Hello, everyone, and welcome the lesson 1.4
The privacy trends that existed before the passage of the C C. P. A.
Our learning goals and objectives for less than 1.4 will be to reexamine why the CCP A itself past take a greater look at the history of the law and what made the law actually come to fruition.
And equally important objective is if you understand why the CCP a past, you'll better understand how to build a focused privacy program that addresses the obligations that truly matter.
We've mentioned some of this in the previous lessons, but
let me reiterate this. Just so we're all on the same page.
There has always been a growing expectation of privacy.
You see it in the news, you see it amongst non profits and think tanks. They are increasingly asking for greater privacy legislation in the United States.
With each sectoral law that is passed by the federal Congress, we move the needle further and further towards the CCP a becoming a reality because we see certain industries beginning to get regulated.
why not just make every industry regulated?
if Europe has its own privacy law.
Why can't we have one?
We discussed that in the previous lesson, but the passage of the G d. P. R. Was incredibly influential for the eventual passage of the C C. P. A.
There were, of course, breaches that dominated the headlines for years. That led up to the passage of the CCP A in 2018,
which we will get to in a moment
now. I do need to take a quick moment to identify some of the notable data breaches that inspired the passage of the C C. P A.
In fact, some of them are specifically mentioned in the ccps opening recital section.
Target really scared a lot of people.
The level and volume of information that was leaked in 2013 scared a lot of regulators and privacy advocates.
In that instance, the hackers were able to access credit card information and loyalty program information through the H Vac system. Of all things.
Some of you might have heard that story before
Home Depot again, a place where people when they shop, don't expect their information to be leaked.
That also pushed the needle further towards privacy legislation.
Same with Neiman Marcus,
the Big One Cambridge analytic Gun Facebook is actually specifically mentioned in the privacy recital section of the C c p A.
The authors point out the consequences of the Cambridge Analytica Facebook data breach as being one of the reasons why we need a privacy law that protects residents in California.
Equifax, which in my respectful opinion, still has not completely recovered in terms of reputation following their data breach
the sheer consequential level of information that Equifax had that was leaked really pushed the need for there to be greater privacy protections across the country.
Now, stepping back to the conversation we were having between sectoral approach and the comprehensive approach, it's great that our health information, our financial information, video rental information or that the information of Children is protected. Of course, we couldn't be happier,
but there were major industries that the sectoral approach was leaving behind.
You need look no further than the previous slide,
for example, Neiman Marcus and Home Depot that weren't regulated by any of those privacy laws, but yet we're still causing massive disruptions to people's lives. Retail and e commerce was not subject to a privacy law in any way.
Maybe some of the financial information that they collected could arguably have been in some cases, but
In any event, those industries didn't even think about privacy in the manner that they operated in the manner that they established security controls. What have you?
Transportation is a big one.
As of this recording, there was a recent breach suffered by British Airways
that triggered a mechanism under GDP are but the point being Transportation companies collect a massive amount of personal information, including, and especially under their loyalty programs there sync up with credit card companies. People who collect points, things like that.
Transportation companies have a massive amount of information, but
they're not regulated unless a specific law comes out and says that they are
entertainment again. They tend to also collect a lot of information of younger individuals,
but that might not necessarily be protected by Coppa.
There was a push to make all these other industries manufacturing and real estate again, who aren't necessarily regulated by a sectoral law to somehow be elevated to hit this higher standard that the other, more regulated industries were likely already satisfying.
And the big one that I have to mention it last because, frankly, I think is the biggest driver.
The technology in the social media space has always outpaced regulation.
The C C P. A is but one attempt to try to narrow that gap.
I honestly think that will be a never ending game of cat and mouse that will follow us through the decades
again. None of these industries were previously regulated by any of these sectoral laws that were already on the books.
So in summary, there really is only one group of reasons why the CCP. A past
these major privacy trends that existed right before the c c p A.
You should make a note of it because as you try to build a privacy program, which we're going to get to in the future lessons, it's important to remember why the law itself past.
If you have to make some decisions between certain things under the law, that might be more important than others, feel free to jump back into cyberia here and look at the privacy trends.
The data breaches that were occurring in industries that were not regulated by the G o. B. A r HIPPA was really scaring people.
They noticed that the sectoral approach simply was not working in this country
That layered on top of individuals, consumers, privacy advocates, screaming Mawr and mawr for greater protections toe have these stronger expectations of privacy just became too much to make the CCP a unavoidable,
particularly in the context of Europe. Finally passing its own privacy law, by the way of the GDP are
with lessons 1.1 through 1.4 covering the greater privacy trends. We have one more lesson in the history of the C c p A.
That's the next one lesson 1.5,
where we will actually look at the specific timeline that the CCP followed as it went through its mechanisms when the law was passed.
I'll see you in the next lessons, and then we'll dive into the actual substance of the law itself. In the future Modules.