Product Updates

Data Discovery

posted on September 22, 2021

A significant part of compliance is knowing what data you have and where it lives. Whether you need to perform a DPIA, provide evidence as part of an audit, or enhance security measures for data sources with higher risk, this can be a slow and painful process. Why? Because most companies have hundreds — if not thousands — of SaaS and on-premise systems where personal data is collected, transferred, shared, and stored.

That's why we've released Data Discovery. It uses artificial intelligence to discover and classify personal data, automate privacy rights fulfillment and demonstrate compliance. We launched this tool to save organizations hours of expensive manual labor and pain by automating the process. 

Here's how to get started:

  1. Connect Osano Data Discovery to your cloud-based or on-premise products, platforms and databases with a few clicks. Osano Data Discovery supports both structured and unstructured data. If we don't already support your data provider, open a support ticket, and Osano engineering will create the connector quickly and at no cost. Usually in as little as 72 hours.
  2. Osano's AI, which has been trained on billions of data points, will search for and find data stored across your organization, saving you from the monotony of manual classification.
  3. As Osano's AI discovers new systems, it will automatically classify the data it finds into more than 60 categories of personal, personally identifiable (PII) and sensitive data based on hundreds of data types.
  4. Once your data has been categorized, it is then easily accessible and searchable. 

Why does this matter?

Data Discovery is the foundation of a good privacy program. You can't be a responsible data steward if you don't know your data and where it lives.

Beyond wanting to do the right thing, several privacy and security laws require you to have your data mapped. That includes responding to data subject access requests or doing a privacy impact assessment. You can't do any of that without knowing where your data lives within the organization. Without automated data discovery, companies are often left to use systems like a manually built spreadsheet to track data. That makes you vulnerable to inefficiencies, human error and pain. And even then, oftentimes, data hiding in various systems and databases gets overlooked. Human error is real.

Data Discovery:

  • Automates data identification and classification.
  • Helps you comply with privacy and security obligations. 
  • Makes an inevitable process much less painful

Product(s) Affected

Core Platform

Availability

BusinessBusiness+DeveloperEnterprise


Global Privacy Control

posted on September 16, 2021

California's Attorney General recently confirmed that companies captured under the California Consumer Privacy Act (CCPA) must honor Global Privacy Control (GPC) signals. Osano's Consent Management platform now understands and communicates GPC signals.

A coalition of tech companies, developers and privacy advocates worked together to create the GPC signal. It aims to create a global web browser setting that allows users to control their online privacy. By enabling Global Privacy Control in Osano's Consent Manager, Osano customers' end users can opt-out of the sale of their data across all websites that respect the signal. The GPC signal is either communicated by the browser's default settings (DuckDuckGo and Brave support this) or via an extension installed.

This change is optional, but Osano strongly recommends enabling the GPC toggle. Important: To implement the GPC change, you will need to do a "republish."

Why does this matter?

As one WIRED reporter put it in his story on GPC

"What do you call a privacy law that only works if users individually opt-out of every site or app they want to stop sharing their data? A piece of paper. Or you could call it the California Consumer Privacy Act." 

Here's what he meant: Under California's Consumer Privacy Act, organizations are required to offer users opt-out rights. Typically, users had to opt-out of data processing or the sale of their data at each website they visited. That was until a coalition of more than a dozen organizations began developing the GPC specification. 

GPC aims to make opting out easy. 

DuckDuckGo and Brave already incorporate GPC into their codes at the browser level. But for end-users that use other browsers, many extensions will add the functionality to any given browser. That control is up to the end-user. 

But, as mentioned above, the reason this really matters is, while the CCPA doesn't specifically mention the GPC signal, the California Attorney General gets to issue regulations indicating specific compliance requirements. In July, the office added to its CCPA FAQs that businesses selling personal information must honor GPC signals. 

To be clear: the GPC doesn't prevent data collection. It simply indicates that companies must opt users out of the selling of the data an organization has collected on them. When an end-user toggles the GPC, there's no documentation that they don't want their data sold within Osano's blockchain. That makes it auditable. It's now a permanent, traceable and timestamped record. 

With this change, your organization can:

  • Demonstrate compliance with the California Consumer Privacy Act.
  • Keep the California Attorney General happy.
  • Signal to customers and end-users you care about their privacy rights.

Product(s) Affected

Core Platform

Availability

BusinessBusiness+DeveloperEnterprise


CNIL-compliant French banner

posted on September 1, 2021

Last year, the French Data Protection Authority (CNIL) changed its rules on cookies. While EU law binds companies as a baseline, member state laws can go above and beyond those rules, according to their perceptions of how to best protect consumers.

Per the new rules, Osano now provides a consent-banner configuration that applies to French users and complies with the CNIL’s rules.

When a user encounters a consent banner, there’s an order to operations. Under EU rules, you can disclose data uses on a tiered basis. In that way, users can choose how much information they need to make a decision on whether to consent. Typically, Osano’s Consent Manager discloses cookie practices within the consent banner’s “drawer,” or the second layer of notification. The CNIL dislikes that model and said sites gathering consent from French users should announce up-front, at the “first-layer,” what they plan to do with user data. 

In Osano’s French banner, then, the user is shown details about data collection and use at the first point-of-contact with the site.

Why does this matter?

In October 2020, the French Data Protection Authority (CNIL) published revised cookies guidelines on obtaining user consent to collect or store non-essential cookies -- cookies deployed for advertising purposes. 

The CNIL guidelines call for entities to give more information than previously required under GDPR guidelines to collect consent. Now, the minimum information described to users must include the identity of the data controller and the purpose of the cookies deployed. It must also tell users how they can withdraw consent and the potential consequences of either choice. 

The new guidelines also state that a user’s failure to opt-in to cookies must, by default, be considered non-consent. 

In addition, the rules no longer completely ban cookie walls. But the CNIL indicates it frowns upon it because it’s less representative of true “affirmative consent.” 

Previously, the CNIL allowed sites to collect user consent for a group of sites, provided they notified users. Now, the CNIL “strongly recommends” seeking consent for each site from each user if an entity other than the first-party website deploys non-essential cookies.

CNIL gave sites six months to comply with the new rules. That window closed in March 2021, and the regulator has since started auditing sites and issuing non-compliance letters. 

Now, Osano customers can provide the correct consent banner for CNIL compliance.

Product(s) Affected

Core Platform

Availability

BusinessBusiness+DeveloperEnterprise

The managed data privacy platform

Get started with Osano today

Explore Osano

What's New at Osano

Stay GDPR compliant under new French ruling

Privacy regulators at the CNIL in France recently declared that Google Analytics violates GDPR. Osano’s new block list feature can disable Google Analytics in France to keep you compliant while allowing you to use Google Analytics in regions where it is still legal.

LEARN MORE

New in May 2022: DSAR conditional fields, 28 new integrations, and more!

Customize DSAR forms with conditional fields, serve consent banners in additional languages, use 28 new integrations for Data Discovery, and more! Check out our latest product announcement blog for demos, links, and more information.

LEARN WHAT’S NEW IN MAY

New in April 2022: Admin notes, IAB TCF updates, and more!

Collaborate on DSARs with internal notes for request submissions. IAB TCF 2.0 Consent Management support has been updated per the latest IAB specifications. 11 new Data Discovery integrations and more! Check out our latest product announcement blog for demos, links, and more information.

LEARN WHAT’S NEW IN APRIL

New in March 2022: attachments, config sorting, and more!

Send and receive attachments in the Data Subject Rights secure messaging portal, filter and sort capabilities for your Consent Management configuration, and much more! Check out our latest product announcement blog for demos, links, and more information.

LEARN WHAT’S NEW IN MARCH

Introducing AMP support for Osano Consent Manager

Capture and manage consent across your standard and AMP pages using the same Consent Management Platform.

Learn more about Osano for AMP

View more product updates

Osano product & engineering teams have been hard at work. View the full list of all product updates.

View Product Updates