No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Sitting with the C-Suite: Information Governance and eDiscovery - Key Compliance Issues for In-House Counsel
On July 11, a split U.S. Court of Appeals for the Eleventh Circuit partially vacated the greenlighting of two data breach class actions, holding that a district court must re-analyze the boundaries of the classes. Both the...more
Brazil’s data protection authority recently published regulations that could lead businesses and employers that violate the country’s data privacy laws to be punished with administrative penalties – adding yet more incentive...more
A new Fourth Circuit decision has thrown out of federal court a state-law privacy claim where the plaintiff alleged only a bare statutory violation without alleging “a nonspeculative, increased risk of identity theft,”...more
The Ontario Court of Appeal recently released a trilogy of decisions (Winder v. Marriott International, Inc., 2022 ONCA 815; Obodo v. Trans Union of Canada, Inc., 2022 ONCA 814; Owsianik v. Equifax Canada Co., 2022 ONCA 813)...more
On October 31, 2022, the Federal Trade Commission (FTC) announced a complaint and proposed consent order against Chegg, an edtech company, over its security practices that resulted in four security breaches in three years....more
This year has seen some substantial new data breach settlements including a $500,000 Federal Trade Commission (FTC) fine against CafePress, a $1.25 million multi-state class action settlement and $5 million New York...more
On March 9, 2022, the Securities and Exchange Commission (“SEC”) announced Proposed Rules on cybersecurity risk management, strategy, governance, and incident disclosure (“Proposed Rules”) to address concerns of increasing...more
In a first of its kind trial, a defendant accused of negligently responding to a data breach was cleared of all liability by a jury last month. After two hours of deliberation, the jury rejected plaintiff’s claim that the...more
As the world emerged from lockdown, it should come as no surprise that cybersecurity and data privacy remained dominant topics in the media and legal industry. Some of 2021 was much like 2020 – ransomware attacks continued to...more
The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a...more
The Ministry of Service Alberta is seeking public input on the province's statutory privacy protections. This follows Ontario's recent gesture to modernize its privacy framework and request feedback, which we discussed in...more
Although the California Consumer Protection Act (“CCPA”) went into effect on January 1, 2020 and over 100 class actions referencing the CCPA have been filed to date, very few class actions have actually made their way to...more
On April 30, 2021, the Government of Ontario introduced Building a Digital Ontario, the province's new digital and data strategy, which lays the foundation for Ontario to become "the world's leading digital jurisdiction."...more
Many employers are facing growing problems with identity theft in a new way: data is being used to file false claims including requests for job service benefits and SBA loans through the PPP, among others. To address this...more
The 11th Circuit recently weighed in on the hottest issue is data breach litigation, whether a demonstration of actual harm is required to have standing to sue. Joining several other circuit courts, the 11th Circuit in Tsao...more
As part of a growing trend, the Eleventh Circuit recently held that an alleged risk of future identity theft does not establish standing where the plaintiff does not allege any information has actually been misused. Tsao v....more
In early November, we wrote about a new Eleventh Circuit decision on Article III standing law which directly held that it was not enough to allege a statutory violation and instead there must be a concrete injury to sustain...more
A recent decision of the U.S. District Court for the District of Columbia further erodes a defendant’s claim of privilege with respect to expert reports related to data breaches. However, it also provides important...more
Takeaway: The Eleventh Circuit has yet to address whether a future risk of identity theft is sufficient to establish standing in a data breach case. In Muransky v. Godiva Chocolatier, Inc., 16-16486, 2020 WL 6305084, at *12...more
Premera Blue Cross (Premera) has agreed to settle with the Office for Civil Rights (OCR) for $6.85 million over allegations of violations of HIPAA after an investigation of a data breach that occurred in 2014 affecting 10.4...more
Today the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Resources announced that a Georgia orthopedic clinic agreed to pay $1.5 million and adopt a two-year corrective action plan to settle potential...more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
Takeaway: Data breach cases often turn on whether the threat of future identity theft suffices to establish Article III standing. In yet another data breach case, In re Brinker Data Incident Litig., 3:18-CV-686-J-32MCR,...more
This post was co-authored with Kaylee Rose, first-year law student at Cumberland School of Law: Vermont Amends Data Breach Notification Law - On July 1, 2020, amendments to Vermont’s Security Breach Notice Act, 9 V.S.A. §§...more