CA Regulators' Bite: Equal to Their Bark?
Hello all, and happy Thursday!Read Now
February 1, 2024
Hello all, and happy Thursday!
For those of you who pay close attention to the data privacy space, the data privacy advocacy group “none of your business” (stylized as noyb) will be a familiar name.
noyb has recently released the results of a new survey (linked below) recording the responses of over 1,000 data protection officers (DPOs), and the results are illuminating. (Although we do need to keep the potential for bias in mind—noyb can’t be considered a neutral party in the data privacy space).
The headline findings included:
These findings don’t surprise me, however. After all, what DPO is going to advocate for unclear decisions and less enforcement? What DPO isn’t acutely aware of the businesses’ compliance shortcomings?
Rather, I think some of the more interesting findings refer to the conflict between supporting compliance and supporting the business. DPOs and privacy professionals as a whole are in a tough spot; on the one hand, they have to minimize risk and support compliance, but on the other, they have to be an enabler of the business and not a blocker. The noyb report highlights this conflict, finding that:
Figures like these make me wonder: Would sales, marketing, and senior management find compliance so burdensome if they enabled their privacy professional or DPO to the fullest extent? Is compliance a zero-sum game or can sales, marketing, senior management, and privacy all win at the same time? I’m inclined to think the latter.
P.S. Our CPRA enforcement webinar is taking place TODAY at 1 pm EST, 10 am PST. If you see this early enough, you might still be able to reserve your seat!
President Joe Biden is preparing to issue an executive order aimed at prohibiting US adversaries from accessing US personal data. The draft order targets “highly sensitive” data, including genetic and location information, and would bar foreign adversaries from obtaining this data through legal means such as intermediaries, data brokers, third-party vendors, employment agreements, or investment agreements.
Following a months-long investigation of ChatGPT by Italy’s data protection authority, OpenAI has been notified that their AI chatbot is violating EU laws and was given 30 days to respond with a defense against the allegations. Specifically, the Italian data protection authority alleges that ChatGPT is in violation of Articles 5, 6, 8, 13, and 25 of the GDPR.
Cybersecurity researcher Bob Dyachenko and Cybernews.com team have discovered billions upon billions of exposed records on an open instance. The Mother of all Breaches (MOAB for short) includes records from thousands of compiled and reindexed leaks, breaches, and privately sold databases. Ultimately, the records comprise 12 terabytes of information, spanning over 26 billion records of contains LinkedIn, Twitter, Weibo, Tencent, and other platforms’ user data.
To mark this year’s Data Protection Day on 28 January, European data privacy advocacy group noyb (or “none of your business”) conducted a survey among more than 1000 data protection professionals working in European companies. The report highlighted how many businesses may be out of compliance, how DPOs face pressure to go easy on compliance, and more.
Amendments to the UK’s Investigatory Powers Act (IPA) could enable the UK government to “secretly veto” privacy and security updates to Apple’s products and services, said the tech giant. If passed, the amendment would require that any company that fields government data requests must notify UK officials of any updates they plan to make that could restrict the UK government's access to this data, including any updates impacting users outside the UK. Apple contends this would enable the UK Secretary of State to approve or refuse technical changes.
When third-party vendors handle your consumers’ data, it can be a major challenge to maintain and monitor compliance—not to mention ensure your consumers’ data stays safe. Vendor risk management can help, but effective vendor risk management requires robust collaboration between your privacy and information security teams. Find out how to encourage that collaboration here.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.