Hello Fall. We are welcoming the new season with a new national data privacy law. Indonesia (the world’s fourth most populous nation) was the latest country to join the world's stage for its data privacy and protection bill.

While the future looks bleak for the ADPPA, we will be ending 2022 with more people protected than ever before. 

In this edition: 

• ICYMI: Privacy experts break down the Sephora News
• G2's Jen Amarwal on top tips for passing the CIPP/US exam
• We round up the top privacy news of September 

–DeAndrea Salvador

DG PERSPECTIVE

What the Sephora Fine Tells Us About Future Enforcement

The recent Sephora fine has the privacy community talking, so we decided to take part in the conversation.

DataGrail CEO Daniel Barber brought together CCPA/CPRA co-author Rick Arney and DataGrail CTO Cathy Polinsky (formerly of StitchFix and Shopify) to discuss the Sephora fine and the future of CPRA enforcement on LinkedIn Live. Here's what the panelists had to say:

A sign of the times

The kinds of data that was shared by the retailer with tracking providers was an important ingredient in the case. One example that Cathy and Rick highlighted was how the California Attorney General specifically called out data points that could infer a woman’s geolocation and health condition – information that is both sensitive and potentially perilous in light of the recent Roe v. Wade reversal. 

Should we have seen this coming?

Given recent state and federal efforts surrounding children's online safety, many were surprised that the AG went for a retailer rather than a broker or adtech company. However, having worked with eCommerce companies for many years, Cathy was not surprised. Retailers really want to focus on their specific products and business, so they lean into SaaS over many other industries to help them do that business.

Moving forward

Some final thoughts on preparing for the CPRA and building customer trust: "It's about giving customers choice... I don't think that there's a conflict between personalized experiences and data privacy. But if you break that trust, you will never gain it back from your consumers. And so it’s very important to think about these things from the get-go to build them into your workflows and to be responsive to consumers’ requests."

–Cathy Polinsky

The final four. With CPRA rapidly approaching, here are some resources to get your privacy program in check. 

📝 Read Up

• CPRA Compliance Checklist
• CPRA Expands the CCPA's Metrics Reporting Requirements
• CCPA vs. CPRA
• Countdown to CPRA Report

📺 Watch & Learn

• State of US Privacy: Countdown to Compliance
• US Privacy "Ask Me Anything"
• Unpacking CPRA + 2023 Predictions

CAREER CORNER

Conquering IAPP's CIPP/US Exam

Earlier this month, we sat down with Jen Amarwal, Data Privacy Analyst at G2, to discuss her recent peak moment – conquering IAPP's CIPP/US exam. We dove into her motivation to pursue and some top tips for test prep.

What was your biggest motivation to get your Certified Information Privacy certification through IAPP, and what was the timeline?

In my previous role, most of our attorneys were EU-based so I felt like having more US-specific knowledge would be more helpful and allow me to feel like I’m actually a privacy professional adding to the team. In terms of timeline, I bought the study book in November and took the test in July.

If you could go back in time, how would you approach CIPP certification differently?

I would have looked at more source material for cases including the FTC act and deep dive into more case studies. I think a lot of nuanced information gets lost when reading summaries from other people. I get a more nuanced understanding by reading the source material directly, which makes it easier to figure out how to apply it to my own company. It is hard to find resources for non-legal privacy practitioners. 

💬 Want to network with other privacy pros like Jen? Join the waitlist for Privacy Basecamp Slack Channel.

RECOMMENDED READING

South Korea Fines Google, Meta Over Privacy Violations

South Korea’s privacy watchdog has fined Google and Meta a combined 100 billion won ($72 million) for tracking consumers’ online behavior without their consent and using their data for targeted advertisements.

Lawsuit Alleges Tech on Zillow Website Amounts to 'Wiretapping'

Press (re)play. A new lawsuit challenges Zillow's use of session-replay code, a common technology that allows websites to record and replay users' interactions with the site to learn how they use it.

Personally Identifiable Information (PII) Data Explained

What it is, where it comes into privacy law, what qualifies, and more – this guide gives you the A to Z of PII data.