No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
The country’s largest provider of cloud-based education software for K-12 schools announced on January 7 that it fell victim to a massive data breach – which may lead to questions about the implications for your school....more
Introduction - Illinois has enacted laws addressing rights and obligations related to data privacy. Companies and organizations that handle, collect, disseminate, or otherwise deal in nonpublic information have a number of...more
Summary - On May 18, 2023, the Federal Trade Commission (“FTC”) announced a Notice of Proposed Rulemaking (the “Proposed Rule”), which both clarifies the scope of the Health Breach Notification Rule (“HBN Rule”) to include...more
This year has seen some substantial new data breach settlements including a $500,000 Federal Trade Commission (FTC) fine against CafePress, a $1.25 million multi-state class action settlement and $5 million New York...more
Last week, I discussed eDiscovery in the Asia Pacific (APAC) region in terms of what each country has in place from a rules and discovery standpoint. eDiscovery isn’t the only discipline where US-based bloggers like me tend...more
This week, I received a breach notification letter from a large financial institution stating that my personal information, including my name, Social Security number, account name and number, contact information, date of...more
In delving deeply into the California Consumer Privacy Act (CCPA), the Amendments recently signed by the California Governor, and the proposed Regulations issued by the California Attorney General, there are some details that...more
Fox Rothschild’s Privacy and Data Security practice group maintains this searchable PDF document as well as the Data Breach 411 app to inform businesses of the breach notification statutes in each of the 50 states, Guam,...more
This summer, Pearson notified a handful of Illinois school districts that its AIMSweb 1.0 Platform had experienced a data breach that impacted over 13,000 account holders nationally. ...more
Data scraping is a technique where information on one platform is exported onto another. The practice is widespread and is used for all sort of reasons, like market analysis or advertising. The kind of information located and...more
New York recently enacted important changes to its data breach notification requirements (Breach Requirements) and created a statutory obligation to maintain reasonable data security (Security Requirements). Under the new...more
On July 25, 2019, New York Governor Anthony Cuomo signed the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) into law. The Act creates additional protections for the residents of New York and their private...more
New York is gearing up to enact some of the toughest cybersecurity, privacy and data protection laws in the country. Modeled on the European Union’s General Data Protection Regulation (GDPR) and the California Consumer...more
On January 10, 2019, Massachusetts Governor Charlie Baker signed House Bill No. 4806 into law. The bill amends certain provisions of the state data breach notification law, increasing reporting requirements on a person or...more
Key Point: The Illinois data breach notification statute will now require entities to notify the Illinois Attorney General if a breach affects 500 or more Illinois residents. The Illinois General Assembly recently voted to...more
Texas is one of the many states that looked to be following in the footsteps of California’s enactment of a broad consumer privacy law (the California Consumer Privacy Act), which has far-ranging implications for businesses...more
On May 7, 2019, Washington amended its data breach notification law (HB 1071). The amendment shortens the period in which notice must be provided, expands the definition of personal information, adds further content...more
New Jersey businesses will soon be required to notify affected consumers following a data breach that involves online account information that would allow access to the consumer’s online account. The state’s data breach...more
Beginning on March 1, 2020, Washington State’s data breach notification law will change in a number of important ways. First, the definition of “Personal Information” will expand significantly. This means more data elements...more
On 1 February, 2019, the National Information Security Standardization Technical Committee issued an amended version of the GB/T 35372-2017 Information Technology – Personal Information Security Specification for public...more
The Situation: The Notifiable Data Breach scheme, introduced by amendments to the Privacy Act 1988 (Cth), requires an assessment when an entity suspects that there may have been loss of, unauthorised access to, or...more
The ICO first began its examination of Bounty UK Ltd. (a support club for parents) when the ICO was investigating the data brokerage industry generally, of which it viewed Bounty as taking part (given that it shared member...more
An amendment to New Jersey’s data breach notification requirements of the Consumer Fraud Act is currently awaiting signature by State Governor Phil Murphy. The bill, Assembly No. 3245, was recently passed by both the New...more
• The Office of the California Attorney General (AG) held the final public forum on the California Consumer Privacy Act on March 5, 2019. • Commentators were sophisticated in their understanding of the law and all...more
According to reports, bank customers in Australia (yes, data breach notification requirements exist down under) have been affected by “an industry-wide” data breach experienced by a third-party service provider to the banks –...more