No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
The country’s largest provider of cloud-based education software for K-12 schools announced on January 7 that it fell victim to a massive data breach – which may lead to questions about the implications for your school....more
On May 16, the Securities and Exchange Commission (“SEC”) announced the adoption of amendments to Regulation S-P, aimed at modernizing and enhancing the rules governing the treatment of consumers’ nonpublic personal...more
Bleeping Computer has reported that Rite Aid has disclosed a data breach affecting 2.2 million individuals. According to the report, Rite Aid stated in its filing with the Maine Attorney General that “We determined by...more
Pennsylvania-based Geisinger Health System said it experienced a breach impacting more than 1.27 million patients when a former employee of vendor Nuance Communications Inc., a Microsoft Corp. subsidiary, accessed patient...more
On October 27, the Federal Trade Commission (FTC or Commission) published a final rule expanding data breach notification requirements for certain financial institutions (Final Rule). Federal Register, will require entities...more
Popular file transfer tool MOVEit’s recent data security vulnerability prompted many businesses to communicate, internally and externally, about the impact of the incident on its business. Originally published in Law360 -...more
This year, Indiana joined several other states to pass a comprehensive consumer privacy law, that becomes operative on January 1, 2026. Like other consumer privacy laws, Indiana’s law requires businesses to establish...more
On June 21, the Department of Homeland Security (DHS) published a final rule to implement security measures that safeguard controlled unclassified information (CUI) from unauthorized access and disclosure and improve incident...more
The landscape for preventing, responding to, and avoiding the fines and other costs associated with data breaches has changed in the last three years. Since the beginning of the pandemic, data breaches have been on the rise...more
There’s no denying that data breaches are a major concern for organizations of all sizes, 2021 saw 1,860 data breaches occur (a record high), and 81% of those involved sensitive information like social security numbers and...more
Last week, I discussed eDiscovery in the Asia Pacific (APAC) region in terms of what each country has in place from a rules and discovery standpoint. eDiscovery isn’t the only discipline where US-based bloggers like me tend...more
Unless you’ve been completely disconnected from the internet for the past year, you’ve undoubtedly read about the passage of a number of state and international laws addressing privacy and cybersecurity. Does this mean that...more
The retention of prolific sensitive, personal electronic information has essentially become a responsibility inherent in the conduct of modern business. From the maintenance of medical records by a healthcare provider to the...more
Last week’s news that the Federal Trade Commission is taking steps to begin rulemaking on consumer privacy and artificial intelligence drew plenty of attention from privacy professionals, and suggests 2022 could be an...more
There is little doubt that the U.S. Securities and Exchange Commission is making cybersecurity a top priority. SEC Chair Gary Gensler told a Senate committee on Tuesday, September 14, 2021 that the agency is developing a...more
Report on Patient Privacy 20, no. 11 (November 2020) - In her 14-plus years of investigating and blogging about hacking and breaches, “Dissent” has been yelled at, threatened with lawsuits and accused of being a criminal....more
Five things schools, colleges and universities can do this summer to address data privacy and protect against cybersecurity threats. Consider these five steps during your summer break to address the protection of...more
An enhanced resource for analysis of data breach notification laws for all 50 states is now just a click away. BakerHostetler combined two of its state breach notification law resources (a summary of the laws and a guide to...more
All U.S states now have laws about data security and what to do when there’s a data breach. Alabama recently was the 50th state to add such a law, and it takes effect on May 1, 2018. Here are its highlights....more
On Wednesday, March 28, 2018, the Alabama Data Breach Notification Act of 2018 (SB318) was signed into law by the Governor, making Alabama round out the roster of 50 states with data breach notification laws. (South Dakota’s...more
On August 17, 2017, Governor John Carney signed into law bi-partisan legislation that increases cybersecurity protections for Delaware residents whose personal information may be compromised as a result of a data breach....more
CoPilot Provider Support Services, Inc. (CoPilot), which provides health care companies with billing and insurance support services, has settled allegations by the New York Attorney General of failing to notify individuals of...more
Whether resulting from a planned cyberattack or mere carelessness, data breaches are on the rise. In 2015, 781 data breaches were reported across the United States, with the average breach costing $3.8 million. In 2016, the...more
The spring legislative sessions this year brought a now-familiar round of revisions to data breach notification laws, with states broadening their laws in often divergent ways. This year, Illinois, Nebraska, and Tennessee...more
The attached chart constitutes a summary of the laws of various jurisdictions that govern data breach notifications....more