<description>&lt;p&gt;Tom Kemp is the Executive Director of CalPrivacy. Previously, he was a Silicon Valley tech entrepreneur and CEO. He volunteered on the California Privacy Rights Act campaign and has advised on major tech policy legislation nationwide, including the Delete Act (SB 362) and AI Transparency Act (SB 942). He is the author of &lt;em&gt;Containing Big Tech&lt;/em&gt;.&lt;/p&gt; &lt;h2&gt;In this episode…&lt;/h2&gt; &lt;p&gt;California's privacy law evolves once again as its new regulations push companies to move from policy to proof. Privacy risk assessments, cybersecurity audits, and automated decision-making technology requirements introduce new obligations for businesses that process personal information at certain thresholds. Alongside recent CCPA enforcement actions, these new rules reinforce the importance of establishing governance, ensuring technical compliance, and demonstrating accountability. So, what do businesses need to do to stay ahead? &lt;/p&gt; &lt;p&gt;CCPA enforcement actions do not happen in a vacuum. Consumer complaints, website and data flow reviews, and media reports influence investigations that can trigger enforcement actions. Tom Kemp, Executive Director of CalPrivacy, knows this firsthand as he oversees these efforts, along with the rollout of the new CCPA rules. Companies are being evaluated based on real-world user experience. That's why they need to establish governance and strong operational processes that ensure compliance as regulations and consumer expectations evolve. Companies also need to walk a mile in a consumer's shoes and test their websites and mobile applications to ensure they are free of dark patterns and that access, deletion, and opt-out rights function without friction. And when it comes to AI use, companies need to keep in mind that existing CCPA obligations still apply whenever personal information is involved.&lt;/p&gt; &lt;p&gt;&lt;br /&gt; In this episode of &lt;em&gt;She Said Privacy/He Said Security&lt;/em&gt;, Jodi and Justin Daniels talk with Tom Kemp, Executive Director of CalPrivacy, about the new CCPA regulations, enforcement, and what's next for businesses. Tom explains why the California Privacy Protection Agency transitioned to the CalPrivacy name and how the agency focuses on raising privacy awareness and making it easier for consumers to operationalize their privacy rights. He outlines key timelines and thresholds tied to risk assessments, cybersecurity audits, and automated decision-making obligations and discusses how businesses can leverage existing processes to meet the new requirements. Tom also shares how California's collaboration with other state attorneys general and international regulators is shaping enforcement coordination and privacy oversight.&lt;/p&gt;</description>

She Said Privacy/He Said Security

Jodi and Justin Daniels

Behind the Curtain With Tom Kemp: New CCPA Rules, Enforcements, and What's Next

MAR 12, 202638 MIN
She Said Privacy/He Said Security

Behind the Curtain With Tom Kemp: New CCPA Rules, Enforcements, and What's Next

MAR 12, 202638 MIN

Description

Tom Kemp is the Executive Director of CalPrivacy. Previously, he was a Silicon Valley tech entrepreneur and CEO. He volunteered on the California Privacy Rights Act campaign and has advised on major tech policy legislation nationwide, including the Delete Act (SB 362) and AI Transparency Act (SB 942). He is the author of Containing Big Tech. In this episode… California's privacy law evolves once again as its new regulations push companies to move from policy to proof. Privacy risk assessments, cybersecurity audits, and automated decision-making technology requirements introduce new obligations for businesses that process personal information at certain thresholds. Alongside recent CCPA enforcement actions, these new rules reinforce the importance of establishing governance, ensuring technical compliance, and demonstrating accountability. So, what do businesses need to do to stay ahead? CCPA enforcement actions do not happen in a vacuum. Consumer complaints, website and data flow reviews, and media reports influence investigations that can trigger enforcement actions. Tom Kemp, Executive Director of CalPrivacy, knows this firsthand as he oversees these efforts, along with the rollout of the new CCPA rules. Companies are being evaluated based on real-world user experience. That's why they need to establish governance and strong operational processes that ensure compliance as regulations and consumer expectations evolve. Companies also need to walk a mile in a consumer's shoes and test their websites and mobile applications to ensure they are free of dark patterns and that access, deletion, and opt-out rights function without friction. And when it comes to AI use, companies need to keep in mind that existing CCPA obligations still apply whenever personal information is involved. In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Tom Kemp, Executive Director of CalPrivacy, about the new CCPA regulations, enforcement, and what's next for businesses. Tom explains why the California Privacy Protection Agency transitioned to the CalPrivacy name and how the agency focuses on raising privacy awareness and making it easier for consumers to operationalize their privacy rights. He outlines key timelines and thresholds tied to risk assessments, cybersecurity audits, and automated decision-making obligations and discusses how businesses can leverage existing processes to meet the new requirements. Tom also shares how California's collaboration with other state attorneys general and international regulators is shaping enforcement coordination and privacy oversight.