On December 8, 2020, the Supreme Court heard argument in Facebook, Inc. v. Duguid,1 a case addressing a split among federal circuit courts as to what constitutes an “automatic telephone dialing system”—often referred to as an “autodialer”—under the Telephone Consumer Protection Act (TCPA).2 The Court’s decision could significantly reduce the risk of TCPA litigation directed at online platforms and apps with text messaging functionality.
Continue Reading U.S. Supreme Court Hears Argument over Frequently Litigated Provision of the TCPA

Let’s face it: The residential phone line is on the verge of suffering the same fate as the 8-track tape. Anyone who doesn’t know what an 8-track tape is most assuredly uses a cell phone—and only a cell phone—to communicate. Email takes too long. And younger generations don’t even use the actual phone part of their cell phones.

The reality is that if you want to communicate with a very large segment of the U.S. population, you have to text. This explains why everyone is doing it. Doctors, dentists, veterinary practices, hair salons, airlines, car dealerships—businesses that make appointments—all send text reminders. Schools notify parents of school cancellations by texts. Hotels offer “virtual concierge” services entirely by texts. Retailers offer special discounts via texts. Should your business jump on the text message bandwagon? Maybe. The reward is high, but so is the risk.Continue Reading To Text or Not to Text? That Is the Question

ThinkstockPhotos-524882074_webOn March 1, 2017, new cybersecurity rules went into effect for entities regulated by the New York State Department of Financial Services (DFS). The Cybersecurity Requirements for Financial Services Companies are designed to help protect business and customer information and the IT systems of the entities that DFS regulates. While the Cybersecurity Requirements took effect on March 1, regulated entities have 180 days to comply. The final requirements are available here.

Who Is Regulated? 

The Cybersecurity Requirements apply to companies “operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the banking law, the insurance law or the financial services law” (“covered entities”). Covered entities include banks, savings and loans, trust companies, check cashers, credit unions, money transmitters, lenders, insurers, holding companies, investment companies, mortgage brokers, originators, and servicers, and certain other regulated types of companies doing business in New York. Smaller covered entities are exempt from certain components of the Cybersecurity Requirements, but they are required to file an exemption form with DFS.
Continue Reading New Cybersecurity Rules Now in Effect for Entities Regulated by New York State Department of Financial Services

ThinkstockPhotos-530940310Many businesses monitor or record customer service, telemarketing, and other telephone calls with consumers to help them improve customer service and for evidentiary reasons. Under federal and many state laws, calls may lawfully be monitored or recorded by businesses as long as those businesses have permission from their employees who participate on the calls. However, some states require the permission of everyone participating on a call before the call may legally be monitored or recorded. And some state laws potentially implicated by monitoring and recording calls are not clear as to what is required. California is one of those states.
Continue Reading Monitoring and Recording Consumers’ Calls in California Can Be a Risky Practice

AA042950In the wake of numerous cyberattacks aimed at companies spanning various industries, it is no surprise that yet another federal agency—this time the SEC—is stressing the importance of proper cybersecurity protocols for the entities it regulates. Broker-dealers, investment advisors, and others in the securities industry often have access to some of the most sensitive client and consumer financial information, making data security a high priority for the SEC.
Continue Reading SEC Increases Focus on Cybersecurity–A Look at Recent Data Security Guidance and Enforcement

ThinkstockPhotos-455670115-webBeginning January 1, 2016, the recently-enacted “Delaware Online Privacy and Protection Act”1 (DOPPA) will take effect and will impact all companies with online services used by Delaware residents. DOPPA consists of three separate online privacy laws: (1) a law prohibiting certain types of online marketing or advertising to minors;2 (2) a law requiring commercial websites and online services to post privacy policies;3 and (3) a law restricting government access to user records kept by online book service providers.4 The laws are substantively similar to online privacy laws already in effect in other states, and are particularly similar to laws in effect in California. The Consumer Protection Unit of the Delaware Department of Justice can enforce DOPPA’s three laws under the same provisions that it enforces other state consumer protection laws.5 DOPPA does not create a private right of action for any of the three laws.6
Continue Reading Delaware Enacts New Online Privacy Laws