.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
July’s been a hot month—both at the thermometer and attorneys general offices across the US.
Coming off of last week’s CCPA enforcement against Healthline, both Connecticut and Nebraska have issued privacy enforcement actions of their own this week.
Connecticut is notable for being the first enforcement under that state’s data privacy law, the CTDPA. The CTDPA offers a pretty generous cure period compared to other state privacy laws (60 days, though the cure period isn’t required and is offered at the AG’s discretion).
The Connecticut AG sent out dozens of notices of violation to different companies, and only one (an online marketplace called TicketNetwork) failed to cure its violations in time. In fact, the violator appears to have pretended like they had addressed their violations without actually doing anything. Everybody knows Attorneys General are really chill people who don’t follow up on their investigations, right?
Nebraska’s enforcement wasn’t made under a data privacy law per se, but it’s all about data privacy nevertheless. The Nebraska AG is suing General Motors for collecting and selling drivers’ data to third parties without drivers’ consent. This, the AG alleges, violates Nebraska's Uniform Deceptive Trade Practices Act and its Consumer Protection Act. The suit serves as a good reminder that even if all consumer data privacy laws disappeared tomorrow, data privacy would still be relevant for businesses.
Best,
Arlo
Highlights from Osano
In Case You Missed It...
Blog: Customer Data Privacy: Why It’s Important and How to Protect It
Data subjects, consumers, residents—privacy regulations have a lot of names for the people whose privacy you need to protect. When it comes down to it, what do you need to do for your customers? Our blog lays it all out.
Blog: Privacy Laws 2025: Prepare for the 8 Laws Going into Effect
With the year halfway over, it’s the perfect time to review which new US privacy laws are turning on in the coming days and months. Check out our blog from earlier this year to learn more.
Top Privacy Stories of the Week
Nebraska Sues General Motors for Allegedly Collecting, Selling Driver Data Without Consent
Nebraska is suing General Motors (GM) and its OnStar subsidiary for allegedly collecting and selling drivers’ location and driving behavior data without their knowledge or consent. This lawsuit adds to a wave of legal actions, including an FTC settlement and class action suits, focused on GM’s data-sharing practices with insurance-related third parties.
Attorney General Tong Announces $85,000 Settlement with TicketNetwork for Violations of the Connecticut Data Privacy Act
The first enforcement action under the CTDPA has been leveled against online marketplace TicketNetwork. The CT Attorney General’s Office recently announced an $85k settlement with TicketNetwork for violations associated with its privacy policy, malfunctioning subject rights request workflows, and falsely claiming it had cured the violations after being notified by the Attorney General of its non-compliance.
Four States Amend Their Privacy Laws
Montana, Connecticut, Oregon, and Colorado have all recently amended their privacy laws. Amendments include changes to applicability thresholds, so businesses that previously were not subject to these laws may need to review their status.
Businesses and Nonprofits: Get Ready for the New Minnesota Consumer Privacy Act
The Minnesota Consumer Privacy Act (MCPA) takes effect July 31, and unlike most state privacy laws, it also covers nonprofits. Learn more about your potential obligations here.
Australian Airline Qantas Confirms 5.7 Million Customers Were Impacted in Cyberattack
Qantas Airways recently revealed that more than a million customers had their phone number, birth date or home address accessed in one of the country's biggest cyber breaches in years. Another four million customers had just their name and email address taken during the hack. All told, 5.7 million customers were impacted.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
