This is my first dispatch from RSA, which was a month ago… a lot has (not) happened due to the pandemic. But, better late than never, right?
One issue that came up in conversations at the conference was the quandary facing companies subject to the new California Consumer Privacy Act (CCPA) and comparable regulations aimed at ensuring data privacy for the public. The law, under its section 1798.150, imposes significant penalties on companies that allow unencrypted personal data to be exfiltrated or subject to unauthorized access.
At the same time, consumers have now won “the right to know” and “the right to say no” regarding storage of their personal data. According to Wired, “users will, as of today, be able to see what data companies have gathered about them, have that data deleted, and opt out of those companies selling it to third parties from now on.”