ADMT & Employment
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: August 22, 2024
Hello all, and happy Thursday!
With nearly 3 billion records exposed, the National Public Data breach is up there with the largest data breaches of all time. Technically, that dubious honor belongs to Yahoo, whose 2013 breach affected 3 billion accounts. National Public Data’s breach only exposed 2.9 billion records (which doesn’t necessarily mean 2.9 billion individuals).
Fortunately, a significant portion of the exposed data appears to be inaccurate. This, too, is unsurprising considering that National Public Data is alleged to have collected it via scraping.
But this suggests another question: Why would National Public Data undertake this incredibly risky, ethically dubious mass collection of personal information for data that isn’t even accurate? Why put your organization at risk in this way when the payoff is so unreliable? One can only assume that these questions were simply never considered.
Best,
Arlo
P.S. If you don’t know where your data lives, you don’t know if it’s generating excess risk for your organization. Register for our upcoming webinar, A Sneak Peek into Data Mapping, to find out how data mapping can give you insight into and control over the data you handle.
Learn how Lattice puts privacy first by building compliance into marketing operations
The Cost of Noncompliance: More Than Just Fines
Thursday. August 29th | Save Your Seat
Thursday, September 12th | Save Your Seat
Class action complaints across the state of Arizona allege that certain common uses of pixel-tracking technology in marketing emails violate Arizona’s Telephone, Utility, and Communication Service Records Act. The complaints contend that the information procured by these pixels (e.g. information indicating when an email is opened and read) constitutes a “communication service record” as defined by the act. The act forbids organizations from obtaining communication service records without consent by fraudulent, deceptive, or false means.
Recent activity out of Texas suggests the Lone Star State is trying to stake its claim to being a lead authority on alleged consumer protection and privacy violations. The Texas attorney general's office recently netted a USD 1.4 billion settlement with Meta over alleged nonconsensual biometric data use. The office followed that up with a lawsuit against automaker GM claiming it sold driving data to insurance companies without knowledge or consent. Additionally, the attorney general's office has sent more than 100 compliance letters to companies citing a lack of data broker registrations in violation of the Data Broker Law. More enforcement actions may be on the horizon, particularly regarding the Texas Data Privacy and Security Act.
A US Court issued an opinion partially upholding—and partially vacating—the District Court for the Northern District of California’s preliminary injunction preventing the California Age-Appropriate Design Code Act (CAADCA) from going into effect. Specifically, the opinion upheld the district court’s injunction related to privacy impact assessment (PIA) provisions. Although the court's decision has not yet gone into effect, businesses subject to the CCPA may soon find themselves on the hook for complying with many provisions in the CAADCA.
The Swiss Federal Council has added the US to the list of countries with an adequate level of data protection. Effective September 15, 2024, US organizations that certify to the Swiss–U.S. Data Privacy Framework (DPF) can commence receiving transfers of personal data from Switzerland without implementing additional safeguards.
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. Recently, it was discovered that another NPD data broker (which shares access to the same consumer records) inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.