Oct. 9, 2024

Loyal to a Fault? Customer Loyalty Programs in the Age of Comprehensive Privacy Laws

While providing numerous consumer benefits, loyalty programs also create potential privacy risks because of their heavy reliance on customer personal information. U.S. state comprehensive privacy laws include a number of explicit requirements applicable to customer loyalty programs. In this guest article, Holland & Knight senior counsel Kevin Angle and associate Ashley Fisher review those rules, including notice and consent obligations and “sale” of personal data restrictions, and provide practical advice on approaches to compliance. See “Measures for Complying With 19 (and Counting) State Privacy Laws” (Jun. 26, 2024).

What CCOs Should Know About the DOJ’s Efforts to Curtail Criminal Use of AI

The DOJ is alert to how AI can supercharge crime. Earlier this year, Deputy Attorney General Lisa Monaco said AI adds danger to existing offenses, warranting tougher penalties, and noted the DOJ’s use of the technology to fight crime along with new projects in which experts would advise on the DOJ’s responsible use of AI. The DOJ also updated its Evaluation of Corporate Compliance Programs in late September, with passages instructing prosecutors to consider a company’s AI use and management of its risks. This article examines the DOJ’s recent moves regarding AI, with insights from Paul Weiss partner John Carlin about the effects AI can have on crime, its detection and corporate compliance. See “Shaping AI Policy to Address Risks to U.S. Citizens and National Security” (Oct. 11, 2023).

Emojis and Video Communications: Compliance Practices to Overcome Recordkeeping Challenges

Amidst an unprecedented flurry of enforcement actions and fines levied by the SEC for off-channel communication violations, some firms have raised concerns that emojis and video conferencing platforms will be the next frontier for regulatory scrutiny. Although the current suite of technology solutions for monitoring, capturing, and retaining emojis and video communications remains imperfect, there are reasons for optimism – both in terms of potential risk mitigation opportunities and the forecast on regulatory enforcement. This second article in a two-part series identifies challenges that emojis and video communications present for firms attempting to record, retain and monitor those forms of technology, and offers advice on corresponding compliance efforts. The first article provided an overview of the SEC’s ongoing scrutiny of off-channel communications to date, and addressed why emojis and video communications may be areas targeted by the Commission and other regulators. See “SEC Penalizes Adviser for Failing to Preserve Off-Channel Communications” (Sep. 18, 2024).

Former Federal Prosecutor and Cyber Expert Joins King & Spalding in Austin

King & Spalding has announced the addition of Mike Galdo as counsel to bolster the firm’s special matters and government investigations team and its national security and corporate espionage practice. He most recently served for more than 15 years as a federal prosecutor, including as the DOJ’s Director of COVID‑19 Fraud Enforcement and as AUSA in Charge of Cybercrime for the Western District of Texas. For insights from King & Spalding, see “Navigating the SEC’s Newly Adopted Cybersecurity Disclosure and Controls Regime” (Sep. 6, 2023); and “Electronic Communications, Cooperation Standards and Other Emerging Trends in the SEC’s Oversight of Private Funds” (Jan. 18, 2023).

ZwillGen Adds Four Attorneys, Including First U.K.-Based Counsel

ZwillGen has welcomed four attorneys – Zach Judge-Raza, Sara Haven, Lauren Myers Coble and Michael Bleicher – expanding its global presence, and technology transaction, privacy, cybersecurity and litigation expertise. For insights from ZwillGen, see our two-part series on the FTC’s NGL Labs settlement: “Key Violations and Settlement Terms” (Sep. 18, 2024), and “Compliance Lessons” (Sep. 25, 2024); as well as our two-part series on scraping battles: “Meta Loses Legal Effort to Halt Harvesting of Personal Profiles” (Feb. 21, 2024), and “Global Privacy Regulators Urge Safeguards to Stop Data Scraping” (Mar. 6, 2024).