Earlier this month, the four-day Global Privacy Summit 2019 delivered a breadth of content spotlighting the big picture of data privacy and protection to more than 3,600 privacy professionals in Washington, D.C. Hosted by the International Association of Privacy Professionals (IAPP), the largest global information privacy community and resource center, the world’s preeminent annual data privacy and protection event promised to light the way on a variety of topics and emerging trends in the face of mounting complexity.
Josh Torres, corporate regulatory & privacy counsel at iCIMS, had the opportunity to attend the Global Privacy Summit 2019. As a global recruitment software provider, processing more than 75 million job applications a year for more than 4,000 clients, iCIMS finds it critically important to have a privacy expert at the helm. While at the conference, Torres was recognized as one of the members of the inaugural class of IAPP Privacy Law Specialists (PLS). The PLS designation places Torres among the elite in privacy law.
Here are a few highlights and key takeaways from top sessions at the conference, and themes we expect to continue to hear about for the remainder of the year into 2020:
1. Understanding the CCPA
The California Consumer Privacy Act 2018 (CCPA), set to go into effect in January 2020, has the potential to change how organizations in California and throughout the world handle consumer data.
This session gathered top leaders in California privacy to provide insight on the law, including its scope, comparisons to the General Data Protection Regulation (GDPR), and enforcement details. Torres and iCIMS are currently evaluating the legislation and its impact. In addition, they are continuously monitoring a wave of proposed amendments that may change the way CCPA impacts business.
The following are a quick summary of the current proposed amendments:
a. AB 25. An amendment that would modify the definition of “consumer” to exclude employees and job applicants
b. AB 846. An amendment that seeks to clarify the treatment of retail loyalty programs
c. AB 873. An amendment that would clarify the definition of “deidentified” and the handling of deidentified information
d. AB 981. An amendment that proposes to exempt from the CCPA “insurance institutions, agents, and support organizations”
e. AB 1146. An amendment that would exempt a defined category of vehicle information from the CCPA’s right to deletion and do not sell requirements
f. AB 1564. An amendment that would modify the requirement that a business must make available two or more designated methods for consumers to submit access requests to just one method
Keep an eye out for more iCIMS news related to the CCPA in the coming months.
2. Ethical Use of Employee Data: Improving Your Workplace the Right Way
During this session, experts from AT&T, Dell and the Future of Privacy Forum discussed the collection, use and sharing of employee data. In addition, they provided guidelines and discussed industry best practices to create an employee data governance program.
As a result of voluminous data breaches across the globe, more and more companies are recognizing the need for more stringent protections and clear transparency around the collection, use and sharing of employee data. However, not all have paid attention to these issues and how they impact employee data. In reality, companies collect large amounts of employee data that could hold significant value. However, some employees are skeptical of this thought process.
That is why we believe treating and protecting employee data with sensitivity is critical. We also think that data privacy and protection ought to start at the beginning of an employee’s relationship with a business. Therefore, iCIMS is committed to protecting candidate data rights throughout the hiring journey.
3. Letting the Machine Decide? Privacy Risks Associated with AI Technologies
AI (Artificial Intelligence) technology has the potential to revolutionize business in nearly every industry. According to PwC, business leaders believe AI is going to be fundamental in the future, with 72 percent terming it a “business advantage.”
This panel session – including speakers from Morrison & Foerster, Oracle and Uber – detailed the privacy and reputational risks associated with AI. They also shared how companies can mitigate them in compliance areas such as data minimization, notice and transparency requirements, security, data subject access and deletion rights, individual rights, and restrictions on profiling and automated decision-making.
The speakers also covered how regulatory developments, such as GDPR and the CCPA, may become an obstacle when using AI with respect to personal data. One common theme was that AI, viewed as a big data technology, generally opposes the basis of data protection and privacy laws. As a result, businesses must grapple with this issue and evaluate how they will deal with it.