No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Our readers may recall our prior pieces in which we discussed a New Jersey State privacy law, colloquially known as Daniel’s Law. As our readers know, many of the defendants in these Daniel’s Law lawsuits challenged the...more
The US Court of Appeals for the Second Circuit has repeatedly affirmed dismissals of putative class actions brought under the Video Privacy Protection Act (VPPA) based on the use of third-party tracking technologies. The...more
Ten years ago, a California Court of Appeal determined that the Song-Beverly Credit Card Act of 1971 (also the Act), an act that prohibits retailers from requiring consumers’ personally identifiable information (PII) as a...more
On May 1, 2025, the United States Court of Appeals for the Second Circuit issued its decision in Solomon v. Flipps Media, Inc., affirming the dismissal of a putative class action alleging violations of the Video Privacy...more
The Second Circuit Court of Appeals upheld the dismissal of a proposed class action against Flipps Media (now Triller TV), ruling that the company did not violate the federal Video Privacy Protection Act (VPPA) by sharing...more
Much like Blockbuster Video rental stores (of which you might be surprised to learn there is still one remaining), the Video Privacy Protection Act (VPPA) was quietly slipping into obsolescence with the advent of the Internet...more
Courts and class action counsel have been considering what kinds of injuries can confer standing to pursue federal claims following the Supreme Court’s 2021 decision in TransUnion LLC v. Ramirez, which held that the...more
On June 30, the U.S. Court of Appeals for the First Circuit overruled a district court’s dismissal of a putative class action against a home delivery pharmacy service for allegedly failing to prevent a 2021 data breach that...more
Does your business collect or use fingerprints? Do your building access points use retina, finger, or palm scans? Does your security office use facial recognition technology to identify repeated trespassers? Do your phone...more
A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no...more
On April 26, 2021, the Second Circuit Court of Appeals decided the case of McMorris v. Carlos Lopez & Assocs., No. 19-4310, 2021 WL 1603808 (2d Cir. Apr. 26, 2021) and addressed one of the most critical issues in private data...more
While more states push forward on new privacy legislation statutorily granting consumers the right to litigate control of their personal information, federal courts continue to ponder how data breach injury fits traditional...more
The Editors' Note - Welcome to the second issue of Decoded, Spilman's e-newsletter focusing on technology law, including data security, privacy standards, financing technologies, and digital-based means of conducting...more
Report on Patient Privacy 20, no. 6 (June 2020): A divided Indiana Court of Appeals has reinstated a patient’s claim that a hospital is vicariously liable for the actions of a medical assistant who accessed the patient’s...more
In a decision that will come as a relief to many businesses, the UK Supreme Court has unanimously held that companies should not be held vicariously liable for the actions of rogue employees who leak personal data....more
Data scraping is a technique by which automated tools are used to extract data from a website and format the data for analysis. Many companies mine website users’ publicly accessible data in order to tailor products and...more
In this month's edition of our Privacy & Cybersecurity Update, we reflect on the GDPR's one-year anniversary while also examining the EU's new Cybersecurity Act. We also take a look at HHS' new guidance on direct liability of...more
On June 13, 2019, the U.S. Seventh Circuit Court of Appeals in Miller v. Southwest Airlines, Co., Case 18-3476 (June 13, 2019), ruled that claims asserted under the Illinois Biometric Information Privacy Act (“BIPA”), in the...more
A recent ruling in the Illinois Appellate Court maintained that biometric data claims under the Illinois Biometric Information Privacy Act (BIPA) do not amount to wage-and-hour claims subject to a luxury hotel owner's...more
In a decision dated March 1st, 2019, the Paris Court of Appeal reminded that specific conditions must be met for hosting providers to be held liable in case of unlawful content....more
In this episode, I visit with Jonathan Armstrong on the recent UK court of appeals decision in the Morrisons’ case. This decision stretched the limits of vicarious liability for a corporation to the absolute breaking point...more
In a much-anticipated ruling, the Illinois Supreme Court recently held that allegations of actual injury are not required to seek damages under Illinois’ Biometric Information Privacy Act (BIPA or the Act). The case is...more
The Illinois Supreme Court issued its long-awaited ruling in Rosenbach and reversed the appellate court’s decision that technical violations of the Illinois Biometric Information Privacy Act (“BIPA” or “Act”) without “some...more
In a highly anticipated ruling, the Illinois Supreme Court on January 25, 2019, held that plaintiffs who violated the Illinois Biometric Information Privacy Act — which regulates the collection of biometric information such...more
• On January 25, 2019, the Illinois Supreme Court issued a decision interpreting the Biometric Information Privacy Act (BIPA) in the Rosenbach v. Six Flags Entertainment Corp. appeal. The court ruled that a plaintiff does not...more