No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
On February 14, 2025, in Therrien v. Hearst Television, Inc., the District of Massachusetts denied a motion for class certification due to the plaintiff’s failure to meet the implied ascertainability requirement of Rule 23....more
In a notable development for corporate defendants grappling with consumer privacy litigation, the Southern District of New York has recently issued a decision in Lee v. Springer Nature America, Inc., embracing a broadened...more
The Video Privacy Protection Act (“VPPA”), a federal statute enacted in 1988, is gaining new relevance in recent years as plaintiffs bring lawsuits with the goal of enforcing online privacy rights. 2024 saw a continuation of...more
Businesses continue to be subjected to a steady stream of consumer class action lawsuits alleging improper collection or disclosure of information from their websites. A variety of laws and legal claims are used to support...more
Candid Color Systems Inc., based in Oklahoma, faces a class action lawsuit for its alleged violations of the Illinois Biometric Information Privacy Act (BIPA). Candid Colors offers marketing services to photographers,...more
The long-awaited amendment provides immediate relief to corporate defendants from business-destroying liability - On August 2, 2024, Senate Bill 2979 went into effect limiting available damages under Illinois’ Biometric...more
Earlier this year, we reported that the Illinois Senate passed Senate Bill 2979 with a vote of 46 to 13, and the Illinois House of Representatives passed Senate Bill 2979 with a vote 81 to 30. This bill addressed concerns...more
In an unusual move, attorneys general (AG) from 30 states and the District of Columbia filed a bipartisan amicus brief in the Ninth Circuit supporting efforts to revive a proposed class action against payment processor...more
An Internet Protocol (IP) address is a unique identifier assigned to a device that is connected to a computer network. In the internet ecosystem, the IP allows a network host to communicate with a network participant and...more
Last week Marriott Hotel Services was hit with a class action lawsuit for alleged violations of the Illinois’ Biometrics Information Privacy Act (BIPA). The lawsuit alleges that the hotel violated BIPA by requiring workers to...more
The California Song-Beverly Credit Card Act (the “Act”) – an act intended to protect the personal privacy of individuals during credit card transactions – may very well become the new trend in California privacy litigation. ...more
The Western District of Pennsylvania recently granted Spirit Airlines, Inc. (“Spirit Airlines”)’s Rule 12(b)(1) motion to dismiss a class action brought by a putative class of plaintiffs who visited Spirit Airlines’ website...more
The Illinois Supreme Court unanimously ruled that the exclusivity provisions of the Workers’ Compensation Act do not bar a claim for statutory damages under the Biometric Information Privacy Act (BIPA). In so doing, the Court...more
On July 18, 2023, the Illinois Supreme Court denied a rehearing on the issue of Biometric Information Privacy Act (BIPA) accrual. The request for rehearing derived from an opinion by the 7th Circuit, Cothron v. White Castle...more
In a unanimous decision, the Illinois Supreme Court determined that the Biometric Information Privacy Act (“BIPA”) is pre-empted by the Labor Management Relations Act for many employees covered by a collective bargaining...more
To say there’s been a lot of new privacy law in the last decade is an understatement. For those of us who think we’ve “seen it all,” many of these new laws arrive and elicit a sense of challenge (for the optimists) or mild...more
Amazon Sued for Not Telling New York Store Customers about Tracking Biometrics - “Thanks to a 2021 law, New York is the only major American city to require businesses to post signs letting customers know they’re tracking...more
Biometric identifiers are unique to every individual. They include your fingerprints, facial structure, and even how you walk. There is the Illinois Biometric Information Protection Act (“BIPA”), and biometric protection...more
The Illinois Supreme Court issued its much-anticipated decision today in the Cothron v. White Castle case, which interpreted the Illinois Biometric Information Privacy Act (“BIPA”). The decision is likely to have far-reaching...more
The Illinois Biometric Privacy Act (“BIPA”) has been a fertile source of class action litigation in recent years as courts continue to grapple with the scope of potential liability of employers and other entities who have...more
On February 2, the Illinois Supreme Court held that under the state’s Biometric Information Privacy Act (BIPA), individuals have five years to assert violations of section 15 of the statute. ...more
An Illinois appellate court has ruled that Apple’s biometric unlock features, including Touch ID fingerprint scanning and Face ID facial geometry scanning, do not violate the state’s Biometric Information Privacy Act (BIPA)....more
The case of Popa v. Harriet Carter Gifts, Inc. “began with a quest for pet stairs.” Plaintiff Ashley Popa searched Harriet Carter Gifts’ website, added pet stairs to her cart, but never completed the purchase. During her...more
The average cost of a data breach is on the rise. According to the 2022 ForgeRock Consumer Identity Breach Report, the average cost in 2021 of recovering from a data breach in the U.S. is $9.5 million — an increase of 16%...more
To say that class action litigation regarding the use or collection of “biometric information” – such as fingerprints, face records, or voice records – is expensive would be a gross understatement. The damages sought, and...more