On September 8, the Federal Trade Commission’s (FTC) Chief Administrative Law Judge D. Michael Chappell issued an initial decision ruling that Intuit Inc. (Intuit) “engaged in deceptive advertising in violation of Section 5 of the FTC Act” by misleading consumers with its “free” service claims. In the decision, which is subject to appeal to the full commission, Judge Chappell found that Intuit deceptively marketed TurboTax, its online tax preparation filing software, “when it ran ads for ‘free’ tax products and services for which many consumers were ineligible.”

On September 5, the attorney generals (AGs) of 54 U.S. states and territories called on Congress to address bad actors who generate child sexual abuse material (CSAM) using artificial technology (AI). Framing the issue as a “race against time,” the letter highlights the harms of AI-generated CSAM, and asks Congress to study and propose solutions.

Introduction

The cannabis industry in the U.S. is on the cusp of a potential transformation. On August 29, the U.S. Department of Health and Human Services (HHS) made a significant recommendation that could reshape the legal and regulatory landscape surrounding cannabis. In this post, we will delve into HHS’s groundbreaking proposal to reschedule cannabis from its current classification as a Schedule I substance to Schedule III under the Controlled Substances Act (CSA), and the effect that rescheduling may have on cannabis industry participants. While this recommendation represents only the first step in the rescheduling processes, it is essential to understand the implications for various stakeholders.

This article was originally published on September 7, 2023 in Reuters and is republished here with permission.

State Attorneys General (AGs) uniquely wield power to enforce the law, direct policy, and effectuate political goals. Exercising their civil prosecutorial authority, State AGs have redefined priorities of paramount concern to CEOs and in-house legal counsel that impact the corporate and commercial landscape.

On August 11, Illinois Governor J.B. Pritzker signed House Bill 2222 (Public Act 103-0526) into law — bolstering Illinois’ antitrust prevention efforts by expanding the oversight purview of its Attorney General’s (AG) office with respect to health care transactions. Under the new law, the Illinois AG now has the power to review and assess certain “covered transactions” entered into between health care facilities and providers.

It has been widely reported and confirmed publicly that, on August 29, the U.S. Department of Health and Human Services (HHS) sent a letter to the Drug Enforcement Administration (DEA) recommending that cannabis be moved from Schedule I to Schedule III of the Controlled Substances Act (CSA). While this change would not lift the federal prohibition on cannabis, and the DEA will need to perform its own review, the move could have profound implications for researchers and industry participants.

On July 25, Missouri, Arkansas, and Iowa (the states), along with intervenors American Water Works Association and National Rural Water Association (the water associations), petitioned the Eighth Circuit to review the U.S. Environmental Protection Agency’s (EPA) new rule requiring states to review and report cybersecurity threats to their public water systems (PWS).

On August 21, the U.S. Supreme Court denied a request by West Virginia Attorney General (AG) Patrick Morrisey and 26 other state AGs to participate in oral arguments in Consumer Financial Protection Bureau (CFPB) et al. v. Community Financial Services Association of America et al., which concerns whether the CFPB’s statutory authorization violates the Constitution’s Appropriations Clause. Morrissey and 26 other predominantly Republican state AGs have submitted an amicus brief arguing that it does. Morrissey is joined by the AGs for Alabama, Alaska, Arkansas, Florida, Georgia, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Mississippi, Missouri, Montana, Nebraska, New Hampshire, North Dakota, Ohio, Oklahoma, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, and Wyoming.

This article was originally published on August 24, 2023 in Reuters and is republished here with permission.

In the burgeoning realm of data incidents, it is a truism that such incidents are not created equal. Indeed, a data incident is not necessarily a data breach.

An incident is any “occurrence that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system,” or an event that constitutes a violation of an organization’s computer security or acceptable use policies. National Institute of Standards and Technology, Minimum Security Requirements for Federal Information and Information Systems, FIPS 200, at 7 (Mar. 9, 2006) (nist.gov). A breach is an incident that imposes statutory and regulatory obligations on an affected organization when it holds or controls certain consumer information.

On August 16, a coalition of seven state attorneys general (AG) announced a settlement with participants alleged to be involved in a “massive” robocall operation. The stipulated order, which names Scott Shapiro, Michael T. Smith, Jr., and Health Advisors of America (defendants), permanently bans Shapiro and Smith from initiating or facilitating robocalls; working in or with companies that make robocalls; and engaging in telemarketing. The settlement also requires the defendants to make monetary payments to the coalition, which is comprised of AGs from the states of Arkansas, Indiana, Michigan, North Carolina, North Dakota, Ohio, and Texas (the AGs).