To Comply with State Privacy Laws, Companies Ironically Need More Data

WASHINGTON, February 12, 2020 – As states draft and pass state-wide privacy laws, company compliance becomes increasingly “untenable,” said Konture Technology Services President Scott Crespo at a privacy event held Wednesday by CompTIA. Crespo helps companies of varying sizes meet privacy laws, a jo

To Comply with State Privacy Laws, Companies Ironically Need More Data
Photo of Rep. Tony Cardenas, D-Calif., speaking at a CompTIA privacy event by Adrienne Patton

WASHINGTON, February 12, 2020 – As states draft and pass state-wide privacy laws, company compliance becomes increasingly “untenable,” said Konture Technology Services President Scott Crespo at a privacy event held Wednesday by CompTIA.

Crespo helps companies of varying sizes meet privacy laws, a job that became more complicated when the California Consumer Privacy Act passed in 2018 and became enforceable on January 1, 2020.

Crespo said his clients have been able to maneuver CCPA by adopting a “one size fits all” approach that will soon be impossible if more state standards are passed, said Crespo.

Companies who cannot comply in time might stop providing services to certain states, which occurred when the European Union passed the General Data Protection Regulation because other countries couldn’t comply in time, said Crespo.

Companies support privacy, but lawmakers must avoid hindering innovation and new players in the industry by setting an impossible compliance bar, said Crespo.

Crespo noted the irony in laws like CCPA. Because businesses want to comply with CCPA, this requires they collect more information about consumers to confirm their place of residence, said Crespo.

California residents remain protected under CCPA even while travelling, making privacy practice even more difficult for companies because they must know where users permanently live, said Crespo.

State legislation moves a lot quicker than federal legislation, said CompTIA State Government Affairs Vice President Alexi Madon. “A lot of people want to pass bills now,” said Madon.

Any company that acquires data is affected by private right of actions, not just the technology sector, explained Madon.

Madon said bills generally have three parts: definitions, access provisions, enforcement. State privacy bills look very different, a dilemma that Crespo noted will lead to companies putting up “digital borders.”

Representatives Cardenas and McMorris Rodgers acknowledged the urgent need for a national privacy law

Rep. Tony Cardenas, D-California, expressed concern over his home state’s CCPA because it was not a finished product when it reached the governor’s desk.

Cardenas said he favors an “opt in model,” so consumers can choose the privacy they deem fit. Cardenas hopes to pass a bipartisan privacy law that still grants states some leeway.

Rep. Cathy McMorris Rodgers, R-Washington, said the committee hopes to pass a federal privacy law this year.

GDPR created huge barriers for industry newcomers, and Congress must pass a bill that “protects consumers without stifling innovation,” said McMorris Rodgers.

McMorris Rodgers urged the audience to increase awareness surrounding the privacy issue because as excitement dwindles, McMorris Rodgers feels less optimistic a bill can get passed soon.

When asked what she thinks about the privacy bill the Washington State legislature is debating, McMorris Rodgers said, it makes her “more convinced” that a national model is essential.

CompTIA Senior Policy Counsel Dileep Srihari said it was “refreshing” that the congress members were concerned about their respective state’s privacy initiatives.

Srihari was concerned about the “hidden cost to innovation” that privacy regulations can pose if not carefully constructed. Numerous companies will emerge with 5G, just like Uber emerged with 4G, said Srihari. He worries that new innovations will be “stillborn” under overpowering privacy laws.