Timothy Shields writes about technology law, data privacy, intellectual property, and what software is doing to legal practice.https://technically.law/en-ushttps://technically.law/writing/reasonable-security-ftc-saas-order/https://technically.law/writing/reasonable-security-ftc-saas-order/A consent order against a SaaS CRM whose weak security let attackers walk off with $186 million is not a story about someone else. It is a roadmap for what regulators now expect.Sat, 25 Apr 2026 00:00:00 GMTtechdata privacyftcsaassecurityhttps://technically.law/writing/vendor-diligence-is-the-new-sales-channel/https://technically.law/writing/vendor-diligence-is-the-new-sales-channel/Procurement and security review are now where SaaS deals are won or lost. The companies that treat the questionnaire as a sales asset have a real advantage.Mon, 20 Apr 2026 00:00:00 GMTtechsaasprocurementsecuritysaleshttps://technically.law/writing/baas-for-non-clinical-wellness-apps/https://technically.law/writing/baas-for-non-clinical-wellness-apps/Wellness platforms partnering with healthcare providers keep signing BAAs without understanding what they are signing. The recent enforcement uptick is a useful prompt to look again.Mon, 13 Apr 2026 00:00:00 GMTwellnesshipaabaavendor-contractscompliancehttps://technically.law/writing/social-handle-is-not-a-trademark/https://technically.law/writing/social-handle-is-not-a-trademark/Creators routinely conflate owning a username with owning the underlying brand. The trademark register treats the two very differently.Mon, 06 Apr 2026 00:00:00 GMTcreatorstrademarkipbrand-protectioncreator-economyhttps://technically.law/writing/ai-agents-and-the-legal-meaning-of-agent/https://technically.law/writing/ai-agents-and-the-legal-meaning-of-agent/The word 'agent' in 'AI agent' borrows from a legal concept with two centuries of doctrine behind it. The borrowing is creating problems.Mon, 30 Mar 2026 00:00:00 GMTtechaiagentsagency-lawliabilityhttps://technically.law/writing/washington-my-health-my-data-applies-to-you/https://technically.law/writing/washington-my-health-my-data-applies-to-you/Operators outside Washington keep concluding the law does not reach them. Most of them are wrong, and the obligations are not light.Mon, 23 Mar 2026 00:00:00 GMTwellnessmy-health-my-datawashingtonhealth-privacycompliancehttps://technically.law/writing/dark-patterns-creator-economy/https://technically.law/writing/dark-patterns-creator-economy/The FTC and state regulators have spent years sharpening the dark-patterns doctrine on subscriptions and checkout flows. The next surface is creator monetization.Mon, 16 Mar 2026 00:00:00 GMTcreatorsftcdark-patternsmonetizationconsumer-protectionhttps://technically.law/writing/florida-digital-bill-of-rights-actually-does/https://technically.law/writing/florida-digital-bill-of-rights-actually-does/Florida's privacy law was framed as 'Big Tech only' when it passed. The thresholds are narrower than that, and the outline of who actually has to comply is worth understanding.Mon, 09 Mar 2026 00:00:00 GMTtechfloridadata-privacyfdbrcompliancehttps://technically.law/writing/ftc-wellness-claims-substantiation/https://technically.law/writing/ftc-wellness-claims-substantiation/A recent consent order against a wellness brand for unsupported claims is a useful map of what the agency now expects the substantiation file to look like.Mon, 02 Mar 2026 00:00:00 GMTwellnessftchealth-claimssubstantiationwellnesshttps://technically.law/writing/section-230-and-the-platform-problem/https://technically.law/writing/section-230-and-the-platform-problem/Section 230 is supposed to protect platforms. The way it functions in 2026 also protects platforms from the creators they host.Mon, 23 Feb 2026 00:00:00 GMTcreatorssection-230platformsspeechcreator-economyhttps://technically.law/writing/soc-2-will-not-save-you-diligence/https://technically.law/writing/soc-2-will-not-save-you-diligence/Founders treat the SOC 2 report as a finish line. Buy-side diligence teams treat it as the floor of a much longer conversation.Mon, 16 Feb 2026 00:00:00 GMTtechm-and-adiligencesoc-2securityhttps://technically.law/writing/telehealth-state-licensure-2026/https://technically.law/writing/telehealth-state-licensure-2026/The pandemic-era licensure flexibilities are gone, and state medical boards in 2026 are pursuing telehealth providers with renewed focus.Mon, 09 Feb 2026 00:00:00 GMTwellnesstelehealthlicensurestate-regulationcompliancehttps://technically.law/writing/ftc-endorsement-disclosures-2026/https://technically.law/writing/ftc-endorsement-disclosures-2026/The Endorsement Guides got teeth two years ago, and the enforcement trend in 2026 is worth understanding before your next campaign.Mon, 02 Feb 2026 00:00:00 GMTcreatorsftcendorsementsdisclosurescreator-economyhttps://technically.law/writing/ai-training-data-enterprise-contracts/https://technically.law/writing/ai-training-data-enterprise-contracts/Enterprise procurement is now asking SaaS vendors what their AI features were trained on. The answers founders give today will be quoted back to them later.Mon, 26 Jan 2026 00:00:00 GMTtechaisaasenterprise-contractsiphttps://technically.law/writing/where-wellness-meets-hipaa/https://technically.law/writing/where-wellness-meets-hipaa/Most wellness operators believe HIPAA does not apply to them. They are usually right and increasingly often wrong.Mon, 19 Jan 2026 00:00:00 GMTwellnesshipaahealth-privacywellnesscompliancehttps://technically.law/writing/nil-deals-look-like-saas-contracts/https://technically.law/writing/nil-deals-look-like-saas-contracts/Brand deals for athletes and influencers are quietly absorbing the structure of enterprise software agreements, and not always for the athlete's benefit.Mon, 12 Jan 2026 00:00:00 GMTcreatorsnilcreator-contractsipbrand-dealshttps://technically.law/writing/2026-privacy-law-map-saas/https://technically.law/writing/2026-privacy-law-map-saas/The patchwork of state privacy laws hit a new milestone on January 1, and most SaaS companies are now in scope of more than they realize.Mon, 05 Jan 2026 00:00:00 GMTtechdata-privacystate-privacy-lawssaascompliance