The two states enforcing data privacy the most are also the nation's headliners
View in browser

Data Privacy Happenings 📰

Hello from MineOS's monthly newsletter, The Privacy Mindset! 👋

 

California and Texas are in many ways complete opposites of each other, and yet, in data privacy, the two are aligning more behind the importance of the matter than nearly every other state in the US.

 

The country's two most populated states and two of the three biggest in size (thanks for crashing the party and stumping trivia goers everywhere, Alaska!) are two of only eight states with comprehensive data privacy laws already in effect. More telling? Texas and California seem to be the only two states taking enforcement seriously.

 

Perhaps it is a matter of budget, given both states have GDPs larger than nearly every nation on Earth, or maybe it's a battle for influence in what is seen as a critical sector of the economy of the future, but the tangible mark left by Virginia, Colorado, Connecticut, Utah, Oregon, and Florida's data privacy laws has nowhere near matched the Lone Star and Golden State.

 

Texas has played catch-up well, just recently implementing the Texas Data Privacy & Security Act on July 1, 2024. Attorney General Ken Paxton has not let the honeymoon period linger however, taking action to ensure companies take compliance seriously. 

 

In the past few months alone, he has sent out notices to over 100 companies on their data privacy noncompliance, reached a $1.4 billion settlement with Meta over data privacy violations committed by Facebook a decade ago, and sued General Motors over the car manufacturer's "unlawful" data collection practices.

 

While California has been the headliner for data privacy and continues to set the pace for enforcement with the great work the California Privacy Protection Agency is doing (including the third CCPA settlement action earlier this year), this wave of enforcement and public prioritization of data privacy out of Texas is a welcome sight and another engine to power the issue further across the US.

 

One possible problem: Texas and California have arguably the most name credibility abroad, and if no other state steps up, the duo risk downplaying the presence of other state privacy laws. 

 

For years the US data privacy scene was "California and a few smaller states." That is no longer true, but is it really much progress is that simply becomes "California, Texas, and a bunch of places even Canadians would struggle to name?" 

 

The two giants are proving the more economic might you have, the more possible it is to regulate data compliance, but for the sake of Americans everywhere, other states need to pick up the slack and start throwing their enforcement weight around. 

Product Spotlight 🔦

Part of what makes MineOS's inventory discovery the most unique approach on the market is our email navigator capabilities, where the system scans metadata of emails to help boost inventory discovery from 50% to around 95%.

 

The industry typically only offers website, cloud, and SSO scans to discover data systems, with email scans truly putting discovery over the top. However, there are times when an organization might not want its entire corporate inbox scanned, and we've responded with more targeted email scanning capabilities.

 

Now you can scan specific Google groups from your Google workspace directory, allowing for increased precision and enhanced privacy in your inventory discovery process.

 

Regulation Focus 🔬

Colorado AI Act Sec. 4(a) I & II

"(4) (a) ON AND AFTER FEBRUARY 1, 2026, A DEVELOPER SHALL MAKE AVAILABLE, IN A MANNER THAT IS CLEAR AND READILY AVAILABLE ON THE DEVELOPER'S WEBSITE OR IN A PUBLIC USE CASE INVENTORY, A STATEMENT SUMMARIZING:

 

(I) THE TYPES OF HIGH-RISK ARTIFICIAL INTELLIGENCE SYSTEMS THAT THE DEVELOPER HAS DEVELOPED OR INTENTIONALLY AND SUBSTANTIALLY MODIFIED AND CURRENTLY MAKES AVAILABLE TO A DEPLOYER OR OTHER DEVELOPER; AND

 

(II) How THE DEVELOPER MANAGES KNOWN OR REASONABLY FORESEEABLE RISKS OF ALGORITHMIC DISCRIMINATION THAT MAY ARISE FROM THE DEVELOPMENT OR INTENTIONAL AND SUBSTANTIAL MODIFICATION OF THE TYPES OF HIGH-RISK ARTIFICIAL INTELLIGENCE SYSTEMS DESCRIBED IN ACCORDANCE WITH SUBSECTION (4)(a)(I) OF THIS SECTION."

 

While we await the 2024 closure of California's legislature to see which bills on AI make the jump into law, not enough attention has been paid to all the work coming out of Colorado.

 

Months ago Colorado become the first state with comprehensive AI regulation in response to both the EU AI Act and the overall wave of new AI tools ready to transform the market (and possibly society). 

 

The law models much of its major decisions and regulatory requirements off the EU AI Act, but there are enough differences where if you are in charge of your organization's AI governance program, you'll need to read this law in its entirety.

 

One thing that is immediately apparent as a high priority for compliance is transparency, as organizations deploying AI will need to clearly communicate to consumers what types of AI systems it uses and the risks inherent to those systems.

 

That requires both an understanding of the risk itself as well as, in a practical sense, completing risk assessments before the AI is rolled out to the public. 

 

Finding a way to compel organizations to conduct assessments before data collection and processing begins is a good way to ensure more organizations are considering and (hopefully) incorporating the principles of user safety and privacy into products.

 

The transparency notices themselves are also a welcome sight, although how they look and function in practice needs to be guaranteed in a consumer-friendly, easily understandable way if they are to have any positive effect.

 

After all, nobody wants to read a 29-minute-long privacy policy, and consumers are all too quick to click away their consent just to access the site they're visiting. Make the transparency requirement matter. 
https://www.linkedin.com/in/kobinissan/

Founder's Corner 🎙️

CPO & co-founder Kobi Nissan

 

Q: What is an element of data mapping that does not often get discussed?

 

A: Sometimes the ROI on privacy software isn't extremely clear, although it's certainly there. One aspect of that is that good data mapping not only uncovers shadow IT, it shows you services your organization may be using that overlap or serve similar purposes. 

 

Especially for organizations with over 1,000 employees, you're likely to discover you actually have double or more the number of data sources you think you have. Finding the duplicates and cutting them not only minimizes risk, it also saves money, creating an immediate return on investment for the data mapping tool.

Webinars & Events 📅

The MineOS team has our tickets booked and suitcases out, because we're only a month out from IAPP Privacy. Security. Risk. 2024 in LA on September 22-24!

 

Looking to get your conference started off right? Join us (free!) for the 🌴 All California Privacy Happy Hour at Hotel Indigo on 9/22 at 6:30 🌠

 

📅 Register here, spots are limited: https://www.eventbrite.com/e/all-california-privacy-happy-hour-tickets-976457018227?aff=MineOS

 

Scheduling out your conference days? Make sure to catch CEO Gal Ringel's session on You Don't Know What You Don't Know: The Role of Data Mapping in Privacy Programs at 8:30 am on Tuesday the 24th!

 

And as always, stop by the MineOS booth. We may or may not have sweet new swag 😉

 

Talk with us

How did you like this month's issue?

Let us know
footer

SayMine Technologies Ltd., 94 Igal Alon st., Alon 1, Tel Aviv, Israel, 6789155

Unsubscribe Manage preferences