Hello all, and thanks for reading today.
The theme of this week’s privacy stories seems to be automated decision-making technology (ADMT)—in particular, ADMT used in the context of employment decisions.
Both California and UK authorities have recently issued proposals to regulate the use of ADMT. Employers will likely face the most stringent requirements, both due to the ubiquity of ADMT in employment contexts as well as the significance of those decisions. Often, ADMT can be the difference between one individual getting a job or a promotion or another.
When it comes to AI, profiling, and ADMT, the adage “garbage in, garbage out,” is well-earned. There is already a wealth of legislation out there to ensure that human beings don’t let their conscious and unconscious biases impact employment decisions. It makes sense that we would need additional regulations for the automated systems we deploy to handle employment decisions. They can only reflect our biases—just faster and at larger scales.
Best,
Arlo
P.S. I know I speak for the whole Osano team when I say it’s a privilege to support businesses in their journey to secure customer trust and achieve compliance. If your organization has benefited from Osano, consider swinging by our TrustRadius page and leaving a product review. Even if you’re not an Osano user, you might enjoy seeing what others have to say!
Privacy risk can seem awfully abstract—until you quantify it. This article shows you how to develop a scoring methodology at your organization.
Eight new data privacy laws go into effect over the course of 2025. Is your organization prepared? Find out all the essential information for compliance here.
Osano’s Rachael Ormiston teams up with Husch Blackwell’s Shelby Dolen and TK Lively to break down the new requirements businesses will face in 2025.
Last month was a busy one for the California Privacy Protection Agency (CPPA), including draft rules for automated decision-making and risk assessments, an announced enforcement sweep, and more.
Changes to how employers can use automated decision-making technologies were among the rule updates the CPPA considered in November. This article dives deeper into this particular set of updates and how employers should respond.
Texas’ attorney general is continuing his aggressive but quiet enforcement of the state’s new comprehensive data privacy law, sending four new violation notices to companies in recent weeks. Attorney General Ken Paxton warned satellite radio broadcaster Sirius XM and three app companies that they appeared to be sharing consumers’ sensitive data without clearly notifying them about aspects of their practices or obtaining user consent.
Access to historic sales records is becoming more restricted due to increased confidentiality periods at auction houses and dwindling resources for archiving, industry professionals say. Because of the GDPR, many auction companies are unwilling to give out information that proves the title and provenance of historical works of art, leading to legal battles in some cases.
Recently, the UK’s Information Commissioner’s Office (ICO) published an outcomes report on AI tools in recruitment. This report breaks down a series of audits that revealed AI tools were making inferences regarding gender and ethnicity, over-collecting personal data, and retaining that data indefinitely.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!