No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Privacy pros are passionate about doing good work, in every sense of the word. Yes, we care about managing privacy as thoroughly and efficiently as possible (and not getting fined). But we are all in this line of work for a...more
Last week, two separate class actions were filed in the federal district court for the Southern District of Texas against DISA Global Solutions (DISA), a third-party employment screening services provider, related to an April...more
In the waning days of the Biden administration, the FTC published an update to its COPPA Privacy Rule. The status of this update, however, is unclear. The revisions to the rule were posted on the FTC website prior to the...more
The Department of Government Efficiency’s (DOGE) staggering unfettered access to all Americans’ personal information is highly concerning. DOGE employees’ access includes databases at the Office of Personnel Management, the...more
With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more
It’s no longer good enough for your business to have a reactive approach to consumer privacy – you need a proactive strategy to manage compliance, foster consumer trust, and stay competitive in this modern era. While many...more
The California Consumer Privacy Act of 2018 (as amended, including by the California Privacy Rights Act, the CCPA) was drafted by a privacy rights activist, initially passed and later amended multiple times by the California...more
Actions in the last six months of the Brazilian National Data Protection Authority (“ANPD”) suggest that it intends to aggressively enforce the Brazilian Data Protection Law (“LGPD”). The LGPD applies to any entity that...more
Texas will soon be the next state to have a comprehensive consumer data privacy and security law when the Texas Data Privacy and Security Act takes effect on July 1. It will require businesses to take several compliance...more
Introduction - In recent years, Ohio has made unique and nationally-mirrored efforts toward advancing a goal of protecting the personal data of its residents. In addition to joining other U.S. states in 2005 by requiring...more
Introduction - Illinois has enacted laws addressing rights and obligations related to data privacy. Companies and organizations that handle, collect, disseminate, or otherwise deal in nonpublic information have a number of...more
CYBERSECURITY - Health Care Entities Continue to Get Pummeled by Cybersecurity Attacks - The newest health care entity to be hit by a cyberattack is Ascension Health, which operates 140 hospitals and 40 assisted living...more
Introduction - Data protection is being driven by rapid technological advances and the increasing digitalization of society. Data protection legislation in Portugal is aligned with European Union law, in particular with...more
Introduction - The legal regime in India relating to data protection and privacy has undergone a significant re-haul and revamp. The Digital Data Protection Act, 2023 (“DPDPA”) received the President’s assent and was...more
Introduction - As a federal state with law-making powers shared between federal and provincial/territorial governments, Canada has both federal and provincial/territorial privacy laws that govern the private and public...more
Introduction - The Brazilian General Data Protection Law (“LGPD”), enacted in 2018 and enforced since 2020, serves as the cornerstone of the country's data protection framework. Its primary objective is to ensure the...more
On April 7, 2024, Representative Cathy McMorris Rogers (R-WA) and Senator Maria Cantwell (D-WA) announced that Congress will once again consider a comprehensive federal data privacy bill that, if passed, would dramatically...more
On April 7, Senate Commerce Committee Chair Maria Cantwell (D-WA) and House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) released the text of the American Privacy Rights Act (APRA), a bipartisan and...more
On March 6, 2024, New Hampshire Governor Chris Sununu signed into law SB 255-FN, An Act Relative to the Expectation of Privacy (the “Act”), making New Hampshire the 14th state to enact a comprehensive data privacy law —...more
Friendly reminder – the Washington My Health My Data Act (“WMHMDA”) compliance deadline for regulated entities to post their consumer health data privacy policy is March 31, 2024 (June 30, 2024 for small businesses). A...more
On January 16, 2024, New Jersey became the fourteenth state to enact comprehensive privacy legislation after the passage of the New Jersey Data Privacy Act (“NJDPA”), adding to the growing national focus on consumer personal...more
As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a...more
On January 16, New Jersey Governor Phil Murphy signed S332 (the act), making New Jersey the first state in 2024 to enact a comprehensive privacy law. Several other states are currently considering similar comprehensive...more
January 28 is International Privacy Day, and this day is an opportunity to learn about recent developments in the legal landscape for privacy law. It is also a good opportunity to highlight how far privacy rights have come,...more
It is indeed a tangled regulatory web woven to potentially trap an organization in the wake of a data incident. Navigating this web can involve significant resources, time, and stress. As we discussed in part two of this...more