Oct. 4, 2023

Will California’s New Law Aimed at Data Brokers Require a “Delete Me” Button on All Websites?

California again has created a strong privacy requirement never seen before, passing the Delete Act on September 18, 2023. The law, long desired by consumer advocates, empowers the California Privacy Protection Agency to create, by 2026, a simple, one-stop mechanism for consumers to delete their personal information from all data brokers’ systems. With few details or constraints in the Act on how the deletion request should work, California’s regulators could require a “delete me” button on all websites or apps where a broker obtains personal data. With insights from Davis & Gilbert, Frankfurt Kurnit, Ballard Spahr, InMobi and Lucid Privacy, this article examines the Delete Act’s requirements and possible workings, and its potentially heavy impact. See “Will It Be Goodbye Forever? Navigating Consumer Requests to Delete Personal Data” (Feb. 9, 2022).

Considerations for Managing Third-Party Cyber Risks

No matter how much a company invests in its own cybersecurity program, a vendor or other third party’s vulnerabilities can lead to compromises of the company’s data and potentially significant liabilities. Managing third-party risk and the responsibility of overseeing vendors is a challenge for many companies. Based on insights presented during a Davis Wright Tremaine webinar, this article addresses regulatory obligations for managing third-party risks, identifying and prioritizing those risks, and core elements of an effective third-party risk management program, including documenting those efforts. See “Checklist for Framing and Assessing Third-Party Risk” (Aug. 16, 2023).

Understanding the Fiduciary Exception to Attorney-Client Privilege

Executives may feel confident that communications with their attorneys are protected by the attorney-client privilege, but that may not always be the case. In situations in which fiduciary duties are implicated, otherwise privileged communications may be disclosed to investors and partners during disputes, creating legal and reputational risks that are not anticipated or considered when counsel’s advice was sought. This guest article by Pryor Cashman partner David C. Rose addresses the limits to attorney-client privilege, explains the fiduciary exception and when it may apply, and reviews the risks of disclosure of otherwise privileged information. See our two-part series on in-house counsel and privilege: “Importance of Discerning Their Client and Managing Evolving Attorney-Client Privilege Issues” (Aug. 3, 2022), and “Tips for Navigating Typical Ethical Dilemmas and Conflicts of Interest” (Aug. 10, 2022).