Navigate back to the homepage
Get a Demo

Live from San Diego: Our 5 key takeaways from IAPP’s Privacy, Security & Risk conference

Privacy
Phyllis Fang
October 29th, 2021 · 3 min read

The Transcend team has just come back from sunny San Diego and IAPP’s Privacy. Security. Risk. 2021 conference. It was amazing to be together in person again, connecting with folks across the entire privacy industry and participating in substantive discussions on privacy.

We’ve got pages and pages of notes from sessions on a variety of topics, but here are our 5 key takeaways.

1. Future state privacy laws will follow existing frameworks.

As much as privacy professionals wish for a singular national privacy law, the reality is that the United States is likely still a while away from this unified vision, so expect to see privacy legislation pass on a state-by-state basis until then.

In the next couple of years, we can expect to see Connecticut pass their own privacy law, and Colorado to begin implementing a “user-selected universal opt-out mechanism”, affording consumers the right to opt out of processing or sale of their personal data. Most of these state laws follow or are expected to follow the framework of California’s CCPA and incoming CPRA, and Virginia’s VCDPA.

2. To bridge privacy with stakeholders across your business, start with the why.

If you’re in a legal or compliance role, you’re focused on keeping your company in compliance with laws in place or around the corner, but compliance often isn’t the strongest motivator for other cross-functional teams.

Care/Of’s CTO Sundeep Chouksey suggests breaking through this by focusing on the why – why are we building this privacy program, what is this doing for the customer, and how is this protecting the end-user? Using this framework can help to shift focus into building features and functionality to serve your customers, that also meets compliance requirements, argues Chouksey.

3. Focus on the wider impact to drive home the importance of your privacy program.

Mobilize your cross-functional stakeholders around the importance of your privacy program by presenting a three-dimensional picture of your company operating without one—and all facets of what that could look like.

Focusing on emotional outcomes—the loss of business productivity, company revenue, brand reputation, or even employee jobs–can instill kernels of responsibility across your org.

P.S. Our Data Privacy Feedback Loop is packed with research and guidance on how to turn data privacy leadership into brand loyalty, trust, and preference.

There’s some tension in leaning on user consent for transparency, trust and privacy. Consumers have consent fatigue–across the web, they are met with jarring user interfaces and deceiving dark patterns, subverting their autonomy. The result is that people aren’t reading these notices or exercising their consent agency, meaning opt-ins can show a false positive for consumer trust.

In the Consent Paradox session, Stacy Gray (Future of Privacy Forum), David LeDuc (Network Advertising Initiative), Douglas Miller (Yahoo) and Dominique Shelton Leipzig (Perkins Coie) discussed how companies can work around this. The panel recommended companies to A/B testing experiences and audience segments to better understand user behavior (make sure to document these for any compliance needs) and shift the company’s focus from consent opt-ins to more qualitative trust metrics.

P.S. Transcend Consent is the only consent manager that regulates all 200+ tracking technologies and gives you flexibility to move the consent banner off your homepage. Try it for free.

5. Definitions of health data and its protections are in flux.

In the Big (Health) Data session, Jami Vibbert of Arnold & Porter discussed how historically, the focus with health data has been on data collection with regards to physical care provided. However, recent conversations are shifting to data collections on health apps, or even health-related data collected on consumer apps.

Similar to the FTC’s settlement with Flo Health on sharing personal health information, the industry expects to continue seeing the FTC define the line on privacy protections for different types of health data.

If you were there in San Diego, what were your main takeaways from the conference? You can also see some of our other highlights we shared live on Twitter.

P.S. And if we missed you in San Diego, we’d still love to say hi! Drop us a hello here.

More articles from Transcend

A path to standardizing data rights with a common protocol

Transcend has joined a consortium led by the Consumer Reports Digital Lab to develop a common protocol for consumers to exercise their data rights

October 21st, 2021 · 3 min read

Industry perspective: How DoorDash takes a KonMari approach to data minimization

Data hoarding is a dangerous business practice. Senior privacy manager at Doordash Nandita Rao discusses her KonMari Method™ for taming data sprawl and how to adopt better data hygiene processes.

September 15th, 2021 · 2 min read

Privacy XFN

Sign up for Transcend's weekly privacy newsletter.

San Francisco, California Copyright © 2021 Transcend, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Link to $https://twitter.com/transcend_ioLink to $https://www.linkedin.com/company/transcend-io/Link to $https://github.com/transcend-io