Hello all, and happy Thursday!
The Osano team had a blast at IAPP’s Privacy. Security. Risk. conference. There were excellent takeaways to be had, but I’d like to focus on a piece of news dropped by the California Attorney General during the conference: yet another CCPA enforcement action.
This marks the fifth enforcement brought by the AG’s office, and the eighth CCPA enforcement overall (remember, the California Privacy Protection Agency can also enforce the CCPA). At this rate, it won’t be all that interesting to cover these actions out of California anymore.
The AG’s office settled with Sling TV for $530k, coupled with injunctive obligations over failures to 1) honor consumers’ opt-out requests and 2) protect children’s privacy. Three things stand out to me about this action:
Check out the AG’s press release on the action here for more details.
Best,
Arlo
Blog: 2026 CCPA Amendments: New Privacy Rules in California
2026 is right around the corner, and with it, new CCPA rules. With new requirements surrounding assessments, cybersecurity audits, sensitive personal information, and more, businesses have their hands full updating their privacy programs for 2026 compliance. Check out our blog to learn all about the new changes.
Blog: Marketing Data Privacy in 2025: Building Privacy-First Strategies for Marketers
So long as marketers use data, they’re going to bump up against data privacy regulations. Data privacy seems like it falls under the purview of lawyers and privacy pros—but marketers have just as much to do with data privacy as they do. Learn how marketers can embrace data privacy and manage this new set of responsibilities here.
Checklist: The Ultimate Marketing Compliance Checklist
Nothing's sweeter than being able to say, “It’s already done,” the next time your boss or legal department asks about compliance. But not knowing where to start is a major blocker. In our checklist, we looked at the major regulations that overlap with marketing’s role, sifted through their requirements, and identified the actions that yield the greatest degree of compliance relative to their effort.
Journalists in Europe found it was “easy” to spy on top European Union officials using commercially obtained location histories sold by data brokers, despite the continent having some of the strongest data protection laws in the world.
On October 30, the California attorney general announced a $530,000 settlement with Sling TV, a streaming services provider over CCPA violations. The complaint alleges Sling TV failed to provide easy-to-execute methods for consumers to opt out of the selling and sharing of their personal information and failed to provide sufficient privacy protections for children.
In an interview with the IAPP at its recent Privacy. Security. Risk. Conference, California Privacy Protection Agency Executive Director Tom Kemp discussed his career starting a cybersecurity company, working with state legislatures on crafting their own consumer privacy laws, and outlining the CPPA's key priorities in the near-term.
Recently, privacy class action lawsuits have been levied against artificial intelligence-powered transcription services under the Electronic Communications Privacy Act and the California Invasion of Privacy Act. Originally enacted decades ago to protect telephonic and electronic communications from unwarranted surveillance, these anti-wiretapping laws have found new significance due to the emergence of automated technologies capable of eavesdropping. This evolution has been spurred by a creative plaintiff's bar, which continues to find new applications of old privacy laws to pursue defendants.
Ministers may have breached privacy laws when they suspended the child benefit of thousands of families on the basis of flawed Home Office information, legal experts have said. Pressure on the government to reveal the reason incomplete Home Office travel data was used by His Majesty's Revenue and Customs (HMRC) as part of a benefit crackdown has mounted as the Liberal Democrat spokesperson for work and pensions, Steve Darling, said what had happened was “unacceptable.”
There's more to explore:
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!