In this article

Sign up for our newsletter

Share this article

Hello all, and happy Thursday!  

It’s been a big week for AI regulation—we’ve got two stories about AI regulation in Utah and the UK, respectively, and that’s not to mention the big AI regulation that Brussels is cooking up (check out What Is the EU AI Act? A Comprehensive Overview for our write-up on that particular proposed regulation). 

I’m sure we’re all tired of hearing about AI, but the fact remains: it’ll be transformative for businesses and data privacy as a whole. Fundamental data privacy issues like data protection, notice, consent management, data minimization and retention lie at the heart of AI.  

Regulators have learned from data privacy, too; the GDPR and laws like it were in response to data privacy practices that were less-than ethical. It seems like regulators are trying to move fast to anticipate AI’s impacts, rather than merely react. Though given the speed at which the technology is advancing, it's not clear whether they’ll be quick enough. 



P.S. I know celebrity gossip moves fast and this feels like yesterday’s news, but the article in this week’s newsletter on Kate Middleton’s near-data breach is worth a read. Not all of us have Kate Middleton’s profile, but all of us have health data to protect! 


Top Privacy Stories of the Week

Federal Officials Want to Know How Airlines Handle—And Share—Passengers' Personal Information 

The U.S. Department of Transportation said it will review how airlines protect personal information about their passengers and whether they are making money by sharing that information with other parties. Specifically, the review will focus on the 10 biggest U.S. airlines and cover their collection, handling, and use of information about customers. 

Utah Enacts First AI Law—A Potential Blueprint for Other States, Significant Impact on Health Care 

Recently, Utah Governor Spencer Cox signed Utah Senate Bill 149 (SB 149) into law, also known as the Artificial Intelligence Policy Act (the AI Policy Act).  This is the first comprehensive state law on AI in the U.S., creating a model that other states will likely follow. The new law imposes unique restrictions on “regulated occupations,” especially those in health care. 

Read more 

Proposed UK AI Regulation Bill Receives Second Reading in House of Lords 

While many eyes watch the final developments of the EU Artificial Intelligence Act in Brussels, other corners of the world are also considering how best to approach the regulation of AI. In November 2023, Lord Holmes of Richmond, a member of the influential House of Lords Select Committee on Science and Technology, introduced a private members' bill called the Artificial Intelligence (Regulation) Bill. On 22 March, Lord Holmes' bill received a second reading in the House of Lords, together with more than two hours of reaction from fellow peers in the upper chamber. 

Read more 

Think Kate Middleton’s Data-Privacy Fiasco Is Bad? US Hospitals Are Under Cyber-Siege 

Data privacy officials in the United Kingdom are currently investigating a privacy breach that impacted the Princess of Wales, Kate Middleton, after three hospital workers reportedly sought access to the royal’s private medical information. But Her Majesty's medical privacy problems are all too familiar for many in the United States, where one in three people was impacted by a health-related data breach last year. 

Read more  

Daniel's Law: The Next Wave in Privacy Litigation 

Privacy litigation remains one of the fastest-growing areas of litigation in the U.S. The recent surge in litigation alleging that the use of Meta Pixel, a tracking technology, violates state wiretap laws and/or the Video Privacy Protection Act (VPPA) is a prime example of this approach. Now, the latest trend in privacy litigation centers on New Jersey’s "Daniel's Law." This law prohibits the posting or disclosure of address and telephone information of certain New Jersey public officials, including judges, prosecutors, and law enforcement. The suits allege the data brokers and look-up services did not take down protected contact information that had been posted on public sites within the proper time frame as required under the law. 

Read more 

Osano Blog: What is PII Data? Unpacking the Complex Data Privacy Term 

Unpacking the meaning of similar data privacy concepts—such as personal information (PI) and personally identifiable information (PII)—may seem burdensome, but for businesses tasked with complying with a growing number of regulations, sifting through the nuances is critical to staying compliant. In this blog, we focus on PII, its role in the context of data privacy, as well as differences between PII and PI, its relation to various regulations, and how to remain compliant. 

Read more 

If you’re interested in working at Osano, check out our Careers page

Schedule a demo of Osano today
Share this article