AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: March 14, 2024
Hello all, and happy Thursday!
Bourbon, bluegrass, and—data privacy? Kentucky is on track to become the 15th state to enact its own comprehensive data privacy law. As of this writing, Kentucky’s proposed legislation has passed the Senate and is en route back to the House, where legislators are expected to agree to minor changes made to the bill in the Senate. After that, it’s off to the governor’s desk for signature.
If you’re wondering what to expect in the law, look to Virginia’s data privacy law—Kentucky’s proposed law was modeled after the VCDPA.
Eagle-eyed readers may wonder at the number 15 in the paragraph above. Kentucky is in line to become number 15 because New Hampshire just became number 14! I mentioned the New Hampshire data privacy law in this newsletter before, but it had been sitting on the governor’s desk for some time now. Governor Sununu, however, has gotten around to signing the bill, making it the law of the land.
You can expect to see some summaries and insights from the Osano team on these two new laws in the near future. Stay tuned!
Best,
Arlo
P.S. We’re still on the hunt for a Senior Privacy Program Manager! Lead privacy enablement internally and externally on a growing, fully remote team! Click here to learn more and apply.
Nearly three years after the European Commission first proposed a regulatory framework for artificial intelligence, the European Parliament put its final stamp on the EU AI Act. Parliament voted 523-46 in favor of the proposed regulation on March 13. The regulation creates tiers of risks and requirements for how AI technologies need to be operated. It also requires human oversight and data governance of systems as well as technical documentation of how those systems work.
In a new study, researchers found they could manipulate Google's AI technology to—among other things—generate election misinformation, explain in detail how to hotwire a car, and cause it to leak system prompts. By feeding Gemini unexpected input, called “uncommon tokens,” the researchers were able to trick it into reveal sensitive information, as is the case with ChatGPT and other AI models
Carlton Fields recently released its 13th annual Class Action Survey, which provides an overview of important issues and practices related to class action matters and management. Several findings related to data privacy, including 1) 24% of in-house corporate legal department respondents said they expected data privacy and cybersecurity to be the next wave of class actions to slam their company; 2) 12% of respondents said data privacy posed the biggest class action risk, up from 8% in 2022; 3) Data privacy is also partially fueling litigation’s growing complexity (74% of respondents) and high risk (45%); and 4) 44% expect generative AI to spark data privacy-related class actions.
It appears Kentucky will join the growing cadre of U.S. states with their own data privacy laws. Kentucky House Bill 15 received unanimous passage out of the Senate on March 11th. Now, it’s headed back to the House for concurrence on minor Senate amendments before heading to the governor’s desk for signature. HB15 was modeled after Virginia’s privacy law, and if signed, will go into effect on 1 January 2026.
New York will soon join California, Colorado, Illinois, and a number of other states that protect employees’ and job applicants’ social media privacy. Starting March 12, 2024, employers in New York are prohibited from requesting or requiring employees and job applicants to disclose their usernames, passwords, or login information to personal social media and other “personal accounts.”
Confused about the CPRA’s “Do Not Sell” requirements? You’re not alone. What does your organization need to do, and how can it meet its compliance obligations? We answer those questions here.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.