VeraSafe

VeraSafe is delighted to welcome Leila Dreier to the team as our new Marketing Specialist. Leila brings a wealth of experience in content creation, SEO, and UX/UI design to her role. Her deep understanding of data-driven marketing solutions, conversion optimization, and user-first design approach will be instrumental in enhancing our marketing capabilities. Please join us in welcoming Leila to VeraSafe! #NewHire #RemoteWork #VeraSafe

The FTC has taken significant steps to address deceptive practices in subscription services. On October 16, 2024, the agency issued a broad “Click-to-Cancel" rule introducing new requirements for companies offering subscription services, auto-renewals, free-to-pay conversions, and other services that automatically enroll consumers in recurring payments unless they actively cancel (collectively referred to as “negative options”). Here’s what you need to know: 𝐒𝐢𝐦𝐩𝐥𝐞 𝐂𝐚𝐧𝐜𝐞𝐥𝐥𝐚𝐭𝐢𝐨𝐧: Businesses must provide a straightforward method for consumers to cancel their subscription, ensuring that the cancellation process is as easy as the sign-up. The cancellation method must be accessible through the same medium as the sign-up and cannot, for example, require interaction with a representative if such interaction was not required for the sign-up. 𝐂𝐥𝐞𝐚𝐫 𝐂𝐨𝐧𝐬𝐞𝐧𝐭: Businesses must obtain “unambiguously affirmative consent” to the negative option before charging consumers and must keep a record of such consent for at least 3 years. Companies can bypass the recordkeeping requirement if they can prove their system makes it impossible to complete a transaction without securing consent. 𝗗𝗶𝘀𝗰𝗹𝗼𝘀𝘂𝗿𝗲: Businesses must clearly and conspicuously disclose all material terms to consumers before collecting billing information. This includes details about charges, deadlines for cancellation, frequency of charges, and how to access the cancellation mechanism. 𝗠𝗶𝘀𝗿𝗲𝗽𝗿𝗲𝘀𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 𝗕𝗮𝗻: Businesses are prohibited from misrepresenting any material facts about their offers, including details about the negative option feature, costs, consumer consent, cancellation terms, the purpose or effectiveness of the product or service, health or safety claims, or any other important information. 𝗘𝘅𝗽𝗮𝗻𝘀𝗶𝘃𝗲 𝗦𝗰𝗼𝗽𝗲: The Rule applies to all negative option programs in any media, including digital channels, telemarketing, in-person sales, and traditional print. 𝗘𝗳𝗳𝗲𝗰𝘁𝗶𝘃𝗲 𝗗𝗮𝘁𝗲: The ban on misrepresentations will take effect 60 days after the rule is published in the Federal Register, and the provisions regarding disclosure, consent, and cancellation will become effective 180 days after publication. The rule is expected to be published in the Federal Register in the upcoming weeks. The #FTC approved the Click-to-Cancel Rule by a 3-2 vote. Three industry associations have already filed suit claiming the Rule violates the Administrative Procedure Act and exceeds the FTC’s authority. Though the Rule is subject to an existing challenge, for privacy professionals, the message is clear: Businesses should place greater emphasis on transparency and move away from dark patterns that manipulate user behavior. At VeraSafe, we’re ready to help you navigate these regulatory changes. Reach out to learn how the new rule impacts your business and what steps to take for #compliance. #ClickToCancel #ProductManagement

VeraSafe is delighted to welcome Gabrielle Nicole Portelli to the team as Associate Privacy Advisor. Gabrielle holds a Bachelor of Laws and a Master of Advocacy from the University of Malta as well as a Master of Law and Technology with a focus on data protection and privacy from Tilburg University. Her experience spans public institutions, private law firms, and a recent traineeship at a European agency in France. Gabrielle looks forward to expanding her knowledge of privacy and cybersecurity with VeraSafe. Please join us in welcoming Gabrielle to the team! #NewHire #RemoteWork #VeraSafe

On September 26, 2024, the Personal Information Protection Commission of Korea announced the "Standards for Personal Information Handlers' Measures Regarding Automated Decisions". The commission also published a "Guide to the Rights of Data Subjects Regarding Automated Decisions" alongside the notice. A notable part of this notice is that it clarifies, as a condition for determining what constitutes an automated decision, that companies should consider whether the final decision is made by AI or a human. Another interesting part is that the guide accompanying the notice encourages the use of Explainable AI (XAI) to fulfill personal information handlers’ obligations to explain automated decisions. I've prepared a brief explanation for the notice and guide here.

As of October 1, 2024, 𝗠𝗼𝗻𝘁𝗮𝗻𝗮’𝘀 𝗖𝗼𝗻𝘀𝘂𝗺𝗲𝗿 𝗗𝗮𝘁𝗮 𝗣𝗿𝗶𝘃𝗮𝗰𝘆 𝗔𝗰𝘁 (𝗠𝗧𝗖𝗗𝗣𝗔) is officially in effect. If your business handles the personal data of 50,000+ Montana residents, it’s time to make sure you’re in compliance. Note that the law requires, among other things, respecting opt-out preference signals (such as the Global Privacy Control) as well as conducting data processing assessments starting in January 2025. In addition, perhaps off the radar of many, the last of 𝗖𝗼𝗻𝗻𝗲𝗰𝘁𝗶𝗰𝘂𝘁’𝘀 𝟮𝟬𝟮𝟯 𝗮𝗺𝗲𝗻𝗱𝗺𝗲𝗻𝘁𝘀 𝘁𝗼 𝗶𝘁𝘀 𝗱𝗮𝘁𝗮 𝗽𝗿𝗶𝘃𝗮𝗰𝘆 𝗹𝗮𝘄 (enacted via Public Act No. 23-56) have now taken effect—provisions that materially update processing requirements for minors under the age of 18. Under amendments effective October 1, 2024, companies must use reasonable care to avoid any heightened risk of harm to minors. There is a rebuttable presumption they exercised such care if they conduct a data protection assessment. Businesses must also get opt-in consent for processing minors’ data for any purpose that is not reasonably necessary to providing the service, as well as for targeted advertising, sale, and automated profiling that produces legal or similarly significant effects. If your business is struggling to keep up with the growing patchwork of U.S. privacy laws, including Montana’s #MTCDPA and Connecticut’s #CTDPA, VeraSafe can help. Contact us today to schedule a free consultation. https://lnkd.in/dd5E7GB #Privacy #DataProtection #Compliance

Our very own Mariel Bough, J.D., CIPP/E, has been published in DICTA, the Knoxville Bar Association's official publication! Her article, "A New Perspective on the International Practice of Law," is available on page 18 of the October 2024 issue. Read the full article here: https://lnkd.in/gW96WYkT

VeraSafe is delighted to welcome Arlo Sporn to the team as Associate Privacy Advisor. Arlo joins with over two years of legal experience, including time at a leading international law firm. He has a strong background in corporate transactional practice, including company side representation for equity financings, mergers, employment, and governance matters. In his time at Harvard Law School, he worked at the Harvard Cyberlaw Clinic as a student advisor to the City of Boston, focusing on privacy-related contractual negotiations. These experiences enable him to craft efficient solutions for his clients. Please join us in welcoming Arlo to the team! #NewHire #RemoteWork #VeraSafe

Recently, members of the VeraSafe team came together in Zambia, Africa for a micro-meetup filled with adventure, community service, and camaraderie. Our time together was the perfect blend of work and relaxation with a visit to Victoria Falls, a sunset cruise, and two community service projects. For a 100% remote team, these moments are essential. They allow us to connect, share our diverse perspectives, and strengthen the relationships that make VeraSafe so unique. #TeamMeetup #RemoteWork #Collaboration #VeraSafe

Join us on Thursday, September 5th, for an insightful one-hour webinar on GDPR obligations for clinical trials, hosted by Renata Valkova and Lauren McClanahan, J.D., CIPP/US, CIPP/E, CIPM, FIP, PLS. Attendees will gain valuable insights and practical guidance on topics related to the processing of personal data, including an overview of key roles, best practices for data collection and consent, third-party contractual obligations, cross-border data transfers, and more. This session is ideal for clinical trial sponsors, CROs, research institutions, and anyone looking to enhance their understanding of the GDPR and its implications for clinical research. #ClinicalTrials #ClinicalResearch #GDPR #Webinar

VeraSafe is delighted to welcome Ashley Escoe to the team as Privacy Counsel. Ashley joins with over eight years of legal experience, including time at a leading international law firm and a premier mid-size firm. Ashley also served as a law clerk to the Honorable Cheri L. Beasley of the Supreme Court of North Carolina. She has a strong background in commercial litigation, including defending clients against privacy class-action lawsuits involving data breaches and the handling of customer information. Her extensive experience in complex commercial disputes enables her to craft innovative, multi-dimensional solutions tailored to her clients' needs. Please join us in welcoming Ashley to the team! #RemoteWork #NewHire #VeraSafe