Alrighty then. Ladies and gentlemen, welcome back to another episode of Privacy, Please. Cameron Ivey, here hanging out with Mr Gabe Gumbs Gabe, how you doing.
Speaker 2I'm doing well, sir. How are you, Mr Ivey?
Speaker 1Doing well, had a little storm roll through. You probably had some effects from that. When it rains, it pours, it does indeed and it also lightenings.
Speaker 2When you live in the lightning capital of the world. That's a thing, that is a real thing. Is that why they're called the tampa bay lightning?
Speaker 1I think it might be it might have a tiny bit to do with it. Yes, sir, yes sir that makes sense yeah, yeah, a world champion tampa bay lightning.
Speaker 2Is that what's right?
that's true it seems to be that even florida panthers, I mean we've, we've had some, uh, the nhL has been owned by Florida teams, which is funny yeah.
Speaker 2I mean we get a lot of Canucks that visit down this way, but Lord knows, you couldn't freeze an ice cube on the coldest days of the year down there.
Speaker 1No, I bet it makes so many Canadians mad. But hey, it's the tax stuff.
Speaker 2I think at the moment they're far angry about other things.
Speaker 1That's true yeah, that's, very true.
Speaker 2We should let the line there Shout out to our Canadian brethren north of the border.
Speaker 1Shout out Canadians, we still love you and your geese, we love you, pal, it's true. Canadian bacon.
Speaker 2I like that Is't even know is that american you just called canadian bacon probably like french fries. It's probably on the list. Oh yeah, sorry about that. Yeah, freedom there's.
Speaker 1there's a couple things that have been going on in the security and privacy space that we'll just kind of touch on First we'll talk about. We'll just throw it out there. So one of the biggest settlements for the CCPA right now is the Healthline $1.55 million settlement under the CCPA Gabe. I don't know if you heard of this. It's kind of recent, it just came out.
You may not know. I've heard of it but I hadn't had a chance to really dig into it. Was that a percentage of revenue of some sort, or just a fine based on number of records? I'm curious because, to be honest, 1.5 doesn't really sound like a deterrence for doing better.
Speaker 1Yeah, that's a good question because it says Healthline Media agreed to a record 1.55 million dollar settlement with the CCPA for violating the. Let's see what they say. Specifically Resolves claims that Healthline shared sensitive user data with advertisers and data brokers without proper consent and opt-out mechanisms.
Speaker 2Classic, classic. I was going to say it's par for the course. I mean, we know lots of folks continue to still engage in those type of noncompliance behaviors, usually not intentionally. A lack of guardrails internally tends to be behind this. More often than not, you know, the average business isn't intentionally trying to be non-compliant or, for that matter, even unethical. Say what you might about capitalism or, for that matter, even unethical Say what you might about capitalism. But yeah, 1.5 still just doesn't seem like the guardrail I would want it to be.
Speaker 1Yeah, I mean it's a lot of money, but it's really not that much, You're right. So here are three things that this will kind of shed light on some more specifics. So they're paying this fine due to a couple of reasons.
Speaker 1So one main line health, health line media, so prohibiting the sale or sharing of personal information linked to specific medical diagnosis, providing notice and the right to limit the use and disclosure of sensitive personal information before sharing it for advertising, and implementing a program to assess the functionality of opt-out mechanisms and ensure third-party contracts meet ccpa requirements. Those are the three things that they did not do, that's right, which are pretty big. I mean, that's it's pretty big. Yeah, you know it's pretty important.
That's quite a bit. That's quite a bit, you know, back of the napkin. Search suggests that Healthline is a wildly profitable business with, you know, revenues in the high double digit millions and profits that aren't that far off of that. So you know, that again goes right back to that. I'm never really a fan of compliance being the first guardrail for these kinds of challenges, and I'm not certain that imposing record-breaking or otherwise 1.5 million is really a deterrence to others yeah, I I'm trying to see if there's more information on what I mean.
Speaker 1I wish they would kind of break down why that number, why only that and they settle on that.
Speaker 2Like gdpr, for example, their fines are, if I'm not mistaken, they're based on a percentage of revenue, right, right?
Speaker 1because this I mean the last one before this was what? 1.2 million, which was the sephora one that we were talking about earlier. Right, right, right right, that was back in 22, but what's funny is this was also oh wait, okay, yeah, they were mentioning it. So some of the I'm trying to see if there's any more like specific details. So this is the first US regulatory privacy enforcement action where a company has been fined for disclosing inferred sensitive data.
Speaker 2What's inferred. So not direct, but it means that they may have been able to de-anonymize individuals based on it. I mean, inference and de-anonymization are kiss and cousin, so I'm I'm drawing a straight line there. But but it means that they were able to infer who cameron ivy was without direct reference to who cam Ivory was.
Speaker 1Right.
Speaker 2That's extra naughty yeah.
Speaker 1Inferred based on articles. Read is what.
Speaker 2Interesting.
Speaker 1I don't know. This is interesting. So and obviously you know we're dealing with health related data. I don't know the company that I've never really honestly heard of them before.
Speaker 2There are about a billion healthcare companies None of us have heard of, and they're all making ungodly amounts of money.
Speaker 1Oh what. We can sell you all of these personal health information for a lot of money and yeah, that's it.
Speaker 2Payout claims.
Speaker 1Yeah, all right.
Speaker 2That sounds like a good idea. Let's do it, let's go.
Speaker 1What do we do? My other question is are the people that made that decision still there or are they gone already?
Speaker 2Come on, they're still there and they're not going to be For what it's worth. Again, I'm not even sure I'm inclined to levy blame upon those individuals. Right? Like I said, it's hard to prove malice and I don't usually wake up in the morning and assign malice to these types of things. Just, most people wake up and they just want to do their jobs, they want to do it well, they want to be compensated fairly and they want to go home. That's not everyone, of course, but I don't necessarily subscribe to the. You know, all of these folks are evil, even when they're dealing with data brokers, although all data brokers, on the other hand, I might not have the same appreciation for, yeah, but you know I also don't have a strong appreciation for people that you know like sell drugs or whatever. Yes, I'm equating the two.
Speaker 2Yes they're both damaging to the community for freak's sake.
Speaker 1Hey, you know, I mean you got to put food on the table somehow.
Speaker 2Well, yeah, I understand, I understand, I understand. Even scumbags have to eat, right Like yeah, no, that's interesting.
Speaker 1Let them eat cake.
Speaker 2So, yeah, I don't know that those individuals should be held personally accountable. We obviously don't know enough about it, right? Yeah, I certainly don't know what the future for CCPA is. If this is the signals we're going to send to businesses to protect our data, I don't know that this signal is the right signal to send. It seems, quite in my personal and professional opinion, it might be the exact wrong signal to send, and I'm not suggesting you find them into oblivion such that they go out of business. But I don't know, maybe we need more DOJ-style actions where you know what? Now we are going to embed a data privacy officer from the government into your business for the next 18 months to make sure that you know what to do. Well, not to babysitit, but to help you to that point.
I was just thinking well, maybe they got this number because based on how much information they had sold. Maybe you know what I mean. Like, maybe because it's based off of, isn't it like a percentage per word or per letter or something?
Speaker 2like that. I don't think it's per word.
Speaker 1Yeah, um, listeners, or you know anybody out there that knows I mean, shoot us a message or you can always come on and talk further about it. That's more knowledgeable about that kind of stuff. But I think that's. I think that makes sense, I would make sense to, but you know they should tack on to whatever else. I don't know. I think you're you're on to something there because it's like, well, if it's just a slap on the risk, you know, and we made, how much did they make on some?
Speaker 2data anytime the cost of doing business exceeds the cost of the fine substantially. Right, that's, that's just, uh, that's just a luxury tax really right.
Speaker 1And the other thing is like it's not going to affect them and like, oh well, these consumers aren't going to trust this company. Now it's like it doesn't matter, they already have your information that. Yeah, that cat's so far out of the box yeah, I don't like it, but I'm glad that there's, you know.
Speaker 2I'm glad CCPA exists in some form at least now. You are correct. Prior to the enactment of that regulation there'd be zero repercussions and recourse. There'd just be a little salacious article and maybe we don't even mention it on the show and others aren't informed. Then everyone keeps it moving right.
Speaker 1Yeah, agreed then. Uh, everyone keeps it moving right. Yeah, yeah, agreed. Um, I know that there was like, uh, well, we can touch on this. We'll do a couple other special episodes. This is a little bit shorter, of course, but we just wanted to kind of dive into that and um on this episode, but we'll have another one coming out. Uh, gabe will talk about. Um, we'll both talk about, but there's, there was like a. There was a recent hack. It was one of the largest ones in history. There were a few.
Yeah, we're gonna dive into the details and peel back the curtain on one of the larger hacks, uh, of modern times, certainly, uh, maybe ever Of epic proportions. Quite frankly, yeah, I've got some information and I've been having some conversations with some folks, both near and far to the scenario and, yeah, we'll lay that out for our listeners.
Speaker 1Yeah, because this is going to surpass Equifax, right. This is going to surpass Equifax, right. I think it was actually Google, apple, I don't know. We'll get into it on the next episode, but let's just say it was pretty massive. Indeed Gabe, always a pleasure A pleasure indeed.
Speaker 2Happy 4th of July to everyone out there. Happy uh 249th to the, to the union.
Speaker 1Hope everybody has a safe weekend and, uh, we'll see you guys on the next one don't put any fireworks in your buttocks or between your fingertips and uh, yeah, do that. Don't, don't do that don't do that, don't do that, don't do that. Nobody wants nubs.
Speaker 2Nobody wants nubs in either location.
Speaker 1We out Be safe.