In December 2023, it was widely reported that the Federal Trade Commission was investigating Adobe for its allegedly complex and costly subscription cancellation policies. In a marketplace flooded with software as a service companies that operate on a subscription basis, this development was a clear signal that regulatory agencies are paying closer attention to how tech product and service companies treat their customers.
But itâs not only software subscription services that are under the microscope. Evolving regulations for handling personal data and responding to cybersecurity breaches impact every company that collects and utilizes data, and more scrutiny is being given to the ethical use of artificial intelligence. Below, 20 members of Forbes Technology Council detail common technology-related missteps that could land a business in reputational hot waterâor even legal trouble.
1. Mishandling User Data
Mishandling or neglecting to adequately protect user data can lead to serious legal consequences, including fines and lawsuits. Ensuring compliance with relevant data protection laws, such as the EUâs General Data Protection Regulation and the California Consumer Privacy Act; obtaining proper consent for data collection and processing; implementing robust security measures; and being transparent with users about how their data is used are essential steps to avoid legal issues. – Shailesh Kunnath, Staynex
2. âSpammingâ Customers With Marketing Emails
Accelerating growth, mergers and/or acquisitions can cause a company to have several marketing and communications teams that operate independently of one another. This lack of interconnectivity can cause issues with following federal CAN-SPAM laws if customer opt-outs and unsubscribes are not respected across various email marketing campaigns and tools. – Dustin Verdin, Zipline Logistics
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. Storing Personal Information Outside Of Regulatory Guidelines
The legal frameworks around data privacy and data retention, along with sunsetting third-party cookies, have led many companies to increase their storage of personal information, often without adhering to GDPR or CCPA requirements. SaaS providers often operate in a gray area, finding loopholes to increase their lead-capture rates. Bewareâthis practice may cost you dearly. – Mario Peshev, DevriX
4. Overusing LLMs
Overusing large language models without proper guardrails can lead to legal issues, such as spreading misinformation or violating privacy laws. Businesses must implement ethical AI practices and monitor AI outputs to prevent potential harm and legal consequences from unguarded generative AI use. – Daniel Knauf, Material+
5. Ineffectively Protecting Data
Ineffective data protection measures include failing to implement strong security protocols, properly anonymize sensitive and personal data, or comply with data protection regulations such as the GDPR or CCPA. Neglecting to secure data and maintain proper guardrails on its use can lead to costly breaches and violations of individualsâ privacy rights, which could result in regulatory fines. – Patricia Thaine, Private AI
6. Establishing Automatically Renewing Subscriptions
Auto-renewal subscriptions can pose significant legal risks if theyâre not managed transparently. Consumers often find themselves unwittingly locked into recurring payments due to unclear terms. Ensuring clear communication about the renewal process, easy opt-out mechanisms and upfront disclosures can mitigate these risks, align your operations with consumer protection laws and maintain customersâ trust. – Miguel Llorca, Torrent Group
7. Tolerating Technical Debt
Donât tolerate technical debt in your organization. Skipping steps in the development cycle or omitting security reviews creates a serious, very real technical debt situation. Such debt may enable supply chain attacks, which are both powerful and insidious. As a result, your organization can expose its partners to attacks that have long-standing legal ramifications, especially if you lack robust incident-response procedures. – James Stanger, CompTIA
8. Aggressively Tracking Usersâ Activity
Avoid aggressive user activity tracking without clear user consent or a transparent privacy policy. Businesses that collect, analyze or sell user behavior data without explicit permission might face lawsuits or regulatory actions. Transparently communicating data use, adhering to privacy laws and ensuring user consent for data collection are crucial for legal compliance and maintaining usersâ trust. – Andres Zunino, ZirconTech
9. Failing To Secure IoT Devices And Networks
Failing to secure Internet of Things devices and networks can lead to significant legal issues, especially with the increasing prevalence of these technologies in both consumer and industrial settings. Poorly secured IoT devices can be exploited for unauthorized access to personal and corporate data, leading to breaches of privacy laws and regulations. – Indiana (Indy) Gregg, Wedo
10. Leveraging Automated Decision-Making Systems
Companies increasingly use automated decision-making systems, such as machine learning algorithms or artificial intelligence models, to streamline operations, personalize services and make decisions efficiently. However, if these systems are not carefully designed, implemented and monitored, they can perpetuate biases or discriminatory practices, leading to legal challenges. – Cristian Randieri, Intellisystem Technologies
11. Engaging In Deceptive Advertising
One tech-related practice that could land you in legal trouble is creating misleading marketing about your product or service. Deceptive advertising on social media is a violation of consumer protection laws. It will, at the very least, force you to refund the money of every single customer who purchased a product. Instead of going through this trouble, just be honest about what youâre selling. – Thomas Griffin, OptinMonster
12. Creating Opaque Digital Contracts
Following the FTCâs scrutiny of Adobe for its subscription policies, businesses must ensure transparency in digital contracts. Misleading practices when it comes to subscriptions, renewals and cancellations can lead to legal issues. Clear agreements that adhere to consumer laws are key to avoiding legal challenges and maintaining customer trust. – Nicola Sfondrini, PWC
13. Improperly Training And Maintaining AI Algorithms
If AI algorithms are not trained, monitored and audited properly, they may unintentionally perpetuate biases, resulting in discriminatory outcomes. This can lead to legal challenges, damage to reputation and regulatory scrutiny. Businesses that use AI should prioritize ethical AI practices, diversity in datasets and ongoing assessments to mitigate the risk of biased or discriminatory outcomes. – Meiran Galis, Scytale
14. Selling User Data
Data selling requires radical transparency and consent compliance. Collecting user data for ad targeting or third-party sales is extremely risky without airtight policies and consent flows. Disclose it in plain language, and allow easy opt-outs. Follow data regulations vigilantly, and restrict and audit data access. Self-regulate before the FTC steps in. – Marc Fischer, Dogtown Media LLC
15. Failing To Comply With SEC Regulations On Breaches
The recent Securities and Exchange Commission regulations on cybersecurity are a minefield for companies and boards of directors. They specify deadlines for disclosing security breaches to investors and require disclosures regarding the cybersecurity expertise of board members. Since they regulate shareholder relations, violations carry hefty fines and significant legal threats. – Kevin Korte, Univention
16. Using âDark Patternsâ In UIs
Using âdark patternsâ in user interfaces can lead to legal issues for businesses. These deceptive designs trick users into making unwanted choices, violating consumer protection laws. Regulatory bodies, including the FTC, are cracking down on such practices, which can result in fines and reputational damage. Companies should prioritize ethical design to avoid legal troubles and build customer trust. – Bhushan Parikh, Get Digital Velocity, LLC
17. Mismanaging Software Licenses
Proper management of software licenses is an often-overlooked activity that can result in significant legal exposure. The advent of SaaS solutions has made the consumption of software easily accessible and, therefore, more difficult to track. Uncontrolled software usage can result in significant shortages of licenses, which can result in legal clawback cases being launched by suppliers. – Mark Brown, British Standards Institution (BSI)
18. Overlooking Accessibility
Overlooking accessibility features in digital products can result in legal consequences. The failure to ensure accessibility for individuals with disabilities may violate laws, including the Americans with Disabilities Act, leading to lawsuits and reputational damage. – Favour Femi-Oyewole, Access Bank PLC
19. Infringing On Othersâ IP
A potential area for legal trouble is intellectual property infringement, particularly in the realm of software development. Unauthorized use of copyrighted code, trademarks or patents can lead to costly legal battles and damages. Therefore, businesses must ensure they have the proper licenses for software and adhere to intellectual property laws to avoid litigation and maintain stakeholdersâ trust. – Deepak Gupta, Cars24 Financial Services
20. Surveilling Customers With Facial Recognition Technology
Using facial recognition for customer surveillance without clear consent risks legal and ethical backlash. It raises privacy concerns and may breach data protection laws, leading to lawsuits and reputational damage. Businesses must obtain explicit consent and ensure transparency in their use of such technologies to avoid legal issues and maintain consumer trust. – Andrew Blackman, EZ Cloud