Your browser is out of date.

You are currently using Internet Explorer 7/8/9, which is not supported by our site. For the best experience, please use one of the latest browsers.

Request a Consultation

CCPA Webinar Transcript Get Started

Lisa Remsa [00:00:05] Good morning, everyone, and welcome to today's TRUE Talk Webinar. I want to thank you for joining us this morning. My name is Lisa Remsa and I am the Marketing Manager here at True Digital Security. And I have the pleasure of being today's webinar moderator. Today's TRUE Talk is about California Consumer Protection Act otherwise known as CCPA. This webinar is going to be presented by Tim Marley, our Director of Risk Advisory Services, Corey Bolger, our Security Consultant, Randy Griffith, Senior Security Consultant, and Jaikob Park, Information Security Research Analyst. These TRUE experts are going to take us through the details of this new legislation that goes into effect on January 1st. What the legislation intends to accomplish, how it affects you, what you can do to prepare and all sorts of other interesting information. So just a little housekeeping before we get started. Our panel has selected what we think are the most important topics discussed. But if we aren't addressing something specific that you're very interested in or if you have any questions during the presentation, please feel free to type them into the question box in your photo webinar control panel. We'll try to answer all of our questions at the end of the webinar. If we run out of time and we haven't been able to answer all questions, we'll be happy to do so by e-mail. This webinar should run roughly 30 to 45 minutes and discussion with some time for Q and A. There will also be a recorded version of this one hour available on demand after today's live version, which you can do on our website, and I'll provide those links again at this session. So without further ado, I will turn the time over to Tim, Corey, Randy, and Jaikob.

Tim Marley [00:01:41] Thank you, Lisa. We've got this series, the series of questions that we want to go through. But I think not knowing the the background of everybody that's watching us today. Let's talk a little bit about CCCPA in general. What is it? What is it?

Corey Bolger [00:02:02] It's really just a response, in my opinion, to GDPRR. It's across the pond. They started implementing privacy regulations, giving users a little bit more control over their data. And that's America's first shot at doing the same. Just giving  people a little bit more control over where their data is going and who's allowed to use it.

Tim Marley [00:02:23] But what's the law? It is a law, right? It is. Law isn't about to be a law.

Tim Marley [00:02:28] Is it in effect right now?

Randy Griffith [00:02:29] No, no. January 1, 2020.

Tim Marley [00:02:31] OK. And one of the stipulations. What? What? You said it's a response to GDPR. I agree and I disagree. But before we get to that, what does it mean? What does the law say? How does how is it going to impact our clients? How does that going to impact the average person?

Jaikob Park [00:02:50] So they have some clear defined parameters on which companies it affects. There's things like if 50 percent of your revenue is derived from selling of personal information and or trading or what have you. Then those companies have to comply.

Tim Marley [00:03:11] What companies, though, are we just talking about? California companies.

Jaikob Park [00:03:15] So that's where. So I think it applies to Californian citizens more than anything. Yeah. Would anyone else agree with me on that?

Tim Marley [00:03:26] No, I don't disagree.

Jaikob Park [00:03:27] So I think it applies California's citizens more than anything. It also gives consumers some rights. So like, say, a big box company or something. Just absolutely violates some kind of personal information, like they have a data breach or whatever. And a bunch of California citizens are affected. Then they have rights to pursue legal action. There's also the attorney general can start an investigation as well. And there's there's a pretty broad there's a lot of ways that legal action could be legal action can be taken for violating.

Tim Marley [00:04:14] I want to go back to the the impact on businesses for just a minute. We've got a lot of clout. We have clients asking about this. When do you how long ago was it that you first started helping somebody with CCCPA.

Randy Griffith [00:04:27] Last fall? Little over a year ago.

Tim Marley [00:04:30] Had it been passed at that time or was it still being discussed?

Randy Griffith [00:04:35] It's still being discussed. It hadn't been implemented yet. It was just so easy in the final legislation.

Tim Marley [00:04:41] So it was just signed by the governor. It was just nine to 12 months ago. And then we ask really someone reason. But I wanna go back to what you were talking about, Jaikob. You said, you know, if an organization gets 50 percent of their revenue from from the sale or acquisition of personal data. Yeah, but that's not the only stipulation. Right?

Jaikob Park [00:05:03] There's a few others.

Tim Marley [00:05:06] I can tell you one off the top of my head was if you're doing 25 million dollars or more in revenue. Now again, does this apply to Oklahoma businesses or Florida businesses or New York businesses or other businesses that are doing more than 25 million dollars?

Corey Bolger [00:05:22] We don't know yet. And we don't really know the mechanism for enforcement. It's going to be the first time a business that is not based out of the state of California affects California. Citizens will have to see how is the state attorney general of California handles that. And it does specifically outline the rights that Californian citizens to have to pursue legal action. But I we're we're not sure how that crosses state lines yet. We just it hasn't happened yet. So that's kind of a we have to wait and see.

Tim Marley [00:05:57] So this should be an important time to remind our audience that nobody here has seen as a legal degree, not attorneys.

Randy Griffith [00:06:04] Not an attorney and I don't play one on TV.

Tim Marley [00:06:05] OK. So my getting back to my question, if you're... I think there's three criteria that you have to meet. And of course, this only matters if you're doing business in the state of California. Right. If you have employees that you're collecting their data or you have clients that you're collecting their personal data and those employees or clients are residents of the state of California. Right? And then we get into whether this is a big portion of your business, the collection of personal data. Right? Or if you have 25 million dollars or more in revenue, if you do, then and you're doing business in the state of California, then it applies. Is that fair?

Corey Bolger [00:06:43] Yes.

Tim Marley [00:06:43] OK. Corey, I want to go back to what you said because you said you felt like it was a response to GDPR. And I don't disagree with you, but what let's just let's go and get this out of the way, because we're all familiar with Cambridge Analytica. When when I look at this law, it's hard for me not to believe that this is also a response to what's happening with Facebook. Look at the revenues. Look at the collection of personal data. And this is not new. And I'm jumping ahead a little bit. But this is not the first privacy law from the state of California.

Tim Marley [00:07:18] Now, anybody is anybody familiar with the other one or the only one that I'm familiar with?

Tim Marley [00:07:27] CalOPPA ...C-a-l-O-P-P-A. But it was it was specifically focused on websites. So when we started talking about the collection of information from a website like cookies and other information. So this is this is a new law and it's in response to something. Is it GDPR? Maybe. I really don't know. None of us know. Right. But I certainly think that the mess at Cambridge Analytica. And can somebody kind of for the purposes of our audience, if people aren't familiar with what happened with Facebook and Cambridge Analytica, can you talk? Can we talk?

Corey Bolger [00:08:00] A little bit of Facebook was providing data that they weren't disclosing. They were providing data on users to Cambridge Analytica that allowed Cambridge Analytica to better target. Ads towards individuals.

Tim Marley [00:08:22] So the bottom line is the through the app. I think This Is Your Digital Life that was used. You know, everybody downloaded it. It tied in... And you shared your Facebook credentials with it. And I think I was, what, about half a million people, I think is what I saw. About half a million people use that got access to their Facebook credentials. And through that, half a million people it accessed how many people?

Corey Bolger [00:08:48] It was all of those people. And I believe friends of friends were allowed too.

Randy Griffith [00:08:53] I believe the total number was tens of millions. Yes, it was.

Tim Marley [00:08:56] I saw it. I've seen two different numbers and one was 50 million. Yeah. So a game that you gained access to 50 million. Well, what what's in Facebook? Your photos? Right. What about your birthday? Your email addresses, your family members,  where you went to high school?

Tim Marley [00:09:13] What about your political views, your political be? Everything you posted on Facebook was now accessible.

Corey Bolger [00:09:18] Where you go, the events that you're into in your community if you use the Facebook event organizer.

Tim Marley [00:09:23] So what did they do with that data?

Corey Bolger [00:09:26] They used it to target specific advertisements. In this case, it was political advertisements. But this is not unique to the political arena. They were using it to target people, whether or not it was ads to specifically discourage people or ads in support of specific candidates. It was. It was all over the spectrum. They weren't targeting a specific individual or a specific type of individual. They were using that information to specifically target everyone. It was almost like a really, really intense spear phishing campaign for everyone they knew as much as they needed to. The humans are pretty easy to manipulate psychologically. We just are.

Tim Marley [00:10:16] A caveat. We don't do that. Right?

Corey Bolger [00:10:19] And. Yeah. We'll let it go simply it was very simple for them to manipulate.

Tim Marley [00:10:30] Everyone really well and in it called the media because it it may or may not have influence the presidential election, and they they did use it to target advertising based on what they the data its data analytics is. It's what businesses are trying to get into. It's why it's such a hot career field right now. It's data analytics and it was used regardless of what we think about it. It was used very effectively. OK, so we've got this list of topics. Sorry, I just wanted to talk a little bit about it at a high level and I may have jumped ahead at some of the things that we're going to talk about. But our first our first topic was, you know, what or why does he does that CCPA and privacy in general matter to the average person. So how does Adam's private why why should the average person or business worry about privacy?

Randy Griffith [00:11:19] Well, to me, privacy is the ability of the individual to limit what information is available about them. And by limiting it selectively, don't allow that information by placing all of your information in Facebook. Facebook then decides what they want to do. You don't have any right. Any pictures you post on Facebook. Facebook maintains a right to that picture.

Tim Marley [00:11:40] And it's not just Facebook in. They're on display, but we're beating up Facebook. But it is an easy target.

Randy Griffith [00:11:45] It is an easy target.

Tim Marley [00:11:46] But there are other there are other examples.

Randy Griffith [00:11:48] There are. Google is just as bad or worse.

Corey Bolger [00:11:52] On the topic of Facebook, I would argue it's even worse than signing up. Yes. I think that they do capture your your information and things once you've signed up pretty badly. But there was a report a year or two ago that Facebook creates a profile on you. Whether or not you have created a Facebook profile. They have an advertising profile for everyone. If you are ever in any of your friends pictures on Facebook, they've made a profile for you. It's one of the reasons I still have a Facebook account because it does actually give me greater control over. Like if I'm tagged and shortly or if well before, this is your day to day life on average, every app. But they had. Well, that's the thing, though, is that information was there for Cambridge Analytica. Anyway, because Facebook can captures it all, Google does the same thing.

Tim Marley [00:12:45] But we've circled back to Facebook. But what about what about our smart devices? Everybody's got a smart device, right? It's your smart device. You have got your private information in it.

Corey Bolger [00:12:55] Google knows everything about me. They know they have my emails. I know they read my emails. That was a known thing in Gmail. They track where I'm at.

Tim Marley [00:13:04] Probably true with Apple as well.

Corey Bolger [00:13:06] I get notifications after I've eaten somewhere. And what good was the food that started getting a little bit creepy.

Tim Marley [00:13:13] Let me take this in a different direction. If you guys heard of the. Sheruu Cafe about it and you two in particular. I want to tell I want to ask you about this. So there's a coffee shop in I think it's in Rhode Island. It's near Brown University. The Sheruu Cafe and the business model is to give away free coffee and drinks to students. There's just one caveat. You have to give them your personal information. So this is your name, your email address, your major. And I think maybe your phone number or something like that. But free coffee, free coffee and a place to step in, as in additionally there their model is to align with corporate sponsors. And now those corporate sponsors, they freely share of his personal information with those corporate sponsors. His corporate sponsors are looking for future employees. So would that entice you to go get free coffee knowing you're signing up for potentially a job interview or somebody that might want to be interested in talking?

Corey Bolger [00:14:19] It goes back to the same way that I feel about the fact that Google knows everything about me everyday when I wake up and Google tells me how long my commute is going to be. Yeah, I really like that. I'm glad that Google can do those things for me. But just like in the coffee shop, once they have your information, there's no mechanism currently to take it back. But the technology is a huge success. No, I would I would use it if I was if you had had one when I was there, I would have loved something like that.

Tim Marley [00:14:48] And you would have given up your personal information?

Corey Bolger [00:14:49]  I wouldn't have.

Tim Marley [00:14:50] Would you?

Randy Griffith [00:14:53] No, but I'm the curmudgeon in the group. I've turned the geo location off on the apps that I can,. I don't have banking app on my phone. I don't have credit card apps.

Tim Marley [00:15:02] Ok, you and I are from a very similar generation. And I've got smart speakers that I know are listening to my conversations and I've got location tracking on my phone and all that. So. So, you know, who's the average person or is it not fair to make that kind of general?

Corey Bolger [00:15:17] I don't think it's fair to make a generalization. I think it boils down to the consumer doesn't have a choice at this point. Randy should be able to say to Facebook, delete everything about me and don't store anything about me. But he can't. They have mechanisms to delete your profile or have them download their data and send it to you. But they have done nothing thus far to prove that they're not keeping it. And until they're forced by regulations like CCPA to actually do those things, I don't believe we have any reason to trust these companies to do what they're say they're doing.

Tim Marley [00:15:55] Well, you're obviously an advocate of CCPA, obviously. OK. Are you an advocate of CCPA?

Lisa Remsa [00:16:00] I am. That gives the control or is an attempt to give the control back to the consumer to complete it.

Tim Marley [00:16:06] What about you, Jaikob?

Jaikob Park [00:16:07] Oh yeah, I love CCPA so far.

Tim Marley [00:16:09] So where do you where do you align in terms of career, Randy, in terms or in terms of your your private information? Are you more willing to share it or do you want to restricted?

Jaikob Park [00:16:18] I'm kind of probably a middle ground. Like I love the convenience. I have all Apple products. I've  got a MacBook, the watch, iPhone.

Tim Marley [00:16:26] And you like your MacBook so much. You brought it.

Jaikob Park [00:16:30] Yeah, I've got it right here. And then I love e-mail. I love all that. All. It's so convenient to have all these things, but I know that they're tracking my information. They're obtaining it. They're doing whatever they want.

Tim Marley [00:16:42] And you're OK with that?

Jaikob Park [00:16:43] I'm OK with that. For the most part, there are some things like if I'm signing up for free trials, I'll use like a temp email or like I'm signing up for something I'll only use a couple of times is a temp e-mail, fake name, all that stuff. So if it's something they'll be using every single day for a few years or something, then I'll use my real information just so it's more convenient.

Corey Bolger [00:17:06] But got a question for you. When you sign up at those fake e-mails, are you using the same browser that you use for everything else?

Jaikob Park [00:17:13] Yes.

Corey Bolger [00:17:13] Then they know who you are.

Jaikob Park [00:17:13] Yep.

Corey Bolger [00:17:15] Your browser, for anybody that didn't know this... Your browser has a fingerprint. You just like your fingerprint. It's unique to you and you can be identified by it.

Jaikob Park [00:17:24] There is a app for most browsers. I think it's called Ghostly. And they do a really good job to privacy, hiding a lot of your browser information sort of thing. They get rid of some of the fingerprinting and ad tracking and something like the third party services that run in the background that you don't really ever see on websites.

Tim Marley [00:17:48] Well, I mean, interrupt, because at this rate, we're only going to go through two questions, get other topics if we need to. We need to cover. So the next the next topic that we were asked to discuss is CCPA. Just a gentle nudge towards companies becoming privacy aware.

Randy Griffith [00:18:05] I will say no, because CCPA does not put limits on the fines.

Tim Marley [00:18:10] Well, what do you mean by that?

Tim Marley [00:18:13] If they knowingly commit an egregious act, then data breach or whatever, they and it's discovered that they are not and did not take proper steps. Consumers can have and there's no limit on the data breach. There's no cap. Well, let's not bank with X. Yeah, we just got the whole deal. Where. Oh. Claim your hundred and twenty five dollars. Oh yeah. It's one hundred and twenty five dollars based on this cap number of so many people applying or their people apply when twenty bucks come down.

Tim Marley [00:18:44] Here's where I sound like an attorney. But remind everybody that I'm not. You're talking about private right of action. So the right of the consumer to sue and I don't remember. Oh, what's the consolidated cases where you can. Class action suits? Yeah. I don't really. I think they allow class action lawsuits as well.

Corey Bolger [00:19:04] For the CCPA, a private right of action damages the ceiling in seven hundred and fifty dollars per consumer per incident.

Tim Marley [00:19:12] But they can also the attorney general can pursue action.


Jaikob Park [00:19:17] It's up like twenty five hundred for the attorney general per record.


Tim Marley [00:19:21] No. Twenty five hundred dollars per record per incident if it was not willful. If it was just negligence. Yeah, if it was willful disregard that triples our guts and they can go up to seventy five hundred dollars per record per incident and that OK. Seventy five hundred dollars depending on the size of your organization is probably not significant. Could be, but probably not significant, especially if you're doing more the 25 million in revenue at times five hundred thousand. Well what about Facebook and camera analytics. Multiply that seventy five hundred times 52 million. Yeah. Suddenly they're talking about some serious thought. What we're talking about billions of dollars in fines. They can't do it right. This all of this took place prior to anticipate this issue, but it's still not even even valid. OK, so it doesn't apply to all organizations we've covered that. We've talked a little bit about the penalties. So what we think, is this a gentle nudge or do you think this is a more serious push forward?

Corey Bolger [00:20:18] I am on the opposite end of the spectrum. I think it's not even a gentle nudge until we see...It's similiar to HIPAA. There are teeth, but you have to close your mouth to bite something. And until we see fines levied, I'll be unconvinced that this is strong enough.

Tim Marley [00:20:41] The only thing I'm unsure of is how many organizations are actually going to fall under this, right. I going to be big companies, you know, but it's not going to affect organization, as we talked earlier, that they don't have clients in California or twenty five million dollars in revenue or are specifically gathering your your privacy information as a password out of the business section.

Jaikob Park [00:21:03] That's one thing I wrote about in my blog post on CCPA... To me from all the research I did. It sounds more like CCPA is a way to oh, like the big dogs accountable more than anything. Like it's not going to affect mom and pop shops at all. It's gonna be for big companies like Google, Facebook, Apple.

Tim Marley [00:21:29] I'm going to. I think use anything you want to know. I think we're good with that. With. I don't know. I'm going to go past our next question because we're I'm afraid we're going to be a little bit short on time, but it's talking about when I won't go back to that. The legislation within CCPA. There have been some questions about is this the actual legislation that's gonna go into effect in January? Is it, as it stands today, the final version.

Corey Bolger [00:21:54] Now, there are there were changes made as recently as last week. There passing new amendments to this bill. Things like a one year exemption for job applicants. So if you're an organization receiving job applicants, you're exempt. You can keep that information for one year before it falls under this CCPA, before it would count as collecting information. That's not for the purposes of businesses. There was a requirement for all businesses to have both a toll free number and email and an email address. They changed that to where if you're if you're only an online organization. If you don't have a brick and mortar presence, you don't have a phone number and email will suffice. So they're they're tweaking the laws.

Tim Marley [00:22:46] But I felt something about like trucking companies or something like that. And it made me feel like we're back to politics. Just politics again. Where? All right. I'll pass your legislation, but you've got to help out my buddies and A, B or C industry.

Corey Bolger [00:23:00] Yeah, I think so. I haven't seen rampant abuse of that.

Tim Marley [00:23:07] Is it strengthening the law or is it weakening the law?

Corey Bolger [00:23:10] I think based on what I've seen, it is strengthening at least some of it because we're getting clarification.

Tim Marley [00:23:17] That's your non attorney opinion.

Corey Bolger [00:23:18] Yes, they're clarifying things. What like what is publicly available information that wasn't defined when the law was originally proposed. But now in one of the recent in recent weeks, they have. They have actually given definitions for some of these things.

Tim Marley [00:23:34] So but I haven't seen any criticism publicly of this being a poorly written statute outside of the people that are anti Privacy legislation.

Jaikob Park [00:23:47] I think there when the bill first arrived, it was first drafted. There was a lot of ambiguity and just like gray areas and they've been passing bills constantly to clarify things, change things up or move things somewhat things Corey went over. And there are even bills trying to make opt in instead of opt out.

Tim Marley [00:24:13] Talk about that for a minute because not everybody in the audience is going to know the difference between opt in and opt out.

Jaikob Park [00:24:19] So opting in is you have to agree to have your data collected or your information collected and you give me an example. So maybe when you sign up on a website, there's a little perfect tool box you have to check. It's like I agreed to have blah blah blah.

Tim Marley [00:24:36] What's the state of? This is important. What's the state of the box when you open the website.

Jaikob Park [00:24:40] Should be unchecked.

Tim Marley [00:24:41] Yes.

Jaikob Park [00:24:42] And opting out is your automatically part of the program. And you have to go to some other box on probably some obscure web page or something.

Tim Marley [00:24:55] But even if it's not obscure, what's the state of the box when you get to the website?

Tim Marley [00:25:01] It's already checked sort of search for Giffords, everything else out there showing you and you've seen those websites. Sometimes the boxes are checked and sometimes they aren't. And that's the difference between outfit and opt out. So at least as far as how we interact with that. This is not legal. Please don't beat us up for our poor interpretation of legalese. But but that in terms of how our users interact with that, if the box is checked, gets its opt out. You've got to physically uncheck that box or go through some mechanism to say that. No, I don't want you doing this as opposed to opt in where you have to physically take some action or verbally, I guess take some action to say, yes, I'm OK being part of that.

Corey Bolger [00:25:42] One of the things written in the GDPR and I'm not sure I couldn't find it in the CCPA, but I'm not sure that it's not there. Is that not only does it have to be opt in, but it has to have the opt in dialog box has to be written clearly. That's one of the things that you'll see is it'll be ambiguously worded. So you're not sure. OK. Well, is this an opt in or an opt out? Do I need to click this to not get their e-mails?

Tim Marley [00:26:08] Well, I haven't seen that in the CCPA. But it could be in CalOPPA, that Online Privacy Protection Act. So if they already had that covered with their previous privacy law. This is just to just to reiterate, this is not the first privacy law of California's past. And speaking of that, that brings us to our next topic. There's my segue. What has this done for other states, have we seen other states taking action? Maybe because of this, maybe coincidentally. But do we see anything? It is like when we talk about data breach laws, I know that every state has their own data breach notification laws, which is chaotic when you're an organization that has clients in multiple states. There are there are legal practices out there that are making a living just off of helping organizations, assisting organizations when they have a data breach in what the letter looks like, what the letter has to include, et cetera. So is that where we're headed with privacy? What other states are taking action? What did you find?

Corey Bolger [00:27:16] There are like seven at least that I found. Seven or eight. Mississippi was.. It just got tabled earlier this year.

Jaikob Park [00:27:25] Hawaii, New York.

Corey Bolger [00:27:28] Maryland, Massachusetts, New Mexico, North Dakota and Rhode Island. As far as I know, yeah.

Tim Marley [00:27:33] That's the only other thing the state of Maine has passed there. Their Broadband Security Act. Did you see that? You want to talk a little bit about that? How does that impact people? What are they? Because it's interesting. If if I could be wrong, I don't know if California's response was was California's law was in response to concerns like Facebook and Google. Maine's was very specific. Who were they? Who are they targeting?

Corey Bolger [00:27:58] They are concerned with more the telecom industry. The Verizon, the AT&Ts, the Cox, Comcast. And it addresses it's one of the reasons why I think CCPA is not comprehensive enough, because I think that that those types of things should be covered in in one piece of legislation. It's similar enough. Like Verizon and AT&T for as long as I am aware of have been selling our location data.

Tim Marley [00:28:35] Are you saying Verizon and AT&T are not going to be included in CCPA?

Corey Bolger [00:28:40] I don't know.

Tim Marley [00:28:41] Well, let's go through let's go through what we know. Do they have personal information from clients in California?

Corey Bolger [00:28:47] Yes.

Tim Marley [00:28:48] Do they have more than 25 million dollars in revenue?

Corey Bolger [00:28:50] We haven't seen anything like that though.

Tim Marley [00:28:51] OK. There's no case law out there. Right. Right.

Tim Marley [00:28:53] We don't know what's going to happen when this goes live and when the courts granted. We don't know that we can't work. We're guessing it's speculation. But I certainly think it should include those. I don't unless they again, all the changes they're making to the law before it goes live, unless there's an exemption for ISP.

Corey Bolger [00:29:10] I don't know.

Tim Marley [00:29:11] Anybody see anything on the federal side? What's happening?

Randy Griffith [00:29:15] There's been some talk, but most of what I've read once the feds decide to push a law. It'll take at least two years, if not longer.

Tim Marley [00:29:26] Well, that's true with almost everything. Right? So. Well, I thought I'll bring this up. I don't know where CNBC stands in the political spectrum, but I just happened to catch an article yesterday and it was a senator out of Tennessee. I don't remember her name, but she was talking about the federal privacy legislation was going to be the topic of discussion in the Judiciary Committee yesterday. Know, I haven't seen the outcome of that. Like you said, I'm a little cynical. I'll believe it when I see it. But here's the here's the interesting part. And again, we know this, as they said, and I bring up CNBC's position on the political spectrum because the the commentator said, well, and this is a bipartisan approach to privacy. It's a bipartisan issue, which is a catch phrase. Maybe it is. Maybe it isn't. I don't know. Certainly the parties will take a different stance on things. However, she said. And you're gonna love this scoring. CCPA went too far.

Corey Bolger [00:30:31] Sure.

Tim Marley [00:30:32] But she wants to keep it. Would you say there were seven or eight, nine and seven or eight other states? And, you know, there are others. They're already talking about it. Right. And we don't want to discourage this, but we know that the federal government is is looking to put something in that would supersede all privacy legislation. Right. You think that'll see some time in the court?

Corey Bolger [00:30:51] I think we're going to see exactly what will happen. We're seeing with the California emissions regulations. I think if the purpose of passing something federally is to prevent states from giving a certain level of privacy, I think it's going to go straight to the courts, just like the emission regulations are right now.

Randy Griffith [00:31:11] I think it'll depend a lot on where the federal law comes down on the privacy. If it's deluded and weak, the states will give a lot of push back. And if it's stronger and more aligned with CCPA or some of the other states may not be as much pushback.

Jaikob Park [00:31:30] But then you're probably going to have big companies lobbying against pushing back against that.

Corey Bolger [00:31:34] Yeah. So there's going to be it'll be interesting to see for sure.

Tim Marley [00:31:40] She mentioned data breach notification requirements. She said, we don't want to get to the point. We are with data breach notification requirements where it's a state by state requirement. And we see how many of our clients cross state lines. So many a good portion. And I've I've worked a data breach notification client case with it, with a client who had to look at two or three different state statutes to try to determine what they needed to include in their letter and what their obligations were. You know, it's a nuisance. So. Well, let me ask you this. Are you in favor of federal legislation, if that were to come in?

Jaikob Park [00:32:18] And I would definitely be in favor of it just for the fact that it makes companies jobs easier. And the fact that they don't have to send you 20 documents in an envelope rather than they can just send you one if there's a breach notification.

Tim Marley [00:32:38] What if the senator from Tennessee is truly representative of the population of Tennessee? And they think CCPA went too far. Where CCPA clearly, clearly represents the intentions of the citizens of California. It may not represent the intentions of the citizens of Tennessee. We don't know. I agree with your point. So should we do it? What should we do? What's in the best interest of big business or any business because of the struggles? Or is it better for the ages out there to move forward and try to protect their own citizens in a manner that fits with their constituents?

Jaikob Park [00:33:16] I think it'll it'll probably come down to somewhere in between because. Not only will it need to be in favor of the companies so that they don't get a ton of pushback from the companies. It's also going to have to be in favor of citizens so that the states don't give a lot of pushback here. There's probably gonna be some middle ground of.

Tim Marley [00:33:45] I think that's now I think that I think you get it. I think you make a reasonable point.

Tim Marley [00:33:49] And the truth is, Randy, if you're right and if it takes years to get this legislation done, the states will continue right regardless. And we don't know who's going to be in the White House and we don't know what the breakdown in the Senate or the House is going to look like.

Tim Marley [00:34:04] So we don't know what that law is going to look like.

Randy Griffith [00:34:05] And we don't know what data breaches are going to occur between between now and then that's going to drive it.

Corey Bolger [00:34:11] I am personally opposed to federal legislation for that reason.

Corey Bolger [00:34:17] The whole Tennessee/California...

Tim Marley [00:34:20] Allow it to meet the need..

Corey Bolger [00:34:22] Allow it to meet the needs of the individual states.

Corey Bolger [00:34:24] If the people in Tennessee feel like they do want the CCPA.

Tim Marley [00:34:27] And even though, to Jaikob's point, it is a pain in the rear for organizations because we're not talking about data breaches now, which may or may not happen. We're talking about and we're going to get to that. This is my segue into the next question. We're talking about the requirements that you have to meet, right, as a business to do business in the state of California just to manage that that private information, because it may be different for California than it is for Tennessee.

Randy Griffith [00:34:51] Let me let me throw this out to you. Kind of all those requirements, have you seen any requirements that exceed best practice following nest eight hundred fifty three or any of the established guidelines?

Tim Marley [00:35:01] No, but how many people are out there following best practices?

Randy Griffith [00:35:05] I'm just saying, if they just follow this practice, more than likely things would be covered. It's an indicator that businesses are not following the practices that they should.

Corey Bolger [00:35:17] We have allowed businesses to exist in the digital age without taking proper care of our data for too long.

[00:35:26] We say allow it. But then again, you're you're you're saying it's all regulation based businesses are in business to do it, make money for the least amount of expense. I mean, and every little bit we deal with a lot of C-level executives and they're all out there doing that. I can say this with with all sincerity. They're all out there doing the very best job they can. Right. They're all. Nobody's out there saying we're going to, you know, try to take advantage of the American population. The ones at least the ones I've worked with. I agree that compliance is a cost, right? Compliance is a cost. Best practice is a cost.

Randy Griffith [00:36:08] Agreed.

Corey Bolger [00:36:09] While I have not personally experienced this. There are organizations that take the cost of fines into account, when deciding whether or not they're going to comply, is it cheaper for us to pay this PCI finders? It's cheaper for us to implement a PCI program.

Tim Marley [00:36:27] Amen.

Corey Bolger [00:36:28] And I think we need to take that choice away.

Tim Marley [00:36:31] Well, you say they have a social responsibility.

Corey Bolger [00:36:33] Right. They do.

Tim Marley [00:36:35] And and I think I agree with you to an extent that organizations recognize in some ways because of the state of PR, in the state of social media today, that what they do will will be will be perceived by the public in a very, very broad or a very public manner. So let me Segway real quick into into the next discussion, which is where the privacy and security begin to intersect. Where do they where do they cross over? Where do they tie?

Corey Bolger [00:37:08] That's a question with a lot of answers. Agreed. Let's talk about a. From a really, really basic level, security is how you protect what you want to keep private. It's a lot more complicated than that, though. Security is how do I keep only the people who should have access? From accessing this data. How do how do I protect this and make sure if TAM has access to this and Randy doesn't? How do I keep Randy from accessing it and allowing him to have it but expand it?

Tim Marley [00:37:45] Because you're only talking about one of the tenets of security.

Corey Bolger [00:37:48] Right. And that is confidentiality. And then we have we at true are pretty big proponents of the confidence share of the CIA triad confidentiality, integrity and availability. Explain what those are folks that may not know what that means. Confidentiality is is what I was saying basically. Is the information protected from unauthorized access. Is it sensitive to is the integrity is every time I go to that data. Is it going to be in the state that I expect it to be in? Can someone make unauthorized changes? Is it protected from data corruption?

Tim Marley [00:38:25] Is it OK for people to view that data?

Corey Bolger [00:38:27] Right.

Tim Marley [00:38:27] Potentially.

Corey Bolger [00:38:28] Potentially.

Tim Marley [00:38:29] But they can't do what?

Corey Bolger [00:38:30] But they can modify it. And then availability is often the most important of these, even though it may not seem that way, because if Tim needs access to this data to do his job and it's not available for him, it doesn't matter how secure it is. Because we're not making money, we're not doing business. And at the end of the day, that's more important. And it just is. Security is always a cost driver and not a profit driver. So we have to it it is a balance.

Tim Marley [00:39:05] I think you just made the argument from the last conversation, because this is a profit motivator as well.

Corey Bolger [00:39:11] And that's as a society, that's that's why we have to pressure them into saying we can't be profitable without serving the needs of the people.

Tim Marley [00:39:21] I think that's a good point. What else? You said there were other.

Corey Bolger [00:39:23] So, but on, on the privacy side, it's asking the question, well should Tim have access to that data? Why are you using that data? Why do you need it? Why are you collecting this? Why it is. I order a nutritional supplement. Why do they need access to my email address? Why do they need any personal information? Aside from how to get my product to me and how to get my payment from me, they shouldn't have anything other than that. But I see their ads on Instagram. I see their ads all over the place. And I don't have any way to say stop.

Tim Marley [00:40:07] I mean, let me make a different point and I'm going to look at you for a minute. You said you were the commander, the corruption. I think it's the self self-proclaimed curmudgeon. I want you to think back on your I.T. career and tell me the first time you came across a privacy concerns.

Tim Marley [00:40:23] And you don't have long to think about that.

Randy Griffith [00:40:25] No. But it's probably been a while.

Tim Marley [00:40:27] HIPAA Maybe?

Randy Griffith [00:40:29] Yeah. Well, our former employer.

Tim Marley [00:40:30]  What role, what capacity were you fulfilling when you came across HIPAA?

Tim Marley [00:40:38] What was your job title, not the silly one, but the real job title?

Randy Griffith [00:40:44] Dealing with I.T. security.

Tim Marley [00:40:45] You're dealing with I.T. security. You were in I.T.. Right. So you were forced to face privacy issues, probably controls to support privacy in I.T.. What about security? Was the first time you found yourself in a security role?

Randy Griffith [00:41:01] Weren't you also in I.T.? Actually, I was in I was in I.T., but in COE... College of Engineering.

Tim Marley [00:41:08] OK, here's my point is that even though privacy and security are the responsibility of leadership. These days, we're dealing with less and less paper and more and more electronic data, which automatically makes I.T. people or I.T. security people thrust into the middle of privacy legislation and security requirements, compliance requirements, PCI DSS. We talk about this all the time. Is that an I.T. problem? No, it's a business problem. But that responsibility shifts back on I.T. to a large extent. You and I both know that.

Tim Marley [00:41:46] OK. So. And then so in the regulatory compliance area, we get into this PR. She's EPA, et cetera. What about the controls? I want to talk about the controls for just a minute when we're thinking about privacy and security. We have a a chance to talk to our clients. They're always asking us what we're doing, risk assessments or are we're going in and doing consulting. They're asking us, what does this mean to me? So what are we what do we typically tell them? What do we say to our clients when we're talking about privacy? The privacy amplification implications in their control environment?

Randy Griffith [00:42:19] Well, back to your comment. Any time we put in controls, it costs money because controls impede the flow of data or the flow of information in one aspect or another. But to the objective of the control is to make sure that that data is available or is only accessible by the appropriate people, that the appropriate people are in the system like we recommend. Users are reviewed annually. So are they going through their systems and making sure that only current employees or authorized individuals are in the system after.

Tim Marley [00:42:56] Yeah, so access control.

Randy Griffith [00:42:58] Access controls.

Tim Marley [00:42:59] So talk a little bit about that out. How do access controls come to come to be important in the realm of privacy and what our access controls for poor people out there that may not go well?

Randy Griffith [00:43:13] So for access controls for users would be current employees having access to log into the computer systems. Assuming that's appropriate for your environment. And then within that, you have a subset that would have access to certain data. So people in accounting would have access to accounting data. People in H.R. would have access to H.R. data. Executive management would have access to different data. And people want a production line would necessarily have access to the H.R. data unless it's their personal data that they're accessing.

Tim Marley [00:43:46] So restrict access to those that have a job function or need to X, otherwise known as the principle of least privilege.

Tim Marley [00:43:53] Okay. But there are other controls too. And these are expensive to implement. Maybe not. Dollar wise from an outside standpoint, but intense from a resource standpoint internally and sometimes from a dollars standpoint. Well, and I don't mean access controls, but I'm talking about how often do we talk to people about data system classification all every time we talk to somebody. So. So then talk a little bit about that. What what is data and system classification and how does that how does that really meet a security and a privacy need? Where do you disagree?

Corey Bolger [00:44:36] It boils down to, like you're talking about earlier, it's difficult to protect data to have the right best practices. Like Randy was saying, almost nobody has every best practice implemented. I haven't seen it in my my career. I don't think anybody has seen a perfect organization. So you have to classify your data so that, you know, OK, well, what do we really need to focus on and protect? What does it mean to classify your data? You have to understand what is the business use for this data? Why are we collecting it? What is the risk to our organization if we lose this data? What about regulatory impact? That's it. So things like CCPA come into come into that conversation now because of Facebook. They have to think about, OK, well, now what happens if we leak this data? We could be out billions of dollars so that that has to come into the conversation.

Tim Marley [00:45:34] And sorry to interrupt, Corey, but you're a large business with clients in multiple states. And you've got a database, like a CRM, right? A customer relational or customer relations management database. Right. You got all your customer data there. Now, are you going to have to add a field that just flags your California clients or are you going to run queries just to pull out your California clients? Because are you going to treat them differently than the other states?

Corey Bolger [00:46:00] That is something that we've seen with GDPR are. That was a lot of organizations. They had to make that decision for European citizens. And I've worked with several clients who tried to go down that road and realized it's easier to do it right for everyone than it is to do it right for a subset.

Tim Marley [00:46:21] What if the state laws are all different and the requirements are?

Corey Bolger [00:46:24] Then I think we're going to go back to what Randy was saying. And best practices generally cover these things. And as long as you're doing it correctly and that might be where the federal government has to step in, it is if if there are any conflicting legislation. So if Rhode Island writes a law that you have to protect this data this way and California just says you have to protect it. And I'm just doing what California says. And then Rhode Island comes in and says, well, you're not doing this, but I'm still protecting it.

Tim Marley [00:46:59] But from a pragmatic standpoint, looking at tools that can help them with this, and I think it's going to laugh. But this is where something like TrueSpeed will help. Isn't this where they need a GRC application, so that they can begin to identify all of their state obligations?

Corey Bolger [00:47:14] Well, and that's one of the things that we talked to a lot of our clients about is how how are you tracking your regulations? Right. You are beholden to how to do you know, if there have been any updates in the past year or two. We see things like SSA 18, those is the SOC 2 controls or updated. PCI is updated relatively frequently. Hip hasn't been updated in a while. But even that can see updates, even things as simple as the cybersecurity framework. That's not a regulation, but it is just a framework that people can go by that gets updated. Relatively frequent. Sure. So you're not following these requirements closely. You're going to fall behind.

Randy Griffith [00:47:53] I can say that in the past 12 months, the number of clients that I've asked, if you have an inventory of the regulatory requirements that can positively say, you know, what the requirements are can be addressed on less than one hand.

Tim Marley [00:48:07] Yeah, yeah. I want to talk about one more control when we're talking about privacy and security and that is data storage requirements or data, maybe I should say data handling. What controls do we see here when we get into privacy? We usually... Especially HIPAA.

Randy Griffith [00:48:24] Encryption of data.

Corey Bolger [00:48:26] Encryption.

Tim Marley [00:48:27] At rest.

Randy Griffith [00:48:28] At rest and in transit.

Corey Bolger [00:48:29] And then say things like data loss prevention and access controls and the data inventory data flow diagrams.

Tim Marley [00:48:39] Where does your data go through your environment? Because it touches machines that you may not know. It may be touching equipment that you may not know. It may be going through segments of your infrastructure that you may not know. What about data retention and disposal? How often do you guys talk to your clients about to retire? Do you know your data retention requirements? How do you safely dispose of this information? Because in the case of GDPR or in the case of CCPA, if your client asked you to wipe that data, do you have a secure method for doing so?

Randy Griffith [00:49:07] Most of the clients I visited with recently have very good disposal poli-... procedures for old equipment, hard drives, etc.. However, the deletion of the data prior to the destruction of the device is subject to question.

Jaikob Park [00:49:29] In my experience as well, it's similar, it's like in my previous place I worked, I would destroy a lot of hard drives and then I didn't.

Tim Marley [00:49:40] How did you do that?

Jaikob Park [00:49:41] We had a press like a hydraulic press with a little pen on it and it pushes down and it shatters the disks.

Tim Marley [00:49:47] OK.

Corey Bolger [00:49:47] But I mean, you'd think that would be just a great way to do it because it shows that there's no way to recover it. But there they, from my knowledge, the data was not getting wiped from the harddrive beforehand. They were only coming in and being crushed. And you would think that would be enough. But in some cases, it may not.

Tim Marley [00:50:08] Five to ten years ago, it was enough. Yeah. Today, I can't tell you that.

Corey Bolger [00:50:14] Our guys on our penetration testing team and our guys on the hacking team are really good. I would be shocked if we couldn't recover data from something like that. And we're not even that's not even our main function.

Tim Marley [00:50:29] Sure. We're getting a little bit worse. We're kind of falling back and more into security than privacy. But the point is that there are controls that intersect between privacy and security. Is that a fair statement? At least it isn't that, generally speaking, the advice we give our clients when we're out there meeting with them in terms of the controls that we think should be in place to help them comply with EPA and not knowing completely where CCPA is gonna head.

Jaikob Park [00:50:55] And something going back to best practices. I don't know if it's changed recently, but and CCPA, it's legislation.

[00:51:02] It doesn't directly say how data should be deleted. It just says if it is requested to be deleted, it needs to be deleted.

Tim Marley [00:51:12] You know where that will be decided ultimately?

Jaikob Park [00:51:14] I'm sorry.

Tim Marley [00:51:15] You know where that'll end up being decided? It's not in the legislation...

Randy Griffith [00:51:17] It will be decided in court.

Randy Griffith [00:51:19] I mean, the courts to California's credit. I believe that that is appropriate. And, you know, we should probably call out secure deletion. But to your comment of smashing the hard drives, 10 years ago, we had airplane spinning platters. Yep. I mean, laptops or how many desktops if you ordered that had a spinning blotter. That's where the technology changes. And it's all solid state. The destruction method has to be able to adopt and change with it in a secure manner.

Tim Marley [00:51:45] No, you're right. You're right. OK, we've got just a few minutes left. I'm showing about, what, five to 10 minutes late. So does that sound about right?

Lisa Remsa [00:51:57] I don't have any questions at the moment. I just had a couple of comments for the panel that we go over in an email post this.

Lisa Remsa [00:52:06] So please, you can continue for the last few minutes.

Tim Marley [00:52:09] OK, the last topic I've got, the last question was and we've kind of touched on this earlier, but let's let's go back and let's kind of wrap up our personal opinions, CCPA and privacy in general.

Randy Griffith [00:52:22] Personal opinion of CCPA. An excellent first step. We as consumers actually have less privacy than European citizens, and we as U.S. citizens need to become more aware of our data, how it's being used. And until we do that, there's not going to be no motivation to better protect that data.

Tim Marley [00:52:48] I like what you just said in terms of assumptions of privacy, because you're right, the EU does have much greater assumptions. But it's a.. It's a bigger issue than just legislation.

Tim Marley [00:53:01] Because it's a... It's a societal, I think, I want to get too heavy here. But I think it's more of societal expectations. I can't tell you why that we say that. I'm sure everybody's got opinions out there. And I can I can come to their own. But but do you think we can get to that or is it going to be solved with legislation or is it going to be solved with a fundamental shift in how we think about privacy to fix the problem?

Randy Griffith [00:53:27] There needs to be a fundamental shift in how we think because it lead to legislation.

Jaikob Park [00:53:32] I think, yeah, I think without that fundamental shift, there won't be an actual. Change in legislation forward. I think that I think they need it both happened to the other.

Randy Griffith [00:53:42] Well, OK. Little off subject. Think back to when you were younger. Drinking and driving was misdemeanor. That's hard to remember when, you were when you were younger. Well, when you were a teenager and...

Tim Marley [00:53:56] I don't remember. But yeah.

Randy Griffith [00:53:57] But drinking and driving was a misdemeanor.

Tim Marley [00:54:01] For the record, I don't know that. I have no reason to know that so.

Randy Griffith [00:54:06] But as society perceived the problem and the attention shift...

Tim Marley [00:54:10] Right.

Randy Griffith [00:54:10] So did the penalties.

Tim Marley [00:54:11] Sure.

Corey Bolger [00:54:12] And I think that gets down to the core of the issue is, I don't think Americans really understand how violated our privacy has been. You were talking about something before we started with with Bluetooth and being tracked that there's there's methods to perhaps to use your Bluetooth and will look for other Bluetooth signals and it can use it to figure out where you are or what you're doing. But I've come across stuff in my research that's even worse than that. There are. And I'll I'll start this by saying the organization that was found to be doing this supposedly stopped in 2017. But there was a program developed for organizations that it would play an audible tone through your TV that people couldn't hear. Humans couldn't hear, but your phone could and your phone would pick it up and then your phone and your TV were safe together. And that's how they knew what programs you were watching. They could tie what advertising into you were watching. They had basically unlimited access to the relationship between your cell phone and your your television. And that same technology was implemented in big box stores and retail chain supermarkets where they have the lights actually emit a town and they'll pick it up on your phone. Same same way they can tell they can track you without your G.P.S. being turned on, without anything being turned on other than your cell phone. And the amount of stories that come out like that, like Cambridge Analytica, like Facebook and Amazon and Google are listening to your voice assistant recordings. They have people listening to those...that's been big in the news. More and more of these things are gonna keep coming out. And until we as citizens realize if we don't tell them what they explicitly can and cannot do with our data, they're going to do whatever they can to make money with it.

Tim Marley [00:56:20] I want to paraphrase, but you two aren't against sharing your data.

Corey Bolger [00:56:24] Not even remotely.

Tim Marley [00:56:26] You just want to have control over when your data is shared.

Corey Bolger [00:56:29] Yep, I am.

Tim Marley [00:56:29] Do we have a generational generational agreement here? That you're okay sharing your data, but you want control over it? Or do you just not ever want to share your data?

Randy Griffith [00:56:37] No, I do share data, but less frequently than these two.

Tim Marley [00:56:42] But you want control over it.

Randy Griffith [00:56:43] But I would definitely want control. And until then, I don't. I share the minimum time.

Corey Bolger [00:56:48] I'm of the.... I agree. I and I know where he's coming from. But at this point, I am of the I enjoy the convenience that Google knowing more about me than Corey knows about me.

Tim Marley [00:57:01] You like turning on your phone and seeing how long it's going to take you to get to work.

Corey Bolger [00:57:03] I love it.

Tim Marley [00:57:04] Which would have been great for us if we'd known about the accident on I-35.

Randy Griffith [00:57:12] So it's my fault for not sharing.

Jaikob Park [00:57:12] One thing I dislike a lot. It knows when I walk... It knows when I go down the elevator and start walking to my car. My phone will vibrate. I'll pull out my pocket and it's like 30 minutes to home and it gives you the directions.

Tim Marley [00:57:25] So why do you dislike it?

Jaikob Park [00:57:27] It's just because it's it's more of kept track of my location without me knowing. And the mallets suggesting me to take this route or the route, I always go. It's convenient for sure, but I just don't normally appreciate it, I guess.

Corey Bolger [00:57:45] My opinion on that is that in today's world. On Wednesday, if you turn that off, they're still tracking you. So I might as well get the benefit from it if they're going to get the benefit from it. If I could tell them no, my opinion might change. But right now, I don't have the ability to tell them now, so I might as well get the good with the bad.

Tim Marley [00:58:06] We'll get you a flip phone.

Corey Bolger [00:58:08] Well, it's a convenience thing.

Jaikob Park [00:58:13] Going back to conveniences, something I've been wanting to bring up... Everyone knows all the companies keep your information and they store it. One of the companies that one company, Google, will let you view all of a little it on you. Or at least what they want to show you is I think it's like privacy that and you can scroll down after you sign it and you can request, I believe, data downloaded. There's things in there like pizza orders I've placed like eight years ago for pizza or location data for like when I placed that order on Amazon, like was I sitting on a park bench or something or was like in my home.

Tim Marley [00:58:52] Are you upset to see that they're tracking that or to see how much money you've spent on pizza in the last year?

Jaikob Park [00:58:58] Both. No, it's more of like it's just really interesting because especially if you have like a Google home device or like a Google assistant device, it keeps the snippet of every recording. So if you say, "Hey, Google, what's the weather?" , that's in there. Or "Hey, Google, what's the capital of China?"

Tim Marley [00:59:17] Supposedly you can stop that. So I have to go now. I haven't gone back and try to get and I know you're cynical on that, but let us do this. We got about, at leasti show, one minute. Any last thoughts on CCPA that you want to share with our audience? You got about 30 seconds.

Randy Griffith [00:59:29] I think it's an excellent first step.

Jaikob Park [00:59:32] Yeah, it's a great first step. That's a great way for starting to have the big dogs held accountable for their actions that make them really look at what they're doing.

Tim Marley [00:59:43] Corey?

Corey Bolger [00:59:43] Same, I don't have anything to add.

Tim Marley [00:59:46] I won't disagree with anybody. I will just say this.

Tim Marley [00:59:51] We've talked a little bit about federal legislation. And depending on the nature of your organization and whether it's, you know, limited to a few states nationwide or or if you're looking at international, there are at least 50 federal... federal privacy legislation in different countries across the world. So as you're looking into maybe exploring new markets, make sure you check out the bee requirements from a privacy standpoint, from a security standpoint, from a data breach standpoint, et cetera.

Tim Marley [01:00:22] Know what you're getting into before you go in there.

Tim Marley [01:00:25] Lisa, I think we're done. Back to you.

Lisa Remsa [01:00:26] Thank you so much. Thank you, everyone, for joining us today. As Jaikob actually mentioned earlier in the session, we also have a few CCPA articles on our True Digital Security blog that we encourage everyone to go ahead and read and reference for some additional info. We appreciate you being here. If you have any colleagues, you want to share this with, or friends/family, feel free to send them to the website. And you can see this session and any of our prior webinars there on demand. If you would like any more information about anything we discussed today, or about how each group can help you with compliance, regulatory issues, risk advisory services. Please give us a call or e-mail us at

Lisa Remsa [01:01:11]  So thanks again for joining us today. And we will see you all next time.

Tim Marley [01:01:15] Thank you.

Jaikob Park [01:01:16] Thanks.

Contact Us Today!

Let us know your business needs and we will make sure to get back with you promptly!

Contact Information

    6900 E. Camelback Rd., Suite 900
    Scottsdale, AZ 85251
  • Oklahoma Office
    1350 South Boulder Avenue, Suite 1100
    Tulsa, OK 74119
  • Region Metropolitana
  • 480-389-3444