Tryptophan Won’t Put the Privacy World to Sleep
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: October 27, 2022
Hello all! I hope everyone’s October has been pleasant.
In this week’s newsletter, we feature several stories about Australian data privacy that center on the fallout after a spate of data breaches hit Australian firms in the past few months. For those of you who missed the news, Australia’s second largest mobile carrier, Optus, suffered a major data breach that exposed the personal information contained within 10 million customer accounts. It’s just one of several breaches this year, including MyDeal, Vinomofo, and Medibank.
Currently, the most relevant piece of Australian legislation for the protection of individuals’ personal information is the Privacy Act 1988. Although the law has been updated several times in its history, it still seems like Australia is in sore need of a fresh, new piece of data privacy legislation.
Between the EU leading the charge in data privacy law, the many American states that are implementing their own laws, and the potential for a US federal data privacy law on the horizon, it seems like Australia has some catching up to do. The recent series of data breaches serves to underscore the fact that robust data privacy practices aren’t just about respecting consumer rights or avoiding fines; they’re about reducing risk and harm as well.
While there’s no doubt that many Australian companies are focused on implementing cybersecurity and data protection best practices, true data privacy can only be achieved when all members of an economy agree on and adhere to the same set of standards. In turn, that’s only really possible when there’s a data privacy regulation in place.
There’s been some movement in the Australian parliament, though to date it looks like most of the focus lies on updating the Privacy Act rather than introducing a new omnibus data privacy bill like the GDPR or CPRA. It’ll be interesting to see whether and how Australia adjusts its posture on data privacy going forward.
Best,
Arlo
Privacy Act amendment introduced before Australian Parliament
Australia currently relies on the Privacy Act 1988 to issue fines against businesses who expose consumers’ personal information in a data breach, which carries a maximum fine of AU$2.22 million. In response to recent data breaches, Attorney General Mark Dreyfus introduced the Privacy Legislation Amendment Bill 2022 to parliament to increase the maximum fine to AU$50 million and grant additional powers to Australian authorities to regulate data breaches. The bill has moved to a second reading, one of multiple steps it must pass before being enacted into law.
Read more
Texas sues Google for allegedly capturing biometric data of millions without consent
Texas’s Attorney General Ken Paxton’s office has filed a lawsuit against Google alleging that its products and services like Google Photos, Google Assistant, and Nest Hub Max violate the state’s Capture or Use of Biometric Identifiers Act.
"In blatant defiance of that law, Google has, since at least 2015, collected biometric data from innumerable Texans and used their faces and their voices to serve Google’s commercial ends," the complaint said. "Indeed, all across the state, everyday Texans have become unwitting cash cows being milked by Google for profits."
Read more
The US Congressional Research Service publishes a report on the EU-US Data Privacy Framework
The US Congressional Research Service has issued a report analyzing the recent EU-US Data Privacy Framework and supporting executive order. Among the report’s findings are how the legality of EU-US data flows may require amending FISA, how Congress should consider legislation to protect the framework should the executive order later be revoked, and more.
Read more
U.S. Department of Commerce Appoints Members for New Internet of Things Advisory Board
The Department of Commerce has appointed 16 experts to serve on the new Internet of Things Advisory Board (IoTAB). The board will advise the government on the impact of IoT and IoT-related regulations. Data privacy has been a consistent concern with IoT devices, so the creation of this advisory board may lead to further regulation around how IoT devices handle personal information in the future.
Read more
How Australia Fell Behind on Data Privacy
A spate of cyberattacks reveal how Australian companies and policies are lagging behind when it comes to data privacy. New York Times reporters spoke to government officials and data privacy experts to understand why Australia has fallen behind, and what it needs to do to catch up.
Read more
FTC brings action against CEO of alcohol delivery company over data breach
In a rare move, the Federal Trade Commission has brought individual sanctions against James Cory Rellas, the CEO of alcohol delivery company Drizly. The sanctions come on the heels of allegations of security failures at Drizly that exposed the personal information of about 2.5 million customers. If the proposed order goes through, it will follow Rellas across businesses. He will be required to implement a security program at any companies he runs that collect information from more than 25,000 people.
Read more
New York Legislature Considers New York Child Data Privacy and Protection Act
Taking a cue from California, which recently passed its own children’s data privacy regulation, the New York Senate is considering passing the New York Child Data Privacy and Protection Act. The act would ban data collection and targeted advertising directed to children under 18, require data controllers to assess the impact of their products on children, and impose additional obligations.
Read more
Osano blog: Why and how to collaborate with your vendors on DSARs
Handling data subject access requests (DSARs) internally is difficult enough, but many data privacy regulations require you to work with your vendors that handle your consumers’ personal information. This post details how to streamline interorganizational DSARs and minimize the chance you get held liable for your vendors’ actions.
Read more
Interested in working at Osano? Check out our Careers page! We might have the perfect opportunity for you.
Are you in the process of refreshing your current privacy policy or building a whole new one? Are you scratching your head over what to include? Use this interactive checklist to guide you.
Download Now
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.