AI Bellwethers in the US and EU
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: May 30, 2024
Hello all, and happy Thursday!
There are plenty of fascinating stories in this week’s Privacy Insider—the APRA is inching its way through the legislative process, and the EU AI Act is right on the cusp of becoming effective—but the recent Ticketmaster-Live Nation hack caught my attention.
A group known as ShinyHunters has claimed responsibility for the hack, which involved the personal information of 560 million users. The hacker group has offered this data up for sale for a whopping... $500,000. Which really doesn’t seem like all that much money considering the scope of the breach.
In fact, it comes out to just a fraction of a fraction of a cent per affected individual. Somebody’s life could be totally upended due to a scam made possible by information that cost less than a tenth of a cent.
Was it really necessary for Ticketmaster to have collected all of this information?
It’s easy to focus on the cybersecurity aspects of this story but had more attention been paid to data privacy, the damage may have been much less significant. Not only is the number of affected individuals considerable, but the scope of information exposed per individual is notable as well. Individuals affected by the hack had their full names, addresses, phone numbers, last four digits of their card numbers and expiration dates, customer fraud details, and more exposed.
From the outside looking in, it’s not possible to say for certain whether Ticketmaster needed to collect all of this data and retain it for as long as they did. In any case, the outcome is the same: 560 million individuals need to safeguard themselves against potential identity theft and fraud because their information is for sale—and it’s going cheap.
Best,
Arlo
P.S. Struggling to persuade your leadership team that data privacy matters? Tomorrow’s webinar (Securing Buy-In: Making the Business Case for Data Privacy) may be exactly the resource you’re looking for. Save your seat here.
The European Data Protection Board’s (EDPB’s) AI taskforce just released its preliminary findings on how the EU’s data protection rulebook applies to ChatGPT. The top-line takeaway is that the working group of privacy enforcers remains undecided on crux legal issues, such as the lawfulness and fairness of OpenAI’s processing.
Colorado Governor Polis recently signed the Colorado AI Act into law, the first comprehensive AI law in the US. The Colorado AI Act adopts a risk-based approach, primarily targeting the developers and deployers of high-risk AI systems. As the first of its kind in the U.S., odds are the Colorado AI Act will inform future legislation on AI in the U.S., making it crucial for businesses to become familiar with it.
Hackers have claimed to have breached the security of Ticketmaster-Live Nation, compromising the personal data of a whopping 560 million users. Over a terabyte of data is now being offered for a one-time sale for $500,000, including full names, addresses, email addresses, phone numbers, ticket sales and event details, order information, and partial payment card data. The hack comes amidst a DoJ antitrust lawsuit against Ticketmaster-Live Nation.
European Union member states recently gave final agreement to the world’s first major law for regulating artificial intelligence, as institutions around the world race to introduce curbs for the technology. The EU Council said it had approved the AI Act—a groundbreaking piece of regulatory law that sets comprehensive rules surrounding artificial intelligence technology. The AI Act will enter into force 20 days after publication in the Official Journal, which is expected to occur in the very near future.
The proposed American Privacy Rights Act is on the move in the U.S. House legislative process. The U.S. House Committee on Energy and Commerce Subcommittee on Data, Innovation, and Commerce approved the updated APRA draft on a voice vote 23 May, advancing the bill to full committee consideration. There was no indication of when and how the full committee will proceed with the bill, but subcommittee members committed to ongoing work with an eye toward a polished bipartisan bill.
Want to hear about some tips for securing buy-in in advance of our webinar? Our blog post is on making the business case for your privacy program is the perfect amuse-bouche.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.