California Remains a Privacy Bellwether
Hello all, and happy Thursday!Read Now
August 24, 2023
Hello all, and happy Thursday!
Remember back in early July when we reported on the delay of CPRA enforcement? If you’ll recall, California Superior Court Judge James Arguelles ruled that because the California Privacy Protection Agency (CPPA) didn’t issue its CPRA regulations until March of 2023, then enforcement ought to be delayed correspondingly. So, rather than begin on July 1, 2023, CPRA enforcement would start March 29th, 2024 instead.
At the time, we warned that this would not mean that all enforcement would be delayed until 2024. That certainly appears to be the case. CPPA Executive Director Ashkan Soltani stated that “significant portions” of the CCPA’s privacy protections could be enforced starting July 1.
The CPPA Deputy Director of Enforcement, Michael Macko, said, “There’s no vacation here from enforcement. When we find violations, we will take aggressive action to protect the public.”
The California Attorney General’s Office is in the midst of an investigative sweep of companies’ compliance in regard to employee data. Meanwhile, the CPPA is investigating data collected by connected cars.
If you were hoping that the delay in CPRA enforcement meant you could put compliance off for another year, no dice. Clearly, the California Attorney General and CPPA intend to enforce as much of the law as they are permitted to. As for those portions that have been delayed, the CPPA and Attorney General have filed a petition to overturn Judge Arguelles’s decision.
Governor Pritzker recently signed the Civil Liability for Doxing Act, which makes it possible for victims to sue attackers who "intentionally" publish their personally identifiable information with intent to harm or harass them.
In order to train and test AI systems against bias, businesses need access to sensitive data such as race, gender, age, and other demographic categories—but often there is no other business need for such data. How can businesses skirt the line between developing unbiased AI systems and respecting data minimization principles?
Despite a court ruling to delay CPRA enforcement until March, 2024, the California Attorney General’s Office and CPPA have initiated enforcement sweeps. Find out how in the link below.
As of September 1, Switzerland will have an updated version of its 1992 Swiss Federal Act on Data Protection. The new act brings Switzerland into closer alignment with the EU’s GDPR.
Osano’s own Head of Privacy, Rachael Ormiston, dives deep into the subject of privacy collaboration. Check out the blog to learn when and how to work with your privacy professionals in order to maximize compliance, minimize risk, and keep the business running smoothly.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.