ADMT & Employment
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: March 23, 2023
Hi all, and happy Thursday. Pop quiz.
Which U.S. state:
The answer is Iowa!
Senate File 262 recently passed the Iowa Senate and Iowa House without opposition and, as of this writing, awaits Governor Kim Reynolds’ signature. Given the overwhelming bipartisan support for the bill, it seems likely that Governor Reynolds will sign Senate File 262 into law.
The bill broadly maps to other state privacy laws, that it trends toward the more business-friendly side, like Utah’s privacy law. As an example, “sales” of user data are narrowly defined as an exchange for monetary compensation and does not include other valuable considerations, as is the case in other data privacy laws. It also gives businesses 90 days to respond to data subject access requests (DSARs) rather than the typical 45-day period seen in U.S. laws. Most notably, it features a non-sunsetting right to cure—businesses will always be given notice and opportunity to fix violations before being penalized.
It’s still early in 2023, and Iowa’s bill is just one of many under consideration. It seems likely we’ll be seeing even more U.S. states enact data privacy legislation this year—unless the American Data Privacy Protection Act (ADPPA) makes yet more progress. Time will tell!
Best,
Arlo
P.S. We’ll be in Washington, D.C., to attend the International Association of Privacy Professionals (IAPP) Global Summit this April 4th and 5th!
If you’re attending, come say hi! You can schedule a meeting here (and you might win a $500 Airbnb gift card, too 💰🌴).
Data Act: EU parliamentarians back new rules for fair access to and use of industrial data
Members of the European Parliament have introduced draft legislation referred to as the Data Act, which would remove barriers to accessing data for the development of specific services, particularly AI technologies. The legislation was adopted with 500 votes to 23, with 110 abstentions, although it has a long path ahead before it becomes law.
Iowa is about to get its own privacy law
Iowa is on the cusp of enacting its own comprehensive data privacy law, making it the sixth state to do so. All that remains in the legislative process is Iowa Governor Kim Reynolds’s signature or veto. If signed, the law will go into effect on January 1, 2025.
EU privacy regulators coordinate to assess compliance with the GDPR rules on data protection officers
The European Data Protection Board (EDPB) announced a coordinated investigation of data protection officers (DPOs) in businesses subject to the GDPR. EDPB officials plan on sending questionnaires to DPOs to determine whether a formal investigation is warranted, investigating identified DPOs, and following up pending the results of their investigations.
Austrian data protection authority declares Meta’s tracking tools to be illegal
The Austrian Data Protection Authority (DSB) has determined that Meta’s tracking pixel violates the GDPR and the EU’s ruling on international data transfers. The decision comes on the heels of a number of complaints from data advocacy group noyb (or “none of your business”)
TikTok plasters DC with ads before skeptical lawmakers confront CEO
TikTok engaged in a PR blitz leading up to its chief executive officer testifying today. CEO Shou Chew is scheduled to appear before the House Energy and Commerce Committee on Thursday to discuss the social media app’s plan to house U.S. data with Oracle in order to prevent undue access by Chinese officials.
CFPB launches inquiry into the business practices of data brokers
The Consumer Financial Protection Bureau (CFPB) has launched an inquiry into companies whose primary business is the buying and selling of individuals’ personal information. Few consumers directly interact with these data brokers, yet many of the systems that collect consumers’ personal information pass that info onto data brokers, either directly or indirectly. The inquiry aims to determine whether the Fair Credit Reporting Act regulates these entities appropriately.
OpenAI shuts down ChatGPT to fix bug exposing user chat titles
OpenAI temporarily shut down its popular ChatGPT service on Monday morning after receiving reports of a bug that allowed some users to see the titles of other users’ chat histories. The bug raises concern over how secure and private users’ chats with ChatGPT really are.
Osano blog: What is an employee privacy policy? Does my company need one?
With the CPRA, more businesses are required to honor employee data subject access requests (DSARs) than ever before. In this blog, we break down why businesses need to respond to employee DSARs, why this necessitates an employee privacy policy and more.
Come meet us in D.C. on April 4th and 5th for a chance to win a $500 Airbnb gift card!
Osano will be attending the International Association of Privacy Professionals (IAPP) Global Summit in Washington, D.C., on April 4th and 5th. If you’re planning on attending, come say hi! If you come to booth #318 at the IAPP Global Summit, we’ll enter you into a raffle to win a $500 Airbnb gift card. Looking forward to connecting in person!
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.