One of the most litigated state telemarketing laws in the country has been significantly pared down. On May 2, 2023, the Florida legislature passed a bill to amend the Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059. The bill was presented to Florida Governor Ron DeSantis on May 16 and was signed into law on May 25. In this post, we cover the origins of the FTSA, its prior scope, and how the amendments modify the law. This amendment should significantly curtail lawsuits filed under the FTSA against companies that use technology to assist in placing calls to consumers.

Continue Reading Florida Significantly Narrows the FTSA

As the hype about generative artificial intelligence (AI) has grown, the Federal Trade Commission (FTC) has made clear that it intends to be at the forefront of federal agencies working to ensure the responsible use of AI. In just the last few months, it has spoken repeatedly about AI, issuing multiple warnings about the risks of AI technology. In many respects, this is not new terrain for the FTC. Since at least 2016, the FTC has cautioned about the potential for machine learning and AI algorithms to lead to discrimination against protected classes. The FTC recently reiterated those concerns and cautioned businesses about the use of generative AI to spread manipulative, fraudulent, or unsubstantiated content.

Continue Reading The FTC Can’t Stop Talking about AI

The Federal Trade Commission on March 2, 2023, announced a proposed complaint and proposed consent order with BetterHelp, Inc., an online counseling platform that allegedly disclosed consumer health data to third-party advertising platforms. The settlement requires payment of $7.8 million to be used for consumer refunds—the first time an FTC action has required the return

Recent comments by Anne Neuberger, President Biden’s Deputy National Security Adviser for Cyber and Emerging Technology, herald an important shift in U.S. cybersecurity policy. Traditionally, the U.S. Government’s approach has mostly focused on requiring companies to notify regulators and affected individuals of security breaches that implicate specific types of information, such as personally identifiable information, protected health information, and financial information. Federal efforts to prescribe or enforce proactive security measures have been sector-specific, such as the Transportation Security Administration’s Security Directives covering rail and pipeline owners and operators. Those measures have been spread among sector-specific agencies, which has resulted in multiple, and sometimes conflicting or confusing, requirements applying to some businesses. Federal law enforcement agencies have also made targeted and novel use of criminal search authorities to proactively remediate privately owned machines infected with malware by Russian and China-based actors.

Continue Reading Biden Administration Plans Mandatory Cybersecurity Regulations for Critical Infrastructure Companies

Data security will be an enforcement priority for the FTC in 2023. The FTC, in its December 14, 2022, Commission meeting, highlighted four data security measures that it believes are particularly important for strong cybersecurity.

This Update discusses what these safeguards are and why the FTC believes they are so critical.

Click here to read

The Office of Science and Technology Policy (OSTP), a part of the Executive Office of the President, recently published a white paper titled “The Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People” (Blueprint). This Blueprint offers a nonbinding framework for the responsible development of policies and

After a five-day trial and only an hour of deliberation, the nation’s first trial under the Illinois Biometric Information Privacy Act (BIPA) ended with a bang. The jury found that the defendant, BNSF Railway Company, recklessly or intentionally violated BIPA 45,600 times (once per class member), resulting in a $228 million judgment.

Click here to

President Biden issued an executive order (EO) increasing protections and safeguards for personal data subject to signals intelligence activities. It also establishes a redress mechanism for residents of qualifying states who allege they were harmed by U.S. signals intelligence activity conducted in violation of U.S. law. The EO is intended to address perceived deficiencies in

The Federal Trade Commission filed a lawsuit on August 29, 2022, against data broker Kochava Inc., alleging that the company’s sale of precise geolocation data is an unfair act or practice that violates Section 5 of the FTC Act. The case follows an FTC blog post warning that the agency would be vigilant in protecting

The Cybersecurity and Infrastructure Security Agency seeks public input on regulations that will set new mandatory cybersecurity reporting requirements for critical infrastructure companies. Open questions include the following:

  • Who will be subject to the new requirements?
  • What level of incident will trigger mandatory reporting?
  • How much follow-up reporting will be required?
  • What costs could potential