.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Ch-Ch-Ch-Changes
Hello all, and thanks for reading today.
Read Now
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Hello all, and happy Thursday!
I’m sure a lot of the privacy professionals who read this newsletter can relate—it's tough to demonstrate the tangible ways that data privacy impacts the business to non-privacy stakeholders. Privacy can feel pretty abstract, but the consequences of getting it wrong are very concrete.
One of our stories this week highlights recent penalties handed out by the SEC on public tech companies misrepresenting their cybersecurity disclosures. The penalties amounted to ~$7 million handed out to four companies for minimizing the scope of the past breaches, among other violations.
Had these organizations minimized their data collection and deleted unneeded data, they may not have felt the need to be misleading about the scope of their breach. The breach may have in fact only impacted a few records because there would have only been a few records to be impacted!
Instead, we can observe a domino effect in action: too much data on hand exacerbated a data breach, the data breach hurts customer trust, misrepresenting the data breach yields an SEC fine, all of which ultimately spooks investors. When it comes to data privacy, an ounce of prevention is worth a pound of cure.
Best,
Arlo
Highlights from Osano
In Case You Missed It...
4 Ways Privacy in Business Generates ROI
Investing in data privacy can generate returns by as much as $2.7 for every dollar spent. How? Find out in this blog.
Upcoming Webinars and Events
Unlock Privacy ROI: Why Making Cross-Functional Allies Is Key
How can privacy prove its value to the business and be seen as more than "just" a cost center? Find out how to demonstrate ROI and gain allies in this webinar.
November 7th | Save your seat
Top Privacy Stories of the Week
France and Belgium Join Forces in Telegram Probe
French and Belgian investigators are teaming up in an effort to go after Telegram and its CEO Pavel Durov. The French prosecutor is already looking into charges against the Russian-born tech tycoon which include complicity in managing an online platform “in order to enable an illegal transaction in organized group,” and refusal to cooperate with law enforcement authorities. Now, Belgium has joined the investigation after Belgian authorities noted a similar refusal by Durov to cooperate with law enforcement.
Justice Department Issues Comprehensive Proposed Rule Addressing National Security Risks Posed to U.S. Sensitive Data
A proposed rule would establish measures to prevent certain foreign countries from accessing sensitive personal data. The rule would identify certain data transactions that pose an unacceptable risk of exposing government-related data or bulk U.S. sensitive personal data. Among other things, the proposed rule identifies classes of prohibited and restricted transactions, identifies countries of concern and covered persons, identifies classes of exempt transactions, clarifies roles and responsibilities, and more.
TikTok Owner ByteDance Prepares $1b to Cover EU’s Future Penalties
ByteDance is preparing for significant legal and financial repercussions as it faces multiple lawsuits and investigations related to TikTok. Following a record US$370 million fine imposed by Ireland’s Data Protection Commission last September for mishandling children’s personal data, recent corporate filings disclose that the company has set aside US$1 billion to cover future penalties from European privacy regulators.
CJEU Rules that Data Minimization Principles Limit the Personal Data that Can Be Used for Targeted Advertising
In a recent court case against META, the Court of Justice of the European Union (CJEU) ruled that not all data can be used for the purposes of personalized advertising. Specifically, the CJEU’s decision ruled that even public data may not be used for targeted advertising, that storage limitation principles still apply to data used for targeted advertising, and other important decisions.
SEC Imposes Nearly $7 Million in Penalties on Tech Companies for Misleading Cybersecurity Disclosures
The US Securities and Exchange Commission (SEC) has taken a decisive stance on cybersecurity disclosure violations, announcing a $6.985 million enforcement action against four technology companies for what it described as "materially misleading" disclosures about cyber incidents. The penalties target companies affected by the infamous SolarWinds Orion software compromise, highlighting the regulator's growing scrutiny of how firms communicate their cyber risks to investors.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!