Justine Phillips Joins WITI in "A Guardians of the Galaxy's Approach To California's Consumer Privac

Justine Phillips, a partner at Sheppard Mullin Richter & Hampton LLP, specializing in both Data Privacy and Security and Labor and Employment Practice Groups, joined WITI on Thursday, June 11 to take members through "A Guardians of the Galaxy‘s Approach to the California Consumer Privacy Act." The presentation aimed to equip California residents with more control over their data.

The California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020, requires companies to share any data collected on California-based consumers if they demand it, including a comprehensive list of all the third parties with whom the data has been shared. The law also allows consumers to sue these companies in case of any privacy guideline violations.

The audience included a diverse mix of both WITI members and non-members. Some men were also in attendance.

"Women should not make the same mistake that men made for so long, which was, exclude the other gender," Phillips said in acknowledgment. "I think it is incredibly important for us to all have allies and advocates in our workplace and beyond to continue advancing women in technology."

The hour-long "space adventure," as Phillips called it, provided the audience with a comprehensive background on the existing CCPA law as well as similar laws that predate it, including the California Constitution's Right to Privacy amendment (passed in 1972), the establishment of the Office of Privacy (2000), the Breach Notification Law (2002), the Online Privacy Protection Act (2004) and the California Shine the Light Law (2005) citing California as the leading state for enforcing privacy as a formal right.

"The very first state to have a Constitutional right to privacy [1972] was California," she said. "A lot of people believe that there is a federal right to privacy. There is not. You might find rights to privacy in federal laws but you will not find a federal Constitutional right to privacy."

Addressing an audience member's question, Phillips also highlighted key differences between existing global privacy acts such as the General Data Protection Regulation (GDPR) and the CCPA.

"They are more alike than they are different, but there are some absolute differences. Namely, some of the language we use around it: there is no statutory right of damage under GDPR, you will not find an individual able to sue for $750 for the violation of their data being compromised," she said. "In my opinion, CCPA is one of the broadest data protection laws in the world, with the most serious consequences because of that private right of action."

Phillips cited recent examples of data privacy violations such as the Cambridge Analytica and Ashley Madison data breaches that led to the increasing need for comprehensive data protection laws.

Dr. Alexandr Kogen, who briefly went by the name of Dr. Spectre, was a research associate at the University of Cambridge who developed an app for Cambridge Analytica which collected data from 87 million unsuspecting Facebook users. The data breach also compromised the data of the users' registered friends on the social networking service.

In an interview with CBS News, Dr. Kogen denied breaking any laws in obtaining this information. "And it seems crazy now," he said. "But this was a core feature of the Facebook platform for years. This was not a special permission you had to get. This was just something that was available to anybody who wanted it who was a developer."

The event also yielded time for audience questions. In response to a query about how users can be proactive with their data, Phillips iterated steps that individual users, as well as businesses, can take to protect their data.

"From a consumer perspective and from a business perspective, data minimization principles are really important," she said. "What that means on a consumer's side: don't enter and share so much data, be selective, understand who you are providing data to. Know your company! I know people don't read privacy policies, but you might want to. You might want to say, ‘What is happening to my data if this really matters?'"

"The [steps] for a company," she said, "is to develop some of the ethics around your data. How does your organization want to be perceived culturally if, at the end, there is a breach? What do you want to have? What is your story?"

Aarushi Sharma is a student at New York University pursuing a degree in Media, culture and communications and politics. She has previously been news reporter for the Washington Square News, the largest independent college newspaper and WNYU 89.1 FM. She is interested in public policy research and prison reform.

instagram: @aarushisharmas
Facebook: www.facebook.com/profile.php?id=100040372012187
Twitter: @aarushisharmas

Opinions expressed by the author are not necessarily those of WITI.