Behind the Curtain With Tom Kemp: New CCPA Rules, Enforcements, and What’s Next

Intro  0:00

Welcome to the She Said Privacy/He Said Security Podcast, like any good marriage, we will debate, evaluate, and sometimes quarrel about how privacy and security impact business in the 21st Century.

 

Jodi Daniels  0:21

Hi. Jodi Daniels, here, I’m the founder and CEO of Red Clover Advisors, a certified women’s privacy consultancy. I’m a privacy consultant and certified informational privacy professional providing practical privacy advice to overwhelmed companies.

 

Justin Daniels  0:37

Hi, I am Justin Daniels, I am a shareholder and corporate m&a and tech transaction lawyer at the law firm, Baker Donaldson, advising companies in the deployment and scaling of technology. Since data is critical to every transaction, I help clients make informed business decisions while managing data privacy and cyber security risk. And when needed, I lead the legal cyber data breach response brigade.

 

Jodi Daniels  1:00

And this episode is brought to you by Red Clover Advisors. We help companies to comply with data privacy laws and establish customer trust so that they grow and nurture integrity. We work with companies in a variety of fields, including technology e commerce, professional services and digital media. In short, we use data privacy to transform the way companies do business together, we’re creating a future where there’s greater trust between companies and consumers to learn more and to check out our best selling book, Data Reimagined: Building Trust One Byte at a Time. Visit redcloveradvisors.com. Today is an extra, extra special episode, and apparently I’m very high energy, too high energy for Justin.

 

Justin Daniels  1:40

I’m still recovering from the social calendar that you had for us over the weekend.

 

Jodi Daniels  1:44

Oh yes, we were party animals with activities, Friday night, Saturday night, Sunday night, and all, all kinds of activities all during the weekend. We’re not quite that busy, but we are well rested because we are recording on a Monday, and we are so excited to have Tom Kemp returning to the She Said Privacy/He Said Security Podcast, Tom Kemp is the executive director of CalPrivacy. Previously he was a Silicon Valley tech entrepreneur and CEO. He volunteered on the California Privacy Rights Act campaign and has advised on major tech policy legislation nationwide, including the Delete. Act SB, 362 and AI transparency. Act SB, 942 he is the author of Containing Big Tech, which I encourage everyone to read. Tom, welcome back to the show.

 

Tom Kemp  2:34

Oh, my God, you guys had me back, so I must have not done that poorly the first time around.

 

Jodi Daniels  2:38

So it was amazing, and we’re so excited that you were here with us today.

 

Justin Daniels  2:43

Thank you for having me. Wow, this is you without even any espresso, impressive

 

Jodi Daniels  2:49

happiness, just natural happiness,

 

Justin Daniels  2:51

doing it, of course. Tom I’ve been told that certain domestic skills around making beds, I am

 

Jodi Daniels  2:57

deficient, yeah, closing cabinets, yes, clearly she’s

 

Justin Daniels  3:01

happy and I am deficient. But anyway, Tom, can you share for some of our listeners who may not know you as well, a little bit about your career journey?

 

Tom Kemp  3:13

Well, thanks, yeah. I mean, you guys actually did a great job of summarizing it. So just at a thumbnail sketch is historically been an entrepreneur here in Silicon Valley. And then my last company, I was CEO and founder of a cyber security company, was able to build that to over 500 people and 100 million dollars in revenue. We actually had to go through GDPR compliance. So I’ve actually been on that side of the fence, so to speak. And then, after the company was acquired, this ballot initiative was happening in California, and I jumped on board. And it was prop 24 the California Privacy Rights Act, that amended the CCPA, and so worked as a full time volunteer on that that that passed with 9.3 million votes. So just incredible desire on behalf of Californians to have additional privacy. It created the agency that ballot proposition the California Privacy Protection Agency. So I just got the policy bug, and as you alluded to just you know, volunteered as a policy advisor. And so when this opportunity came up, I really jumped at it, and also I had some key things that I really wanted to implement, and one of which was making privacy easy, and that was that’s really key to me as well. So not only, you know, doing the day to day operations and working on the strategy and vision alongside the team, as well as the board of the CalPrivacy that also really wanted to ensure that Californians can easily operationalize their privacy rights.

 

Jodi Daniels  4:50

I love your background as an entrepreneur. I think that really helps, because trying to comply with privacy laws is a challenging. Activity, and for someone who actually had to do it, you have a unique perspective, especially sitting in the role that you are today.

 

Tom Kemp  5:10

Absolutely, yeah, no, I certainly want to make it easier for consumers, but at the same time, you know, we got to make sure that businesses are able to operationalize the privacy rights and be able to implement them as well. So it’s a constant trying to find that right balance between guardrails and not holding back innovation. I think we’ve done a pretty good job here in California. We’ve moved even with the CCPA being passed and then amended with the CPRA. Over the last few years, we’ve actually moved from the fifth largest economy in the world to the fourth largest economy in the world. So I think California, we’re showing some good examples of that always can improve in terms of making it easier for businesses at the same time trying to expand the rights that folks have. So it’s a that’s a constant, you know, issue that we’re always looking at helps me have job security helps me too. Yes.

 

Justin Daniels  6:08

So Tom first, for those of us who are used to the CCPA, can you help us understand the name change to CalPrivacy? Yeah.

 

Tom Kemp  6:17

I mean, so obviously you have the California Consumer Privacy Act, the CCPA, which was amended in 2024 by the California Privacy Rights Act or CPRA, that would that created the California Privacy Protection Agency or CPPA. So I think we got everything you know straight so we would never mess up these four letter initials. Now, just seriously, it just, there was just kind of four letter acronym overload right here, and especially as the agency tries to be more consumer outbound focused, you know, trying to educate consumers, raise privacy literacy, make privacy more easier, deliver this drop system that it just made sense to not subject the everyday person to these four letter acronyms. In California, many of the agencies go by Cal, this, Cal, that, and so it just made sense to move to CalPrivacy to reduce friction make it easier for consumers to find us on the internet, to take advantage of our resources. So it’s just again, maybe another example of trying to operationalize what we’re trying to do here by giving us a more friendly nickname. Our legal name is still officially the California Privacy Protection Agency for but for the most part, we’re referring to ourselves as CalPrivacy because it’s just and it’s the transition has worked really well. People have latched on to it, so which is encouraging,

 

Jodi Daniels  7:49

yes, privacy prayers. Really appreciate not having to mess up all those acronyms. So thank you. And you also have, we have some newly adopted CCPA regulations rolling out starting this year. And what I was hoping we could talk about are what are the most important changes that companies need to understand, which we have consumer rights obligations and the new admt automated decision making, technology cyber security audit and risk assessment requirements?

 

Tom Kemp  8:21

Yeah, no, we had a omnibus package of regulations that went through a long and winding road. But in the end, we landed the plane on the bat the aircraft carrier with these things, and we really appreciate the feedback that we got from the business community, users, et cetera. Now we didn’t do this out of the blue. This was actually mandated by the actual prop 24 the ballot initiative that told the agency that they had to write regulations in automated decision making, risk assessment and cyber security audits. And so it was left to the agency to do that, and through this process, we really fine tune this. And in the end, I think we have the nation’s most comprehensive set of regulations in these areas. For example, when it comes to cybersecurity audits, the only other state that requires cybersecurity audits is New York, but that’s only limited to financial services. This applies to all businesses, specific to, you know, processing at a certain level of sizes and doing certain actions as well. So, yeah, there’s a whole different set of deadlines associated with these. You know, first we’ll focus on risk assessments that that kicks in right now, January 1, 2026 and in terms of actually having to submit attestations back to the agency saying that you’ve done that, you don’t have to do that until April 1, 2028, in terms of some. Cyber security audits that you obviously, hopefully in a perfect world you’re doing. You’re auditing these systems that process personal information, but in terms of actually having to send the agency certifications for larger businesses, over 100 million, that doesn’t kick in until April 1, 2028, in terms of when you have to send us this certificate saying we’ve done this for companies 50 to 100, that’s April of 2029, and under 50, that’s not until April 2030 the good news on the cybersecurity audits is that you can leverage existing auditing that you’ve done to kind of check off the items that we require. We do require an independent auditor to be participate in this. So again, in terms of trying to make it easier for businesses, we really wanted them to leverage kind of the existing processes, audits that they’ve done, etc. And then, last but not least, there’s the risk assessments. And risk assessments actually not, I’m sorry, automated decision making. That’s the next one I wanted to talk about. That kicks in on January 1, 2027 and that is enabling specific rights for consumers, and the ADM T only involves the usage of personal information making significant decisions with kind of humans, you know, kind of being out of the loop for that. You should definitely look at the definitions right there. And then there’s nothing that you have to submit back to the agency for ADM T but you need to have certain give certain rights to consumers, and those rights include the right to opt out, the right to access, etc. So yes, comprehensive set of regulations with different dates, and we’re going to make things easier for businesses. So what we’re going to do this year is we’re going to come out with bulletins and fact sheets to give an overview of what’s required, and then we’re going to do informational sessions. And so that’s going to happen all this year. And then lastly, there’s another set of updates to the regulations, which were more generic CCPA updates, and we’ve already come out with a fact sheet on that that’s available from our website. So yeah, big package mandated different deadlines, different dates associated with them, but we’re going to try very hard to, you know, educate the business community in terms of what their obligations are this year.

 

Jodi Daniels  12:44

Tom, you’re a great person. You always post all kinds of wonderful new information on LinkedIn. So I encourage anyone listening to follow if companies wanted to make sure they’re on top of those bulletins, is there an email or just go to the main website for CalPrivacy and be able to sign up so that they don’t miss any of those new bulletins or advisories that you’ll put out.

 

Tom Kemp  13:07

Yeah, so we have the cppa.ca.gov website, where there is the ability to register for different updates, board meetings, as well as other information that comes out as part of this move to CalPrivacy, we have a consumer facing website, privacy.ca.gov and over the next six months, we’re actually going to merge the two sites together, just to be privacy.ca.gov and in the merge site, there will be a kind of a business area where we’ll have these bulletins posted. They’re currently on the cppa.ca.gov, website. And then we also will have a newsletter as well, and we’ll have different newsletters for that more of the consumer facing, you know, just get updates, privacy tips. But there also will be up the ability in the new website to subscribe for more business updates. But that exists today, you know, on the cppa.ca.gov, website. So, yeah, it’s, we always need to be, you know, informing both consumers and businesses you know what’s going on with the agency. And so there’s a way to get notifications.

 

Jodi Daniels  14:16

Wonderful. Everyone listening. Make sure you go sign up.

 

Justin Daniels  14:20

Oh, so Tom, what are the biggest operational challenges you see companies facing when it comes to implementing CCPA rights, like access, deletion and opt outs?

 

Tom Kemp  14:33

Yeah, I think the enforcement actions that we’ve taken provide a real good roadmap of, you know, things that businesses have tripped up on, and so those are always good guidelines to take a look at. And, you know, kind of do some introspection. Furthermore, we do provide enforcement and. Advisories from time to time. And so we try, through both the settlement agreements that we publish as well as enforcement advisories, you know, just try to provide transparency in terms of things that we think are important that all businesses should take a look at. And so I think clearly. I think the key message that’s coming from the enforcement advisories as well as the enforcement actions, which is the overall to answer your question, is we really think that businesses should walk a mile in the consumer’s shoes, that they should what they what that means is, is that they should actually test their website, their mobile application, and determine whether or not people can actually exercise their privacy rights. You think like, oh, but boy, that’s that’s definitely not a revolutionary statement. But what you’ll see from time and time again is that I think that a lot of businesses may have just relied on some technology that they may have purchased or license, and with the thought process that, just because I bought a privacy product, then I checked that box, but, you know, they’re like any technology you need to properly configure it, and then you actually have to, you know, do a walk through to make sure that whether or not it actually works and it meets, you know, probably, you know, the average expectation of a consumer. So I think it’s the, my biggest advice and guidance is to do actual consumer testing of it, you know, like, if you’re a privacy professional, you know, call up your your grandma, you know, call up your your aunt, your your sister, a friend in the neighborhood, and say, Hey, I’m responsible for x, y, z. Com, can you do me a favor? And then, you know, go to our website, see if you can figure out how to get to the privacy page, how you can exercise your privacy rights, etc. Was it an easy experience? Was there timely responses, things of that nature as well? So I think that’s our biggest recommendation of what we’re seeing is that consumers are being flustered and friction is being introduced in the basic exercising of privacy rights with associated websites and mobile applications.

 

Jodi Daniels  17:28

I love that you emphasize that customer test and I would offer people should also look because sometimes mobile versus desktop is a different experience. Font size, color, how other links are overtaken, and just the entire experience, to really look at what it what you thought, what you planned, and just literally have an outside view is incredibly helpful. So I’m so glad that you you emphasize,

 

Tom Kemp  17:54

I think people focus, you know, with websites they focus on, like, can a transaction occur? Can I get someone to quickly sign up? Can I quickly, you know, but then oftentimes, it kind of stops after that, and they don’t think about the whole life cycle of a consumer saying, Hey, I actually want to delete my account, or I want to stop getting emails from you because you’re kind of, you know, spamming me. I want to opt out that I want my information being sold or shared. Yes, I signed up for it, but I get the sinking feeling that you’re using my information and providing it to others. So basically the expectation is, is that consumers want to be able to control their personal information. And you know, I just simply say that, yeah, it’s tough to lose someone from your you know that someone wants to opt out, but that is a right that people have, and you need to be able to respect that right by not putting forth dark patterns, making it too difficult, providing a unified interface, not asking for too much information for people to opt out, etc. And again, I think a good roadmap is these enforcement actions, these enforcement advisories that we’re really trying to telegraph to the community. These are the things that we care about. And we’re not doing this in a vacuum. We actually get over 150 complaints from California every week. Since inception, we’ve had over 10,000 complaints, and one of our more recent enforcement actions was actually triggered by a consumer complaining that, Hey, I can’t exercise my privacy rights. And they got so frustrated that they, you know, lodged a complaint with us, and that led to an investigation that led to a enforcement action. So, yeah, you got to respect your customers and the consumers.

 

Justin Daniels  19:45

So Tom from your perspective, because obviously you’ve worked in the private sector and been highly successful and now in your policy role. What is your thought around these executive, non privacy pros? Whose whole goal is, if we want to grow this company, we need a frictionless experience for our customer. And to put a fine point on that, I think of what’s going on now with AI and some of the lawsuits you’re seeing around how kids interact and how people are interacting with these automated decision making tools, where it doesn’t seem like privacy is being respected because it’s an all out race for market share.

 

Tom Kemp  20:26

Well, the reality is, is that at least at CalPrivacy, we are responsible for protecting people’s rights to their personal information just because you’re using a new technology such as artificial intelligence, if it utilizes personal information, you don’t get to get out of jail free card that the laws you know regarding the the obligations that businesses have, the respecting of privacy rights, you know, continues, even Though you’re using this newfangled AI, it’s not like, you know, personal I mean, sorry, privacy rights disappeared during the mobile revolution. That occurred just because you come up with a mobile app and before you just had a website, that doesn’t mean that, you know, consumers should not be able to exercise their privacy rights under under the mobile app as well. So, yeah, I think the reality is, is that there is a significant wave of new technology coming, but the underlying you know, usage of data, the rights and the obligations you know, are still there, and we will certainly see additional legislation for specific use cases that may not be covered by existing laws. But to be candid, the CCPA, the California Consumer Privacy Act, is pretty broad, and it does cover the use of personal information by artificial intelligence. And then we even further put forth regulations specific to automated decision making that’s making critical decisions for people as well. So there’s even further obligations that are associated with it as well. So yeah, and I think increasingly, you know, consumers are going to, you know, notice this. They’re going to file complaints that this is going to be an area of enforcement, and I think that’s just kind of the natural evolution that’s going to happen.

 

Jodi Daniels  22:28

Well, speaking of enforcement, CalPrivacy is unique as being a dedicated agency in the United States focused on privacy, and we have other states and Attorney General’s Offices that are ramping up in enforcement and a lot of conversation about collaboration. Can you share a little bit about how does CalPrivacy collaborate with other Attorney General’s Offices, or privacy throughout the US?

 

Tom Kemp  22:53

Yeah, absolutely. So we always want to, you know, gain leverage by working with sister agencies within the state, as well as cross jurisdictionally, and so it’s important for us to be able to share tips best practices, and then also ensure that we’re harmonized with other states in terms of the enforcement of our laws. It actually turns out that the vast majority of privacy laws have common bones. They have a common they enable a common set of rights. I’m not saying that there isn’t, you know, some differences, but if you actually look at the enforcement actions that have been taken at the state level, those type of enforcement actions would have happened in any state, right? And and so it’s, it’s key for us to be able to partner with other agencies. And so we really took this lead on this consortium of privacy regulators. And so yes, as an we’re the only independent agency that’s a member of this and then the other members are Attorney General offices. And I should definitely point out that the Attorney General of California also has enforcement rights over the CCPA. So it’s kind of interesting that, you know, we’ll come out with some press releases about enforcement actions, and then all of a sudden, the Attorney General will do that as well. So it’s kind of so there’s dual enforcement happening here, but there are 10 members of the consortium of privacy regulators. It’s bipartisan, and I think that number is going to grow, and so it’s really key for us to partner with them. And that actually leads to, for example, a joint investigatory sweep that we’re doing as it relates to support for the global privacy control we’re doing that with the Attorney General of California, Colorado and Connecticut. So that’s kind of a focus area. So that’s another way for businesses to kind of realize that. What’s important, besides the enforcement advisories and the enforcement actions that we’re doing, and then we’re also collaborating on an international basis. So we were part of a investigation with 30 DPA, most of which are in Europe, focused on kids safety as well. So that’s another area that we can kind of collaborate with not only here in the United States, but around areas such as global privacy control but also internationally as well. In fact, we even have partnerships, formalized memorandums of understanding, with the ICO in the UK canal in France, the South Korean Data Protection Authority, et cetera. So it’s just things that we’re trying to do to give us more leverage, better educate ourselves and help facilitate harmonization of the enforcement of privacy laws are key areas of focus of ours.

 

Jodi Daniels  25:53

That makes a lot of sense. Thank you so much for sharing.

 

Justin Daniels  25:58

So with the new rulemaking complete, you know what enforcement mechanisms or priorities is the cppa most focus on operationalizing in the next 12 to 18 months. And we also hear people asking how a company might be investigated. If you can share a little bit about that as well. Yeah.

 

Tom Kemp  26:16

I mean, obviously I’m not going to get into the particulars, but clearly, from an investigation perspective, we do look at these consumer complaints that I talked about before, and usually what happens is, is that if there’s some business or some practice that’s happening that will suddenly see kind of a flurry of, you know, similar complaints coming in. And so we certainly look at all the complaints, and as I alluded to before, they have led to specific enforcement actions that we’ve taken. So we do listen to, we put our ear to the ground, and we certainly listen to, you know, what’s what’s happening, and we really appreciate the Californians, you know, taking the time to, you know, flag and raise issues with us in the form of complaints. Similarly, we actually have a technology team that will look at websites, data flows, etc, associated with specific privacy harms that we’re aware of. We’re definitely looking at press articles. And if there’s specific things that are top of mind or kind of egregious, you know that we’re not immune to reading the newspaper or getting a Google alert on things, and so that may trigger, you know, interest on our behalf. And you know, just so those are the type of things that you know could raise issues or flags with us. And you know clearly what we’re trying to focus on is addressing, you know, privacy harms that are impacting, you know, vulnerable people in our community. Furthermore, you know, we like building cases as kind of we see each case as a building block that kind of sets precedent that provides guidance to other businesses in terms of what’s acceptable, etc. So we’re kind of working our way up and, you know, trying to have you communicate like, you know, here are things that are definitely not good in terms of dark patterns or providing too many hoops or too much friction for people to exercise their privacy rights. So that’s kind of the overall, you know, Genesis of how investigations come up in terms of enforcement, you know, priorities. I think we don’t communicate those, but I think some of the joint work that we’re doing with the some of these other agencies that I talked about, for example, around global privacy control, around with other jurisdictions, both domestically and internationally, around kids data, give you a good feel for the things that are top of mind with the agency,

 

Jodi Daniels  29:18

and I’ll echo those bulletins that you mentioned earlier, I would, I would offer that also a focus is additional communication bridging together to make it even easier for consumers. And I think I always say, the more that consumers are educated, the more that they’re going to then question what happens at companies, and it is unhappy consumers that tend to try and make privacy rights requests, and then when those aren’t honored, then they’re going to be unhappy and submit complaints. So I feel like it’s an entire circle of additional education to consumers who then go and do their daily business with all different types of companies, and depending on how that experience. As testing what that experience is from a company standpoint, and making sure it’s actually working is going to be extra important.

 

Tom Kemp  30:09

I 100% agree with you, and I think what’s happening in society is that there is increasingly a greater interest in people protecting their privacy. And parents see that with their their kids, you know, with the algorithms using personal information to, you know, keep them utilizing the applications and systems that people’s name, image, likeness is being manipulated and and parents are very concerned about what’s happening in schools with, you know, people’s photos being manipulated. And then there’s concerns about, you know, is data being sold to the government? Is data being used to kind of surveil me and give me different pricing compared to other people as well. So I think overall, from a societal perspective, there has been a significant, you know, increase in privacy literacy and Privacy Awareness and and so therefore, and especially with the drop system that we’ve implemented. I know we haven’t talked about it. That’s the Delete request and opt out platform that allows consumers here in California to have a single click mechanism to initiate a deletion request once based on the overwhelming response. And we’ve had over 230,000 Californians in about six, seven weeks. Go to this website, sign up. It tells you that there’s a pent up demand and interest in being able to take control of your personal information, to exercise your privacy rights at scale, etc. But that pent up demand and interest wouldn’t be it’s not in a vacuum. It’s based on what’s actually happening and the fears that that people have, and so yeah, to kind of go to the old way of thinking where, well, people really don’t care about privacy, you know, we can kind of skimp on this. It just doesn’t match what the current Zeitgeist is with with people who have great concerns about what’s happening with their kids, that they’re concerned, that they’re they’re adult as adult children, that maybe their elderly parents, that information is being weaponized to scam them, to facilitate, you know, AI based phone calls, you know, from someone’s grandchild, etc. So there’s just all this stuff going on. And so I think businesses just continue need to continue to realize that that you got you have to meet consumer expectations. Now.

 

Jodi Daniels  32:56

CalPrivacy has an exciting new role with a Chief Auditor on board. How do you see this new Chief Auditor role evolving and what the primary area of focus will be?

 

Tom Kemp  33:09

Yeah, so we’re certainly thrilled to have Sabrina Ross as the agency’s inaugural and first ever Chief Privacy auditor. This position was actually called forth in the statute, the prop 24 the California Privacy Rights Act. So we’re glad to have this person on board. She will lead our newly formed audits division, which develops and applies complex, you know, regulatory examinations of businesses. So the focus of the audits division will be looking at compliance, and as a compliment to our enforcement agency that looks at violations as well. Now we may do these audits, you know, just to get a better understanding of new technology areas or to look at specific privacy harms, maybe in the end, to raise awareness and provide education and create reports available to businesses and consumers, but also some of the audits actually may lead to referrals to The enforcement team as well. And so really the enforcement division is complementary to this newly formed audits division, and who are really focused on looking at compliance gaps, as opposed to enforcement division looking at violations, when I previously mentioned the risk assessment attestations that are due in 2028 and when I talked about the cyber security certifications, certifications, excuse me, those will actually be processed by our audits division, so we have time to document and tell people how you go. About submitting those but that’s another kind of area of focus of that the audits division will will

 

Jodi Daniels  35:05

work on. Wonderful. Thank you very, very helpful.

 

Justin Daniels  35:11

So Tom, as we asked you before, what do you like to do for fun when you’re not all things about privacy policy in California,

 

Tom Kemp  35:21

what do I can you say that again? I want to make sure I answer this. What do I like about

 

Justin Daniels  35:27

I’m sorry. What do you like to do for fun when you are not all things privacy in the state of California?

 

Tom Kemp  35:35

Great. Okay. Yeah, no, thank you. Well, I’m certainly I’m a sports fan, and my alma mater, the University of Michigan, is playing pretty good basketball. Unfortunately, we lost the Duke in a non conference game, but there’s the tournament coming up, so hope springs eternal for my alma mater as well as everyone else’s alma mater. 68 teams that get into the tournament. So I’m definitely going to be focused on March Madness in the coming weeks as well. I can’t

 

Jodi Daniels  36:12

believe that’s already upon us. Oh my gosh. I feel like we just did that well. Tom, we are so incredibly grateful that you joined us today. If people would like to connect and learn more, where’s the best place for them to go?

 

Tom Kemp  36:26

Well, certainly, you know, from a professional perspective, feel free to follow me or connect on LinkedIn. And then specific to if you’re more of a consumer, or you have people that live in California, point them to privacy.ca.gov, and then obviously, there’s the drop system that’s available for Californians to use. And so that’s a quick and dirty way for people to at least take control as a respect to the use of their data by data brokers. And then at that website. We also have a whole bunch of privacy tips as well. And then finally, for the business community, you know, for these bulletins and and the enforcement advisories that’s on the cppa.ca.gov, website, sorry, to offer two websites. As I said before, we’re going to merge these together over the next six, nine months, but right now, they’re they are separate, and so the cppa.ca.gov is more for resources, for businesses talking about advisories and and other things, while the privacy.ca.gov is more the consumer focused one. So visit both or visit one and, and we certainly appreciate any visits that people make to our website amazing.

 

Jodi Daniels  37:43

Well, thank you again. We really appreciate it. Oh, this has

 

Tom Kemp  37:46

been great. Well, thank you for having me on. I don’t know if this is going to warrant a third visit right here. I love it. Let’s do I’m going to be if I’m like, Okay, that’s it. We’ve had enough of him.

 

Jodi Daniels  37:57

So you’re always welcome back anytime. Okay, thank you. Well, look, I really appreciate

 

Tom Kemp  38:01

what you guys do, the evangelism that you do on behalf of raising privacy literacy with the business community and so that’s that’s always greatly appreciated.

 

Jodi Daniels  38:13

Amazing. Thank you.

 

Tom Kemp 38:15

Thank you so much.

 

Outro 38:21

Thanks for listening to the She Said Privacy/He Said Security Podcast. If you haven’t already, be sure to click Subscribe to get future episodes and check us out on LinkedIn. See you next time.