50,000 Privacy Wonks (and Margaret Atwood)

The Alliance attended the 2019 International Association of Privacy Professionals Summit in DC. The verdict? Privacy is now part of the business mainstream and change is coming to your business.

Ireland Data Protection Commissioner Helen Dixon speaking at the IAPP Global Privacy Summit 2019.

Ireland Data Protection Commissioner Helen Dixon speaking at the IAPP Global Privacy Summit 2019.

Since when is Privacy a profession? Certainly, once you can get 4,000 people to pay for a multi-day event, you know something’s happening. I confess I was one of them (and a card-carrying IAPP-certified Privacy professional to boot!).

For those of you that have never heard of IAPP, they offer training, networking, and shared intelligence on world developments in privacy. They count lawyers, Chief Privacy Officers, government officials, Data Protection Officers, and a host of policy and technology professionals as alumni. Their certification programs cover US privacy law, IT security, GDPR, and a range of other areas. They owe me for that plug.

Their DC summit is an annual event, and of course, law and policy end up taking a big chunk of the agenda. With GDPR coming up on its first anniversary, there were plenty of European officials on stage talking about lessons learned and the path forward. The big focus, however, was on the US privacy debate and the looming privacy law in California.

For those following along at home, you’ll know that the CCPA is set to take effect in January of 2020. Unless something comes along to change things, that law will expand the idea of “personal data” to include virtually anything that can be tied to an individual (if they’re Californian). The net result will be a broad restriction on data sharing, which is both good and bad depending on whether you’re a bad actor or a good one.

In parallel with the looming California law, Congress is holding an ongoing series of hearings in anticipation of federal privacy regulation. We attended several sessions where the key players were on stage - congressional staff, current and past Federal Trade Commission experts, and a range of experts actively working to draft and sell their version of a US GDPR. While details matter, and there’s still much to debate, the key variable for Congress is whether (and how) a federal law would interact with state laws like the one in California. The key questions: to pre-empt, or not; to provide a floor, or a ceiling.

Beyond the legislative discussions, sessions explored the intersection of privacy and AI, banking, international business, data breach and the ins and outs of implementation and IT oversight.

Our take-aways? That privacy expertise is a marketable skill for both lawyers AND tech staff, and that rules are coming to the US and developers had best get their data-houses in order sooner rather than later.