.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
There are a lot of embarrassing things about working in politics, but (allegedly) breaking a law that you personally enacted weeks earlier has got to be up there. It's more embarrassing than the Howard Dean Scream but less embarrassing than Bush Senior vomiting on the Japanese prime minister’s trousers. (Yes, I’m dating myself here.)
One of our stories this week focuses on the whistleblower complaint against Governor Polis of Colorado, who is being accused of directing local officials to share personally identifiable information (PII) with ICE. If the complaint is accurate, then Polis will have violated laws that he himself signed prohibiting state officials from sharing PII with federal immigration officers without a warrant.
The original law, Protect Personal Identifying Information Kept By State, was signed back in 2021. On May 23rd, just weeks before the complaint was filed, Polis signed an amendment expanding PII protections under the 2021 law.
Bit of an oopsy there.
It also underscores the importance of enforcement. If laws don’t have consequences when they’re broken, then they don’t really exist. Although it remains to be seen whether this particular privacy law gets enforced, it's reassuring to see regulators continue to enforce comprehensive privacy laws.
Best,
Arlo
Highlights from Osano
New From Osano
Podcast: TAKE IT DOWN: Online Abuse and Harassment with Carrie Goldberg of C.A. Goldberg, PLLC
Victims’ rights activist and attorney Carrie Goldberg sits down with Osano CEO Arlo Gilbert on this episode of the Privacy Insider Podcast. In this episode, they talk about the gap between current legislation and the harms associated with privacy violations like revenge porn, doxxing, online harassment, and more.
In Case You Missed It...
On-Demand: The Strategic Privacy Pro: How to Be a Partner, Not a Blocker
Miss our webinar on how legal experts and privacy professionals can become privacy enablers? Don’t worry—the recording is available, free and ungated, here.
Upcoming Webinars and Events
Webinar: Privacy For Risk Management: Bridge the Business, Technology, and Compliance Gaps
If you're in risk management, you sit at the intersection of privacy, security, and compliance. It's a juggling act, and data privacy is just one ball in the air. Learn how you can make data privacy management a cornerstone of your risk management strategy and one less thing to worry about in our upcoming webinar.
Save Your Seat | June 18
Top Privacy Stories of the Week
'Breach of the Promises': Colorado Governor Violates His Own Law by Sharing Private Information with ICE Officials, Lawsuit Says
A new whistleblower lawsuit accuses Colorado Gov. Jared Polis of secretly pressuring local officials to hand over private financial information of residents who sponsor unaccompanied immigrant children to the Trump administration—allegedly forcing them to violate state privacy laws under threat of termination, the suit alleges.
More Than 4 Billion User Records Exposed in Biggest Data Leak Ever
The largest-ever data leak to hit China has exposed over 4 billion user records which include financial data, WeChat and Alipay details, as well as sensitive personal info like IDs, birthdates, phone numbers, and residential data. A massive database with 631 gigabytes of private and sensitive info was left exposed online without a password, essentially leaving 4 billion records available for public access.
The UK’s Data (Use and Access) Bill Nears Passage
The UK Data (Use and Access) Bill (the DUA Bill) has had a surprisingly long journey in the UK legislative process, though it now approaches its final stages. Once the DUA Bill is agreed, it is estimated that it will come into effect within approximately 12 months. This article summarizes certain of the key changes to UK data protection and privacy legislation proposed by the DUA Bill, considers the impact of such changes on the UK’s existing EU Commission adequacy decision, and discusses how businesses should approach compliance.
Federal Judge Denies CIPA Lawsuit’s Class Certification: 5 Key Takeaways for Businesses
A federal judge in California recently denied the certification of a proposed class action involving claims under the state’s invasion of privacy law. The ruling marks a noteworthy development in the ongoing legal battles under the California Invasion of Privacy Act (CIPA) over online data tracking and consumer privacy rights and provides valuable guidance for businesses facing these claims.
Australia’s Private Right of Action Under the Privacy Act Now in Effect
As of June 10, individuals may bring a legal claim against another person or organization who has invaded their privacy by intruding upon their seclusion or misused information relating to them.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
