Business leaders from across the country gathered on November 8th to exchange ideas on addressing a problem that has become a national topic of discussion and firmly entrenched itself as an issue that requires immediate attention. Attendees and panelists came together to better understand topics like the recent GDPR laws now being enforced in the EU and the impacts such laws have on companies in the US and specifically Silicon Valley. With an entire day to dive into the issue, experts and leaders were able to discuss and cover multiple facets and aspects of data privacy; however, a few main points rose to the top as important takeaways for companies, organizations and consumers as we move forward.
The topic: Consumer Data Privacy.
Rick Arney, co-author of the California Consumer Privacy Act of 2018 and board member of Californians for Consumer Privacy, kicked off this keynote with the background and evolution of the CCPA. The remaining conversations were segmented into three open forum discussion panels comprised of business leaders, educators and government leaders from organizations such as Adobe, Electronics Arts, Inc. the state of Utah, Santa Clara University School of Law, and many more.
Mr. Arney shared a number of very compelling data points. First and foremost, people — in this case the citizens of the state of California — are starting to pay attention to the privacy potential use of their data. They realize companies are gathering massive amounts of information and, the research shows, they not only want this information to be held confidential, but they want the opportunity to “opt-out” and not have it shared at all.
“CCPA survey data showed the team 80% of people cared when asked about data privacy,” Mr. Arney emphasized, driving home the point that data privacy needs to be treated the same way data security was treated 10 years ago.
“And we can do this in a responsible manner that’s win-win for everyone,” he continued. “We maintain that privacy is good business!” Privacy is also important to lawmakers in Sacramento who came together to pass unanimously the CCPA law in record time with both sides of the aisle. This provided the CA State AGO the power to keep the law a living document by adjusting components as time and situations progress. This open ended provision and bow wave law will be an acid test for the rest of the country to watch as the AGO adapts.
With the GDPR in the forefront of every CPO in the Valley and across the country, the panel turned their attention to the importance of nuance and understanding. With everyone in agreement on the importance of implementing some form of privacy protection for consumers, the discussions turned to how best to accomplish the task.
“We can’t be bomb throwers. We need real solutions.” — said Rosa Barcelo, Deputy Practice Group Chair at Squire Patton Boggs, Brussels.
The EU approach to privacy has been about principles and the US approach has been about how to adapt. It is a EU law, but very much a reality for US companies to implement.
A main concern was balancing regulation and compliance with without putting undue strain and burden on companies’ ability to operate profitably. “We need to balance regulation and impact to businesses — we can’t kill the little guy,” Barcelo warned.
“The right to be forgotten could bring companies and business to a halt. We need to optimize, script and build understanding and deletion technologies into all the systems businesses we are running or upgrade those systems.” — Alisa Bergman, Chief Privacy Officer from Adobe added.
Panel members agreed; as a tech culture we need to drive awareness and to identify ways for large and small businesses to keep data private and still make money. Everyone agreed the GDPR is all but crystal clear.
How then do we as leaders in technology companies adapt to the changing privacy demands? For larger corporations, the idea was stressed that the best way to ensure compliance going into the future is to hold more executives accountable. Previously the responsibility was borne by the CIO, but this cannot continue as privacy issues and penalties are no longer just the responsibilities of CIO and CPO. The CEO and CFO also need to share in accountability, adherence and compliance. Profit-driven companies will not typically add non-profit expenses to their budget unless they are compelled, and anything that impacts the bottom line will face an uphill battle for broad and lasting acceptance.
Data privacy is not the same as data security. No longer can companies pay for compliance alone; data privacy means adapting policies, practices and procedures to regulation that is changing. Interpretation of the laws will be an ongoing burden.
Multiple speakers and attendees from the event locked in on the shared accountability idea in bringing meaningful change to corporate data privacy challenges.
“CEOs need to feel more pain for privacy violations,” Arney said. And Tony Scott, Sr. Advisor at Squire Patton Boggs, Washington D.C., agreed. “CEOs and CFOs need to have this question in their mind: Could this get me fired? If the answer is yes, it’s going to get attention and get the resources.”
At the end of the day, there were three main conclusions:
1. Data privacy must be addressed and can’t be ignored. The people want it!
2. Data privacy will not happen on its own without the mobilization of business and government leaders that are committed to putting privacy first, yet doing it in a way that won’t crush business.
3. Companies need to adopt a posture of urgency that repeats the shared magnitude data security experienced a decade ago. We need to put the resources, tools and talent in place in our own companies — and then help other organizations do the same.
Next Event: Look for the SPJ Startup Presidential Suite Event at RSA Conference in San Francisco, March 4–7 2019.
About the Author
Jon Walkenhorst brings more than 25 years of experience in innovation in carrier, broadband, IT/IS, post production, VFX, video gaming, product development, SaaS, VR/AR, Customer Care, DevOps and TechOps, Corporate strategy and business development. As a promoter of the executive gigger model, he is pursuing his passion in helping founders and investors maximize their potential. https://www.thecorpcto.com/