AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: August 29, 2024
Hello all, and happy Thursday!
Last week, you may have noticed a story in our newsletter about CIPA-style class action lawsuits coming to Arizona. The California Invasion of Privacy Act (CIPA) is a 60s-era law meant to protect citizens from wiretapping—in recent times, it’s become popular amongst the plaintiff’s bar to bring lawsuits against organizations on the grounds that modern internet marketing technologies count as CIPA violations.
Apparently taking inspiration from California law firms, Arizonan lawyers have been bringing class action lawsuits against organizations on the grounds that these tracking technologies constitute a violation under the Telephone, Utility, and Communication Service Records Act.
This week, yet another apparently unrelated, decades-old law is being used to sue businesses over modern privacy violations. The Song-Beverly Credit Card Act, originally meant to limit the collection of personal information during in-person transactions, is being used as grounds to sue retailers over excessive data collection.
But this shouldn’t come as a surprise; so long as there’s a chance at a legal victory, enterprising law firms will repurpose these old laws to go after organizations that are easy targets. Your best bet is to not be an easy target by adhering to robust data minimization and retention practices.
Best,
Arlo
50+ free data privacy resources, including templates, trackers, and more!
Today at 1 PM EST! | Save Your Seat
Thursday, September 12th | Save Your Seat
Recently, an expert committee appointed under the Thai Personal Data Protection Act (PDPA) of 2019 issued an administrative fine to a major private company involved in online sales. The company allowed a significant amount of personal data to leak to call center gangs without implementing adequate security measures as required by the PDPA. The committee imposed the maximum administrative fine of 7 million baht (approximately $205,520).
Attorney General John M. Formella announces the creation of a new Data Privacy Unit that will be primarily responsible for enforcing the New Hampshire Data Privacy Act. “Ensuring accountability, transparency, and consumer choice regarding how companies handle and monetize the personal data of their customers is a priority of my office,” said Attorney General Formella in a press release.
The Dutch Data Protection Authority (DPA) imposes a fine of 290 million euros on Uber. The Dutch DPA found that Uber transferred the personal data of European taxi drivers to the United States and failed to appropriately safeguard the data with regard to these transfers. According to the Dutch DPA, this constitutes a serious violation of the GDPR. In the meantime, Uber has ended the violation.
A decades-old law protecting personal information during California credit card transactions is fueling a new wave of privacy litigation that could challenge how online retailers do business. The Song-Beverly Credit Card Act, passed in California in 1971, limits retailers’ collection of personal information during in-person transactions unless it's necessary to process the credit card transaction. Much like the wave of pixel-tracking cases over the past two years citing California wiretap laws, the new Song-Beverly disputes ask if companies are strictly acting as service providers without monetizing collected data and if it’s essential to solving business needs.
Recently, Illinois Governor JB Pritzker signed HB 3773, which amends the Illinois Human Rights Act to address employers’ use of artificial intelligence (AI). Illinois employers that use any automated tools to make employment-related decisions are encouraged to prepare for compliance with the new law, which takes effect on January 1, 2026.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.