Ch-Ch-Ch-Changes
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: October 12, 2021
Most of the time, when you read a new law, the most important detail is the effective date. After all, that's the date you must comply with the law, right?
While that's true for California's newest privacy law, there's a catch: the California Privacy Rights Act contains a provision requiring that organizations must be able to provide consumers access to all the data collected about them starting a full year before the law becomes effective on Jan.1, 2023. So, if your roadmap to comply with California stretched over the next two years, you'll want to pay attention to this.
It's a sneak provision that could bite you, if not.
In this week's lead story, journalist Sam Pfeifle explains in-depth what you must do to comply with the California law. But here are the highlights on key changes within the CPRA:
These provisions operationalize the CPRA's requirement that consumers have the "right to access" their data. Under the previous law, the California Consumer Privacy Act, this was called the "right to know," but its name was revised.
It's an important enough topic that we're going to have a Twitter Spaces chat about it this week. If you're interested in learning more about how to comply with the CPRA's look back, join us Thursday, Oct. 14, for a 20-minute briefing at this link. For details beforehand, or if you're just not into Twitter, check out Sam Pfeifle's piece for us below.
Enjoy reading, and I'll see you next week!
How to comply with that sneaky 'look-back' provision in California's new privacy law
We’re closing in on Jan. 1, 2023, when the California Privacy Rights Act (CPRA) will come into effect. It replaces the California Consumer Privacy Act, making it look a bit more like Europe’s privacy law. And while the effect date is technically 2023, there’s a sneaky provision embedded in the legislation that requires organizations to be able to show consumers all the data you’ve collected about them starting on Jan. 1, 2022. A whole year ahead of time. Here’s what you need to do to prepare.
Read Story
Report: More breaches in 2021 to date than in all of 2020
The number of data breaches this year already surpassed the total number in 2020, Fortune reports. According to an Identity Theft Research Center report, there have been 1,291 data breaches so far this year. In 2020, there was 1,108 total. The most popular hacking tools related to cyberattacks have been phishing and ransomware.
Read Story
European Parliament vote calls for a ban on facial recognition
Last week, the European Parliament called for a ban on police use of facial recognition technology in public places and in predictive policing, Politico reports. “This is a huge win for all European citizens,” said Peter Vitanov, who introduced the adopted resolution. While it doesn’t change anything legally, the resolution indicates how Parliament might vote in upcoming negotiations on an artificial intelligence bill drafted by the European Commission, which calls for restrictions on facial recognition technology.
Read Story
Japanese tech giant hit by cyberattack on US systems
Japanese technology company Olympus has confirmed it was hit by a cyberattack that shut down its systems in the U.S., Canada and Latin America last weekend, TechCrunch reports. It’s the second time Olympus has reported an attack in two months, though the previous incident affected its European, Middle East and Africa networks. A ransomware note indicated BlackMatter, a ransomware-as-a-service group, was responsible. It’s unclear whether the same group conducted this hack. Olympus said its investigation is ongoing, and it will provide updates as information becomes available.
Read Story
California governor signs genetic data privacy and security law
Last week, California Gov. Gavin Newsom signed legislation aiming to protect individuals from identity theft better. AB 825 expands the definition of personal data within state data breach requirements to include biometric data. SB 41 establishes the Genetic Information Privacy Act, which will require genetic data companies like 23andme, among others, to tell consumers about its data practices and disclosures. It requires consumers’ express consent for a genetic testing company to share data with law enforcement. The rules take effect Jan. 1, 2022.
Read Story
Google removes ‘stalkerware’ app ads
Google has removed several ads selling “stalkerware” to consumers for violating its policies, TechCrunch reports. The spyware apps target parents who want to monitor their children’s messages and locations. But they’re often used by abusers to spy on their spouses’ phones, the report states. The rise in such nefarious uses in recent years prompted the Federal Trade Commission to take action against spyware developers. In August, Google banned apps designed to spy on another person without their authorization. Google recently found five stalkerware app makers’ ads as recently as last week.
Read Story
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.