Quasi-selected targeting seen as prudent move
David Shipley, head of Canadian-based Beauceron Security, likened the move by the CPPA and the three states as the equivalent of a blitz to slow down drivers who go over the speed limit.
The initiative, he said, is “the governance and privacy law equivalent of, ‘let’s put the California privacy Highway Patrol out there and see who’s speeding, who’s not actually going to play by the rules,’ and it’s smart. It’s part of the toolkit that should be out there and done responsibly. It’s done in a way that’s not like ‘we’re auditing everybody.’ That’s terrifying — I don’t think anyone has the resources for it, and it would cause mass chaos.”
But a random, or even a quasi-selected targeted enforcement initiative, he said, will actually help the privacy sector: “What I mean by that is, there are a lot of hard working folks in in the privacy or governance, risk and compliance side, and they’re going to say, ‘hey, there’s this law’. And then sometimes they run into a lull at senior executive or even board levels, where people go, ‘yes, but what’s the chances we will actually get hit with it? That’s a risk we’re willing to accept and what’s this actually going to cost us? What are the chances that this will happen versus all the other business pressures were under?’”
