Welcome to November's GrailMail! We’re back with essential updates, in depth analysis, and actionable insights to help you stay ahead of the curve in the data privacy landscape.
View in browser
DataGrail-Logo-HorizontalLockup-969690
GrailMail_Hero_Update_240531
 

The holiday season is officially upon us which means great food, festive fun, and new state privacy laws. 🎁 

 

There are 5 new state data privacy laws going into effect this coming January, so a lot of big changes are just around the corner. We’re here to help. 

 

Keep scrolling to learn more about our upcoming webinar, where we’ll shine light onto what these new laws mean for the data privacy landscape. You’ll hear how your peers at Benchling, Outreach, Route, and NETGEAR are getting ahead of new regulations.

 

But first, let’s dive into the top news and reads about data privacy in November. 

GrailMail Headers

👩‍⚖️ Paramount is hit with class action over a huge data privacy violation

  • Paramount Global is facing a class action lawsuit for allegedly sharing subscriber viewing history with Meta and TikTok to target ads without consent.
  • The lawsuit claims Paramount violated the Video Privacy Protection Act (VPPA), which protects personal viewing data from being disclosed to third parties. Filed by a California subscriber, the suit is asking for at least $5 million in damages—talk about an unwelcome holiday present. 
  • But Paramount isn’t alone. Other streaming giants like Netflix and Disney have also been hit with similar lawsuits over the past few years for allegedly breaking the same privacy laws. You can read more on the story here.

⚠️ State privacy laws to keep kids safe may be wrapped up in legal tangles

  • A snowstorm of state laws aimed at protecting kids online is creating some serious legal tangles for tech companies. With more states adopting rules to keep minors safe on social media, companies must rethink how they handle children's data.
  • From parental consent to age verification, these laws are forcing platforms to navigate tricky legal terrain, especially with some laws being struck down for infringing on First Amendment rights.
  • To comply with these laws, companies must understand when and how they collect children's personal information, update privacy notices for minors, set high privacy defaults, collect only necessary data, and delete it when no longer needed. You can learn more about what these state laws mean here.

🚑 89% of hospitals are enhancing their cybersecurity, so why do gaps remain?

  • A recent report revealed that 89% of hospitals have taken significant steps to bolster their cybersecurity by implementing third-party risk management systems. These measures are crucial in protecting sensitive patient data and managing the cybersecurity risks introduced by vendor networks. 
  • However, despite these efforts, only 10% of hospitals have adopted comprehensive data privacy programs, leaving important vulnerabilities unaddressed.
  • As the Digital Personal Data Protection Act (DPDPA) moves forward, it’s expected to drive improvements in safeguarding patient information. But the question remains: How can healthcare organizations close these gaps to fully protect against cybersecurity threats? Learn more about the complex answer to this question here.

🧼 Data Clean Rooms (DCRs) may not be as pristine as they seem 

  • The FTC has issued a warning to companies using Data Clean Rooms, a popular privacy tool in digital advertising, stressing that these technologies are not a "get-out-of-compliance-free card."
  • While DCRs can enhance privacy by limiting data sharing, they can also be misused to obscure privacy risks. The FTC emphasized that DCRs do not automatically ensure legal compliance or data security, and companies must still take responsibility for how personal data is handled.
  • Industry leaders, however, argue that when properly configured, DCRs can protect privacy without directly sharing data. They agree with the FTC’s call for more oversight but maintain that DCRs are just one part of a broader privacy strategy. You can read more on the conversation here.

We’ve got 5 new state privacy laws taking effect in January 2025, bringing the total number of U.S. state privacy laws in effect to 15. The need to stay ahead of these regulations is more urgent than ever, not just to avoid penalties, but to build trust with consumers and protect sensitive data. 

 

To help you get ahead, we invite you to join our How January’s New Privacy Laws Will Change Data Privacy in 2025 webinar on December 10th. Our panel of privacy experts will share insights on what you need to know about these new laws, along with proven strategies for staying compliant as data privacy regulations continue to evolve. 

Register here
Reminder to Register - 2025 State Laws Webinar-1

👀  Looking ahead: What are the effective dates of the U.S. state privacy laws?

October GrailMail Timeline (1)

GrailMail Headers (2)

From new partnerships to faster publishing times, our latest updates bring plenty of improvements to the DataGrail platform to help you manage your data privacy programs more effectively.

 

Here’s a quick look at what’s new:

  • DataGrail announced its partnership with Webflow, bringing enterprise-grade consent management to Webflow customers. Now, Webflow users can focus on what they do best—delivering exceptional digital experiences—while maintaining the necessary safeguards for privacy and compliance.
  • The team significantly reduced banner update publish times for DataGrail Consent by as much as 75%—from approximately 1-2 minutes down to 10-30 seconds. 
  • Two new risk insights in Live Data Map highlight high-risk data systems and AI subprocessors to help you quickly prioritize privacy concerns.
  • We added Transfer Impact and Legitimate Interest Assessment templates in Risk Monitor to simplify GDPR compliance and data transfer management.

For more details, check out our monthly product release notes here.
GrailMail Headers (3)

Privacy By Design in Practice

  • "Privacy by Design" is all about embedding privacy principles into systems from the get-go, rather than trying to fix privacy issues later. Though the concept has been around for decades and is central to regulations like GDPR, many organizations still struggle to implement it effectively. 
  • This article highlights how privacy professionals are making it a reality, from ensuring transparency and building consumer trust to improving operational efficiency. It also touches on how privacy can become a revenue driver and offers practical tips for embedding privacy practices into every step of product development.

Are you passionate about privacy, legal, or security issues? Want to connect with like-minded professionals and stay ahead in a rapidly evolving landscape?

 

Become a member of our Privacy Community!

Privacy_Community

What You’ll Gain:

  • Career Growth: Discover job opportunities tailored for privacy professionals and enhance your skills.
  • Networking Opportunities: Connect with industry leaders and fellow members to exchange insights and best practices.
  • Stay Informed: Engage in discussions about hot topics in ops, security, governance, risk, ethics, and compliance.

Whether you're just starting out or a seasoned pro, there’s a place for you here! Don’t miss out on the chance to be part of a vibrant network committed to advancing data privacy.

See you next time! 👋

Megan

This was sent to your email. If you do not wish to receive news and product updates in this format, please manage your preferences below.

Š 2024 DataGrail, Inc. and/or its affiliates. All rights reserved.
Various trademarks held by their respective owners.

DataGrail, 225 Bush Street, Suite 360, San Francisco, CA 94104

Unsubscribe Manage preferences

DataGrail-Emblem-969690
LinkedIn
X
YouTube