About Consent Decrees
Last Friday, Aug. 30, 2024, the Federal Trade Commission filed a stipulated lawsuit against Verkada, Inc.1 The FTC makes several allegations in its complaint that range from failure to use appropriate information security practices to protect customers’ and consumers’ personal information collected through the company’s security cameras, making false statements regarding compliance with HIPAA and Privacy
Legitimate Interest is not just something you assert
Over the years, I’ve heard many excuses for not sending permission-based emails. One of the more creative excuses came from a sender in the EU who, with complete confidence, told me: “I don’t need consent! We have a legitimate interest in marketing our products!” The General Data Protection Regulation (GDPR) provides a legal basis for
Can You Ignore Privacy & Data Protection?
Data has become one of the most valuable assets for businesses. Protecting that data is not just a legal requirement in many places but a crucial aspect of maintaining customer trust, credibility, and profitability. Texas has a new comprehensive privacy and data protection law that covers data brokers and companies not considered small businesses by
Plaintiff in Hartley dismisses her case without prejudice
What Happened: On July 17, the judge dismissed the Plaintiff’s case for lack of standing, giving the Plaintiff 21 days to amend the complaint.1 Instead of filing an amended complaint, the Plaintiff dismissed the case entirely but can refile it later.2 Implications of the Dismissal: This dismissal without prejudice means the Plaintiff can refile the
Hartley thrown out: Good news for permission, bad news for spammers
Since December 2023, nationwide, around a dozen class action lawsuits have been filed in federal district courts alleging violations of the same Arizona statute.1 At least two cases (Hartley and Mills) have motions to dismiss with Hartley the first to be decided. This post will examine Hartley and its implications.23 What are these cases alleging?
“Forget Me!” Handling Data Deletion Requests as a Data Processor
People have more control over their personal information than ever before. Regulations like the GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and even the new TDPSA (Texas Data Privacy and Security Act) grant users the “right to erasure,” also known as the “right to be forgotten.” This means they can request that
Cousin Domains are what spammers use
In the ever-evolving world of email marketing, businesses continually seek ways to improve their deliverability rates and maintain their sender reputations. One practice that has regained traction recently is using cousin domains to send very low volumes of messages. However, despite its perceived benefits, using cousin domains is a terrible practice that can lead to
Texting Trouble: Privacy Lessons from the Karen Read Case
I have been following the Karen Read murder trial, and it has been quite an ordeal. The trial featured some of the worst expert testimony I have ever seen, a medical examiner who refused to call the death in question “a homicide,” poor investigative technique, and even a couple of “gotcha” moments. Massachusetts State Police