Privacy Trends Before the CCPA

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
4 hours 41 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Transcription
00:01
Hello, everyone, and welcome the lesson 1.4
00:04
The privacy trends that existed before the passage of the C C. P. A.
00:10
Our learning goals and objectives for less than 1.4 will be to reexamine why the CCP A itself past take a greater look at the history of the law and what made the law actually come to fruition.
00:21
And equally important objective is if you understand why the CCP a past, you'll better understand how to build a focused privacy program that addresses the obligations that truly matter.
00:34
We've mentioned some of this in the previous lessons, but
00:36
let me reiterate this. Just so we're all on the same page.
00:39
There has always been a growing expectation of privacy.
00:43
You see it in the news, you see it amongst non profits and think tanks. They are increasingly asking for greater privacy legislation in the United States.
00:52
With each sectoral law that is passed by the federal Congress, we move the needle further and further towards the CCP a becoming a reality because we see certain industries beginning to get regulated.
01:02
Well,
01:03
why not just make every industry regulated?
01:06
Equally important,
01:07
if Europe has its own privacy law.
01:10
Why can't we have one?
01:11
We discussed that in the previous lesson, but the passage of the G d. P. R. Was incredibly influential for the eventual passage of the C C. P. A.
01:19
There were, of course, breaches that dominated the headlines for years. That led up to the passage of the CCP A in 2018,
01:26
which we will get to in a moment
01:29
now. I do need to take a quick moment to identify some of the notable data breaches that inspired the passage of the C C. P A.
01:37
In fact, some of them are specifically mentioned in the ccps opening recital section.
01:42
Target really scared a lot of people.
01:44
The level and volume of information that was leaked in 2013 scared a lot of regulators and privacy advocates.
01:51
In that instance, the hackers were able to access credit card information and loyalty program information through the H Vac system. Of all things.
01:59
Some of you might have heard that story before
02:01
Home Depot again, a place where people when they shop, don't expect their information to be leaked.
02:07
That also pushed the needle further towards privacy legislation.
02:09
Same with Neiman Marcus,
02:12
the Big One Cambridge analytic Gun Facebook is actually specifically mentioned in the privacy recital section of the C c p A.
02:20
The authors point out the consequences of the Cambridge Analytica Facebook data breach as being one of the reasons why we need a privacy law that protects residents in California.
02:30
Equifax, which in my respectful opinion, still has not completely recovered in terms of reputation following their data breach
02:38
the sheer consequential level of information that Equifax had that was leaked really pushed the need for there to be greater privacy protections across the country.
02:47
Now, stepping back to the conversation we were having between sectoral approach and the comprehensive approach, it's great that our health information, our financial information, video rental information or that the information of Children is protected. Of course, we couldn't be happier,
03:05
but there were major industries that the sectoral approach was leaving behind.
03:08
You need look no further than the previous slide,
03:10
for example, Neiman Marcus and Home Depot that weren't regulated by any of those privacy laws, but yet we're still causing massive disruptions to people's lives. Retail and e commerce was not subject to a privacy law in any way.
03:25
Maybe some of the financial information that they collected could arguably have been in some cases, but
03:31
not really.
03:34
In any event, those industries didn't even think about privacy in the manner that they operated in the manner that they established security controls. What have you?
03:43
Transportation is a big one.
03:45
As of this recording, there was a recent breach suffered by British Airways
03:50
that triggered a mechanism under GDP are but the point being Transportation companies collect a massive amount of personal information, including, and especially under their loyalty programs there sync up with credit card companies. People who collect points, things like that.
04:04
Transportation companies have a massive amount of information, but
04:09
they're not regulated unless a specific law comes out and says that they are
04:13
entertainment again. They tend to also collect a lot of information of younger individuals,
04:17
but that might not necessarily be protected by Coppa.
04:21
There was a push to make all these other industries manufacturing and real estate again, who aren't necessarily regulated by a sectoral law to somehow be elevated to hit this higher standard that the other, more regulated industries were likely already satisfying.
04:38
And the big one that I have to mention it last because, frankly, I think is the biggest driver.
04:43
Social media.
04:45
The technology in the social media space has always outpaced regulation.
04:48
The C C P. A is but one attempt to try to narrow that gap.
04:53
I honestly think that will be a never ending game of cat and mouse that will follow us through the decades
04:58
again. None of these industries were previously regulated by any of these sectoral laws that were already on the books.
05:05
So in summary, there really is only one group of reasons why the CCP. A past
05:11
these major privacy trends that existed right before the c c p A.
05:15
You should make a note of it because as you try to build a privacy program, which we're going to get to in the future lessons, it's important to remember why the law itself past.
05:24
If you have to make some decisions between certain things under the law, that might be more important than others, feel free to jump back into cyberia here and look at the privacy trends.
05:32
The data breaches that were occurring in industries that were not regulated by the G o. B. A r HIPPA was really scaring people.
05:40
They noticed that the sectoral approach simply was not working in this country
05:45
That layered on top of individuals, consumers, privacy advocates, screaming Mawr and mawr for greater protections toe have these stronger expectations of privacy just became too much to make the CCP a unavoidable,
05:58
particularly in the context of Europe. Finally passing its own privacy law, by the way of the GDP are
06:05
with lessons 1.1 through 1.4 covering the greater privacy trends. We have one more lesson in the history of the C c p A.
06:13
That's the next one lesson 1.5,
06:15
where we will actually look at the specific timeline that the CCP followed as it went through its mechanisms when the law was passed.
06:21
I'll see you in the next lessons, and then we'll dive into the actual substance of the law itself. In the future Modules.
06:28
I'll see you there
Up Next
California Consumer Privacy Act (CCPA)

This course examines the privacy obligations that are established by the California Consumer Privacy Act (CCPA) and how students can help their employers implement changes to their organizations to remain compliant with this new law.

Instructed By