After nearly a decade of legislative attempts, Oklahoma has joined the growing ranks of states with a comprehensive consumer data privacy law, making it the 20th state with such a law on the books. SB 546 takes effect on...more
Miss the most recent webinar from the Osano team? Did your question not come up during discussion? Don't worry: We've collated, condensed, and thematically grouped the questions from 2026 Privacy Laws: New Laws, Amendments,...more
2/5/2026
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
CIPA ,
Consent ,
Cookies ,
Data Management ,
Data Privacy ,
Data Protection ,
Risk Assessment ,
State Privacy Laws ,
Wiretapping
When can compliance professionals and business stakeholders expect data privacy to stop evolving year after year? Our guesstimate is sometime between the turn of the 22nd century and the heat death of the universe. In any...more
What Is the Digital Omnibus Regulation Proposal?
Maybe you’ve heard–the EU has a bit of a reputation for excessive regulation.
That’s doubly true for digital space. Between the GDPR, ePrivacy Directive, EU AI Act, DMA,...more
12/4/2025
/ Artificial Intelligence ,
Consent ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
EU ,
General Data Protection Regulation (GDPR) ,
Personal Data ,
Proposed Legislation ,
Reporting Requirements
They say the only two certainties in life are death and taxes. Humbly, we’d like to propose a third: New California privacy rules.
Going into effect January 1, 2026, the new rules package for the CCPA adjusts key elements...more
11/4/2025
/ Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Cybersecurity ,
Data Privacy ,
Popular ,
Privacy Laws ,
Regulatory Requirements ,
Risk Assessment ,
State Privacy Laws
Think of three marketing channels.
Got them in mind?
We’re willing to bet you didn’t picture newspapers, radio, or flyers. That’s because the vast majority of marketing these days is digital (social media,...more
Famously, construction on the Sydney Opera House finished ten years after its original deadline, ballooning its cost from $7 million to $102 million....more
If you’re not accustomed to handling data subject access requests (DSARs), then it’s understandable if you feel a bit nervous about responding. After all, there are all sorts of legal requirements involved and the potential...more
Tired of ad blockers, cookie deprecation, and opt-outs undermining your marketing efforts? You may be investigating server-side tracking as a way to grow your access to data. Server-side tracking can be a great approach for...more
8/21/2025
/ Advertising ,
Consent ,
Cookies ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Marketing ,
Regulatory Requirements ,
Tracking Systems ,
Web Tracking
You never think about breathing air. Most of the time, you’re not consciously moving your legs as you walk. You don’t have to remind yourself to blink every few seconds. For modern businesses, that’s what processing personal...more
8/21/2025
/ California Consumer Privacy Act (CCPA) ,
Cookies ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Processors ,
Data Protection ,
Employer Liability Issues ,
General Data Protection Regulation (GDPR) ,
Human Resources Professionals ,
Personal Data ,
State Privacy Laws ,
Web Tracking
Regulations matter, but until they’re enforced, they’re all just so many words (so, so many words) on paper. Businesses know that what really counts is whether, how, where, and when regulators enforce the law....more
Data subject access requests (DSARs), or subject rights requests (SRRs), are evolving.
Whether your organization is based out of the EU, the US, or elsewhere in the world, consumers’ awareness and expectations are...more
Governance, risk, and compliance (GRC) can feel like thankless work at times. You can’t ship risk mitigation to market. It's not usually reflected on your balance sheet. Only especially canny investors notice the absence of...more
The 1:10:100 rule—coined in 1992 by George Labovitz and Yu Sang Chang, the rule describes how much bad data costs. Preventing the creation of bad data at its source costs $1. Remediating bad data costs $10. Doing nothing...more
When we write about data privacy, it’s easy to default to talking to “privacy professionals.”
But take a look at the privacy management industry: The privacy program managers, chief privacy officers, and other purely...more
Subject rights requests can be confusing for everybody involved.
Some consumers are savvy privacy advocates and expect their requests to be fulfilled to the letter. Others are just learning that they have subject rights...more
Martial artists use a colored belt system to denote their expertise. You start with a white belt, and, as you train and improve, you eventually achieve the next color and corresponding rank. Once you’ve gained a black belt,...more
“Don’t Mess with Texas.”
It’s an evocative phrase, which is probably why it survived so long past its humble origins as a 1980s campaign slogan to discourage drivers from littering on Texan highways....more
Heraclitus said that “The only constant in life is change,” but privacy professionals don’t need to turn to ancient Greek philosophy to grasp this concept. We can just use our eyes and observe our colleagues, industry,...more
Businesses in the US will be subject to a lot more scrutiny from consumers and regulators in 2025. With eight new data privacy laws going into effect over the course of the year, attorneys general will be eager to show...more
If you’re feeling out of the loop about Chrome’s personal data collection, you’re not the only one. Google had announced that it would be deprecating third-party cookies. Then it delayed the deprecation. Then they called the...more
We've all heard the saying, "Teamwork makes the dream work," but for privacy professionals, this isn't just an inspirational quote—it's a necessity. Specifically, collaboration with colleagues in security; privacy; and...more
Modern businesses have to be compliant with data privacy regulations. Everyone knows that.
But nobody likes being told they have to do something. Especially not when that something seems like an expensive, complicated...more
Getting the business to say “yes” to data privacy isn’t easy. Yet it remains one of the central tasks a data privacy professional must undertake.
After all, you can’t protect consumers, protect your organization, and achieve...more
Starting January 1, 2026, businesses operating in Rhode Island will need to comply with the Rhode Island Data Transparency and Privacy Protection Act, a mouthful of a law abbreviated as RIDTPPA. (Not exactly catchy, is it?)...more