November 2021 Privacy Points

We are gearing up for the 2022 legislative session. Based on the legislative committee days this month and the release of the 2021 Attorney General breach report, we expect privacy and security will be important to Washington lawmakers again this session.

The AGO reported a marked increase in data breaches this year for Washington residents, especially spikes in ransomware. Unfortunately, Washington experienced some of its largest incidents ever in 2021.

Recommendations in the report mirror those advocated by our office, which include requiring businesses to report when the last four digits of a Social Security Number (SSN) are compromised. Currently, only government entities are required to report and notify if the last four numbers of the SSN are exposed. Businesses should also be required to notify in these situations to help Washingtonians protect their personal information.

Presentations

• AmCHAM, Nov. 8, 2021 - This month I was invited to participate in an interview with our partners in Chile at the AmCham Chile Artificial Intelligence Forum. Specifically, we talked about the work of the Automated Decision-Making Systems (ADS) workgroup and what governments and industry are thinking about in terms of ADS and AI. For more information visit the America Minera website. You can also follow the ADS workgroup's progress on our ADS page. The report will be released in early December 2021.
• UW Law, Nov. 8, 2021 - I had the opportunity to be a guest lecturer at the UW School of Law class on public policy making. I presented on how the Office of Privacy and Data Protection (OPDP) helps implement and operationalize privacy policies for Washington state. Examples of this work include the annual privacy review, training and most recently the ADS workgroup facilitation and report.
• State Agency Privacy Forum, Nov. 29, 2021 - This quarter we covered highlights from the ADS Report, SB 5432 and the Privacy Assessment Survey. All three reports will be released before the 2022 legislative session, which starts Jan. 10. We also discussed some FAQs that OPDP gets on occasion from the privacy community about facial recognition, offshoring data, protections for demographic data and two-party consent for recorded conversations.

News items that caught OPDP's attention this month include:

• AG report: Washington sets record for data breaches and ransomware attacks (Seattle Times)
• Newsletter: More Privacy, Please (JDSUPRA)

See you next month with more updates from our office!

Katy Ruckle

State Chief Privacy Officer