The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read ☕️

Is everyone for the ADPPA?

Let’s take a few minutes to look at the ADPPA. That’s the American Data Privacy and Protection Act.

As we’ve seen, the legislation enjoys bipartisan support: It passed out of the House Energy and Commerce Committee with a vote of 53-2. And while it’s unclear how the bill will fare in the Senate, its bipartisan support gives reason for optimism.

But one person who is against the act is Nancy Pelosi.

Whilst the law will generally benefit a majority of Americans, it will preempt state laws such as the CCPA.

All this has spooked some into suggesting that it would hamper state-level laws from evolving to provide consumer protection.

That Slate piece is a fascinating read into this dynamic. One point it argues is:

The federal bill can provide California with a waiver, which would recognize its unique position as the home of a critical mass of tech companies and a leader in regulating them.

So what do we think as data privacy professionals? Should California be given special treatment?

For further reading, this post is an excellent overview of how the new legislation matches up to the GDPR.

The Optus data breach

As we included last week, Australia has suffered its most significant data breach.

The telecoms company Optus revealed that over 10m of its customers (which is a whopping 40% of the population) have had personal data stolen.

There has been a considerable amount of fallout, from threats through to denials. But most importantly, it’s raised a big question - is the way that Australia handles data and privacy up to scratch?

After the breach, Optus’ chief executive said that the company had followed all of the necessary steps.

But then the company was offered an ultimatum - pay $1m or see the data auctioned off bit by bit.

And the worst part is that the ransomer seemed to dispute Optus’ claims that it was a sophisticated attack by saying that the data was pulled from freely accessible software.

The government seems to be laying the blame on Optus:

Clare O'Neil MP @ClareONeilMP

What happened at Optus wasn't a sophisticated attack. We should not have a telecommunications provider in this country that has effectively left the window open for data of this nature to be stolen. #abc730

11:34 AM ∙ Sep 26, 2022

---

1,425Likes355Retweets

But the breach highlights how Australia’s data protection laws are in need of an update.

"We are probably a decade behind… where we ought to be,"

Down under, the maximum fine is set at $2m. And in some cases, cyber-security laws don’t apply to telecom companies.

It’s an interesting story that’s developing all the time. I would wager that we’ll be talking about the effect of this breach for a while.

Other data privacy news

Advisor to Europe’s top court backs antitrust watchdogs looking at privacy

How to prepare for data protection laws when expanding internationally

Tech firm touts new way to generate first-party data for agencies, publishers without privacy-compliance issues

Post of the week

This made me laugh a lot.

DPO Daily @theDPOdaily

Everyone knows the curse of what a comms person once told me was the reassurance statement: “we take data protection very seriously”. It’s never said in any situation other than one where something has gone wrong, at which point it’s just wallpaper.

7:15 AM ∙ Oct 6, 2022

Poll of the week