lower layer of the pyramid.
06:33
The CCP A does not establish a data protection authority
06:38
instead of just voiced sea or air quotes volunteers. The California attorney general, who was not necessarily prepared for this new responsibility.
06:47
Therefore moving up one layer of the pyramid.
06:50
They are not regularly publishing guidance, although they promised to get better at that.
06:56
But in Europe and other corners of the world, DPS, sometimes weekly published guidance
07:01
that's not happened in California and not to disparage moving up one layer of this pyramid. Any potential audience members from California.
07:10
But there were no privacy experts that were previously working at the California Attorney general's office.
07:15
So they are getting some
07:15
very on the job training and trying to catch up to the mature perspective of other Deepa is of the World.
07:21
And as I mentioned a moment ago, the Consumer Protection Fund is what will fund the privacy enforcement provisions of the CCP A. As opposed to taxpayer funded regime which exists elsewhere.
07:33
That, in and of itself can also help us to predict the future.
07:38
But to his credit, Javier Becerra has already made several public statements on how he intends to enforce the c C. P. A.
07:46
There are two quotes there for your consideration.
07:48
He wants to be aggressive From what we've seen.
07:51
That last quote,
07:53
I want to put the Capital P back into privacy for all Americans.
07:59
I think he views himself also as being a privacy advocate,
08:01
which is reassuring for those who wanted to know whether or not the C c p. A would be taken seriously.
08:09
Another quick f Y I at the time of recording this video, we do not know the outcome of the election,
08:15
but Kamala Harris was actually the previous attorney general for California, and she's always been a strong advocate for consumer privacy
08:22
That does increase the likelihood of a federal privacy law should she become the vice president
08:30
that captures the enforcement provisions of the CCP A. In our humble predictions for future issues revolving around C C P a enforcement
08:37
and I'll see you in the next video as we address the class action provisions of the C c P A.
08:43
I'll see you there.
Up Next