It’s Time for a Regulatory Check-Up: Privacy Policies for email marketing and websites

As the economy revives from the COVID-19 lockdowns, we expect privacy law regulatory enforcement to return to the pre-COVID-19 pace.
 
The privacy regulations affect all businesses, including the alcoholic beverage industry, and are “strict liability” laws. “Strict liability” means the business will be automatically “guilty” if found non-compliant. There is no “grace period” to rectify the claimed violation nor to offer any defense if non-compliant. Even more problematic, besides enforcement by government, these statutes also allow private parties to “enforce the law” by filing private complaints for claimed violations. These private complaints (the lawyers are referred to as “bounty hunters”) typically lead to significant monetary settlements.  The settlement agreements include payment of the plaintiff’s attorney fees, a significant liability of its own (often larger than the fines from violation of the regulations).
 
California Privacy Law: The California Consumer Privacy Act of 2018[i] (CCPA), the California Privacy Rights Act of 2020[ii] (CPRA), and the California Online Privacy Protection Act (Cal OPPA)[iii], together, are the most comprehensive set of privacy regulations in the U.S. Every company doing business with California residents is subject to these provisions, even if the business is not physically in California. Besides the provisions in the statute(s), the California Attorney General’s office has published detailed regulations to implement the CCPA statute[iv] and is now amending the regulations to implement the additional requirements in the CPRA statute.  Any violation of the regulations will violate the statute.[v] 
 
European Union Privacy Law:  This note only addresses California privacy law and does not discuss the European General Data Protection Regulation (GDPR)[vi]. A U.S. company whose website contains general website advertising only (without targeting residents in the EU) will not be subject to the GDPR even if its website is accessed by residents in the EU.  If the company has no other direct business relationship in the EU, the company is not subject to GDPR regulations.  However, a company must comply with GDPR regulations if it has: (1) assets in the EU (affiliates or subsidiaries), (2) significant business in the EU, and/or (3) if the company’s website targets EU residents specifically encouraging EU residents to purchase its goods or services. (Again, general advertising is not “targeting.”)  

Is Your Privacy Policy Up-to-Date?

 Alert:  The one or two paragraph privacy policies of the past are no longer sufficient for compliance with California’s new privacy laws.
 
How the Law Defines Privacy Policies and the Consumer’s “Personal Information”.
 
Privacy policies currently must comply with the CCPA that became effective on January 1, 2020.  The CCPA will expire on December 31, 2022 and the new CPRA becomes effective on January 1, 2023. However, the CPRA does not replace the CCPA but expands and adds to the CCPA law and regulations.
 
California regulations define a privacy policy as “the statement that a business shall make available to consumers describing the business’ practices, both online and offline, regarding the collection, use, disclosure, and sale of personal information and the rights of consumers regarding their own personal information.”[vii] 
 
California defines “personal information” as:

“Personal information” means information that identifies, relates to, describes, associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to the following:
 
(A) Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.”[viii]

Personal information also includes precise geolocation information, biometric data, device IDs, cookie IDs, and internet activity information such as browsing and search history. inferences drawn from such personal information to create a “profile” about a consumer’s preferences and behavior are also considered “personal information”.
 
The act of “collecting” personal information is also broadly defined. The CCPA defines “collects”, “collected”, or “collection” as: buying, renting, gathering, obtaining, receiving, or accessing any personal information pertaining to a consumer by any means.”[ix]
 
Who Must Comply?
 
A business that falls under one of these three threshold requirements is subject to the Privacy Law:

  • Annual gross revenues ≥ $25 Million.

  • 50% of annual revenue selling the personal information of CA residents.

  • Obtains personal information of at least 50,000 CA residents or households annually.


Note: Obtaining personal information of at least 50,000 CA residents/households annually is much easier than one may think. For example, 137 unique CA visitors/day to a website qualify under this threshold. Consumer IP addresses routinely collected as part of regular website data collection count as “personal information” collected even if the consumer only looks on the website and does no business at that time (or ever).

Every company, wherever located, doing business with a consumer in California, is subject to the CCPA and CPRA regulations if the business meets any one of the threshold levels.

What Information Must Be Included in the Privacy Policy?

The first rule is that the policy must (1) be written using clear and straightforward language and in a format that makes the policy easily readable (including on small screens) and (2) the format must allow the consumer to print the policy as a document.

The second rule is that the privacy policy must be posted online with a conspicuous link using the word “privacy” on the website’s home or main page.

The following categories of information must be in the privacy policy under the CCPA regulations.

(1) Describe each category of personal information the business collects.

(2) List the sources from which the personal information is collected.

(3) List for what purposes the personal information is collected.

(4) Specify the categories of third parties with whom the information is shared.

(5) Explain the consumer’s right to request to see what information has been collected.

(6) Describe how a consumer may request his/her data be deleted. (An exception is if the information is for legitimate business purposes.)

(7) The policy must also describe the security measures the business has in place for data security. The law requires all businesses collecting data to adopt “all reasonable security procedures and practices.” (Encryption of data is the most critical security procedure to have in place.)

If the business sells/shares personal data:

(8) You must disclose if the business sells/shares consumer information/data to benefit the company. If personal data is sold or shared for company advertising, the business must include a clear and conspicuous “do not sell” link on the home page and any consumer must be able to access this link without requiring the creation of an account.

(9) Include a statement clarifying that a consumer will not be discriminated against if the consumer the sale of their data.

Be Prepared to Comply with the New Additional CPRA Provisions.

Under both the CPPA and CPRA statutes the consumer has the right: (1) to know what information is being collected, (2) to delete personal data, (3) to opt-out of the sale of his/her data to a Third Party, and (4) to non-discrimination if the consumer opts-out.

The CPRA expands the CCPA Regulations:

1. The CPRA adds two additional consumer rights: (1) the right to limit how their information is used and disclosed, and (2) the right to request any incorrect information be corrected promptly without incurring penalties.

2. The CPRA adds a new definition: “Sensitive Personal Information” described as any Personal Information that reveals:

(a) A consumer’s social security, driver’s license, state identification card or passport number.

(b) A consumer’s account log-in, financial account, debit card, or credit card number combined with any required security or access code, password or credentials allowing access to an account.

(c) A consumer’s precise geolocation.

(d) A consumer’s racial or ethnic origin, religion, union membership or philosophical beliefs.

(e) A consumer’s genetic data, biometric data, health data and sexual orientation.

(e) The contents of a consumer’s mail, email and text messages unless the business is the intended recipient of the communication.[x]

3.Another important change under the CPRA is the definition of “sell”. Under the CPRA the definition of “sell” is expanded to include “sharing” of information. Under the CPRA “to sell” includes transfers of personal information not only for monetary or other valuable consideration, and “sharing” the information such as disclosures for a commercial purpose including advertising that benefits the company. Money need not be exchanged between the parties for the transaction to fall under the definition of “sell”.

4. CPRA distinguishes between “non-personalized advertising” (general advertising) and “cross-context behavioral advertising”[xi].Cross-behavioral advertising substantially relies on “profiling”. The CPRA added a new definition for profiling: Under the CPRA, a consumer has the right to “opt out” of behavioral advertising practices. This is similar to the right to opt-out of the sale or sharing of personal information.

5. Under the CPRA the collection, storage and use of identifiable consumer information is limited to what is necessary to exchange goods or services successfully. Companies may not gather, retain or use data that is not necessary to the purpose for collecting the data nor retain the data longer than needed for the business purpose for which it was collected.[xiii]

6. Under the CPRA the definition of third-parties is no longer limited to service providers that process personal data for the business, payment authorizers and product or service providers. Under the new definition, the business must also disclose any third-party contractors with whom the business has a contract and with whom personal information is shared.

7. If the business discloses personal information to a service provider or contractor for a business purpose, the business must that party that (a) specifies the information is disclosed only for limited and specified purposes, (b) obligates the third party to comply with the CPRA regulations, and (c) assures the third party secure the data.(Note: most security breaches occur through third parties.)

8. Enforcement is Changed: The primary enforcement is when there is a breach of security and a corresponding unwarranted disclosure of consumer’s personal information. Under the CCPA, the state Attorney General (AG) enforces the law. Businesses have 30 days to resolve the complaint before fines are levied by the AG. Consumers have the right to private action (lawsuits) if unencrypted or unredacted data is breached due to negligence by the company.

The CPRA creates the California Privacy Protection Agency[xiv] to enforce the law and businesses will no longer have a 30-day grace period. They now face fines immediately after a breach is reported. Under the CPRA consumers additionally may file a civil action against a business for not having, or maintaining, security measures for unencrypted/unredacted data pertaining to email addresses, passwords, and answers to security questions. Further, the statute explicitly states the implementation of reasonable security procedures and practices following a breach regarding that breach.

9. Risk Assessments and Audits. Under the CPRA annual cybersecurity audits and risk assessments must be made by businesses that process data and whose practices may put protected data at risk for a cybersecurity breach. This regulation only applies to companies whose practices may put protected data at risk. The statute is unclear and for now, it is up to the company to determine if its security practices are putting protected data at risk. The statute states it is the obligation of the business collecting consumer personal information to implement “reasonable security procedures and practices appropriate to the nature of the personal information to protect it from unauthorized or illegal access, destruction, use, modification, or disclosure.”[xvi]It is a wise business practice for a company to do a risk assessment and audit of its cybersecurity practices.

A Word About E-Mail Marketing

Email marketing is an effective marketing channel and widely used. However, because email marketing is data driven and uses personal information gathered either directly or indirectly from data subjects, you must mention use of emails in the Privacy Policy sections describing what data you collect, how you collect the data, cookies, and automatic data collection methods. The general rule of thumb is it is acceptable to send marketing messages to consumers who signed on to your own database list. However, you must be more circumspect if using a database purchased from a third-party provider.

The Cal OPPA was passed in 2004 and requires any company using email marketing: (1) to have a Privacy Policy disclosing what type of personal information your website or application collects, (2) explain if personal information is acquired from third parties, and (3) provide an easy method allowing consumers to opt out of, or unsubscribe from, personal information and the email list. A written easily found Privacy Policy on the home or main page is compliant.

Note that a third-party email client will generally always have its own privacy policy, but you must have your own privacy policy and assure the two policies concur. The email client is the “data processor” and the company is the “data controller”. As the “data controller”, you must determine the purposes and means of processing personal data and must comply with the privacy laws. This requires a written agreement with the data processor.

A final note on email marketing - comply with false advertising laws. Misleading or false advertising is strictly prohibited under both California and Federal law.[xvii]It is important that the header of the email be clear regarding the content/purpose of the email.

A Short Word About Data Brokers

Data brokers collect a large range of information from online and offline sources and much of the data is personal information. The brokers combine pieces of information and separate them into “categories” that are then sold to companies. The most important information used in developing these categories are a consumer’s web and purchase history, age, gender, and income. This data improves targeting certain segments for advertising. The brokers create different databases of individuals and use them later for targeted advertising and marketing. Generally, the brokers search the internet for publicly available information from social media sites and receive it from companies who have collected the data themselves.

You must be careful if using a data broker. Although collecting data for a “legitimate business interest” is acceptable, the law does not consider advertising to be a “legitimate business interest”. Be sure any data received or used was gathered for a legitimate business purpose or with consumer consent.

If you purchase targeted databases, you must disclose this in your privacy policy.

Breach of Security Issues

There is no precise definition of “reasonable security procedures and practices” and this is now working its way into the Courts. The most important task for a company is to document what practices and procedures are in place to assure security. Employee manuals/training and any HR manuals should be updated to include CCPA requirements and precautions to be taken.

By far, malware and hacking present the greatest threat of security breaches, both in the number of breaches and the number of records breached. The retail sector especially struggles with malware and hacking comprising approximately 90 percent of all retailer breaches.

Physical breaches, resulting from theft or loss of unencrypted data on electronic devices only represents approximately 20 percent of security breaches. Breaches caused by errors, predominantly from misdelivering of email, for example, and inadvertent exposure on the public Internet also represent approximately 20 percent of security breaches.[xviii]

Data security is the responsibility of every company that collects Personal Information and must be taken seriously. Encryption of data is always the strongest and most basic choice for data security.

The California Attorney General’s position is that the information security laws and regulations generally require a risk management approach. This means companies must develop, implement, monitor, and regularly update a comprehensive information security program. The required security risk management process generally includes the same basic steps: (1) Identify information assets and data to be secured. (2) Assess risks to the assets and data. (3) Implement technical, administrative, and physical controls to address identified risks. (4) Monitor effectiveness of controls and update as risks, business practices, and controls evolve

The Center for Internet Security (CIS) is a nonprofit organization that many regulators look to for “reasonable security procedures and practices". CIS promotes cybersecurity readiness and response by identifying, developing, and validating best practices and recommends a set of 20 security measures for data security.

Section 1798.82 of the California Civil Code outlines a detailed process for a notification to be provided to any California resident whose personal information was compromised by a breach of security. A best practice is to notify the regulatory authorities and consumers . Further, be aware that many other states have adopted their own privacy protection laws with similar notification of breach requirements.

One protection commonly advised for companies collecting and retaining is to review your insurance coverage regarding cyber insurance coverage.

Penalties for Failure to Comply with California Privacy Laws/Regulations

Penalties may range up to $2500 per inadvertent violation and up to $7500 if the breach was because of failure to employ “reasonable” security practices. Because this law only became effective on January 1, 2020, filed complaints are just now working through the court system. Generally, the complaints are seeking “class action” status that will greatly increase the penalties.

There is a private right of action (lawsuit) only in cases of a breach of security, but many plaintiffs are suing under the Unfair Competition law and bringing the Privacy laws in through the backdoor.

Summary:

  • Know what type of Personal Information you collect, receive, retain and/or share.

  • Be sure you post a clear and complete Privacy Policy on the main/home webpage.

  • Collect data for specific and legitimate business purposes.

  • Don’t keep data that is no longer used and keep data up-to-date.

  • Develop and maintain strong cyber security practices (encryption is a “must”).


Disclaimer: California privacy statutes and regulations are long and detailed. This post only summarizes the law and is for information only and not intended to provide or be relied on as legal advice. Please consult with your counsel for advice about specific questions.


[i] California Civil Code Sections 1798.100 et.seq. This section of the law known as the California Consumer Privacy Act of 2018 is effective beginning January 1, 2020 and expires on December 31, 2022. The CCPA did not replace the 2004 Online Privacy Protection Act (Business and Professions Code sections 22575-22579) but added significant detail to what must be included in a privacy policy.

[ii] California Civil Code Sections 1798. 100 et.seq. This section of the law was adopted with the passage of Proposition 24 in the 2020 election and is known as the California Privacy Rights Act of 2020. This part of the Privacy law becomes effective on January 1, 2023.

[iii] California Business & Professions Code 22575, et seq.

[iv] 11 CCR 999.300 et seq.

[v] 11 CCR 999.000(b).

[vi].The GDPR has been in effect since 2018. U.S. businesses must comply with the GDPR regulations only if they have assets, affiliates or significant business in EU such as contracts with EU companies. The primary difference between the CCPA/CPRA and the GDPR is that under the GDPR, you may only retain personal information if the customer affirmatively “opts-in”. California law states the customer must be provided the option to “opt-out”. [vii] 11 CCR 999.301(p).

[viii] California Civil Code 1798.140(o).

[ix] California Civil Code 1798.140(e).

[x] California Civil Code 1798.140(ac).

[xi] California Civil Code 1798.140(k). “Cross-context behavioral advertising” is defined as the targeting of advertising to a consumer based on a profile of the consumer including predictions derived from the consumer’s personal information and the profile is developed based on the consumer’s activity over time and across multiple businesses or across multiple, distinctly-branded websites.

[xii] California Civil Code 1798.140(z).

[xiii] California Civil Code 1798.100(c)

[xiv] California Civil Code 1798.199.10.

[xv] California Civil Code 1798.150.

[xvi] California Civil Code 1798.100(e).

[xvii] See, e.g., California Business & Professions Code 17529.5(a) and 15 U.S.C.A. section 7704.

[xviii] Information from the California Attorney General’s 2016 Data Breach Report.

This blog is dedicated to occasional (and hopefully interesting) reports of state and national alcoholic beverage regulatory developments that we encounter in our practice. Booze Rules (and any comments below) are intended for informational use only and are not to be construed as legal advice. If you need legal advice please consult with your counsel.

  1. Strategic Exit Planning: Positioning Your Alcohol Beverage Business for Successful Acquisition or Investment
  2. New California Alcohol Laws for 2024 – a Mixed Bag of Privileges, Punishments, Clarifications, and Politics
  3. TTB Speaks up on Social Media
  4. Alcohol Trade Practices Update
  5. President Biden just made a big cannabis announcement... what does it mean?
  6. The Uniform Law Commission – Encouraging Consistent State by State Definitions, Protocols and Procedures
  7. San Francisco to the Governor - Review the RBS Program and Delay Implementation. Problems must be Corrected.
  8. TTB and Consignment Sales – Is There a Disconnect Between Policy Development and Business Reality?
  9. RBS ADDENDUM – THE LATEST FROM THE ABC AS THE AGENCY PROVIDES MORE INFORMATION ON THE CALIFORNIA ABC’S MANDATORY RESPONSIBLE BEVERAGE SERVER PROGRAM
  10. THE STATE OF TO-GO BOOZE IN CALIFORNIA
  11. BOOZE RULES SPECIAL EDITION – THE RESPONSIBLE BEVERAGE SERVICE PROGRAM FACTS AND REQUIREMENTS
  12. Competition in the Beverage Alcohol Industry Continues Under the Microscope – Part 3
  13. Competition in the Beverage Alcohol Industry Under the Microscope – Part 2
  14. Competition in the Beverage Alcohol Industry Now Under the Microscope
  15. Alcohol Marketplaces 2.0 Part 5: Looking Ahead
  16. It’s Time for a Regulatory Check-Up: Privacy Policies for email marketing and websites
  17. Alcohol Marketplaces 2.0 Part 4: Who’s responsible for ensuring legal drinking age?
  18. Alcohol Marketplaces 2.0 Part 3: Follow the Money
  19. BOOZE RULES 2021 – NEW CONTAINER SIZES APPROVED FOR ALCOHOLIC BEVERAGES: KEEPING TRACK OF THE TTB’S ATTEMPTS TO REGULATE CONTANER SIZES
  20. Alcohol Marketplaces 2.0 Part 2: Collect sales tax from marketplaces or comply with alcohol guidance?
  21. Alcohol Marketplaces 2.0 Part 1: Solicitation of sales by unlicensed third-party providers
  22. Federal Cannabis Legalization Fortune-Telling
  23. BOOZE RULES – THE DIRECT SHIPPING WARS
  24. California ABC provides additional Covid guidance on virtual events and charitable promotions
  25. Hot Topics for Alcohol Delivery 2020
  26. California Reopening Roadmap is Now a Blueprint for a Safer Economy
  27. The Hospitality Reopening Roadmap to Success
  28. Salads Not A Meal in California, Says ABC
  29. Delivery Personnel Beware – The ABC is Coming for You and for the Licensees Hiring You to Deliver Alcoholic Beverages - This Time Its Justified
  30. Licensees Beware – the Harsh New ABC Enforcement Rules Are Effective Right Now
  31. Part 2: LEGAL FAQS ON REOPENING CA RESTAURANTS, BREWPUBS, BARS AND TASTING ROOMS
  32. John Hinman’s May 22, 2020 interview with Wine Industry Advisor on the ABC COVID-19 Regulatory Relief initiatives and the ABC “emergency rule” proposals
  33. Booze Rules May 21 - The Latest on the ABC Emergency Rules
  34. Part 1: Legal FAQs on Reopening CA Restaurants, Brewpubs, Bars and Tasting Rooms
  35. The ABC’s Fourth Round of Regulatory Relief - Expanded License Footprints Through Temporary COVID-19 Catering Authorizations, and Expanded Privileges for Club Licensees
  36. BOOZE RULES – May 17, 2020 Special Edition
  37. ABC ENFORCEMENT - ALIVE, ACTIVE AND OUT IN THE COMMUNITY
  38. Frequently Asked Questions about ABC’s Guidance on Virtual Wine Tastings
  39. ABC Keeps California Hospitality Industry Essential
  40. ABC REGULATORY RELIEF – ROUND TWO – WHAT IT MEANS
  41. Essential Businesses Corona Virus Signage Requirement Every Essential Business in San Francisco Must Post Sign by Friday, April 3rd
  42. Promotions Compliance: Balancing Risk and Reward
  43. The March 25, 2020 ABC Guidance: Enforcement Continues; Charitable Giving Remains Subject to ABC Rules; and More – What Does it all Mean?
  44. Restaurant and Bar Best Practices – Surviving Covid 19, Stay at Home and Shelter in Place Under the New ABC Waivers
  45. Economically Surviving the Covid Crisis and the Shelter in Place Orders: A Primer on Regulatory interpretations and Options
  46. Booze Rules – Hinman & Carmichael LLP and the Corona Virus
  47. Booze Rules: 2020 and the Decade to Come – Great Expectations (with apologies to Charles Dickens)
  48. The RBS Chronicles: If Your Business serves Alcoholic Beverages YOU NEED TO READ THIS AND TAKE ACTION!
  49. RESPONSIBLE BEVERAGE SERVICE ACT HEARING – OCTOBER 11TH IN SACRAMENTO – BE THERE!
  50. WHEN THE INVESTIGATOR COMES CALLING – BEST PRACTICES.
  51. RESPONSIBLE BEVERAGE SERVICE ACT PROPOSED ABC RULES 160 TO 173 – WHY THE RUSH?
  52. The TTB Crusade Against Small Producers and the “Consignment Sale” Business Model
  53. TTB Protocols, Procedures, and Investigations
  54. Wine in a 250 ML can – the Mystery of the TTB packaging Regulations and Solving the Problem by Amending the Regulations
  55. The Passing of John Manfreda of the TTB: a Tragedy for his family and a Tragedy for the Industry he so Faithfully Served for so Long.
  56. Pride in a Job Well-done, or Blood Money? The Cost of Learning the Truth from the TTB about the Benefits to Investigators from Making Cases Against Industry Members
  57. How ADA Website Compliance Works – The Steps You Can Take to Protect Yourself, Your Website and Your Social Media from Liability
  58. Supplier and Distributor Promotional “Banks,” Third Party Promotion Companies and Inconsistent TTB Enforcement, Oh My!
  59. “A Wrong Without a Remedy – Not in My America” – The TTB Death Penalty for Not Reporting Deaths
  60. Is a 1935 Alcohol Beverage Federal Trade Practice Law Stifling Innovation?
  61. Decoding the BCC’s Guidance on Commercial Cannabis Activity.
  62. Prop 65 - Escaping a "Notice of Violation"
  63. TTB Consignment Sales Investigations - What is Behind the Curtain of the TTB Press Releases?
  64. Heads Up! The ABC Is Stepping Up Enforcement Against Licensees Located Near Universities
  65. Coming Soon: New Mandatory Training Requirements for over One Million “Alcohol Servers” In California – September 1, 2021 will be here quickly
  66. 2019 Legislative Changes for California Alcohol Producers – a Blessing or a Curse?
  67. A Picture (On Instagram) Is Worth A Thousand Words
  68. Playing by the Rules: California Cannabis Final Regulations Takeaways
  69. Hinman & Carmichael LLP Names Erin Kelleher Partner and Welcomes Gillian Garrett and Tsion “Sunshine” Lencho to the Firm
  70. Congress Makes History and Changes the CBD Game for Good
  71. Pernicious Practices (stuff we see that will get folks in trouble!) Today’s Rant – Bill & Hold
  72. CBD: An Exciting New Fall Schedule… or Not?
  73. MISSISSIPPI RISING - A VICTORY FOR LEGAL RETAILER TO CONSUMER SALES, AND PASSAGE OF TITLE UNDER THE UNIFORM COMMERCIAL CODE
  74. California ABC's Cannabis Advisory - Not Just for Stoners
  75. NEW CALIFORNIA WARNINGS FOR ALCOHOLIC BEVERAGES AND CANNABIS PRODUCTS TAKE EFFECT AUGUST 30, 2018, NOW INCLUDING ADDENDUM REGARDING 2014 CONSENT AGREEMENT PARTIES AND PARTICIPANTS
  76. National Conference of State Liquor Administrators – The Alcohol Industry gathers in Hawaii to figure out how to enforce the US “Highly Archaic Regulatory Scheme.”
  77. Founder John Hinman Honored with the Raphael House Community Impact Award
  78. ROUTE TO MARKET AND MARKETING RESTRICTIONS - NAVIGATING REGULATORY SYSTEM CONSTRAINTS
  79. Alcohol and Cannabis Ventures: Top 5 Legal Considerations
  80. ATF and TTB: Is Another Divorce on the Horizon? What’s Going on with the Agency?
  81. STRIKE 3 - YOU REALLY ARE OUT! THE ABC'S STRICT APPLICATION OF PENALTIES FOR SALES TO MINORS
  82. TTB Temporarily Fixes Problem with Fulfillment Warehouse Tax Credits - an “Alternate Procedure” for Paying Taxes & Reporting
  83. CUSTOMERS WHO HAVE HAD ONE TOO MANY - THE FREE TRANSPORTATION DILEMMA
  84. The Renaissance of Federal Unfair Trade Practices - Current Issues and Strategies
  85. ‘Twas the week before New Year’s and the ABC is out in Force – Alerts for the Last Week of 2017, including the Limits on Free Rides
  86. Big Bottles, Caviar and a CA Wine Strong Silent Auction for the Holidays!
  87. The FDA and the Wine and Spirits Industry – Surprise inspections anyone?
  88. NORTHERN CALIFORNIA WILDFIRES: UPDATED REGULATORY AGENCY DISASTER RELIEF RESOURCES AT A GLANCE
  89. NORTHERN CALIFORNIA WILDFIRES: REGULATORY AGENCY DISASTER RELIEF RESOURCES AT A GLANCE
  90. Soon to come to your Local Supermarket– Instant Redeemable Coupons of the digital age!
  91. The License Piggyback Dilemma – If it Sounds Too Good to be True, it Probably is
  92. A timely message from our Florida colleagues on the tied house laws, the three-tier system and the need for reform
  93. ABC Declaratory Rulings – A Modest Proposal Whose Time has Come
  94. More on FDA Inspections - Breweries, Distilleries and Questions
  95. WHY THE FDA IS INSPECTING WINERIES
  96. Senate Bill 378—The Proposed Demise of Due Process for Alcohol Licensees
  97. ABC Enforcement - Trends and Predictions
  98. The Corruption Chronicles – Volume One: A New Hope
  99. New Alcohol Delivery Oversight on the Horizon
  100. Michigan: Canary in the DtC Coal Mine?