Category: Compliance

Business, Cloud, cloud computing, Compliance, Contracts, Corporate Law, Creative Content, cyber risk, cybersecurity, Entertainment, Internet, Law, Regulatory Compliance, Strategy, Uncategorized

Ping® by Adlerlaw May 2026 – Navigating AI Liability in Business Contracts

Twelve Point Contract Drafting Checklist, plus Business Contracts & AI – What You Need To Know

Key Stat

Companies are deploying AI faster than they are updating contracts to address AI-generated risk. According to a recent Cost of a Data Breach Report 2025 by IBM, 63% of organizations lacked formal AI governance policies. (IBM)

AI & Governance Risk

Businesses or every size and industry operate at the intersection of technology, data, and regulation. As advanced technologies — including cloud services, SaaS platforms, and AI-enabled analytics — become core to service delivery, legal and regulatory challenges have grown in complexity. Employees may be introducing AI-related liability before legal departments even know the tools are being used. Business professionals face challenges to proactively manage legal risk, strengthen AI use practices, and align compliance strategies with operational goals.

Businesses seeking guidance on contract clauses and service agreements that protect both providers and clients must to navigate intellectual property risks tied to proprietary software, integrations, and third-party platforms, AI tools that generate and distribute all manner of content, and always changing regulatory considerations for delivering services across state and national jurisdictions.

We are seeing more clients requests analysis of how AI tools impact operational liability and contracts in particular. Key AI Disclosure considerations should include:

  1. Client Content Warranty
  2. Disclosure of AI Usage
  3. IP Ownership and Rights
  4. Accuracy Disclaimer
  5. Disclosure of Confidential Information
  6. Indemnification
  7. Limitation of Liability & Third-Party AI Tools and Terms

Don’t hesitate to contact us for help with AI-related concerns in your contracts and business operations.

Contract Drafting Tips for Cybersecurity

I recently presented Contract Drafting Tips for Cybersecurity: Protecting Monitoring Companies from Legal and Operational Risk to the 2026 TMA Mid-Year Meeting.

Participants walked away with a 12 point Cybersecurity Contract Drafting Checklist. Please contact Adler Law Group here to request a copy.

Business, Compliance, Contracts, Entrepreneurs, New York

Ping® By AdlerLaw – NYC Written Contracts & Freelance Workers

Ping® by Adlerlaw Reminder: NYC Requires Written Contracts For Freelance Workers

New York City’s Freelance Isn’t Free Act defines freelance workers as any individual hired or retained as an independent contractor by a hiring party to provide services for compensation. Commonly referred to as gigs, tasks, projects, side or contingent work, working on contract or spec, freelancing, contracting, subcontracting, consulting, moonlighting, entrepreneurship, alternative arrangements, self-employment, etc., you can contact DCWP if you have questions about classification as a freelance worker, independent contractor, or employee.

If you employ independent contractors in New York City (NYC), you may need to have written contracts with your workers. Since May 15, 2017, NYC’s Freelance Isn’t Free Act (the “Act” or “FIFA”) established and enhanced protections for freelance workers, a/k/a “independent contractors.” The Act provides the right to a written contract between the hiring party and the contractor, the right to be paid timely and in full, and the right to be free of retaliation. The key terms that must be included in the written contract are (1) the work to be performed, (2) the pay for the work, and (3) the date payment will be made. The contractor and the hiring party must keep a copy of the written contract.

To read the full Article, go to adler-law.com or click here.

Advertising, Affiliate Marketing, Business, Compliance, Content Development, Facebook, Influencer Marketing, Law, Marketing, Technology

Ping® May 2022 – Improving Affiliate Engagement

Affiliate Marketers: Want to learn best practices, strategies, and tactics from a seasoned legal professional who works with businesses and regulators at the federal and state levels? 

David Adler takes clients through the ins-and-outs of providing advertisers, merchants, agencies and affiliates the tools they need for running a trustworthy and successful business.

On May 25, 2022 David Adler is presenting Trafficking in Trust: How to Enhance Affiliate Engagement an AMDays Workshop at Affiliate Summit East 22. In case you can’t make the presentation, here’s an excerpt of one of the topics covered:

The 3 C’s of Affiliate Marketing Disclosures: Clear Conspicuous Content. 

Clients often seek my counsel on issues related to Affiliate Marketing legal disclaimers and disclosures. For example, this might require guidance on the substance and placement of legal disclaimers for a consumer-oriented, product review and ratings website. This type of website needs to include at least two different, but related, disclosures. First, it must disclose that it is compensated when a user clicks on a link. Second, it must disclose certain material connections. 

Affiliate Disclosure Content

There are several factors to the affiliate commission disclosure. Appropriate disclosures have both the necessary content and the correct placement within a specified context.

What needs to be in your affiliate commission disclosure? 

The disclosure must make clear that you earn a commission if a user buys something after clicking on a link on your site.

Affiliate Disclosure Context

Where is the optimal location for the disclosure?

Although there is a general practice of putting disclosures on the bottom of the website pages, it can be somewhat obscured and less effective. A location at the bottom of the page, in the same font style, font color, size, and placement as the rest of the text on the bottom of the page, does not help it “stand out.”   

The key to proper affiliate link disclosures is making sure the disclosure is “clear and conspicuous.” This depends on both context (placement and proximity to the relevant content) as well as the content of the disclosure itself.  The general rule is that the closer the disclosure is placed next to the relevant message, the better.

Although not required, it is recommended to add the affiliate link disclosure on the home page, above the fold. While there is no explicit requirement, FTC disclosure cases and guidelines suggest that, in their view, this is required for adequate disclosures. 

What should I do now? Always seek experienced counsel. A seasoned lawyer will help you address other considerations including prominence, distractions, industry vertical (i.e. healthcare, financial services) requirements, and language. 

Business, Chicago, Cloud, cloud computing, Compliance, Contracts, Copyright, Corporate Law, Corporations, Law, LLCs, Mergers & Acquisitions, Small Business, Start-ups, Trademarks

Ping® January 2022 – Reminder To Review Your Contracts

Review Your Contracts Every Year.

One of the most important tools to protect your business – your ideas (copyrights, trademarks, trade secrets, confidential and proprietary information), customer relationships and talent pool – is your written contract. Your contract is the foundation for a reliable relationship for you, your customers and your employees. More importantly, it helps to prevent misunderstandings and false expectations that can lead to a breakdown in your customer relationship, jeopardize projects, or even worse, result in litigation.    

Starting with a form is just OK.

Many companies start with a model or “form” contract adapted from forms available online or drafted when the business first started.  Oftentimes, I am presented with form contracts “downloaded from the Internet” or provided by a form-filling service that will do cheap and quick corporations or LLCs, without actually providing any legal services. Although these forms may be a good starting point, your business needs, it deserves, contracts tailored to the specific needs of the enterprise or relationships.

Franken-contracts can ruin your business.

As businesses develop over time, you may have revised your contracts, adding a little here, removing a little there. Maybe you read an article about an important case in your industry and decided to add some text from the contract discussed in the court’s legal opinion. In many cases, over time, the agreements become “Franken-contracts” an odd amalgamation of trade lingo, inconsistent terms and even contradictory conditions. At best these are ambiguous and confusing to read. At worst, they become unenforceable.

Review contract annually to avoid weak spots.

At some point, you should review, revise and generally “tighten” existing contracts. You should have your lawyer review them to make sure that there are no mistakes, ambiguities or omissions that could cost you or your customers. I urge clients to have their contract forms reviewed on an annual basis. Depending on changes in the law, changes in the industry or changes in your own business, this process should only take a few hours.

Contact us for a free, no-obligation consultation.

To learn more about how we can help your with your business and contracts, contact the Lawyers at the Adler Law Group at David @ adler – law . com (without spaces) or (866) 734-2568. Learn more abut us here:

http://www.adler-law.com

Advertising, Compliance, Contracts, Facebook, FTC, Law, Marketing, Platforms, Privacy, RISK MANAGEMENT

Social Media Advertising Tools And User Consent: What Are The Requirements?

Perhaps you’ve seen them, those television and radio ads that talk about the “creepy” nature of some adverting on the Internet that follows consumers across their social media. According to Pew Research, most Americans believe their online activities are being tracked and monitored. 

The fact is, most companies can and do share data with social media platforms to ensure targeted advertising reaches receptive audiences. As more tools become available and the variety of data sources grows globally, platforms and advertisers are re-examining their rights and obligations when it comes to something as simple as matching customers’ email addresses with their Facebook accounts. 

Facebook’s Customer List Custom Audiences (“Custom Audiences”) tool is one such tool that has the potential to expand an advertiser’s liability for unauthorized use of customer data. For EU customers, a German Data Protection Authority ruling requires a individual’s explicit consent to such sharing.

The Facebook Custom Audiences tool enables advertisers to create targeted advertisements to Facebook users by combining Facebook data with the advertiser’s data such as email addresses and phone numbers. To use marketing tool the advertiser must comply with the consent and privacy expectations of individuals who have provided email addresses.

Consent to Use Email Addresses

While the use and disclosure of email addresses is regulated in some countries, the U.S. does not have a uniform data privacy protection scheme. U.S. privacy rights are protected through a patchwork of laws addressed to specific types of harm, such as unauthorized access and disclosure of financial (Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681) or healthcare-related (Health Insurance Portability and Accountability Act of 1996 (HIPAA) 42 U.S.C. § 1320d–2) data. While the CAN SPAM Act (15. U.S.C. § 7701 et seq.) specifically regulates email, the Act excludes communications based on a previously existing relationship. 

Importantly, for most purposes, permission of the e-mail recipient is not required. However, messages MUST contain a mechanism to request to opt-out of future email messages. If email addresses are acquired from third-party sources, such as marketing databases or social media, ensure users are given reasonable notice and choice about the use of such data.

The Federal Trade Commission endorses a market-style model of ensuring the fair use of information that allows individuals to participate in decisions on the disclosure and use of their personal information. As articulated by the FTC, the elements of this approach are notice, choice, access, security and enforcement.

Contractual Requirements of Facebook Custom Audiences 

In order to use the Custom Audiences tool, the advertiser must agree to additional terms and conditions. Facebook’s Custom Audiences terms require that the advertiser have both “all necessary rights and permissions” as well as a lawful basis to disclose and use the email addresses “in compliance with all applicable laws, regulations, and industry guidelines.” 

Recommendations

Review your Privacy Policy, Website Terms & Conditions, and membership/subscription applications to confirm the existence of a clear mechanism to opt-out of future email messages. If email addresses are acquired from third-party sources, such as marketing databases or social media, review data gathering practices, review scope of permissions granted to the sources of data and ensure users are given reasonable notice and choice about the use of such data.

Advertising, Affiliate Marketing, Branding, Business, Cloud, Compliance, Contracts, Copyright, cyber risk, cybersecurity, data privacy, Ecommerce, FTC, Influencer Marketing, Internet, Law, Marketing, Media, Monetizing Content, Social Media, Trademarks

What Is Cyberlaw?

On November 13, I had the honor of providing a lecture on Cyberlaw to students at the Boston College Law School. Virtually, of course. I had been asked to talk about trends in Cyberlaw with a specific focus on issues related to intellectual property.

So what is Cyberlaw? Simply put, it is the “Rules of the Road” for the “information superhighway.” Cyber law is the law that governs rights, obligations and remedies of people and transactions conducted over global computer networks.

In a year that has seen hyperbolic growth in technology, commerce, and communications, this topic couldn’t be more timely. In order to frame the discussion, the scope featured a discussion of the Three Cs of Cyberlaw: Connections, Content and Commerce.

The first part of the discussion centered around Content, or issues related to Copyright, such as Free Speech/First Amendment CDA Sec. 230, Creative Works, Media and Entertainment, UGC and the DMCA.

The Second part of the discussion centered around Commerce or issues related to Trademarks, marketing and branding, such as: Marketing/Advertising, Domain NamesCyberpiracy prevention, Keyword Advertising and Social Advertising.

The third and final part of the discussion focused on Connections and Communications and issues related to Personal Data, Stalking, Harassment, Surveillance and Sovereignty, issues around Social Media Freedom of Speech v. Freedom of Reach, and the latest developments around Political speech online.

The lecture closed with a Q&A focused primarily on Navigating Law School and Professional Practice.

Advertising, Affiliate Marketing, Business, cloud computing, Compliance, cyber risk, cybersecurity, Data, data privacy, Internet, Law, Marketing, Privacy, Regulation, Regulatory Compliance, Uncategorized

Does My Business Need A “Button” To Comply With The CCPA’s Do Not Sell Rule?

The California Consumer Privacy Act (“CCPA”) was enacted in early 2018 and went into effect in 2020. Among many concerns about the ability of small businesses to comply with obligations imposed by the CCPA is the requirement that a company allow Californians to access the information held about them, or, in some situations, request that the information that they provided to a company be deleted.  Your clients may be asking you about the CCPA.  While each business should evaluate the law in terms of its own specific situation, here are some general guidelines to start the process.

Does the CCPA Apply to My Business?

If your business satisfies one or more of the following, then the CCPA applies:

(i) annual gross revenue in excess of $25 million?

(ii) buys, receives, sells, or shares the personal information of 50,000 or more consumers, households, or devices, (a) for commercial purposes (assume always true), (b) alone or in combination (assume always true), (c) annually, and

(iii) derives fifty percent (50%) or more of its annual revenues from selling consumers’ personal information.

Even if the business does not collect personal information, as long as is collected on behalf of a business (such as through a third party), the business could be covered by the CCPA, assuming the other requirements are satisfied.

What is the Do Not Sell Rule?

The Do Not Sell rule is a key part of the regulation. It states that businesses must give consumers the option to opt-out of the sale of their personal data.

Specifically, the regulation says that businesses must:

  • Have a page on their website titled “Do Not Sell My Personal Information.” On this page, consumers based in California can opt-out of the sale of their personal data.
  • The business must clearly link to the “Do Not Sell My Personal Information” webpage from the homepage.
  • The website must describe the consumer’s rights to opt-out of the sale of personal data and provide a link to the “Do Not Sell My Personal Information” page in its privacy policy.
  • Once a user requests that a business not sell their personal information, the business must respect this decision for a minimum of 12 months.
  • Finally, websites should have a way to prove that they are respecting these customer requests.

Businesses and website owners need to put processes in place that will help them adhere to the above guidelines.

For more information about the impact of the CCPA on your business, please contact the lawyers at Adler Law Group to schedule a consultation.

Authentication, Business, Compliance, Computing, cyber risk, cybersecurity, Data, data privacy, Internet, Law, Privacy, Regulatory Compliance, RISK MANAGEMENT, Strategy, Technology, Uncategorized

Privacy Law – How Do You Verify the Identity of a Data Requestor?

The California Consumer Privacy Act (“CCPA”) was enacted in early 2018 and will go into effect in 2020. Among many concerns about the ability of small businesses to comply with obligations imposed by the CCPA is the requirement that a company allow Californians to access the information held about them, or, in some situations, request that the information that they provided to a company be deleted.  Whether or not your practice involves regular questions of Privacy Law, your clients may be asking you about the CCPA.  By keeping data minimization objectives in mind and not over-thinking compliance obligations, verifying the identity of a data requestor may be straight-forward.

 

The ability to control how one’s data is used is a cornerstone of the CCPA. However, this puts a burden on a business to ensure that only a “verified” consumer accesses the requested data and avoid fraudulent requests. To access or delete information, a consumer must submit a “verifiable consumer request.” While the term implies that a business must take steps to “verify” the individual making the request, the CCPA does not specify what steps it considers to be sufficient (or that it considers to be inadequate) to accomplish the verification.

 

With little to go on, a business might be tempted to act over-cautiously and require more information than is actually necessary to verify identity.   With data minimization principles in mind, it is important to recognize privacy risks to avoid.  Don’t over-reach; avoid obtaining more sensitive or potentially harmful information than is necessary to complete the request.  Also, avoid asking for sensitive documents such as a passport.

 

A good rule of thumb is try to use the same method that was used to gather the data in first place. For example, your client operates a consumer website featuring information and users are required to provide a username and password to register with the site. Ask the requestor to provide a username and password to verify. If two-factor authentication was used, then challenge that requestor using the same method. Don’t ask for a driver’s license.

 

If a client is asking for additional resources on how to implement policies and procedures, it is useful to look to industry-standard references, such as  NIST. A good (but technical) explanation Guidelines on verifying identity.  If this is too technical, a client should work with a consultant who can explain the framework. One valuable upside is that if a business is required to respond to a regulator or litigant, the business can point to use of the industry standard as reasonable basis for compliance efforts.

 

Are you tasked with advising a client how to craft a CCPA policy or procedure? There is no requirement that companies create a written policy for processing requests. If a company chooses to create an internal policy or procedure for handling data access and deletion requests, the following four topics are relevant:

 

  1. Data subject verification. Before taking any action, a company should verify that the individual that submitted the request is the individual to whom the data belongs. Verifying identity depends upon the type of data maintained. Remember, if the requestor signed up with a username and password, use this to verify.

 

  1. Communications. A business must respond to a requestor, even if the request is a denial. To streamline a timely response, a company may choose to create template communications and procedures.

 

  1. Evaluating the request. The right to be forgotten is not an absolute right. Some companies choose to include a discussion of when the right does, and does not, have to be granted within their internal policy or procedure. If refused: Reply with a reason and provide options: regulator, court?

 

  1. Completing a Request. Upon verification of the identity of a requestor and a determination that a deletion request should be granted, a business can include instructions for technical steps that should be taken in order to erase an requestor’s information.

 

For clients implementing processes and procedures to respond to individuals who invoke their rights under the CCPA, meeting the requirement to verify the requestor’s identity (and reduce the risk of complying with a fraudulent request) can present a risk. However, with data minimization objectives in mind, using verification methods that make sense in the context of the requestor’s data, may reduce some of the burden of verifying the identity of a data requestor.

 

FOR EDUCATIONAL PURPOSES ONLY. NOT LEGAL ADVICE.

Business, Compliance, Contracts, Corporate Law, Corporations, LLCs, Ownership, Partnership Law, Small Business, Uncategorized

Choosing the Right Legal Entity for Your Business – Webinar

Seasoned business owners usually know enough to invest in the protection of some form of business entity. Too often, these individuals fail to engage in the necessary business and tax planning to get the most from their investment.
Whether you are a sole proprietor, partnership, corporation, limited liability company (LLC), limited liability partnership, or hybrid entity, you will gain useful knowledge. This webinar covers why a business owner should consider the benefits and costs of each type of entity, the existence of limited liability for owners, flexibility in terms of governance and ownership structure, and favorable treatment under state and Federal income tax laws. More sophisticated entrepreneurs may find certain advantages in terms of estate and gift planning and flexibility in operations and management.
I want to say thanks to the folks at IVY for giving me the opportunity to present the Ivy Webinar – Choosing the Right Legal Entity for Your Business with David M. Adler. In case you missed it, there is a link to the full webinar details below.
NOTICE AND DISCLAIMER: The webinar content is for informational purposes only. It is not legal advice and does not create a lawyer-client relationship with David M. Adler.
View Webinar Here.
Business, Compliance, Computing, Content Development, Contracts, Copyright, Creative Content, cyber risk, Ecommerce, Entertainment, Entrepreneurs, Infringement, Litigation, Ownership

Declaratory Judgment Action for Copyright Infringement

At a time when #media creation & consumption is traveling across a growing number of devices, at increasing speeds, and without care for for borders whether physical, digital, or geographic, licensing, distribution and use of digital content can cause problems.

The case of Fastcase, Inc. v. Lawriter, LLC, Case No. 17-14110 (11th Cir. Oct. 29, 2018) (Tjoflat, J), involved a dispute between two legal publication service companies over the right to re-publish the Georgia Regulations.

The Declaratory Judgment defendant and presumptive rights owner had no enforceable copyright or contract rights in the Regulations. Defendant updated the terms so that unauthorized re-publication of the Regulations would result in liquidated damages of $20,000 per instance, which was relevant to the jurisdictional issues of whether § 411(a) is a jurisdictional bar.

From The National Law Review, source for this story: “Practice Note: A demand letter alleging infringement under the Copyright Act—or even alleging state law claims that would arguably be preempted by the Copyright Act—confers jurisdiction on a federal court to hear the recipient’s declaratory judgment action.”