Hello all, and happy Thursday!
I’m sure a lot of the privacy professionals who read this newsletter can relate—it's tough to demonstrate the tangible ways that data privacy impacts the business to non-privacy stakeholders. Privacy can feel pretty abstract, but the consequences of getting it wrong are very concrete.
One of our stories this week highlights recent penalties handed out by the SEC on public tech companies misrepresenting their cybersecurity disclosures. The penalties amounted to ~$7 million handed out to four companies for minimizing the scope of the past breaches, among other violations.
Had these organizations minimized their data collection and deleted unneeded data, they may not have felt the need to be misleading about the scope of their breach. The breach may have in fact only impacted a few records because there would have only been a few records to be impacted!
Instead, we can observe a domino effect in action: too much data on hand exacerbated a data breach, the data breach hurts customer trust, misrepresenting the data breach yields an SEC fine, all of which ultimately spooks investors. When it comes to data privacy, an ounce of prevention is worth a pound of cure.
Best,
Arlo
Investing in data privacy can generate returns by as much as $2.7 for every dollar spent. How? Find out in this blog.
How can privacy prove its value to the business and be seen as more than "just" a cost center? Find out how to demonstrate ROI and gain allies in this webinar.
November 7th | Save your seat
French and Belgian investigators are teaming up in an effort to go after Telegram and its CEO Pavel Durov. The French prosecutor is already looking into charges against the Russian-born tech tycoon which include complicity in managing an online platform “in order to enable an illegal transaction in organized group,” and refusal to cooperate with law enforcement authorities. Now, Belgium has joined the investigation after Belgian authorities noted a similar refusal by Durov to cooperate with law enforcement.
A proposed rule would establish measures to prevent certain foreign countries from accessing sensitive personal data. The rule would identify certain data transactions that pose an unacceptable risk of exposing government-related data or bulk U.S. sensitive personal data. Among other things, the proposed rule identifies classes of prohibited and restricted transactions, identifies countries of concern and covered persons, identifies classes of exempt transactions, clarifies roles and responsibilities, and more.
ByteDance is preparing for significant legal and financial repercussions as it faces multiple lawsuits and investigations related to TikTok. Following a record US$370 million fine imposed by Ireland’s Data Protection Commission last September for mishandling children’s personal data, recent corporate filings disclose that the company has set aside US$1 billion to cover future penalties from European privacy regulators.
In a recent court case against META, the Court of Justice of the European Union (CJEU) ruled that not all data can be used for the purposes of personalized advertising. Specifically, the CJEU’s decision ruled that even public data may not be used for targeted advertising, that storage limitation principles still apply to data used for targeted advertising, and other important decisions.
The US Securities and Exchange Commission (SEC) has taken a decisive stance on cybersecurity disclosure violations, announcing a $6.985 million enforcement action against four technology companies for what it described as "materially misleading" disclosures about cyber incidents. The penalties target companies affected by the infamous SolarWinds Orion software compromise, highlighting the regulator's growing scrutiny of how firms communicate their cyber risks to investors.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!