Photo of Wynter Deagle

Wynter Deagle is a partner in the Privacy and Cybersecurity Team in the firm's San Diego (Del Mar) office.

The FTC recently announced a settlement with Global Tel*Link, a telecommunications company that contracts with prisons and jails to provide communication services to incarcerated individuals and their families. Those who use their services create accounts with the company and are required to provide not only usernames and passwords but also Social Security numbers and government ID numbers. The company also collects financial account information as well as names and addresses. The company included in its marketing materials promises about security, including that it was the “cornerstone of what we do.” The company also made promises about its security in RFPs to prisons and jails.Continue Reading FTC Decision with Global Tel*Link Signals Expectations for Use of Testing Environments

X Corp., the company formerly known as Twitter, recently sued Bright Data over its site scraping activities. Bright Data is a data collection company and advertises—among other services—its “website scraping” solutions. Scraping is not new, nor are lawsuits attempting to stop the activity. We may, though, see a rise in these suits with the rise in companies using them in conjunction with generative AI tools.Continue Reading Scraping the Bottom of the Barrel: X Corp. Sues Bright Data Over Site Scraping

With the governor signing SF 262 into law last week, Iowa became the sixth US state with a comprehensive privacy law. The law goes into effect January 1, 2025. It applicability is similar to other states’ laws. It applies to companies that do business in Iowa and either: (1) control or process personal data of at least 100,000 Iowans; or (2) derive over 50% of gross revenue from the sale of personal data and control or process personal data of 25,000 or more Iowans. These thresholds are calculated annually.Continue Reading Iowa Becomes Sixth State with Comprehensive Privacy Law

The EU released its draft adequacy decision for the EU-US Data Privacy Framework, but all is not smooth sailing. As we wrote in October, the US developed the proposed new framework in response to the declared inadequacy of the EU-US Privacy Shield program. Continue Reading EU’s Initial Response to US Proposed Data Transfers Framework

As many are aware, the CPRA regulations are currently in draft status and may continue in that state until April, despite the law’s January 1 effective date. This could result in regulations being in final form after the July 1 date that the California Privacy Protection Agency (CPPPA) has signaled that it will begin enforcement. Last week, during a Dec. 16 CPPA board meeting, the agency’s executive director indicated that the final rules will likely be released at the end of January. Although there will then be a comment period, the director indicated that the agency does not currently anticipate making further revisions to the draft regulations. Continue Reading How To Handle CPRA Regulations Delay

Did your business receive a letter from the California Attorney General’s office about your loyalty program? You are not alone. The California AG celebrated Data Privacy Day last month by announcing that his office had conducted an “investigative sweep” of business operating loyalty programs in California. His office then sent out notices of non-compliance to several loyalty program operators.

Continue Reading California AG Takes Aim At Customer Loyalty Programs