// writing

Writing

Essays and notes, organized by audience and date.

2026.06.22 Data you kept but did not need is the FTC's new target The FTC's finalized Illuminate order treats data you retain without a reason as a security failure, and that framing reaches well beyond edtech. tech
2026.06.15 What the FTC's Amare suit means for wellness brands that sell through affiliates The FTC sued Amare Global on June 2 over supplement claims its brand partners made on social media. If you sell through affiliates, their posts are your liability. wellness
2026.06.08 Two AI likeness laws take effect this week and creators are in scope New York's synthetic performer disclosure rule and Washington's expanded personality rights law both go live this week, and branded content sits squarely inside them. creators
2026.06.01 Colorado rewrote its AI law, and your vendor contracts are the part that changed Colorado replaced its 2024 AI Act with SB 26-189, dropping impact assessments but voiding indemnity clauses and ending federal exemptions software companies relied on. tech
2026.05.25 What the April OCR ransomware settlements tell wellness brands about risk analysis OCR's $1.165M ransomware enforcement wave on April 23 hinges on one missing document. Wellness operators handling any HIPAA-adjacent data should treat this as a deadline. wellness
2026.05.18 The Take It Down Act compliance deadline lands this week On May 19, 2026, the federal Take It Down Act's platform compliance deadline takes effect, giving creators a new 48 hour takedown right against intimate deepfakes. creators
2026.05.11 Connecticut just passed the broadest state AI law on the books Connecticut's SB 5 layers chatbot disclosure, synthetic media provenance, frontier model rules, and AI hiring transparency into a single statute with staggered 2026 to 2027 effective dates. tech
2026.05.04 What the TruHeight order means for wellness review pipelines The FTC's TruHeight order is more useful for its review-pipeline implications than its substantiation findings, and the operational consequences for wellness brands are concrete. wellness
2026.04.27 What the new $2,500 NIL threshold actually changes The College Sports Commission raised its NIL Go review floor from $600 to $2,500. The operational change is larger than the headline suggests. creators
2026.04.25 "Reasonable security": what the FTC's latest SaaS order means for your startup A consent order against a SaaS CRM whose weak security let attackers walk off with $186 million is not a story about someone else. It is a roadmap for what regulators now expect. tech
2026.04.20 Vendor diligence is the new sales channel Procurement and security review are now where SaaS deals are won or lost. The companies that treat the questionnaire as a sales asset have a real advantage. tech
2026.04.13 Business associate agreements for non-clinical wellness apps Wellness platforms partnering with healthcare providers keep signing BAAs without understanding what they are signing. The recent enforcement uptick is a useful prompt to look again. wellness
2026.04.06 Why your social handle is not a trademark Creators routinely conflate owning a username with owning the underlying brand. The trademark register treats the two very differently. creators
2026.03.30 AI agents and the legal meaning of agent The word 'agent' in 'AI agent' borrows from a legal concept with two centuries of doctrine behind it. The borrowing is creating problems. tech
2026.03.23 Washington's My Health My Data Act applies to you Operators outside Washington keep concluding the law does not reach them. Most of them are wrong, and the obligations are not light. wellness
2026.03.16 Dark patterns rules are about to reach the creator economy The FTC and state regulators have spent years sharpening the dark-patterns doctrine on subscriptions and checkout flows. The next surface is creator monetization. creators
2026.03.09 What the Florida Digital Bill of Rights actually does Florida's privacy law was framed as 'Big Tech only' when it passed. The thresholds are narrower than that, and the outline of who actually has to comply is worth understanding. tech
2026.03.02 Health claims after the FTC's latest wellness consent order A recent consent order against a wellness brand for unsupported claims is a useful map of what the agency now expects the substantiation file to look like. wellness
2026.02.23 Section 230 and the platform problem creators keep running into Section 230 is supposed to protect platforms. The way it functions in 2026 also protects platforms from the creators they host. creators
2026.02.16 SOC 2 will not save you in diligence Founders treat the SOC 2 report as a finish line. Buy-side diligence teams treat it as the floor of a much longer conversation. tech
2026.02.09 Telehealth across state lines after the latest enforcement actions The pandemic-era licensure flexibilities are gone, and state medical boards in 2026 are pursuing telehealth providers with renewed focus. wellness
2026.02.02 FTC endorsement disclosures, version 2026 The Endorsement Guides got teeth two years ago, and the enforcement trend in 2026 is worth understanding before your next campaign. creators
2026.01.26 AI training data and the contracts your enterprise customers will start asking for Enterprise procurement is now asking SaaS vendors what their AI features were trained on. The answers founders give today will be quoted back to them later. tech
2026.01.19 Where wellness meets HIPAA, and where it does not Most wellness operators believe HIPAA does not apply to them. They are usually right and increasingly often wrong. wellness
2026.01.12 Why your NIL deals are starting to look like SaaS contracts Brand deals for athletes and influencers are quietly absorbing the structure of enterprise software agreements, and not always for the athlete's benefit. creators
2026.01.06 Why the NIST Cyber AI Profile will not save your business NIST's draft AI cybersecurity framework is thoughtful, slow, and aimed at a level of AI maturity most businesses do not have. The work you need to do is more boring than that. tech
2026.01.05 The 2026 privacy law map for SaaS founders The patchwork of state privacy laws hit a new milestone on January 1, and most SaaS companies are now in scope of more than they realize. tech
2025.12.19 The Florida wiretap theory aimed at your website Plaintiff firms are using a 1969 wiretap statute against standard website analytics, session replay, and chat. The legal theory is shaky, the settlement pressure is not. tech
2025.12.15 What the Trump AI executive order changes for state compliance The December 2025 executive order tries to clear out state AI laws through federal preemption. For now, it produces more uncertainty, not less. tech
2025.12.01 California is making executives personally certify privacy compliance Starting in 2026, California's privacy regulations push risk assessment and cybersecurity audit certifications onto a named executive under penalty of perjury. The exposure is national, not just California. tech
2025.11.14 Loss of Value insurance for college athletes, and why some claims pay LOV and PTD coverage can be the financial floor a draft-eligible athlete needs. The difference between a payout and a denial usually traces back to how the policy was structured, not to how the injury happened. creators
2025.10.15 When your vendor gets breached, the liability stays with you Outsourcing data handling does not outsource the regulatory exposure. The contract terms that protect you have to be in place before the incident, not after. tech
2025.09.17 California's frontier AI law and what it actually requires SB 53 made California the first state with a binding transparency regime for frontier AI developers. The practical scope is narrower than the headlines, and the real exposure for most businesses is downstream. tech
2025.08.15 What AI content actually costs you when it goes wrong The hidden bill behind AI-generated marketing is not the subscription fee. It is the copyright, defamation, and ownership exposure most companies never priced in. tech
2025.08.12 Algorithmic bias is the employer's problem, not the vendor's When a hiring or lending algorithm produces discriminatory outcomes, the legal exposure runs to the business that deployed it. The software contract almost never changes that. tech
2025.07.11 AI in hiring, and the way the EEOC actually thinks about it Hiring algorithms are now treated like any other employment test. The agencies are not waiting for Congress to catch up. tech
2025.06.10 What the Florida CHOICE Act actually changes about non-competes Florida already had the most employer-friendly non-compete regime in the country. The CHOICE Act, in effect since July 2025, tilts the field further. Here is what is genuinely new. tech
2025.04.30 What the Crumbl case is teaching about audio on social The Warner Music lawsuit against Crumbl Cookies is the most expensive object lesson yet on what 'trending audio' actually costs a brand. tech
2025.04.16 Florida's two-party consent rule, and the lawsuit risk most businesses miss Recording a call without the consent of everyone on it is a $1,000 minimum per interception in Florida. Most businesses do not realize they are inside the statute. tech
2025.03.08 What an AI policy needs to actually cover Most AI policies I read are a paragraph about responsible use and a list of approved tools. That is not an AI policy. Here is what actually belongs in one. tech
2025.01.06 Florida's cybersecurity safe harbor, on its third try The Giallombardo cybersecurity liability bill keeps coming back. The 2026 version (HB 635) is the closest yet, and worth understanding before it lands. tech
2024.10.27 The three buckets of IP, and why most businesses misallocate Copyright, trade secret, and trademark are not interchangeable. Most companies overweight one and underweight the others. Here is how to think about the mix. tech
2024.04.02 NIL and the NFL draft decision after House For a college football player weighing the NFL draft, the financial calculus changed twice: once when NIL arrived, and again when the House settlement turned schools into direct payors. creators
2023.11.18 SIM swap and the end of SMS as a second factor SMS-based two-factor authentication was never very good, and the SIM swap attack is the reason. The carrier rules tightened in 2024, but the underlying weakness has not gone away. tech
2023.11.16 Ransomware after CIRCIA and the enforcement wave Ransomware stopped being only an IT problem several years ago. After the 2024 wave of enforcement actions and the CIRCIA reporting rules, it is a regulatory problem with operational consequences attached. tech
2023.10.07 The guards of innovation: trademarks and patents in plain terms The most common IP mistake founders make is treating trademarks and patents as the same conversation. They protect different things, and the order in which you pursue them matters. tech
2023.09.17 Registering your handle as a trademark The handle is not the trademark, but the brand built around the handle often can be registered. The application turns on three questions most creators get wrong on the first try. creators
2023.09.10 Legal risks of running a business on social media Anyone whose income depends on a social platform is operating a business on infrastructure they do not own, under terms they cannot negotiate, with liability exposure most operators underestimate. creators
2023.06.26 Who actually owns the IP Founders, employees, contractors, and acquirers routinely disagree about who owns a given piece of intellectual property. The disagreement is almost always traceable to a document that was never signed. tech
2023.02.16 Software IP: patent or trade secret For most software businesses, the choice between patent and trade secret protection is not a question of which is stronger. It is a question of which is appropriate for the specific invention and the specific company. tech
2021.07.27 Software contracts are not like talking to Google Founders sign templates that assume their startup is a small version of a tech giant. The legal architecture of a software company is nothing of the kind. tech
2021.07.24 The first 24 hours after a data breach in 2026 The legal clock on a data breach response is shorter than it used to be, and the regulators are no longer asking nicely. tech
2021.07.19 The legal risks social media influencers actually face Most influencer legal exposure is not on the platform's side of the ledger. It is on yours. creators
2021.07.02 Patenting software after Alice, and what the AI inventorship cases mean Software patents are still available, but the framework has narrowed and the AI inventorship question has now been answered. tech
2021.06.09 Foreign-made drones after the DJI restrictions The legal and security architecture around foreign-made drones changed substantially in 2024 and 2025, and operators are still flying as if it did not. tech
2021.02.13 What HIPAA compliance actually requires of a covered entity HIPAA compliance is not a checklist; it is a documented program. The 2024 proposed Security Rule update raises the bar substantially. wellness
2021.01.08 Enforcing IP rights without a patent or registered trademark Unregistered IP can still be defended, but the doctrines are narrower, the geography is smaller, and the timing pressure is real. tech
2021.01.04 The desktop cybersecurity threats that actually matter in 2026 The threats facing the average desktop user are mostly the same ones, dressed in better disguises and powered by AI. tech