Anokhy Desai

Anokhy is a privacy and cybersecurity attorney who recognizes that even the strongest defenses leave businesses exposed to risk. Guided by that understanding, she helps clients identify gaps in their data privacy and cybersecurity programs, strengthen compliance, and navigate emerging requirements with confidence.

Contact:

Points Well Taken: The Privacy Side of Loyalty Programs and Promotions

By Shannon Kapadia, Anokhy Desai & Heidi Salow on March 2, 2026

Posted in AdTech, Advertising, COPPA, FTC, Privacy, State privacy legislation, US Federal Privacy Legislation

Key point: Whether your business runs a retail loyalty program, a restaurant rewards app, a software referral campaign, or an online sweepstakes, these programs often collect customer information, and that can trigger real privacy compliance obligations that are easy to overlook.

The Rules Vary by Program. Privacy Obligations Do Not.

Online promotional activities frequently involve the collection, use, and sharing of consumer personal information, and data privacy laws play an important role across all of them. Examples:

A retailer runs a points-based loyalty program which collects purchase history and behavioral data.
A company with a household brand name runs a sweepstakes and collects contact information for prize fulfillment.
A manufacturer offers mail-in rebates and collects names, addresses, and receipts to provide the rebates.
A mobile app runs a referral campaign and collects device identifiers and app usage data.
A sports betting app runs an advertising campaign to attract participants and inadvertently collects personal information from middle school kids who like sports.

All these instances trigger compliance obligations—even if the activities feel informal or low-risk.

Navigating Cyber Disclosures in 2026: A Limited Renewal of CISA 2015, and “Take Two” on Finalizing CIRCIA’s Reporting Regulations

By Erik Dullea, Luis Hidalgo & Anokhy Desai on February 26, 2026

Posted in Cybersecurity, Data Security, Privacy, US Federal Privacy Legislation

Key point: 2026 may be a pivotal year for organizations to monitor cyber incident reporting requirements—the voluntary sharing allowed under CISA 2015 remains available, but only through September, and regulations delineating who and how mandatory reporting requirements are managed under CIRCIA are coming.

California’s Deletion Request and Opt-Out Platform (DROP) is Live

By Heidi Salow & Anokhy Desai on February 11, 2026

Posted in California, Data Security, Privacy, State privacy legislation

In October 2023, California passed the Delete Act, which, in addition to requiring data brokers to register with the state, directed Cal Privacy (f/k/a the California Privacy Protection Agency or CPPA) to create a data deletion software tool by January 1, 2026. This deletion software tool, now called the Delete Request and Opt-Out Platform (DROP), allows California residents to submit a single request to require all registered data brokers to 1) delete their personal information, and 2) stop selling or sharing that information through one verified, government‑administered process, rather than contacting hundreds of companies individually.

The Genesis Mission: A New Executive Order Aims to Transform U.S. Innovation with AI

By Erik Dullea, Olga Shupyatskaya & Anokhy Desai on December 1, 2025

Posted in Artificial Intelligence

Central Computer Processors CPU concept - 3d rendering

Key point: The President’s latest Executive Order establishes the Genesis Mission and aspires to use AI to accelerate scientific discovery in sectors such as biotech, quantum, nuclear power, and semiconductors.

Byte Back