Beyond Privacy Consent: How ‘Delete Act’ Changes Game for Companies

Companies provide data privacy consent to consumers as part of a “safe harbor” practice, but time may be running out.

After all, the common ritual of privacy consent is flawed.

Let’s say a consumer goes online and wants access to some information on your company’s website. Up pops a window with a privacy consent form that needs a signature. The convoluted language seemingly goes on forever, but clicking a box for approval makes it all go away.

Viola!

Now, the consumer can review their long sought-after information by checking a box. But let’s stop right there.

Private data, which is more valuable than oil these days, is a lot like medication. Yet, we don’t let people take medicine without prescriptions because we know people can’t possibly understand all the particulars of medical terminology and decide for themselves.

In other words, we are putting privacy content into the hands of people who don’t understand it. Meanwhile, consumers are granting access to companies with legacy systems that may not have the ability to categorize the inventory—let alone identify it—even though the surging volume may rival the Library of Congress.

The court of public opinion is catching on. In a recent poll from Pew Research Center, a majority of Americans are concerned about their privacy in the hands of companies:

  • 81% of US adults are concerned about how companies use the data collected about them.
  • 67% of US adults have little to no understanding of how companies use the data they collect about them.
  • 72% of Americans say there should be more regulation than there is now.

Well, the people may get what they want, so companies should begin protecting their assets now. Remember, the rest of the Bill of Rights don’t count if you don’t have privacy. If you can’t say what you want to someone without it becoming public, then that is really a violation of your First Amendment rights. Everything flows from privacy—even though it is not written in the US Constitution.

So why is the status quo changing for companies when it comes to privacy consent? One word: California.

The Golden State’s Long Legislative Arm

California Governor Gavin Newsom recently signed the Delete Act (Senate Bill 362) into law, which gives consumers the ability to have companies delete their personal information with a single request.

The new law requires “data brokers”—companies that sell or rent the personal data that they collect from customers—to register with the newly created California Privacy Protection Agency (CPPA) public registry and disclose the information they collect from consumers, as well as ongoing opt-out requests.

The Delete Act also charges CPPA to create a website and database where state residents can opt out from tracking and request data removal from a set process.

From a consumer perspective, the new law creates a sea change in California. Currently, there isn’t a uniform approach for consumers to request data removal from a data broker. And once it happens, private information can resurface due to the nature of ongoing data collection.

From a corporate perspective, the new law has a long reach. If California were its own country, it would have the fifth-largest economy in the world. In other words, it carries sway. In addition to data privacy, California has a long track record of influencing legislative issues involving labor, the environment and marijuana just to name a few.

Since the CPPA was signed into law in 2018, another ten states have enacted comprehensive data privacy laws. Bloomberg Law reports that at least 16 states have introduced privacy bills that include protections for health and biomedical identifiers in the 2022-2023 legislative cycle.

Of course, different states with different laws could motivate Congress to streamline data privacy on a national scale. Most likely, certain differences will be settled in a court of law, which is why an ounce of prevention now will be worth a pound of data.

A Golden Opportunity for Companies

The CPPA may have until January 1, 2026, to create a database that will allow quick data deletion, but companies should act now to get out in front of the new norm for doing business.

While the government can step in and create a national system to safeguard data privacy, it would be best for companies to take the lead and show consumers how it can be done while protecting Corporate America’s most valuable assets.

In the dawn of the new age of data privacy, companies need to go beyond providing data privacy consent. Instead, corporations need to set up their own internal systems—privacy by design—

that documents where the data is being stored, how it is used and who has access to it.

Most importantly, companies need to conduct internal reviews of their data inventory to make sure what they are using as privacy protection is actually providing protection. This is where the potential legal problem arises. If a company complies with the law in such a way that it is not complying—and management is unaware—the company will be accountable and pay the price, which could be steep.

Moving forward, think about personal information like a book in the library. When someone needs it, it will need to be checked in and checked out. If someone wants to know my birthdate, there should be a record of who, why and when.

Companies should work with a legal team with data-privacy experience that could conduct a privacy analysis of their existing processes and inventory. The outcome should be a report that identifies areas of exposure—possible causes of action—from the mindset of a plaintiff’s attorney, as well as recommendations to proactively address any looming surprises.

As the notion of privacy is reimagined in a digital world, providing data privacy consent forms will no longer be enough to protect a company’s balance sheet.

(Julie D. Blake, JD, LLM, CIPP, CIPM, is an experienced commercial litigator and data privacy expert with expertise in cybersecurity, data privacy breaches, risk assessment and data privacy policy review.)

Pastore Attorney Tyler W. Rutherford Quoted By Slate Concerning Sam Bankman-Fried’s Trial

Tyler W. Rutherford was recently interviewed and quoted in Slate Magazine’s recent breaking news article about the Sam Bankman-Fried’s criminal trial in the Southern District of New York. The article can be accessed here. Sam Bankman-Fried is the former CEO and Founder of FTX, which was previously one of the largest cryptocurrency exchanges in the world.

As a firm that applies a long history of practice in traditional finance and securities to the realm of decentralized financial platforms, Pastore LLC can advise clients on best practices for compliance with regulations related to digital assets, and dispute resolution.

Understanding Connecticut’s Legal Landscape for Health and Fitness Businesses

Introduction

The health and fitness sector is a rapidly growing industry, particularly in Connecticut, where there’s a burgeoning market for everything from gyms and yoga studios to dietary supplements. However, this growth comes with its share of legal complexities, often specific to the state of Connecticut. At Pastore LLC, we offer specialized legal services in both corporate litigation and transactional matters, and we are committed to helping companies of all sizes navigate this intricate legal landscape.

Connecticut State Regulations

Licensing and Certification

In Connecticut, gyms and health clubs are required to register with the Department of Consumer Protection. There may be specific requirements for other types of health and fitness businesses as well, such as yoga studios or martial arts centers.

Health and Safety Codes

Connecticut has specific safety standards that health and fitness establishments must meet. This includes proper maintenance of equipment, appropriate medical readiness, and sanitation standards, among others.

Labor Laws

Employee Contracts

In Connecticut, while employers must comply with federal labor laws, they must also be mindful of the state’s particular regulations, including those pertaining to minimum wage, overtime, and occupational safety. Additionally, Connecticut imposes specific limitations on the enforceability of non-compete and non-solicitation clauses in employment agreements. These restrictions aim to balance the protection of business interests with the right of individuals to work and engage in their profession freely. Consequently, it is crucial for employment contracts drafted within Connecticut to conform to both federal standards and these nuanced state-specific legal obligations to ensure they are legally sound and enforceable.

Independent Contractors vs. Employees

The classification of workers as either employees or independent contractors is a hot topic in Connecticut and misclassification can result in hefty fines. Make sure you’re familiar with Connecticut’s criteria for classification to avoid legal pitfalls.

Liability and Insurance

Premises Liability

Business owners in Connecticut are required to keep their property “reasonably safe” for visitors. Failure to do so can result in liability for any injuries that occur on your premises.

Indemnity Agreements

These are especially crucial for businesses in the health and fitness industry, where there’s a high potential for injury. Connecticut law has specific requirements for these types of agreements, so they must be drafted carefully.

Data Privacy

Connecticut has enacted various laws to protect consumer privacy, including the Connecticut Insurance Information and Privacy Protection Act. If your health and fitness business collects personal or health data, you must ensure compliance with these state-specific regulations, in addition to federal laws like HIPAA.

Intellectual Property

Connecticut has established protections for trade secrets through the adoption of the Connecticut Uniform Trade Secrets Act (CUTSA), codified in Conn. Gen. Stat. Ann. §§ 35-50 to 35-58. CUTSA provides a legal framework for the protection of business information and know-how, defining trade secrets and setting forth the remedies available to victims of trade secret misappropriation. Through this act, Connecticut ensures that businesses can safeguard their competitive edge by securing their proprietary information.

In addition to CUTSA, federal laws apply. Local practices can influence the process and enforcement, making it valuable to consult with legal professionals familiar with the Connecticut business environment.

Conclusion

Operating a health and fitness business in Connecticut comes with numerous state-specific legal considerations, from licensing and labor laws to liability and data privacy regulations. At Pastore LLC, we specialize in helping businesses navigate these complexities effectively. If you’re looking to understand your legal obligations better or require assistance with corporate litigation or transactional matters, contact us today.

 

This article is intended for informational purposes and does not constitute legal advice.

(Paul Fenaroli is an Associate Attorney at Pastore admitted in Connecticut and the District of Connecticut. He provides private companies with a full range of business law services covering formations, mergers, acquisitions, corporate governance, securities offerings and litigation)

Managing Legal Issues in the Health and Fitness Industry

The health and fitness industry is booming, driven by a collective focus on well-being, technology advancements, and an increasingly health-conscious consumer base. However, this growth often brings a complex landscape of legal challenges that mid-sized companies need to navigate. At Pastore LLC, we specialize in both corporate litigation and transactional matters, and we’re here to share some critical legal insights tailored to businesses like yours.

Regulatory Compliance

FDA and FTC Regulations

If your company is involved in the manufacturing or marketing of dietary supplements, equipment, or health services, you’re likely subject to regulations from the Food and Drug Administration (FDA) and the Federal Trade Commission (FTC). Compliance is critical, as failure to meet these standards can result in severe penalties.

State-Specific Regulations

Depending on your jurisdiction, state-specific laws may affect your business, such as licensing requirements for fitness trainers or specific disclaimers needed for health advice.

Intellectual Property

Trademarks

Your brand is one of your most valuable assets. Ensure that your company’s name, logo, and any proprietary procedures or technologies are appropriately trademarked to protect them from unauthorized use.

Patents

If your health and fitness company has developed a unique piece of equipment or technology, consider patenting it to protect your competitive edge.

Contractual Obligations

Vendor Contracts

Your relationship with vendors is often governed by contracts. Be vigilant in understanding terms concerning quality, delivery timelines, and payment conditions.

Employment Contracts

Non-compete and confidentiality agreements can safeguard your business secrets. Always consult with legal experts when drafting these contracts to ensure they’re enforceable.

Data Privacy

Health and fitness companies often collect a lot of personal and health-related data. Familiarize yourself with data protection regulations such as GDPR or HIPAA, if applicable, to protect your company from legal repercussions.

Liability and Insurance

Premises Liability

If you operate a physical location, such as a gym, it’s essential to understand premises liability and have appropriate insurance coverages in place.

Product Liability

Manufacturers and suppliers in the health and fitness sector are often targets for product liability claims. Comprehensive insurance can provide a financial safety net.

Conclusion

Legal complexities in the health and fitness industry are numerous, but proactive steps and knowledgeable legal guidance can help you navigate them successfully. At Pastore LLC, we are committed to providing high-end, specialized legal services that can help your company not only survive but thrive. Contact us to learn more about how we can assist you in facing these challenges effectively.

For legal inquiries, please contact us at Pastore LLC.


(
Paul Fenaroli is an Associate Attorney at Pastore admitted in Connecticut and the District of Connecticut. He provides private companies with a full range of business law services covering formations, mergers, acquisitions, corporate governance, securities offerings and litigation)

Understanding the Legal Landscape and Navigating Challenges

Mid-sized businesses, often viewed as the backbone of many economies, enjoy several advantages due to their scale and flexibility. However, their position in the marketplace can also make them susceptible to various legal challenges. Understanding the landscape of business litigation can be instrumental in helping these enterprises prepare for, respond to, and navigate legal disputes.

What is Business Litigation?

At its core, business litigation involves disputes arising out of commercial and business relationships. These include issues related to contracts, partnerships, and transactions. For a mid-sized business, litigation can come in various forms – from a dispute with a supplier over contract terms to a disagreement with a competitor over intellectual property rights.

Why Mid-sized Businesses?

Larger corporations often have entire legal teams dedicated to handling disputes, while smaller businesses might fly under the radar or lack the extensive contracts and partnerships that can lead to litigation. Mid-sized businesses, however, often engage in a significant number of transactions, making them more vulnerable to disputes, but may not always have the extensive in-house legal resources of larger corporations.

Common Types of Lawsuits Involving Mid-sized Businesses:

  • Contract Disputes: The foundation of many business relationships, contracts, if ambiguous or breached, can lead to significant disagreements.
  • Shareholder and Partnership Disputes: Differences in opinion among business partners or shareholders can lead to internal strife and potential litigation.
  • Employment Disputes: These can range from wrongful termination claims to wage and hour disputes.
  • Intellectual Property Disputes: As businesses grow, protecting their intellectual assets becomes crucial, leading to potential disagreements with competitors or even within the industry.
  • Real Estate and Property Disputes: These can involve lease agreements, property rights, or disputes related to property values and damages.
  • Consumer-related Lawsuits: These can arise from claims of false advertising, product defects, or other consumer protection issues.

Preparation is Key

For mid-sized businesses, the adage “an ounce of prevention is worth a pound of cure” holds. Here are some proactive steps:

  • Clear Contracts: Ensuring that all business contracts are clear, specific, and legally sound can prevent many disputes.
  • In-house Counsel or Retained Lawyers: Having a dedicated legal advisor, even if on a retainer basis, ensures that the business has someone familiar with its operations and ready to advise when needed.
  • Insurance: Various insurances, like liability or errors and omissions insurance, can help protect against potential litigation.
  • Employee Training: Ensuring that employees are well-trained, especially in areas like compliance, can prevent issues down the line.

Conclusion

While business litigation is a reality that many mid-sized businesses may face, understanding the landscape and being prepared can make a significant difference. With the right strategies and resources, businesses can navigate these challenges effectively, ensuring that they continue to thrive and grow in a competitive marketplace.

 

(Paul Fenaroli is an Associate Attorney at Pastore admitted in Connecticut and the District of Connecticut. He provides private companies with a full range of business law services covering formations, mergers, acquisitions, corporate governance, securities offerings and litigation)