What a Week. Lots to Unpack.
Hello all, and thanks for reading today.
Read NowGet an overview of the simple, all-in-one data privacy platform
Manage consent for data privacy laws in 50+ countries
Streamline and automate the DSAR workflow
Efficiently manage assessment workflows using custom or pre-built templates
Streamline consent, utilize non-cookie data, and enhance customer trust
Automate and visualize data store discovery and classification
Ensure your customers’ data is in good hands
Key Features & Integrations
Discover how Osano supports CPRA compliance
Learn about the CCPA and how Osano can help
Achieve compliance with one of the world’s most comprehensive data privacy laws
Key resources on all things data privacy
Expert insights on all things privacy
Key resources to further your data privacy education
Meet some of the 5,000+ leaders using Osano to transform their privacy programs
A guide to data privacy in the U.S.
What's the latest from Osano?
Data privacy is complex but you're not alone
Join our weekly newsletter with over 35,000 subscribers
Global experts share insights and compelling personal stories about the critical importance of data privacy
Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start a privacy program
Upcoming webinars and in-person events designed for privacy professionals
The Osano story
Become an Osanian and help us build the future of privacy!
We’re eager to hear from you
Published: October 24, 2024
Hello all, and happy Thursday!
I’m sure a lot of the privacy professionals who read this newsletter can relate—it's tough to demonstrate the tangible ways that data privacy impacts the business to non-privacy stakeholders. Privacy can feel pretty abstract, but the consequences of getting it wrong are very concrete.
One of our stories this week highlights recent penalties handed out by the SEC on public tech companies misrepresenting their cybersecurity disclosures. The penalties amounted to ~$7 million handed out to four companies for minimizing the scope of the past breaches, among other violations.
Had these organizations minimized their data collection and deleted unneeded data, they may not have felt the need to be misleading about the scope of their breach. The breach may have in fact only impacted a few records because there would have only been a few records to be impacted!
Instead, we can observe a domino effect in action: too much data on hand exacerbated a data breach, the data breach hurts customer trust, misrepresenting the data breach yields an SEC fine, all of which ultimately spooks investors. When it comes to data privacy, an ounce of prevention is worth a pound of cure.
Best,
Arlo
Investing in data privacy can generate returns by as much as $2.7 for every dollar spent. How? Find out in this blog.
How can privacy prove its value to the business and be seen as more than "just" a cost center? Find out how to demonstrate ROI and gain allies in this webinar.
November 7th | Save your seat
French and Belgian investigators are teaming up in an effort to go after Telegram and its CEO Pavel Durov. The French prosecutor is already looking into charges against the Russian-born tech tycoon which include complicity in managing an online platform “in order to enable an illegal transaction in organized group,” and refusal to cooperate with law enforcement authorities. Now, Belgium has joined the investigation after Belgian authorities noted a similar refusal by Durov to cooperate with law enforcement.
A proposed rule would establish measures to prevent certain foreign countries from accessing sensitive personal data. The rule would identify certain data transactions that pose an unacceptable risk of exposing government-related data or bulk U.S. sensitive personal data. Among other things, the proposed rule identifies classes of prohibited and restricted transactions, identifies countries of concern and covered persons, identifies classes of exempt transactions, clarifies roles and responsibilities, and more.
ByteDance is preparing for significant legal and financial repercussions as it faces multiple lawsuits and investigations related to TikTok. Following a record US$370 million fine imposed by Ireland’s Data Protection Commission last September for mishandling children’s personal data, recent corporate filings disclose that the company has set aside US$1 billion to cover future penalties from European privacy regulators.
In a recent court case against META, the Court of Justice of the European Union (CJEU) ruled that not all data can be used for the purposes of personalized advertising. Specifically, the CJEU’s decision ruled that even public data may not be used for targeted advertising, that storage limitation principles still apply to data used for targeted advertising, and other important decisions.
The US Securities and Exchange Commission (SEC) has taken a decisive stance on cybersecurity disclosure violations, announcing a $6.985 million enforcement action against four technology companies for what it described as "materially misleading" disclosures about cyber incidents. The penalties target companies affected by the infamous SolarWinds Orion software compromise, highlighting the regulator's growing scrutiny of how firms communicate their cyber risks to investors.
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.
Osano is used by the world's most innovative and forward-thinking companies to easily manage and monitor their privacy compliance.
With Osano, building, managing, and scaling your privacy program becomes simple. Schedule a demo or try a free 30-day trial today.