No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
On June 6, 2025, the Supreme Court of the United States released two decisions on its emergency docket with serious implications for federal agencies, companies that do business with the government, and the data of millions...more
Starting July 9, 2025, the U.S. Department of Justice will begin enforcing its new “Bulk Sensitive Data Rule,” a sweeping regulation aimed at restricting the transfer and storage of sensitive U.S. personal and...more
Montana recently amended its privacy law through Senate Bill 297, effective October 1, 2025, strengthening consumer protections and requiring businesses to revisit their privacy policies that apply to citizens of Montana....more
On March 24, Virginia Governor Glenn Youngkin signed SB 754 into law. SB 754, which will take effect on July 1, 2025, amends the Virginia Consumer Protection Act (VCPA) to prohibit certain entities from, in connection with a...more
According to a highly critical article recently published by TechCrunch, the Department of Government Efficiency (DOGE), President Trump’s advisory board headed by Elon Musk, has “taken control of top federal departments and...more
New York State Governor Hochul recently gave us a “pre” New Year’s gift: effective on December 21, 2024, any individuals or businesses possessing the “private information” of New Yorkers must notify them, and certain state...more
With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more
PowerSchool, a provider of software solutions for K-12 school systems, recently disclosed a cybersecurity incident that may have potentially exposed sensitive information of both students and school district employees....more
American Addiction Centers (AAC) has notified 422,424 individuals that their personal information was stolen in a cyber-attack attributed to the Rhysida criminal organization. The incident was discovered on September 26,...more
2024 was a busy year for state consumer data privacy laws in the United States. Seven states enacted comprehensive data privacy statutes throughout the year, and laws enacted in 2023 went into effect in Montana, Florida,...more
First passed into law in 2018, the California Consumer Privacy Act (CCPA) received its first major update in 2020 by way of the California Privacy Rights Act (CPRA), through which the California Privacy Protection Agency...more
If your business is one of the lucky ones that has not yet had to address the requirements of the various consumer privacy laws across the country, it is once again time to check whether your status has changed. Eight more...more
Earlier this month, after the conclusion of the public comment period, the Colorado Department of Law adopted amendments to the Colorado Privacy Act (CPA), which grants rights to Colorado consumers concerning their personal...more
We work with many US-based businesses that ask us to update their privacy policies to make sure they comply with current data protection laws that apply to them. These businesses are usually referring to their website privacy...more
On Nov. 13, 2024, in Gregg v. Central Transport LLC, the U.S. District Court for the Northern District of Illinois confirmed that Public Act 103-0769 (previously Senate Bill 2979), which amends Illinois’ Biometric Information...more
On November 8, 2024, the California Privacy Protection Agency (CPPA) Board met to discuss and vote on various proposed California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, automated...more
In today’s digital landscape, many organizations will likely face the unfortunate reality of a breach of employee data. The human resources department is the critical link between safeguarding a company’s reputation and...more
Comprehensive consumer privacy laws continue to hit the desks of governors in states across the country, with nineteen state laws now on the books. Since we wrote our 2023 Round-Up on State Consumer Data Privacy Laws article...more
INTRODUCTION - In August 2024, the Hong Kong Office of the Privacy Commissioner for Personal Data (“PCPD”) released a revision of the “Code of Practice on the Identity Card Number and other Personal Identifiers: Compliance...more
Actions in the last six months of the Brazilian National Data Protection Authority (“ANPD”) suggest that it intends to aggressively enforce the Brazilian Data Protection Law (“LGPD”). The LGPD applies to any entity that...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
Over the past several years, the number of states with comprehensive consumer data privacy laws has increased exponentially from just a handful—California, Colorado, Virginia, Connecticut, and Utah—to up to twenty by some...more
The plaintiffs’ bar has added a new tool to its arsenal to target cookies, pixels, and similar online tracking tools and the businesses that use them: the California Song-Beverly Credit Card Act of 1971 (“Act”). This...more
I was hanging out with my friend this weekend, both catching up on emails from a coffee shop. After a while, he turned to me. “Well sh*t. Looks like my social security number might be on the dark web.”...more
Companies’ use of their customers’ biometric data has been increasing for a couple of decades. Numerous state and federal laws regulate how consumer biometric data can be stored and used and require notices to consumers about...more