No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Sitting with the C-Suite: Information Governance and eDiscovery - Key Compliance Issues for In-House Counsel
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
The FTC recently announced the removal of Aristotle International, Inc. from the list of seven approved safe harbor programs under the Children’s Online Privacy Protection Act. Programs that are approved by the FTC must place...more
In an unusual but significant move, on August 4, 2021, the Federal Trade Commission (FTC) removed Aristotle International from the Children’s Online Privacy Protection Act (COPPA) Safe Harbor List. ...more
We are now seeing a potential trend where states are incentivizing companies through the creation of safe harbors to improve their cybersecurity posture, instead of penalizing them after a breach of personal information. Utah...more
On January 30, Rep. Kathy Castor (D-FL) introduced H.R. 5703, the Protecting the Information of our Vulnerable Children and Youth Act (Kids PRIVCY Act) that would expand requirements under the Children’s Online Privacy...more
The Court of Justice of the EU ("CJEU") is currently hearing a challenge against the validity of two key mechanisms that businesses use to transfer personal data internationally. In a move that will come as a relief to...more
On October 7, the Federal Trade Commission (FTC or the “Commission”) brought together privacy and technology stakeholders for a public workshop aimed at informing updates to regulations promulgated under the Children’s Online...more
The first months of 2019 have seen several key developments in the world of children’s privacy. There have been major enforcement actions, new legislative proposals, and new best practices and guidance issued, both in the...more
WHAT YOU NEED TO KNOW: Ohio is taking a unique approach to addressing data breaches by offering businesses meeting certain requirements with a safe harbor against lawsuits following a data breach. Specifically, the act...more
The 2018 California Consumer Privacy Act (CCPA) requires the California Attorney General’s Office (AGO) to promulgate regulations related to the CCPA by July 1, 2020. The AGO is holding a series of public forums and accepting...more
Click Here for PDF A first-of-its-kind data security law, the recently enacted Ohio Data Protection Act may signal the beginning of a new trend in the legal approach to corporate cybersecurity obligations. At the same time,...more
As much of the country’s workforce traveled on Wednesday for the Thanksgiving holiday, the Supreme Court of Pennsylvania issued a decision that some may view as a turkey: under Pennsylvania law, employers have an independent...more
Schneider Electric recently issued a consumer warning that it mistakenly shipped to its customers USB drives that were infected with malware. Schneider Electric stated in its alert that “Schneider Electric has determined that...more
Ohio recently enacted the Ohio Data Protection Act (2018 SB 220), a law that offers a breach litigation safe harbor to businesses meeting specific cybersecurity standards. While the law does not prevent a plaintiff from...more
Since my last blog post about SB 1121, the California Senate voted to send SB 1121 to the state Assembly. The on May 30 vote was very close, 22-13, only one above the 21-vote threshold for passing the bill and strictly along...more
Transportation is often cited as one of the top barriers to health care for individuals in the United States. To reduce this burden and increase access to care, many health care providers are now partnering with ride-sharing...more
Editor’s Note: Strictly speaking, this blog post isn’t really about human resources management or employment law. But it might be; the GDPR is vaguely written and it is not at all clear how it will be applied in relation to...more
The body of cybersecurity case law continues to grow. On April 10, 2018, the Pennsylvania Supreme Court is set to hear arguments regarding employers’ liability for data breaches in Dittman v. UPMC....more
Alabama has joined the “crazy quilt” of state data breach notification laws with the governor’s signature of the Alabama Data Breach Notification Act of 2018. Things to take note of under the Alabama law...more
On March 6, 2018, the FTC hosted a live Twitter chat to mark the twentieth anniversary of the Children’s Online Privacy Protection Act (COPPA)....more
Second in a two-part series. Last week, in the first part of this series, we examined several key aspects of New York’s proposed data security law, Stop Hacks and Improve Data Security Act or SHIELD Act. In our second and...more
Citing a sixty percent increase in data breach notifications from 2015 to 2016, New York Attorney General Eric Schneiderman recently introduced the Stop Hacks and Improve Data Electronic Security Act (SHIELD) bill. The...more
New York is emerging as the nation’s de facto top data security regulator. Earlier this year, the state’s powerful Department of Financial Services implemented its tough cybersecurity regulation covering banks and...more
As I blogged about here, last year the Tennessee legislature amended its data breach laws to become the first state in the U.S. to remove the encryption safe harbor from its definition of a data breach, which required notice...more