ADMT & Employment
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Updated: February 17, 2022
Published: December 10, 2021
Hi! Happy holidays! I’ve been watching very corny Netflix holiday movies, like “Christmas with a Prince.” I refuse to apologize. It’s just that time of year, even after a terrible year globally, that things start to feel nostalgic and cozy. It’s not that I enjoy the movies; it’s just that they put me in the mood for wildly long hours with awkward relatives and snuggling with my mom back in Maine. And that’s where I’m headed tomorrow!
Anyway: This week, I hosted a chat among three privacy experts on the new California law. We had a healthy crowd, but I know some of you would have liked to hear about the California Privacy Rights Act but couldn’t attend. Here are some of the main points:
Remember, the CPRA comes into effect (in full) on Jan. 1, 2023. It applies to companies that bring in a gross annual revenue of more than $25 million in the previous year. Or, companies that buy, receive or sell the personal information of at least 100,000 California residents or households or devices.
Does CPRA change the legal compliance landscape significantly?
Yes. Companies now need to take a deep dive into their data and figure out what information they collect, where it’s stored and how it’s used. It’s also imperative to look at third parties with whom you might share that data and ensure they have the right contracts in place to keep your user data secure. If you’ve done GDPR compliance, you should have most of the basics down. But if privacy hasn’t been a priority for your company yet, you’re going to need to allocate resources and start moving.
Biggest changes in the landscape?
The CPRA creates:
Look-back provision
The look-back provision requires that companies must provide the personal information they’ve collected on or after Jan. 1, 2022. So even though the CPRA doesn’t come into effect until 2023, this part of the law actually “looks back” at the year prior. If a consumer makes an access request, meaning they want to know what data you’ve collected about them, you have to be able to show them the data you’ve collected about them since Jan. 1, 2022.
How does the CPRA change user rights?
The CPRA implements several expanded user rights. For example, users have the right to opt-out of cross-contextual advertising, users’ rights to data deletion have been expanded, and the right to data portability has been expanded. Users now have the following rights under CPRA.
What should I do first?
Start data mapping. And not with an excel spreadsheet, if you can help it! Use an automated tool to figure out what data you have, where it is, with whom you share it. Once you have a picture of what’s happening with the data your company collects, you can make smart decisions about handling it according to the law’s mandate.
For now, enjoy this roundup of the big privacy news since I last wrote you, and I’ll see you next time.
Government’s ‘listening sessions’ on privacy and civil rights revive efforts for federal law
As we reported in last week’s Privacy Insider, the U.S. National Telecommunications and Information Administration has announced it will host a series of “listening sessions” on how data collection impacts equity and civil rights. Former FTC director Jessica Rich writes for JD Supra and states that the announcement is significant because the NTIA is “the President’s principal advisor on information policy issues,” and its focus “affirms that the link between privacy and civil rights is now a widely accepted policy position.”
Read Story
Cyberattacks and ransomware dominated 2021
CNET reports on the cyberattacks that dominated headlines throughout 2021, disrupting governments, major companies and supply chains. There was the January attack against SolarWinds, which the FBI and NSA suggested Russia backed. Then there was the Colonial Pipeline ransomware case, among others. According to the Department of Treasury, suspected ransomware payments totaled $590M for the first six months of this year, surpassing the $416M payments in all of 2020.
Read Story
How to leverage Apple’s iOS update to gain competitive advantage
Apple’s recent iPhone update has impacted millions of users and brands trying to get in front of their eyeballs. The iOS15 changes put restrictions on marketing and data tracking, and many brands have reported losses as a result. The Drum reports on ways brands can leverage the changes to improve strategy and gain a competitive advantage.
Read Story
Defense bill draft excludes provisions on mandatory cyberattack reporting
In the US, negotiations on a “must-pass defense bill” have excluded provisions that would have mandated many companies to report major cyberattacks and ransomware payments to federal officials, CyberScoop reports. “It’s a big setback for backers of the reporting mandates, as attaching provisions (of the agreement) has been the path for a number of monumental cyber ideas to become law,” the report states.
Read Story
Canadian commissioner: Gov’t must make privacy reform a priority
Canada’s privacy commissioner said the government “must make privacy reform a priority,” in his annual report to Parliament this week. “There is no doubt that the modern economy will increasingly depend on the value of data,” Commissioner Daniel Therrien said. “The new Parliament must legislate to enable responsible innovation, but this should be done within a rights-based framework that recognizes the fundamental right to privacy.”
Read Story
Jamaica appoints its first data protection commissioner
Jamaica’s first data protection commissioner, Celia Barclay, took office effective Dec. 1. The commissioner was appointed under Jamaica’s Data Protection Act, which passed in 2020. Barclay will be responsible for ensuring compliance with the law, advising the government on data privacy issues and spreading public awareness, reports the Jamaica Gleaner.
Read Story
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Osano Staff is pseudonym used by team members when authorship may not be relevant. Osanians are a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.