.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Privacy from the US Gov?
Hello all, and happy Thursday!
Read Now
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
Hello all, and happy Thursday!
Roughly fifty years ago, the US passed the Privacy Act to protect citizens from government snooping. Now, Democratic senators have introduced legislation aiming to incorporate some much-needed updates to that law.
It’ll come as no surprise that a fifty-year-old law hasn’t really kept up with the times, but the Privacy Act was flawed from the start. It contains a number of exemptions for the disclosure of citizens’ private information, including an exemption for “routine use” that became effectively carte blanche for federal agencies to use and re-use personal information as desired.
The proposed law introduces new requirements around data minimization, requires routine use to be reasonably necessary and appropriate, and bumps up the penalties associated with violations, among other changes.
While this isn’t a federal comprehensive privacy law for the US in the same way that the GDPR is for the EU, it would provide sorely needed protections between citizens and the US government. In the US, privacy has mainly focused on consumers; if you buy a product or service, your privacy should be respected. But when it comes to your government? US privacy law doesn’t have too much to say about that.
I wouldn’t bet on this piece of legislation becoming law, unfortunately, but it’s always good to see privacy—including the privacy of citizens from their governments—brought up in the conversation.
Best,
Arlo
Highlights from Osano
New From Osano
Blog: Multi-Hyphenate Privacy Professionals: 3 Strategies for Success
Most of us are privacy pros plus—plus AI, plus GRC, plus security, and on and on and on. We face different challenges than professionals who solely focus on data privacy compliance. Get more time in your day with these strategies for success.
Podcast: Compliance Is Good Business: Getting Beyond Fines with Tom Fox of Compliance Podcast Network
AI and shifting regulations are dominating headlines, but a bigger transformation is happening in compliance—and businesses that fail to adapt will be left behind. Tom Fox, founder of Compliance Podcast Network, talks to Arlo Gilbert about this shift.
In Case You Missed It...
Watch on Demand: A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
Whether you are swamped by a deluge of subject rights requests or just want more time to spend on strategic work, managing SRRs effectively is a highly sought-after goal—one that's seldom achieved. Watch the webinar to learn from Senior Product Manager Chris Simpson and Lead Implementation Manager Christie Roy as they explore the best and worst ways to go about handling SRRs.
Upcoming Webinars and Events...
The Privacy Pro Survival Summit 2: This Time It’s Personal
In our second Privacy Pro Survival Summit, we’re putting the personal in personal data and showcasing a suite of thought leaders and experts from privacy, security, GRC, and related experts. Learn, connect with your peers, and maybe have a little fun along the way!
Save your seat | April 10th
Top Privacy Stories of the Week
New Report: Many Companies May Be Ignoring Opt-Out Requests Under State Privacy Laws
Consumer Reports and researchers from Wesleyan University released findings from a joint study examining how companies are complying with opt-out requests sent by universal opt-out mechanisms, such as Global Privacy Control (GPC). The study found that many businesses are ignoring universal opt-out requests.
Democratic Senators Call for Privacy Act Reform in Response to DOGE Takeover
In 1974, the United States Congress passed the Privacy Act in response to public concerns over the US government’s runaway efforts to harness Americans’ personal data. Democratic senators Ron Wyden, Ed Markey, Jeff Merkley, and Chris Van Hollen introduced the Privacy Act Modernization Act of 2025—a direct response, the lawmakers say, to the seizure by DOGE of computer systems containing vast tranches of sensitive personal information—moves that have notably coincided with the firings of hundreds of government officials charged with overseeing that data’s protection.
Virginia Enacts Law Protecting Reproductive and Sexual Health Data
On March 24, 2025, Virginia Governor Youngkin signed into law S.B. 754, which amends the Virginia Consumer Protection Data Act (VCDPA) to prohibit the collection, disclosure, sale, or dissemination of consumers’ reproductive or sexual health data without consent.
EU To Enforce Social Media Laws Despite US Pressure, Commission VP Henna Virkkunen Says
The European Union is pressing ahead with its plans to enforce new laws on social media platforms like X, TikTok, and Facebook, despite pressure from the US. European Commission Executive Vice President Henna Virkkunen explained that these laws are crucial for protecting democracy from disinformation and market abuses. The Digital Services Act (DSA), which addresses disinformation, and the Digital Markets Act (DMA), aimed at ensuring a fairer digital economy, have come under significant scrutiny from US President Donald Trump's top ally, Elon Musk.
CPPA Releases Updates to Proposed CCPA Regulations
In advance of its April 4, 2025, board meeting, the California Privacy Protection Agency (CPPA) released a discussion draft of revisions to its proposed California Consumer Privacy Act (CCPA) regulations. These revisions pertain to cybersecurity audits, risk assessments, and automated decision-making technology (ADMT), serving to update the existing CCPA proposed regulations.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!