{"id":8010,"date":"2023-07-27T17:42:12","date_gmt":"2023-07-27T21:42:12","guid":{"rendered":"https:\/\/joindeleteme.com\/blog\/?p=8010"},"modified":"2025-02-24T16:16:38","modified_gmt":"2025-02-24T21:16:38","slug":"delete-act-fourth-amendment","status":"publish","type":"b2b-post","link":"https:\/\/joindeleteme.com\/business\/blog\/delete-act-fourth-amendment\/","title":{"rendered":"Data broker laws gain traction \u2013 July 2023 Newsletter"},"content":{"rendered":"\n<div class=\"wp-block-rank-math-toc-block uk-card-default uk-padding-small\" style=\"font-size:16px\" id=\"rank-math-toc\"><h4>Table of Contents<\/h4><nav><ul><li><a href=\"#regulatory-update-significant-data-broker-regulations-like-californias-delete-act-and-federal-fourth-amendment-not-for-sale-acts-show-real-momentum\">Regulatory Update: Significant data broker regulations like California\u2019s \u2018Delete Act\u2019, and federal \u2018Fourth Amendment Not For Sale Acts\u2019 show real momentum<\/a><\/li><li><a href=\"#cybersecurity-update-mov-eit-may-turn-out-to-be-the-biggest-data-breach-event-in-recent-years\">Cybersecurity Update: MOVEit may turn out to be the biggest data breach event in recent years<\/a><\/li><li><a href=\"#enforcement-updates-ftc-expanding-application-of-coppa-rules-against-big-tech-ca-ag-interested-in-ccpa-employee-privacy-compliance\">Enforcement updates: FTC expanding application of COPPA rules against Big Tech; CA AG interested in CCPA employee privacy compliance<\/a><\/li><li><a href=\"#check-out-our-latest-blog-posts\">Check Out Our Latest Blog Posts<\/a><\/li><li><a href=\"#delete-me-in-the-news\">DeleteMe in the News<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<p>Hello again &#8211; after a hiatus in June, we\u2019re back again with our monthly update on happenings in the privacy space relevant to businesses.<\/p>\n\n\n\n<p>In this edition, you&#8217;ll find our take on:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>California\u2019s \u2018<a href=\"https:\/\/www.tomkemp.ai\/blog\/2023\/04\/11\/introducing-the-california-delete-act\" target=\"_blank\" rel=\"noreferrer noopener\">Delete Act<\/a>\u2019, and federal \u2018<a href=\"https:\/\/www.wyden.senate.gov\/news\/press-releases\/wyden-paul-and-bipartisan-members-of-congress-introduce-the-fourth-amendment-is-not-for-sale-act-\" target=\"_blank\" rel=\"noreferrer noopener\">Fourth Amendment Not For Sale Acts<\/a>\u2019<\/li>\n\n\n\n<li>The <a href=\"https:\/\/www.cybersecuritydive.com\/news\/moveit-breach-timeline\/687417\/\" target=\"_blank\" rel=\"noreferrer noopener\">MOVEit Data Breach<\/a> may be the largest data breach event in recent years&nbsp;<\/li>\n\n\n\n<li>The <a href=\"https:\/\/oag.ca.gov\/news\/press-releases\/attorney-general-bonta-seeks-information-california-employers-compliance\" target=\"_blank\" rel=\"noreferrer noopener\">COPPA rules expansion<\/a> against Big Tech<\/li>\n<\/ul>\n\n\n\n<p id=\"Delete\"><\/p><hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"regulatory-update-significant-data-broker-regulations-like-californias-delete-act-and-federal-fourth-amendment-not-for-sale-acts-show-real-momentum\"><strong>Regulatory Update: Significant data broker regulations like California\u2019s \u2018Delete Act\u2019, and federal \u2018Fourth Amendment Not For Sale Acts\u2019 show real momentum<\/strong><\/h2>\n\n\n\n<p>California\u2019s \u2018<a href=\"https:\/\/www.tomkemp.ai\/blog\/2023\/04\/11\/introducing-the-california-delete-act\" target=\"_blank\" rel=\"noreferrer noopener\">Delete Act<\/a>\u2019 has advanced quickly through the state Senate and relevant committees over past months and could soon become state law.&nbsp; The regulatory template &#8211; which requires companies that collect and sell consumer data to register with state AG\u2019s office, and provide a one-stop-shop \u2018opt-out\u2019 mechanism for California citizens &#8211; was originally proposed in congress last year (albeit with the FTC managing registry and enforcement), and has been <a href=\"https:\/\/therecord.media\/delete-act-reintroduced-congress-data-brokers\" target=\"_blank\" rel=\"noreferrer noopener\">reintroduced<\/a> in the current session. Passage in California would put pressure on Feds to make the framework a national norm.&nbsp; It could give consumers significantly more control over how data brokers handle personal data.<\/p>\n\n\n\n<p>The \u2018<a href=\"https:\/\/www.wyden.senate.gov\/news\/press-releases\/wyden-paul-and-bipartisan-members-of-congress-introduce-the-fourth-amendment-is-not-for-sale-act-\" target=\"_blank\" rel=\"noreferrer noopener\">Fourth Amendment Not For Sale Act<\/a>\u2019 was a 2021 congressional bill that proposed barring government agencies from buying commercial surveillance data on Americans that bypass normal search warrant requirements.&nbsp; It was <a href=\"https:\/\/archive.ph\/BsMIX\" target=\"_blank\" rel=\"noreferrer noopener\">recently inserted<\/a> to a Section 702 surveillance reform bill that has bipartisan support, which makes its prospects for passage much stronger than when originally introduced.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"our-take\"><strong>Our take:<\/strong><\/h3>\n\n\n\n<p>The Wild West days of the data broker industry may not be over, but we might be beginning the last act.<\/p>\n\n\n\n<p>There have been no significant data broker regulations passed in decades. But pressure to introduce new ones has never been higher.&nbsp; Piecemeal laws that address key components of the sprawling industry have greater near-term prospects for success than omnibus national consumer privacy laws like the federal <a href=\"https:\/\/en.wikipedia.org\/wiki\/American_Data_Privacy_and_Protection_Act\" target=\"_blank\" rel=\"noopener\">ADDPA<\/a>, which try to do everything at once.<\/p>\n\n\n\n<p>The Delete Act framework has been compared to the FCC\u2019s \u201cDo Not Call\u201d list, which has historically been a toothless gesture by consumers to try and limit unwanted robocalls and spam, because there are no practical means of monitoring and enforcement.&nbsp; But companies like DeleteMe, that came into being because of consumer needs for data control, are in an excellent position to provide exactly that capability, and we see these laws as a positive development that give us greater relevance to ensure companies are honoring consumer privacy demands.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" id=\"move\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"cybersecurity-update-mov-eit-may-turn-out-to-be-the-biggest-data-breach-event-in-recent-years\"><strong>Cybersecurity Update: MOVEit may turn out to be the biggest data breach event in recent years<\/strong><\/h2>\n\n\n\n<p>The <a href=\"https:\/\/www.cybersecuritydive.com\/news\/moveit-breach-timeline\/687417\/\" target=\"_blank\" rel=\"noopener\">compromise<\/a> of the MOVEit file transfer system has hit more than <a href=\"https:\/\/konbriefing.com\/en-topics\/cyber-attacks-moveit-victim-list.html\" target=\"_blank\" rel=\"noopener\">420<\/a> organizations over the past two months, of which nearly 300 are American businesses, universities, and government agencies. The number\/amount of compromised employee and consumer information remains imperfectly accounted for, but it is certain to continue to grow.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"our-take-1\"><strong>Our take:<\/strong><\/h3>\n\n\n\n<p>Early in 2023, researchers were suggesting there was a downtrend in cybersecurity risk relative to 2022, but, as the recent events show, successful attacks on a single, widely-used vendor can have massive impact.&nbsp; The most at-risk institutions continue to be public sector and healthcare service providers who remain behind the curve in terms of limiting exposure to 3rd party vendor risk.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" id=\"COPPA\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"enforcement-updates-ftc-expanding-application-of-coppa-rules-against-big-tech-ca-ag-interested-in-ccpa-employee-privacy-compliance\"><strong>Enforcement updates: FTC expanding application of COPPA rules against Big Tech; CA AG interested in CCPA employee privacy compliance<\/strong><\/h2>\n\n\n\n<p>Over the past months, both <a href=\"https:\/\/www.justice.gov\/opa\/pr\/amazon-agrees-injunctive-relief-and-25-million-civil-penalty-alleged-violations-childrens\" target=\"_blank\" rel=\"noopener\">Amazon<\/a> and <a href=\"https:\/\/www.jdsupra.com\/legalnews\/microsoft-xbox-to-pay-20-million-to-4353252\/\" target=\"_blank\" rel=\"noopener\">Microsoft<\/a> were charged with Children&#8217;s Online Privacy Protection (COPPA) rule violations and each paid $20M+ fines. FTC has recently taken an expansive and aggressive approach to interpreting COPPA as part of a growing Federal interest in focusing on Children\u2019s privacy online.&nbsp; \u2018<a href=\"https:\/\/www.theverge.com\/23721306\/online-age-verification-privacy-laws-child-safety\" target=\"_blank\" rel=\"noopener\">Age verification<\/a>\u2019 requirements for online services remains a complex and problematic issue, and its unclear how companies can easily offer flexible services to users without potentially coming in conflict with the vague application of legacy children\u2019s privacy laws.<\/p>\n\n\n\n<p>California Attorney General Rob Bonta <a href=\"https:\/\/oag.ca.gov\/news\/press-releases\/attorney-general-bonta-seeks-information-california-employers-compliance\" target=\"_blank\" rel=\"noopener\">recently sent inquiry letters<\/a> to many of California\u2019s largest employers to learn how they\u2019re approaching CCPA compliance with employee data privacy rules, which affect how companies treat information about their workforce and job applicants.&nbsp; California is one of the only states whose privacy law currently addresses workforce data, and provides an early warning of the kind of frameworks that may emerge in other states in the future.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"our-take-2\"><strong>Our take:<\/strong><\/h3>\n\n\n\n<p>The biggest problem with many existing privacy laws is the lack of clarity about what compliance really means.&nbsp; Many companies take a \u2018wait and see\u2019 approach to see what will be enforced, and rely on test-cases to demonstrate what the limits are.&nbsp; \u2018Kids Privacy\u2019 is a current danger-zone for some businesses (specifically in social media, gaming, and other areas with high youth presence); workforce privacy rules is a potential future area of risk given <a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/statements-releases\/2023\/05\/25\/readout-of-white-house-listening-session-on-automated-worker-surveillance-and-management\/\" target=\"_blank\" rel=\"noopener\">recent White House interest<\/a> in the status-quo of workforce surveillance.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"check-out-our-latest-blog-posts\"><strong>Check Out Our Latest Blog Posts<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a>FL and TX Pass Comprehensive Consumer Data Privacy Bills<\/a><\/li>\n\n\n\n<li><a>Data Broker Hearings, CISA &#8216;Secure by Design&#8217; Standards, and Telegram Bots<\/a><\/li>\n\n\n\n<li><a>Open Data, Hidden Risk: Publicly Available Employee Data &amp; Cyber Risk [+ Breach Prevention Tips]<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"delete-me-in-the-news\"><strong>DeleteMe in the News<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Check out our <a href=\"https:\/\/joindeleteme.com\/business\/blog\/deleteme-in-the-news-in-2023\/\" target=\"_blank\" rel=\"noreferrer noopener\">running log<\/a> of DeleteMe in the news in 2023.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Read the July 2023 issue of our business privacy newsletter.<\/p>\n","protected":false},"author":16,"featured_media":7893,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"b2b-category":[45],"class_list":["post-8010","b2b-post","type-b2b-post","status-publish","format-standard","has-post-thumbnail","hentry","b2b-category-resources"],"acf":[],"_links":{"self":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/8010","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post"}],"about":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/types\/b2b-post"}],"author":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/users\/16"}],"version-history":[{"count":0,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/8010\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media\/7893"}],"wp:attachment":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media?parent=8010"}],"wp:term":[{"taxonomy":"b2b-category","embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-category?post=8010"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}