As always, if you have comments or questions, let us know - LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email firstname.lastname@example.org. Please do like and write comments on your favorite podcast app so other professionals can find us easier.
If you have comments or questions, find us on LinkedIn, Twitter @podcastprivacy @euroPaulB @heartofprivacy and email email@example.com. Rate and Review us!
Proudly sponsored by TrustArc. Learn more about the TRUSTe Data Privacy Framework verification. upcoming webinars.
#heartofprivacy #europaulb #seriousprivacy #privacy #dataprotection #cybersecuritylaw #CPO #DPO #CISO
S04E16 - Week in Privacy
[00:00:00] Paul: Welcome to this weekend privacy episode, where we will make a small tour around the world discussing data protection updates from Downunder via Africa to the United States and Europe. You'll hear about the us. Government's attempt to protect reproductive health data. To run for the new EDB chair and much more. And you'll also get a personal update from me. My name is Paul Breitbart.
[00:00:27] k: And I'm K Royal and welcome to serious privacy. Good morning, Paul. We are back.
[00:00:42] Paul: We're back to a weekend Privacy.
[00:00:48] k: And what a week we have. So let's not waste any time. Let's get straight to the unexpected question. Oh, this is a good one. What are you chasing right now?
[00:00:57] Paul: Am I changing anything?
[00:01:00] k: No, not changing. Chasing - what are you running after?
[00:01:07] Paul: Chasing, yeah. Am I chasing anything? I don't think I am.
[00:01:13] k: You might not be.
[00:01:15] Paul: I mean, yeah, no, I, I think nothing
[00:01:27] k: Well for me. Right now, I'm chasing your face on my computer screen. Because for some reason, I lost you. And now with two monitors and 15 screens open, I can't see your face. and I need to see your face.
Okay. Let's. Start because as I said, there's a lot to cover this week and where should we start? What do you think let's go to Australia. Because I think there's some things baking in Australia right now.
[00:01:55] Paul: Yeah, let's, let's start down under, because actually it's privacy week over there where the rest of the world usually uses the last week of January as privacy Week, Australia and New Zealand used the first week of May. Also to coincide with the IAPP ANZ Summit. I believe in any case, a whole series of offsite events or knowledge nets that are taking place this week in person all around Australia, New Zealand and Australia actually announced this week that they will be shaking up the office of the Australian Information Commissioner by adding two more commissioners.
So there will be Angeline Falk is the current Australian Information Commissioner, and she will remain. In that role. But she will get two deputies, one for freedom of information and one for privacy and data protection.
[00:02:46] k: Well, and the good thing is if we have changes or revisions in Australia law, we have a wonderful resource in Australia, Anelise Moens, that we'll be able to pull onto the show. We've had her on before we saw her at IAPP, which was great. So we know that we have a local resource there, and if we have any fans that are in Australia, holler at us.
[00:03:06] Paul: And there is more happening because changes to the legislation have also been proposed. So the shakeup of the commissioner is is preceding that. So I'm sure we'll talk about Australia soon in, in another episode. We'll only need to do the switch time zones again, where I record early in the morning and you record late at night in order to make it work for Elise.
[00:03:27] k: Right, right. Try to find that timeframe between them all.
so that's for Australia and New Zealand. What about Africa? I've heard there's some things moving in, shaking in Africa. I mean,
[00:03:39] Paul: Yeah, is quite a lot of guidance coming out of Africa actually. Last month we've seen new guidance on the controller obligations in Algeria, where the new legislation will take effect in August of this year.
[00:03:52] k: Nice.
[00:03:52] Paul: We have the data protection authority in Benin also detailing controller obligations to data subjects.
And we have the first fines out of Kenya,
[00:04:03] k: Oh wow. Okay.
[00:04:05] Paul: for various violations of the Data Protection Act. In total no. Each company needs to pay a fine of 5 million Kenyan shillings which is quite a big amount. And this was mainly related to the companies accessing. The data out of the mobile phones and the mobile phone context of people when they would use their app.
So very similar to what we've seen in China last year when the Chinese c a c did their whole app store shake up where they reviewed all the apps and what they were doing and what permissions they were. We're asking for or taking when you install the app the Kenyan Data Protection Authority has done something similar accessing or looking at the app that appear to access all mobile phone contacts of people who installed the app, and then also sending unwarranted and unsolicited text messages to those people.
So it is both a telecommunications violation. And also a data protection violation. A set 5 million shillings each, which is about 40,000 US dollars.
[00:05:13] k: Okay. Wow. Very cool. And I know that we're seeing a lot of little movement here and there in different countries, such as Botswana is actually they have an authority. It was under their data protection act of 2018. They've been moving forward, they've appointed a commissioner. It's not really up in operational yet, but they are expecting it sometime this year.
So if it does get up and running, that is something that either later this year or next year, we might start seeing some enforcement out of Botswana.
[00:05:42] Paul: The same for Tanzania,
[00:05:43] k: Yep. And Ma?
[00:05:44] Paul: that also has adopted legislation, Morton. So if you, if you look at that map of the world with all the privacy laws, for a long time, Southern Africa was a bit of a gray spot. With legislation still under development, I think by the end of the year pretty much all of the world will be filled.
With modern data protection laws. And of course, we are still looking at what will happen in India in the monsoon session of Congress where possibly now finally, the new Indian Data Protection Act will be adopted as well. So,
[00:06:19] k: We've got quite a bit coming. We're hoping for it. There's, there's no guarantees like the Democratic Republic of the condo Jibouti.
Egypt they, they passed it in 2020. They thought regulations were gonna be issued. It's not. Eth you mentioned Ethiopia.
Gambia, Malawi we've got he mentioned Namibia. So just running through here. We've got a lot. Just like Paul said, this isn't an overall catch up on Africa. Just you might have thought that Africa was the quiet continent. It's starting to make a little bit more privacy noise.
[00:06:53] Paul: Well, I thought for a while, especially last year, that the United States were going to be the quiet consonant, but also that is not completely true, is it?
[00:07:01] k: No, we have got so much moving in the United States. It's absolutely crazy. So
[00:07:06] Paul: So last week we already discussed Washington with Mike Hintze.
[00:07:10] k: Yes, so we'll leave Washington alone for now. We'll see what that is. But we do have Indiana signed. So we do have Indiana that actually signed, I think Montana and Tennessee are looking at being signed pretty quickly.
They both been passed differences in the laws here. As you know, there is not a model state. Privacy act that's going around and making gangbusters in all the different states. So we're all gonna have a little bit of few tweaks and bumps here and there as we go. So we've got those passed. We do have several that are looking promising.
We've got one in New Hampshire, one in Oklahoma that are looking promising. So we'll look at those. We got, I don't know, seven to 10 more that are. In cross chamber or in committee right now. So we'll look and see what those come up with next. So right now we've just, we've got the. The seven we're good.
We've got more coming up. We expect them to be passed. Now the one thing to keep in mind, and a lot of people in the US don't even know this, is that state legislatures work on different schedules. Some of them are all year houses. Some of them only go for part of the year. Some of them only go for every other year.
Some of them are two year bill sessions. Some of them are one year. So it could be that if a bill is not passed by the end of the session in your state, you need to look up and say, does that mean it's dead cuz we're on a one year congress? Or does that mean it's a two year congress and it might still be alive next year?
So that's one of the things I know it's confusing. It's confusing to people in the United States, most less people outside the United States, but that's why you have such. Such different things there. Now, I will say one of the other things that we have moving is that HIPAA is making a lot of strides. I love HIPAA.
Y'all know that my privacy started with HIPAA as we go there. So one of the things to keep in mind is that there is, let me see if I can find the title here. The guidance that they issued over Covid about taking it lenient on or taking it leniently on business associate agreements and certain things to put in place and on telehealth.
Those are all now over. So the guidance that you got about the different things to follow. So that means if you did put in business associate agreements, or you developed communication processes or telehealth and you didn't necessarily follow the strict letter of the law because it was an emergency and you put processes in place to make sure you could take care of people, you need to go back and fix all those.
You need to make sure that you come into compliance. And temporary exceptions are all gone now. The other thing is back in February, the Health Department of Health and Human Services, which is the one that has the Office for Civil Rights every year they have to de deliver an annual report on Congress, on the HIPAA compliance and the breaches of unsecured protected health information.
P h I. So that is something we haven't covered. We could have covered it a little earlier, but it's wonderful that we can go back and we can look at this and see what is the actual state of what O C R did. So I'm not gonna cover those details here. Just know that they've made their annual report. It's really interesting to.
To go through and look at. Now, it's not gonna be the annual report, I believe, of 22. I believe it's gonna be the annual report of 2021, cuz I think it takes them that long to get the data together to look in what it is. And so we'll make sure to give you the link to one here, as you have it. And if you go to the OCRs webpage, they've got all their prior reports already listed there, so I can give you a couple of highlights out of it.
Breaches increased. I'm so
[00:11:00] Paul: Figure as surprised.
[00:11:02] k: actually, it's, so, they received 34,000 new complaints which is an increase of 25% of what they received. In 2020. They resolved 26,000. 420 complaints. They resolved 20,000 of them before they launched an investigation. They resolved 4,000 of them by providing technical assistance in lieu of an investigation, but in 714, which is 3% of overall of their investigations, they did take corrective actions and in 89, which is less than 1% of the complaints, they provided technical assistance after.
Initiating an investigation. They resolved 13 of them with resolution agreements and corrective action plans and had monetary settlements totalling 815,000, and then two complaint investigations with civil Money penalties totalling 150,000. Now there's a whole lot more information that we could give.
Like I said, these reports are fascinating. I absolutely love reviewing them. I include them when I speak on HIPAA, so it is something to go and pay attention to, to know exactly what we're doing in the healthcare world. No surprise whatsoever that breaches have increased, but I will say they've done a few other things as well.
I know Paul, that there's been a couple of things that you've paid attention to the HIPAA has been doing.
[00:12:30] Paul: I saw one. Update coming out Yeah. On reproductive health. And I was just wondering why this is suddenly coming out. I mean, the why is probably because of the fallout after the the Roe v Wade overturn and the the subsequent court cases and the state's trying to restrict reproductive rights of women, at least some of some states doing that.
And I thought this was mainly the prerogative of the states. So what is HHS doing now? And, and how is that possible?
[00:13:05] k: Yes. So back in June of 22, h h s issued guidance on protecting patient privacy in the wake of the Supreme Court decision. So this is now I don't know if you recognize the name. So Javier Becerra,
he was the attorney General for California. Exactly. So it was no surprise that he takes a more liberal stance on this, but he actually issued some guidance and the guidance was showing how federal law and regulations protect.
P H i relating to abortion and at the other sexual and reproductive healthcare activities, making it clear that providers are not required to disclose this information to third parties. And also it addressed the extent to which medical information is protected on cell phones and tablets. So they had already started taking action back when the decision came out back in 22.
What we're seeing now is the resulting, they're open for comments right now but they actually have consulted the Indian Tribal Governments, the Department of Health and Human Services, tribal cons. Consultation, privacy, the plan for implementing certain executive orders, different things like that. But it is in wake of the Dobbs decision. So this is a call for comments. And so what they're looking for are people's input into what it is that they are doing.
And I'm pulling up the actual call for comment that they put in here. So, , one of the things that they stay actually res resonates in here. So experience shows, and I'm quoting them that medical mistrust, especially in vulnerable communities that have been negatively affected by historical or current health disparities, can create damaging and chilling effects on individuals willingness to seek appropriate and lawful care for medical conditions that can worsen without treatment If individuals believe that their p I may be disclosed without their knowledge or consent to initiate criminal, civil, or administrative investigations or proceedings against them or others based primarily upon their receipt of lawful reproductive care, they are likely to be less honest, open, or forthcoming about their symptoms and medical history.
So they are looking at actually, Increasing the protections of certain law, but they're basing it around the individual's lack of trust in their healthcare provider to maintain the confidentiality of their most sensitive medical information, and a lack of trust in the medical system in general. So this is something that can have significant impact, but right now it is a request for comment.
It is open, I believe for 44 more days. So by the time we publish this, which is generally we do it a week in advance, so we're looking at 37 more days. You've got a little bit over a month to make comments to this, and so please make sure that you do, if you have an interest in this, make sure that you submit comments, and this is whether you have an interest in support of it or an interest against it.
You should make sure you go look it. So their justification for the proposed rule making is they promote access to healthcare by establishing standards for privacy. They promote the development, maintenance, and confidence in trust the privacy rules been amended over time, carefully balances the interest for it, and the department believes that developments in the legal environment have disrupted this balance.
So the individual's interest in the privacy of the health information and that of society and fostering trust between individuals and their healthcare providers. And so to address it, they're proposing to protect P H I and preserve the balance by establishing a new purpose for which disclosures are prohibited.
In certain circumstances, specifically the user disclosure of P H I for criminal, civil, or administrative investigation of, or proceedings against an individual, an entity, or another person seeking, obtaining, providing, or facilitating reproductive healthcare as well as the identification of any per person.
For the purpose of initiating such an investigation or proceeding. So essentially, in Plain Speak, what they're doing is they're gonna specifically call out a prohibition against sharing p h i for that, that purpose. So
[00:17:26] Paul: Yeah, so no more sharing of menstrual health data out of your apps and no more sharing of travel data. If you go to an abortion clinic, even if it's out of state all of that would then be protected if this becomes ro.
[00:17:39] k: Absolutely. Now, part of this, you have to keep in mind that a lot of these apps and everything that they're getting the data from aren't regulated entities under HIPAA.
You're only protecting health data to the ex extent that you engage in one of the 11 covered transactions. Most of them related to insurance.
So health data, and this has been a conversation for a long time, health data that's collected by apps for looking for maps. Are you looking for an abortion clinic? Many states or multiple states have. Now said that app providers have to turn in that, or police can get the information from that cuz it's not p h i and it's not, but it is information that discloses that the person is looking for an abortion clinic or for a reproductive health center or something along their purposes.
They're even using. People's typical Google searches to find this. And so HIPAA's taking the steps that they can to regulate the p h i, coming from the medical facilities themselves, the doctors, the insurance companies, the ones that are covered under HIPAA, they still can't do anything about regulating the other apps and information that individuals might have, but, , they can't regulate that.
They could only regulate what they govern. So they are taking steps to do that. What they can do for the other under like the Washington My Health, my data, trying to protect that other data that's not otherwise protected under HIPAA or other medical confidentiality laws specifically. Those in particular searches for data or using apps to regulate your menstruation.
Different things like that. So They're doing what they can under what they can do. Now, this is something where I say that yes, we need a federal privacy law. I know it's mind boggling to Europeans to understand that we don't protect health data. We only protect health data if it's governed under HIPAA, under specific transactions.
that's a longstanding argument. We need a federal privacy law and we need one that has teeth. But I also very strongly believe that we need a. Federal Privacy agency, even if they don't pass the law, they could create an agency and they could throw a bunch of these laws in there. There's a lot of laws out there, own privacy.
They're just very sectoral or topical base like the Video Privacy Protection Act. So there's a lot of these privacy.
[00:19:59] Paul: hip hop and.
[00:20:00] k: yeah, they can throw those under our Federal Privacy agency. I know they might have to coordinate with some of the agencies that might have 'em. FERPA is under education, you know, CAPA's under F T C.
You've got HIPAA under OCR R. But you could have different ways of coordinating this, but I really do think that's what we need. We are relying on our legislators to have the intelligence and the knowledge to be able to understand what kind of privacy should they be regulating, what should they be, protection.
And it takes them so long to come up to speed, and then our electoral system just throws 'em back into the meat. Grindr again, you need an agency that has experts that has staffing to be able to do this, and you have it in the eu. You've got the European Data Protection Board, you've got the European Commission, you've got the different data protection authorities under each of the countries.
Why can't we do it here? Nobody can answer that yet. Why can't we do it here? The rally cry. Woohoo. Yeah.
[00:20:56] Paul: The political will is lacking. Yeah, no, that's true. Speaking about the European Data Protection Board a change is coming there,
[00:21:04] k: Ooh, tell us. Tell us,
and have we called out specifically on the podcast of our wonderful friend, Paul Breitbart, who has been appointed to
[00:21:13] Paul: the Data Protection Authority in Jersey. Yes, it's true. I've been appointed. So I'm a regulator.
the Jersey Data Protection Authority is the statutory body that oversees the application of the data protection Jersey 2018 law. So the full application, the day-to-day.
Oversight is with the Information Commissioner and his team and above him is the authority that is responsible for the strategy of the authority and of the information commission, also the enforcement of the legislation. And I've taken up my role officially on the 1st of May
[00:21:54] k: congratulations. He's back to being a regulator. How does that surprise anybody?
[00:22:00] Paul: This is not full-time. This is on average a day a month. So I'll continue with all my other work. And I'm just going to work a little harder and, and do this on top. In a couple of weeks I'll have my first DPA meeting in Jersey. And I'm really looking forward first of all to reunite with Yako, who was my commissioner at the Dutch Data Protection Authority, who is currently the chair of the Jersey dpa.
With Elizabeth Denham who is also appointed as of the 1st of May, Steven Bollinger. And then also several local Jerseyans who are members of the, of the authority. So I'm really looking forward to to take up this role.
[00:22:42] k: and that is so exciting and we are very happy for both Steven and Elizabeth as well. I did meet Elizabeth at the I A P P, but it was a rather odd meeting because we kept passing each other and I kept intending to meet her and I finally met her in the lady's room. So maybe she remembers that. Maybe she doesn't.
But , congratulations. To all three, to everyone that was appointed. I know you'll do a fabulous job. So moving on then to the, the news and the, the other changes we were looking at.
[00:23:13] Paul: Yeah, the European Data Protection Board because Andrea Linac is stepping down. She is at the end of her five year term. And because also her term as head of the Austrian DPA comes to an end later this year she will not be eligible for reappointment. So we are looking at a new E D P B chair that is coming in the next couple of weeks.
[00:23:36] k: do we know the nominations or who's in the running?
[00:23:40] Paul: We do actually. So the board will elect both a new chair and two new vice chairs. So the, for the chair position, we have both the two deputies the current deputies who are running, so that's Fe Lak, the Bulgarian Data Protection Authority and Wolfson, who is at the helm of the Dutch Chief Data Protection Authority.
And we also have Anna Taos. She is the head of the finished dpa.
[00:24:09] k: Qualified
[00:24:09] Paul: from the first straw polls I've seen she is currently the front runner.
[00:24:13] k: Okay.
[00:24:14] Paul: for that position. For the deputy chair, we have IDO Nido from the Cypress Data Protection Authority. We have Chuka from the Latvia DPA A and Stratco VK from the Croatian D P a, all aiming for a deputy spot.
There, I haven't seen any straws yet. The elections will take place during the next E D P B plenary on the 25th of May, of course, through a secret ballot. So we should have that name on the 25th of May,
[00:24:45] k: and there's no black smoke, white smoke that goes up to let the world know that they've made a decision or not
[00:24:51] Paul: if there is black smoke above the European Parliament, then probably the European Parliament is in trouble.
So, no, there is not a chimney to watch.
[00:25:02] k: no chimney to watch.
[00:25:04] Paul: guess, I guess, we'll, I guess we'll get a press release, but it's it is an interesting, an interesting moment. And of course, the 25th of May 2023. Which is also the anniversary of the gdpr. So it's it's going to be an, it's going to be an interesting day and I'm curious to see who will be in indeed the new chair of European European Data Protection Board,
[00:25:27] k: Do you know any of them personally?
[00:25:29] Paul: I do I've met all of them actually at least the, the ones that run for chair,
[00:25:33] k: Okay.
[00:25:34] Paul: the deputy chair candidates I have not met.
[00:25:37] k: Now that's interesting.
[00:25:38] Paul: who will turn out on top. So yeah, we
[00:25:41] k: I'm meag eager
[00:25:41] Paul: I'm, I'm,
[00:25:42] k: are gonna be as well. I don't know any of them.
[00:25:45] Paul: no I'm also curious to see what will, what will happen I should correct myself because there's only one deputy chair position up for election now. Because the second deputy, which is the current Dutch dpa was only elected in 2019. So that term is only up in May, 2024.
So should Mr. Wolfson not be elected as the chair of the E D P B, then at least he will remain a deputy chair.
[00:26:14] k: I like the five year term. When we were speaking earlier about the terms, political terms, it seemed five year is a pretty common term in Europe and I like that.
Cause Well that's, that's in this case, I think mere coincidence. Yeah. So, I mean
[00:26:31] Paul: I think they picked five because that's the standard term for European elections. so most European roles are open for five years at the national level. It's mostly four years,
[00:26:41] k: Okay.
[00:26:42] Paul: Just like in the United States. So, and I think they wanted five years for Europe to make sure that not all those elections coincide all of all the time, but that they are that
there is a bit of an offspring between Yeah, they're staggered.
[00:26:56] k: Very nice.
[00:26:57] Paul: I have no idea who will come out on some, but it, it certainly will bring a change. While in DC we agreed with Andrea Yk that she will do a farewell interview with us after she has stepped down from the E D P B. So we hope to record that somewhere over the summer and bring that to you in default.
[00:27:16] k: Although I do have to say we can't expect there to be any fireworks during the podcast. We don't get any startling information, there are really cool information that conversations that go on while the recorder is not running. Not gonna say that we get any fabulous secrets or any fireworks or any dirt or anyone, but yeah, they're all very, very well spoken, very conscious of their public duty and responsibility.
[00:27:42] Paul: Absolutely. I have two more things.
[00:27:45] k: All right, spit 'em out.
[00:27:47] Paul: one from the Netherlands where the Dutch Data Protection Authority has summoned the foreign minister to appear in front of the data protection authority. And that is not something that happens every day.
[00:27:58] k: Summon Sounds bad.
[00:28:00] Paul: It is bad. The Dutch g p the, the, the new story that broke yesterday on, on the 2nd of May said that the minister was invited by the Dutch cpa, but the spokesperson for the DPA also made it clear.
That he would not just be coming for a cup of coffee and he was expected to to attend this meeting and not send civil servants in his set. And that is all because the, an investigation done by Dutch Data Protection Authority together or no, sorry. . That is all because an investigation done by News Media, one of our main newspapers together with Lighthouse Reports, which is a journalist organization doing investigatory journalism.
They found out that the Dutch gp, that's the Dutch foreign Ministry, is using an algorithm to support the assessments of Visa applications. Nothing new there, you would say, I think most countries will use some sort of algorithm, but this algorithm would spit out an answer if the request or the, the application should be reviewed in short or extensively.
And surprise, surprise, all the applications that are reviewed more extensively lead to a higher turndown level than the ones that are only given the ones over. So if the algorithm determines that you value more scrutiny, Chances are that your visa will be denied. Whereas if you get the once over, you're more than likely to to get your visa.
And this is not just a visa for the Netherlands. This would be a visa for all of, or almost all of the European Union, all the countries that are part of the Chen area. So you are allowed to travel freely across the European Union. So it's interesting to see whether this is actually standard European practice or whether this is something that only the Dutch do.
Or maybe a handful of countries too. the data Protection Officer of the Foreign Ministry last year already gave a recommendation to the political leadership to stop with the profiling of Visa applicants. And he has in the meantime resigned from his post.
So yes, this is an this is an interesting process. And I'm very curious to see what what will happen here and whether indeed the minister will show up at, at this hearing for the Dutch d p a.
[00:30:22] k: Nice.
[00:30:24] Paul: The other thing that I think we cannot not mention is the change in the leadership at Trust Dark
[00:30:30] k: Yes. We should mention that. Absolutely. So Chris Babel, who has been c e o for an awfully long time has transitioned to the board of
[00:30:41] Paul: It's 15 years or so.
[00:30:43] k: Yeah. Something.
[00:30:44] Paul: 13 years. Yeah, 13 years.
[00:30:46] k: appointed the Chief Revenue Officer, Jason West Becker is the new c e. So it is a time of transition for trust a It's exciting to see what might happen and what they're gonna grow into. Cause you know, you and I are very open that we are raving trust ARC fans. but it's gonna be interesting to see what changes.
Cuz you know, after being under the same leadership for so long, you know, a new leader has to bring in new change, new blood, new ideas and I'm excited to see what might happen.
[00:31:15] Paul: Yeah, so am I. And I mean, Jason Certainty has made a. A big impression in in, in how TrustArc operates and also how it presents itself to the outside world. I think over the past couple of years, at least from what I've seen, the company has become much more confident in, in how they present themselves and also on the quality of the products.
That is not just because of the chief revenue officer coming in, that's also I think at least in part because of anonymity, integration into
[00:31:45] k: Oh yeah.
[00:31:46] Paul: and much more content being available to run the products.
But yes, so congratulations to Jason West Becker and
[00:31:54] k: We look forward
[00:31:55] Paul: for moving on to an emeritus position in the company
And if you want to know more about Chris, listen back to episode 100, where we had him as a guest.
[00:32:06] k: yes,
[00:32:07] Paul: So on that note, I think we've we've covered a lot. We are already well over time. As always. Thank you for listening to another episode of Sirius Privacy. If you like the episodes, please rate and review us in your favorite app, on your favorite podcast platform. If you want to join the conversation, please do so on LinkedIn.
Find us under serious privacy. You'll find K on social media as hard of privacy, and myself as your Paul b. Until next week, goodbye.
[00:32:35] k: Bye y'all.