No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Artificial intelligence (AI), particularly generative AI, thrives on vast amounts of data, fueling AI capabilities, insights, and predictions. But with this reliance on data comes potential privacy and security risks. And...more
Corporations face unprecedented challenges in safeguarding sensitive data and mitigating privacy risks in an era marked by the rapid proliferation of Internet of Things, or IoT, devices....more
On March 6, 2024, New Hampshire Governor Chris Sununu signed into law SB 255-FN, An Act Relative to the Expectation of Privacy (the “Act”), making New Hampshire the 14th state to enact a comprehensive data privacy law —...more
On January 16, 2024, New Jersey became the fourteenth state to enact comprehensive privacy legislation after the passage of the New Jersey Data Privacy Act (“NJDPA”), adding to the growing national focus on consumer personal...more
A privacy breach can have detrimental consequences for startups: A privacy breach may trigger legal consequences and regulatory scrutiny, especially for a startup that operates in areas with stringent data protection laws...more
Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more
Editor’s note: This post was originally published in October 2020 and has been updated for accuracy and comprehensiveness. They say more is better. And that’s true in many cases, but not when we’re talking about a stockpile...more
On July 1, 2023, the Colorado Privacy Act (ColoPA) and Connecticut Data Privacy Act (CTDPA) will go into effect, joining California and Virginia, whose data privacy laws are already in effect. Notably, while the California...more
To say there’s been a lot of new privacy law in the last decade is an understatement. For those of us who think we’ve “seen it all,” many of these new laws arrive and elicit a sense of challenge (for the optimists) or mild...more
In the midst of what is becoming a national patchwork of data privacy laws, on March 2, 2021 Virginia became the second state to enact a comprehensive data privacy law....more
This webinar is intended for eDiscovery professionals interested in the overlap between data privacy and eDiscovery capabilities, workflows and use cases. The tools to tackle the protection of personal data already exist...more
The European Union’s General Data Protection Regulation (GDPR) first launched the concept of data minimization, which states that a data controller should limit the collection of personal information to what is directly...more
Blackbaud Breach - In the early months of 2020, cybercriminals orchestrated a ransomware attack on Blackbaud Inc., a cloud software company headquartered in Charleston, South Carolina that provides data collection and...more
China’s Personal Information Protection Law, adopted August 20, 2021, becomes effective on November 1. The PIPL establishes a comprehensive data protection structure for the collection, use, and disclosure of the personal...more
Only two months after the release of the second draft of the Data Security Law of the People’s Republic of China (the Second Draft), on June 10, 2021, the Standing Committee of the National People's Congress passed the new...more
NGE Corporate & Securities partner Michael Gray recently interviewed Data Privacy & Information Governance partner David Wheeler about the cybersecurity needs for small and emerging companies. The discussion focused on the...more
The rapid expansion of data security and privacy laws and regulations — both in the United States and internationally — harbors the potential for substantial liability, with the consequence that cyber compliance has become an...more
Organizations of all sizes and industries benefit from a comprehensive data retention policy. Between a sprawl of cloud-based apps and industry guidelines and laws, outlining what data needs to be stored, how it needs to be...more
Every organization needs to develop an effective data retention policy to gain visibility and control over its information. But given the increasing complexity of today’s data systems and the constantly evolving regulatory...more
As more organizations find themselves under scrutiny for the way they collect and use consumer data, maintaining CCPA compliance has never been more important. CCPA has been introduced to give control back to consumers,...more
Due to COVID-19, Maine’s attorney general agreed to delay until August 1, 2020 enforcement of the state’s new internet privacy law, “An Act to Protect the Privacy of Online Customer Information” (Act), which officially went...more
The way we work is shifting rapidly. Teams across the globe are operating remotely, and cloud-based collaboration and communication tools are becoming commonplace. This is posing new challenges for legal teams dealing with...more
Effective as of March 21, 2020, New York State’s Stop Hacks and Improve Electronic Data Security Act (SHIELD Act)requires that nearly all businesses, regardless of where they are based, take affirmative steps to protect...more
Certain provisions of the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) recently took effect in the state of New York. The act was signed into law by the governor in July 2019, and its data breach...more
On Wednesday, May 20, 2020, an Arizona federal district court judge issued a long-awaited order on motions to dismiss a complaint filed by CDK Global LLC (CDK) and Reynolds & Reynolds Company (Reynolds) challenging amendments...more