Product Updates

Secure Messaging Portal

posted on December 16, 2021

Data-subject access requests (DSARs) have become a core part of many privacy compliance efforts. Supporting DSARs is a requirement under the EU’s GDPR, and California’s privacy laws indicate that U.S. states are keen to follow its lead. 

DSARs allow users to request the information a company has collected about them, as well as how it’s being used, with whom it’s being shared and why. It’s essential to have a system that allows you to fulfill these requests within the timeframe any given law requires. For that, you’d use Osano’s Data Discovery to understand, holistically, what data you have on any given user and where it lives, Osano’s DSAR Management to track requests.

But sometimes, Osano customers need to talk to data subjects about those requests. For example, a company fulfilling a DSAR might need to say to the data subject: "Can you please verify your full name and date of birth? The information you sent doesn't match ours."

Typically, those conversations happen over email. That can be difficult because now you’re operating out of two different portals, your DSAR tool and your email. If a regulator ever wanted an audit, that would mean a lot of detective work to cobble together information between systems. Plus, email communications can be insecure depending on what you’re using. Sending sensitive data related to a DSAR request over email could expose you to risk of a breach and associated fines. 

The Secure Messaging Portal gives Osano customers and users one place – a secure place – to send and track messages about DSARs. Every communication is logged in the portal, so audit histories are simple to generate and view. 

Screen Shot 2021-12-14 at 1-53-01 PM-png

Why does this matter?

The ability to securely communicate with your data subjects about their DSAR means you’re more likely to stay in compliance with privacy laws granting users access to their data and more likely to comply with security regulations. Keeping all of your communications in one place ensures an organized, timely response to data subject’s inquiries. It also enables a seamless audit process should a regulator come knocking on your proverbial door. 

Osano's Secure Messaging Portal allows you to: 

  • Communicate with data subjects about their DSARs.
  • Track all communications in one place.
  • Easily audit your DSAR communications.
  • More easily comply with privacy laws and security regulations.

If you are currently on an Osano Enterprise plan, visit the DSAR documentation to learn how to set up and start using the Secure Messaging Portal. If you’re not yet on an Enterprise plan, but would like to learn how the Osano capabilities in this tier can help your business, contact sales

 

Product(s) Affected

Core Platform

Availability

Enterprise


Updates to EU banners

posted on November 8, 2021

The regulatory landscape continues to shift as countries all over the globe continue to enact privacy laws. At the same time, regulators continue to issue guidance on how to best comply with the privacy rules those laws charge them with enforcing. 

Cookies, in particular, is a legal area that’s constantly in flux. Frequently, the debate is over when websites should be allowed to deploy tracking cookies on a website and for which purposes. Most importantly, how should websites deploying cookies communicate to end-users what’s happening with their data when they visit that site? That conversation is still evolving. 

The General Data Protection Regulation and the ePrivacy Directive are the governing laws here. But as companies experiment with different methods and designs to obtain consent to deploy cookies, regulators are getting more specific on rules for what the user interface should look like — at a minimum — to avoid regulatory scrutiny. 

Osano’s Consent Manager automatically displays a compliance pop-up to each end-user based on their geo-targeted location. Recently, EU regulators’ trending guidance indicates they want it to be as easy for an end-user to click “reject all” cookies as clicking “accept all.” And the Italian Data Protection Authority (known as the Garante) issued a requirement that goes a step further. The Garante has called for the presence of an “X” button within the cookie banner to symbolize the end-users’ ability to reject all but essential cookies.  

To ensure Osano customers can meet these new guidelines, the following will be added to the default banner experience in Belgium, Czech Republic, Denmark, Finland, Germany, Greece, Ireland, Italy, Netherlands, Spain and the U.K.:

 

  • An “X” allowing end-users to reject all tracking cookies. 
  • A “Reject All” button. 
  • A “Storage Preferences” link on the cookie banner’s first layer.

Here is what the Consent Banner for these countries looked like before:

Screen Shot 2021-11-05 at 3.15.24 PM

Here's what it looks like now: 

Screen Shot 2021-11-05 at 3.10.43 PM

Why does this matter?

Adding “Reject All” and an “X” to the consent banner in these EU jurisdictions and the U.K. positions Osano customers as compliant with the most recent compliance guidance from regulators. And including a link to more granular information about cookie deployment allows the privacy-focused end user to make a more informed decision on consent. 

Important: For customers using custom CSS to override the default banner experiences, we recommend testing this update on a staging site before publishing it to your production site to ensure there is no visual impact on your banner display.

 

Product(s) Affected

Core Platform

Availability

BusinessBusiness+Enterprise


Chinese banner update

posted on October 7, 2021

Compliance with privacy laws means always staying on top of changes at the legislative level. Recently, China enacted its privacy law, the Personal Information Protection Law of the People's Republic of China (PIPL). It comes into effect Nov. 1, 2021. It contains stricter provisions on data processing and relies mainly on end-user notice and consent. Penalties for violating the law include fines for nearly 50 million RMB (Chinese currency) or 5% of an organization's annual revenue, based on the previous year's total. 

The law now mandates end users' explicit consent for a website to collect personal information. Personal information, as defined under the Chinese law, is any information that relates to an “identified or identifiable natural person."

So here at Osano, we changed the default banner to help customers comply with the new rules. Now, users accessing Osano from China will see a banner that requires them to explicitly consent to the use of cookies for tracking, analytics, personalization or marketing.

This change requires a "re-publish." 

Why does this matter?

The Osano banner now provides the end-user more information to help them make an informed decision on whether they consent to cookies. Users can opt-in or opt-out, whereas previously, the default was opt-in. If users don't make a choice, the assumption is they don't want cookies deployed for tracking, analytics, personalization or marketing.  

The new Chinese banner ensures:

  • Compliance with China's law.
  • User empowerment to make their own choices.

Product(s) Affected

Core Platform

Availability

BusinessBusiness+Enterprise

The managed data privacy platform

Get started with Osano today

Explore Osano

What's New at Osano

Introducing Osano Privacy Legal Templates

Now, with Osano Privacy Legal Templates you can get started faster by leveraging templates generated by our global team of privacy experts.

Learn more

Introducing DSAR email intake

Capture data subject rights requests with the convenience of email and the efficiency of a dedicated intake form.

Learn more

New reworked DSAR and discovery

We've reworked and redesigned Osano Subject Rights Management and Data Discovery, unifying them into a single, seamless experience and creating automation to save you time.

Learn more

Stay GDPR compliant under new French ruling

Privacy regulators at the CNIL in France recently declared that Google Analytics violates GDPR. Osano’s new block list feature can disable Google Analytics in France to keep you compliant while allowing you to use Google Analytics in regions where it is still legal.

LEARN MORE

New in May 2022: DSAR conditional fields, 28 new integrations, and more!

Customize DSAR forms with conditional fields, serve consent banners in additional languages, use 28 new integrations for Data Discovery, and more! Check out our latest product announcement blog for demos, links, and more information.

LEARN WHAT’S NEW IN MAY

View more product updates

Osano product & engineering teams have been hard at work. View the full list of all product updates.

View Product Updates