Platform
- The Osano Platform Overview
  
  Get an overview of the simple, all-in-one data privacy platform
- Features & Integrations
  
  Key Features & Integrations
Solutions
- By Regulation
- CPRA
  
  Discover how Osano supports CPRA compliance
- CCPA
  
  Learn about the CCPA and how Osano can help
- GDPR
  
  Achieve compliance with one of the world’s most comprehensive data privacy laws
- By Organization Type
- Start-Up
  
  Don’t let data privacy compliance get in the way of growth
- Mid-Sized
  
  Preserve your competitive edge
- Enterprise
  
  Manage data privacy at scale
- By Use Case
- Consent Management
  
  Manage consent without the complexity
- DSAR Automation
  
  Never miss a DSAR deadline again
- Privacy Program Management
  
  Build and grow an end-to-end privacy program
- Vendor Risk Management
  
  Regain insight and control over your customers’ data
Resources
- Resources
  
  Key resources on all things data privacy
- Articles
  
  Expert insights on all things privacy
- Resource Center
  
  Key resources to further your data privacy education
- Customer Stories
  
  Meet some of the 5,000+ leaders using Osano to transform their privacy programs
- U.S. Data Privacy Laws
  
  A guide to data privacy in the U.S.
- Product Updates
  
  What's the latest from Osano?
- Become a Privacy Insider
  
  Data privacy is complex but you're not alone
- The Newsletter
  
  Join our weekly newsletter with over 35,000 subscribers
- The Podcast
  
  Global experts share insights and compelling personal stories about the critical importance of data privacy
- The Book
  
  Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
- Events
  
  Upcoming webinars and in-person events designed for privacy professionals
Latest Blog post

Ch-Ch-Ch-Changes

Hello all, and thanks for reading today.
Read Now
Company
- About Us
  
  The Osano story
- Careers
  
  Become an Osanian and help us build the future of privacy!
- Contact
  
  We’re eager to hear from you
- Our Pledge
  
  No fines, no penalties
- Data Licensing
  
  Add Osano data privacy ratings and recommendations to your application
- Osano Swag Store
  
  Increase Trust. Stay Compliant. Get Cool Swag.
- Press & Media
  
  Inquiries and Osano in the news
- Partners & Resellers
  
  Interested in partnering with us?
Pricing
Sign In Book a Demo

Privacy Insider newsletter: Feb 9, 2021

Osano Staff

Published: February 9, 2021

Sign up for our newsletter

While the SolarWinds hack has been public for some time, its repercussions continue to reverberate. The hackers, allegedly working on Russia’s behalf, broke into the IT-management firm’s system and added malicious code into a system called “Orion,” which thousands of companies and U.S. government agencies use to manage IT.

It’s estimated that some 33,000 SolarWinds customers could be impacted after the hackers installed malware into various systems to “spy on companies and information,” Business Insider reported.

Security experts are calling the hack the worst breach in U.S. history, noting it will take millions of dollars and a long time — years — for impacted agencies and organizations to fortify their systems again.

The additional nightmare here is that the long recovery ahead is obvious to companies who directly use SolarWinds. But it gets trickier to detect if someone in your supply chain uses SolarWinds.

In general, vendors don’t include a list of their sub-processors in contracting with clients. While asking for such a list before signing is becoming more commonplace, it isn’t generally part of the transaction. Are you sub-processors using SolarWinds? You should find out.

The hack is a super unfortunate reminder for all organizations to be cautious when choosing vendors and be vigilant about with whom they choose to work.

Enjoy reading, and see you next week!

Angelique

It wasn’t just Russia: China also hacked SolarWinds
Two months ago, a Russian hack into network-management company SolarWinds made headlines all over the world. Once the hackers infiltrated SolarWinds’ system, they launched a supply-chain attack that could ultimately affect “close to 18,000 of the company’s customers,” The Wall Street Journal reported. But it appears that China also hacked into SolarWinds through a different vulnerability than the Russians found, targeting the U.S. Department of Agriculture’s National Finance Center, Wired reports.
Read Story
Virginia likely to pass privacy law soon
Virginia looks ready to pass consumer privacy legislation, “which would make the commonwealth the latest domino to fall in a state-by-state push for data protections,” The Wall Street Journal reports. The state’s Senate and House of Delegates passed versions of the bill recently and will now work to bridge any gaps between the two texts. The bill would allow Virginia residents to correct and delete data, as well as grant them the right to opt-out of the sale of their personal data by the companies that collect it.
Read Story
Canadian privacy commissioners say Clearview AI collected data illegally
Clearview AI has been in trouble for some time over its facial recognition technology, facing lawsuits and investigations around the world. This week, Canada’s privacy commissioners said the technology is “illegal” in Canada and called on the company to delete any photos of Canadians’ faces from its database, The Verge reports. The commissioners released a report this week stating their investigation found Clearview “collected highly sensitive biometric data without consent” and used the data inappropriately.
Read Story
Human rights body launches petition against Singapore’s student laptop monitoring
Singapore’s government plans to ensure every secondary student has a computer for at-home learning during the COVID-19 pandemic, Reuters reports. But the computers will contain software that allows teachers to view and control their students’ screens remotely. The monitoring software's vendor says its product would not track location data or passwords, but Human Rights Watch has launched an online petition against the plan, citing student privacy concerns.
Read Story
Stakeholders call for updated definition of “personal information” in Privacy Act
As Australia’s attorney general reviews the country’s Privacy Act of 1988, stakeholders weigh in on what should change. Many public comments call for a law similar to the EU’s General Data Protection Regulation, which should include a revised definition of “personal information” under the law. Microsoft, among others, said the definition should include data that “relates to an identified or identifiable individual,” ZDNet reports.
Read Story
EU antitrust commissioner to Apple: Treat all apps the same
The EU’s antitrust enforcer, Margrethe Vestager, has warned Apple it must treat all apps on its platform equally after it recently announced it would ask iPhone users for consent to track their data so it can serve them personalized ads. The move will “limit apps’ ability to gather data from people’s phones that can be used for targeted advertising,” Reuters reports. Facebook has called the move anti-competitive.
Read Story

Schedule a demo of Osano today

Privacy Policy Checklist

Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.

Download Now

Osano Staff

Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.

Blog

Check out some of our latest articles

Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.

View All Blog Posts View All Resources

Simplify Data Privacy Compliance

With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.

Book a Demo

The Osano Platform Overview

Cookie Consent

Subject Rights Management

Assessments

Unified Consent & Preference Hub

Data Mapping

Vendor Privacy Risk Management

Features & Integrations

Privacy Templates

GDPR Representative

Consult Privacy Team

Regulatory Guidance

Integrations

CPRA

CCPA

GDPR

Start-Up

Mid-Sized

Enterprise

Consent Management

DSAR Automation

Privacy Program Management

Vendor Risk Management

Articles

Resource Center

Customer Stories

U.S. Data Privacy Laws

Product Updates

The Newsletter

The Podcast

The Book

Events

Ch-Ch-Ch-Changes

About Us

Careers

Contact

Our Pledge

Data Licensing

Osano Swag Store

Press & Media

Partners & Resellers

Privacy Insider newsletter: Feb 9, 2021

Osano Staff

In this article

Sign up for our newsletter

Share this article

Privacy Policy Checklist

Osano Staff

Osano Staff

Share this article

Blog

Check out some of our latest articles

Ch-Ch-Ch-Changes

What a Week. Lots to Unpack.

No Data Protections for Employees?

Simplify Data Privacy Compliance