No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Starting July 9, 2025, the U.S. Department of Justice will begin enforcing its new “Bulk Sensitive Data Rule,” a sweeping regulation aimed at restricting the transfer and storage of sensitive U.S. personal and...more
On March 24, Virginia Governor Glenn Youngkin signed SB 754 into law. SB 754, which will take effect on July 1, 2025, amends the Virginia Consumer Protection Act (VCPA) to prohibit certain entities from, in connection with a...more
Over the past several years, the number of states with comprehensive consumer data privacy laws has increased exponentially from just a handful—California, Colorado, Virginia, Connecticut, and Utah—to up to twenty by some...more
Last week’s news that the Federal Trade Commission is taking steps to begin rulemaking on consumer privacy and artificial intelligence drew plenty of attention from privacy professionals, and suggests 2022 could be an...more
Many legal professionals are familiar with eDiscovery and the benefits the technology provides. However, what may not be common knowledge is the power that artificial intelligence brings to the table and the techniques that...more
Report on Patient Privacy 21, no. 6 (June 2021) - Scripps Health in San Diego experienced what it called “an information technology security incident” from ransomware that was detected May 1, forcing some of its operations...more
Recently we wrote about two amendments to the California Consumer Privacy Act of 2018 (CCPA) that were awaiting signature on Governor Newsom’s desk: AB 1281 – which extends the one-year exemptions for employee information and...more
On January 1, 2020 California Consumer Privacy Act (“CCPA”) largely came into effect, albeit with several last-minute modifications and a need to promulgate regulations. ...more
Modern businesses are caught in a perfect storm. Data privacy laws are proliferating at the state, federal, and international levels, requiring companies to know where they are storing personally identifiable information...more
The European Data Protection Board (EDPB) and a number of European data protection supervisory authorities have recently issued guidance on processing personal data, including special categories of personal data (i.e., health...more
On January 24, 2020, security analysts revealed that a data breach exposed the personal information of 30,000 medical marijuana patients across the country, including patients in Ohio. Bloom Medicinals, which operates five...more
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen - The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
The specter of a data breach is an unfortunate reality for anyone that uses a computer. Corporations are obviously large targets, with potentially thousands of employees doing things on computers. Some of those things are...more
The Federal Bureau of Investigations Internet Crime Complaint Center (IC3) recently issued a public service announcement warning private companies about the increasing numbers of ransomware attacks affecting private industry....more
Despite its breadth, California's new privacy law, the California Consumer Privacy Act (CCPA), creates an exemption designed around the federal Health Insurance Portability and Accountability Act (HIPAA). That exemption is...more
When the European Union’s General Data Protection Regulation (GDPR) became effective on May 25, 2018, many US-based hospitals struggled to determine whether they were subject to the GDPR and, if so, what they must do to...more
Cybersecurity is a significant business risk for any organization that collects personal data. The greater the amount of personal data collected by an organization, the greater the risk that it will be targeted by...more