cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer III

Re: What about the effects of CCPA?

Believe me - our privacy attorneys are working hard on CCPA.

 

I hope they end up having the controller/processor nomenclature like GDPR.   It helps to assign responsibilities.

Newcomer I

Re: What about the effects of CCPA?

Regarding blockchain, GDPR, and Encryption as referenced in the CIO article above:

 

Encryption (and/or Tokenization) of data may have its place the blockchain/immutability/GDPR discussion, but I don't see the use case for encryption as valuable as that article made it seem, at least not in the context it was described because;

 

-Private blockchains versus public blockchains touch on permission-based versus permission-less databases.

-Private encryption key ownership of data on blocks will upset "distributed-ness" of the ledger.

-Not every industry has a worthwhile business-case for use of blockchain.

These three factors synchronize that where blockchain is appropriate, it may be implemented in a manner in which encryption might not add the value described in the article....but...

 

More importantly, GDPR right to deletion mirrors well with CCPA § 1798.105(d), which states:

A business or a service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the consumer’s personal information in order to:

  1. detect and maintain information security;
  2. exercise a right provided by law;
  3. comply with the California Electronic Communications Privacy Act;
  4. enable solely internal uses that are reasonably aligned with the consumer’s expectations based on the consumer’s relationship with the business;
  5. comply with a legal obligation.

This points to these ways that deletion requests can be avoided, (let alone a use-case for encryption and key destruction):

1. Information security convergence with data privacy is already converged.

2. Exercise 1st amendment freedom of speech

3. Senate Bill 178, §1546.1(b) = gov may compel production of the consumer data, so biz can't delete it.

4. Who gets to define "reasonably aligned"? (=How much attorney fee$ are you willing to pay for deletion?)

5. Data retention requirements, subpoena, or compliance with #3, etc.

Community Champion

Re: What about the effects of CCPA?

@Hartenstein_JD

 

To be the devil's advocate, under these conditions:


@Hartenstein_JD wrote:

Regarding blockchain, GDPR, and Encryption as referenced in the CIO article above:

 

 

 

More importantly, GDPR right to deletion mirrors well with CCPA § 1798.105(d), which states:

A business or a service provider shall not be required to comply with a consumer’s request to delete the consumer’s personal information if it is necessary for the business or service provider to maintain the consumer’s personal information in order to:

  1. detect and maintain information security;
  2. exercise a right provided by law;
  3. comply with the California Electronic Communications Privacy Act;
  4. enable solely internal uses that are reasonably aligned with the consumer’s expectations based on the consumer’s relationship with the business;
  5. comply with a legal obligation.

One could argue that personal information will never be deleted, which is troublesome to me.

 

An additional argument against encryption is that some vendors will not support it, so data may be encrypted in transit but not at rest which leaves it vulnerable.  Also folk that use the data do things like putting data into spreadsheets and storing them on hard drives or thumb drives in unencrypted formats....which can and has lead to data breaches.

 

I agree that encryption may not be as useful as the article leads one to believe.

 

Regards

 

Diana