For all the progress happening in American data privacy, there is still a ways to go.
View in browser

Data Privacy Happenings 📰

Hello from MineOS's monthly newsletter, The Privacy Mindset! 👋

 

Vermont, that most beautiful green mountainous land of maple syrup, ben & jerry's, and black bears, seemingly had #19 locked down as the State Congress passed a comprehensive data privacy law, bill H.121, in May.

 

The state was all set to join the wave of privacy legislation that has swept the nation over the past year and a half, but instead, Vermont gains an infamous tag: the first state to have a privacy law vetoed by the governor. 

 

So what happened? The private right of action.

 

Vermont's bill became just the second state other than California to feature a private right of action, meaning individuals can sue organizations for noncompliant behavior. 

 

As you might imagine from that description, it's something businesses hate with the intensity of a thousand burning suns, having worked tirelessly over the years to lobby it out of the early stages of other states' draft privacy bills. 

 

Those tactics did not work in Vermont, which for a brief fluttering moment exhilarated the privacy community. The moment was brief because the Vermont Governor, Phil Scott (R), immediately expressed reservations about signing the bill into law, even despite its overwhelming 139-3 margin in the Vermont House of Representatives.

 

Governor Scott did in fact veto the bill, claiming the state's business community would suffer under such onerous burdens. He insisted Vermont follow its fellow New England examples, as Connecticut and New Hampshire both have laws on the books (and Rhode Island just passed its own data privacy law as well), refusing to allow the state to venture away from the herd, even if that might set a positive example. 

 

With the veto override vote failing in the state Senate and the legislature closed for the year, Vermont will need to wait until 2025 to reengage on a watered down privacy bill. 

 

The main takeaway? Even with big progress in America on the issue of data privacy, we still have a long way to go to truly empower people online and stop the ensh*ttification of the internet.

Product Spotlight 🔦

With Data Subject Requests (DSRs) on the rise and only likely to keep increasing as more American state laws come on-line, companies need more options and flexibility with handling the requests.

 

That's why MIneOS is upgrading our DSR module, starting with Saved Views in the DSR ticket page. This new capability allows users to choose how their DSR tickets appear and then save those views for future use.

 

This lets teams working alongside each other easily sort out and find the tickets relevant to each, a major convenience when dealing with frequent requests.

 

Regulation Focus 🔬

Texas's Data Privacy & Security Act Section 541 002

"APPLICABILITY OF CHAPTER. (a) This chapter applies only to a person that:

(1) conducts business in this state or produces a product or service consumed by residents of this state;

(2) processes or engages in the sale of personal data; and

(3) is not a small business as defined by the United States Small Business Administration, except to the extent that Section 541.107 applies to a person described by this subdivision."

 

Texas's comprehensive data privacy act, the Texas Data Privacy and Security Act (TDPSA), is about to enter into enforcement. As the second most populous state in the country (and one of the few states all foreigners know), it's likely TDPSA is going to get attention on par with California's CCPA rather than smaller states with data privacy laws in place like Utah or Virginia.

 

Given the bill's unique applicability threshold, which does not set an annual revenue or data processing limit threshold, many more businesses will have to comply with TDPSA or risk repercussions. 

 

Just last week Texas AG Ken Paxton issued letters to over one hundred companies outlining their failure to register as data brokers with the Texas Secretary of State as required by Texas’s newly enacted Data Broker Law. 

 

Paxton noted, “My office takes Texans’ privacy seriously. We are taking action to ensure that companies comply with our new data broker law, as well as other Texas consumer protection and privacy laws.”

 

With the state seemingly ready to wield its enforcement powers on the eve of TDSPA's entering into law, the paradigm of American data privacy might have another shift on its hands, one that applies to a wide range of businesses.

Founder's Corner 🎙️

CPO & co-founder Kobi Nissan

 

Q: People mention privacy by design quite a bit, but what are some examples of that principle done right?

 

A: I think Apple and the recent product announcements show the power of privacy by design done right. That's a brand that has put emphasis on privacy for years, one of the few to do so in Big Tech, and so when they come out with AI features there isn't immediate backlash like happened to Facebook and Microsoft.

Webinars & Events 📅

MineOS's CEO Gal Ringel will take part in a session for RISK Digital on July 3 at 4:15 CET/10:15 EST.

 

The topic? "Uniting Governance, Risk, Compliance, Cybersecurity and Audit for Operational Resilience."

 

This is a talk GRC and privacy professionals won't want to miss, especially since you can attend from the comfort of your own home! 🏠

 

✏️Register here to attend: https://www.grcworldforums.com/privsec/privsec-global/register

 
Talk with us

How did you like this month's issue?

Let us know
footer

SayMine Technologies Ltd., 94 Igal Alon st., Alon 1, Tel Aviv, Israel, 6789155

Unsubscribe Manage preferences