Photo of Snehal Desai

Snehal Desai is an associate in the Intellectual Property Practice Group in the firm's San Francisco office. She is a member of the Privacy and Cybersecurity Team, the Advertising Team and the Technology Transactions Team.

The Utah legislature recently passed SB 152 and HB 311. While these two bills will primarily impact those who are “social media” entities under the law, they may have broader impact when the majority of their requirements take effect, on March 1, 2024.Continue Reading The Beehive State Joins the Buzz Around Minors and Social Media

The California AG announced an investigative sweep of mobile apps, as we reported in our sister blog. The investigative focus is on companies in the retail, travel and food service industries who may not be complying with the California Consumer Privacy Act (CCPA). As we have written previously, the California law requires entities to provide individuals with a myriad of rights, including as it relates to “sale” of personal information.Continue Reading Mobile Apps Beware!: California AG’s Current Privacy Sweep

The Children’s Advertising Review Unit recently found that Tilting Point Media violated COPPA and CARU’s Self-Regulatory Guidelines for Advertising and for Children’s Online Privacy. Tilting Point is the operator of the SpongeBob: Krusty Cook-Off app. The case arose as part of CARU’s routine monitoring of child directed content.Continue Reading CARU Strikes Again: Another Mixed-audience App Settles Over COPPA Allegations

The FTC recently took two well-publicized steps in the children’s privacy space. First, it penalized WW International (formerly, Weight Watchers) and its subsidiary, Kurbo, for alleged COPPA violations. Second, it unanimously voted to adopt a new policy statement on education technology and COPPA. These actions follow its March COPPA settlement with TickTalk Tech.Continue Reading FTC Continues Focus on Children’s Privacy

The May 1 change to banks’ cyber-notification process is fast approaching. As we wrote previously the OCC, FDIC, and Federal Reserve Board implemented a final rule under which banks and their service providers must notify their primary federal regulators within 36 hours of certain incidents.  A notification incident that triggers this requirement is defined as a computer security incident that materially disrupts a banking organization’s operations or lines of business. Thus not all incidents will meet these levels. For those that do, banks will need to be prepared. Part of that is having the right points of contact, which include:
Continue Reading On the Clock: Cyber Incidents Notification Deadline Approaching for Banks

The Children’s Advertising Review Unit recently settled with TickTalk Tech, LLC over its information collection practices. CARU, a self-regulatory body that reaches voluntary settlements with companies, conducts regular audits of privacy practices by companies in the child space. During one such audit, it identified concerns over TickTalk Tech’s kids smart watch, TickTalk4.
Continue Reading Smart Watch Maker Settles with CARU Over Privacy Policy and Parental Consent

In light of Russia’s recent military actions in Ukraine, the New York Department of Financial Services issued guidance on its cybersecurity and virtual currency regulations. The Department is specifically concerned about heightened risk for Russia’s cyberattacks against Ukraine, which could in turn lead to retaliatory attacks against U.S. critical infrastructure due to U.S. sanctions against Russia.
Continue Reading NYDFS Issues Cybersecurity Guidance in Response to Events in Ukraine

A California-based lead generation company recently settled with the FTC for $1.5 million over alleged privacy violations. The FTC argued that the company deceptively acquired consumer personal information and improperly
Continue Reading FTC Fines Lead Generation Company $1.5M Citing Misuse of Consumer Financial Data

OpenX Technologies recently agreed to pay $2 million to settle FTC allegations that the advertising platform violated the FTC Act and the Children’s Online Privacy Protection Act. OpenX runs a programmatic ad exchange, running a bidding platform that auctions online ad space. The company contracts with publishers who have open ad space as well as ad networks with inventories of ads they are seeking to publish online.
Continue Reading OpenX Ad Exchange Settles With FTC Over Alleged COPPA and Other Violations

The FTC recently announced the removal of Aristotle International, Inc. from the list of seven approved safe harbor programs under the Children’s Online Privacy Protection Act. Programs that are approved by the FTC must place requirements on participating organizations that are the same -or greater- than the requirements of COPPA. (As we have reported in the past, COPPA requires, inter alia, getting verified parental consent before collecting personal information from children online.) Companies that participate in those approved COPPA safe harbor programs are deemed in compliance with COPPA. Such protection can be valuable with a law, like COPPA, that has been found to be confusing to operationalize.
Continue Reading A COPPA First: Safe Harbor Program Removed From Approved List