

Discover more from DPOInsider
The DPOInsider covers the latest news and developments in data compliance and privacy. The DPO's favourite weekly read âïž
Is everyone for the ADPPA?
Letâs take a few minutes to look at the ADPPA. Thatâs the American Data Privacy and Protection Act.
As weâve seen, the legislation enjoys bipartisan support: It passed out of the House Energy and Commerce Committee with a vote of 53-2. And while itâs unclear how the bill will fare in the Senate, its bipartisan support gives reason for optimism.
But one person who is against the act is Nancy Pelosi.
Whilst the law will generally benefit a majority of Americans, it will preempt state laws such as the CCPA.
All this has spooked some into suggesting that it would hamper state-level laws from evolving to provide consumer protection.
That Slate piece is a fascinating read into this dynamic. One point it argues is:
The federal bill can provide California with a waiver, which would recognize its unique position as the home of a critical mass of tech companies and a leader in regulating them.
So what do we think as data privacy professionals? Should California be given special treatment?
For further reading, this post is an excellent overview of how the new legislation matches up to the GDPR.
The Optus data breach
As we included last week, Australia has suffered its most significant data breach.
The telecoms company Optus revealed that over 10m of its customers (which is a whopping 40% of the population) have had personal data stolen.
There has been a considerable amount of fallout, from threats through to denials. But most importantly, itâs raised a big question - is the way that Australia handles data and privacy up to scratch?
After the breach, Optusâ chief executive said that the company had followed all of the necessary steps.
But then the company was offered an ultimatum - pay $1m or see the data auctioned off bit by bit.
And the worst part is that the ransomer seemed to dispute Optusâ claims that it was a sophisticated attack by saying that the data was pulled from freely accessible software.
The government seems to be laying the blame on Optus:

But the breach highlights how Australiaâs data protection laws are in need of an update.
"We are probably a decade behind⊠where we ought to be,"
Down under, the maximum fine is set at $2m. And in some cases, cyber-security laws donât apply to telecom companies.
Itâs an interesting story thatâs developing all the time. I would wager that weâll be talking about the effect of this breach for a while.
Other data privacy news
Advisor to Europeâs top court backs antitrust watchdogs looking at privacy
How to prepare for data protection laws when expanding internationally
Tech firm touts new way to generate first-party data for agencies, publishers without privacy-compliance issues
Post of the week
This made me laugh a lot.
