No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
On March 12, 2025, the California Privacy Protection Agency (the Agency) announced a settlement with American Honda Motor Company, Inc. (Honda) for multiple violations of the California Consumer Privacy Act (CCPA),...more
Businesses need data from consumers, and the sharing and selling of this resource has become quite common. However, you also need to be mindful of the rights of the people whose data you collect, especially their personally...more
First passed into law in 2018, the California Consumer Privacy Act (CCPA) received its first major update in 2020 by way of the California Privacy Rights Act (CPRA), through which the California Privacy Protection Agency...more
On November 8, 2024, the California Privacy Protection Agency (CPPA) Board met to discuss and vote on various proposed California Consumer Privacy Act (CCPA) regulations related to cybersecurity audits, automated...more
The California Consumer Privacy Act of 2018 (as amended, including by the California Privacy Rights Act, the CCPA) was drafted by a privacy rights activist, initially passed and later amended multiple times by the California...more
Keypoint: California state courts weigh in on what does, and does not, qualify as a “pen registry” or “tap and trace” device while one California federal court raises whether a wiretapping claim can also allow for a CCPA...more
In today's digital era, the volume of electronic data generated by organizations is staggering. For law firms conducting due diligence, managing this data while ensuring compliance with stringent data privacy regulations is a...more
California Governor Gavin Newsom approved an amendment to the California Consumer Privacy Act (CCPA) extending privacy rights to a person’s neural data. Neural data is defined as information that is generated by measuring the...more
Since the passage of the California Consumer Privacy Act (CCPA) in 2018, and in the absence of a comprehensive data privacy law at the federal level, states have increasingly sought to enact their own privacy legislation. ...more
Businesses with a website beware: California regulators just warned that the law prohibits your website from making website users jump through hoops or otherwise confusing them as they try to exercise their privacy rights,...more
Sprawling. That’s one way to describe the nature of data and responsibilities in modern organizations. There’s a lot of personally identifiable information (PII) and sensitive data to track, and knowing what lives where so...more
A recent board meeting of state officials revealed that the California agency responsible for overseeing the state’s landmark consumer privacy law received over 2,000 complaints for alleged violations in the past year alone –...more
‘Dear Mary,’ is Troutman Pepper’s Incidents + Investigations team’s advice column. Here, you will find Mary’s answers to questions about anything and everything cyber-related – data breaches, forensic investigations, how to...more
In an ongoing effort to enforce the California Consumer Privacy Act (CCPA) and the Children’s Online Privacy Protection Act (COPPA), the California Attorney General's Office (CAG) announced a recent settlement against Tilting...more
An Internet Protocol (IP) address is a unique identifier assigned to a device that is connected to a computer network. In the internet ecosystem, the IP allows a network host to communicate with a network participant and...more
Businesses take heed: California state officials just warned that the law prohibits you from collecting unnecessary data and retaining data for longer than necessary. The California Privacy Protection Agency published its...more
On April 2, the California Privacy Protection Agency (CPPA or “the Agency”) issued the Agency’s first-ever enforcement advisory. The advisory (“Applying Data Minimization to Consumer Requests”) reaffirms data minimization as...more
“Cybersecurity” has emerged as one of top risks facing organizations. Considering the steady stream of massive data breaches affecting millions (sometimes billions), the debilitating effects of ransomware on an organization’s...more
2023 was an active year for data protection-related litigation. Plaintiffs continued to advance creative theories of liability against businesses, using both older and more established privacy laws (such as the Telephone...more
On February 9, 2024, the California Third District Court of Appeals in Sacramento overturned a lower court order that postponed enforcement of the California Privacy Protection Agency’s (CPPA) newest rules. The decision...more
A California appeals court just pressed fast-forward and ruled that the state can immediately begin enforcing new regulations governing the state’s cornerstone data privacy law instead of waiting until late next month. This...more
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more
This year has seen a tremendous spike in the number of cases alleging violations of the Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710, a statute enacted in 1988 in response to the Washington City Paper’s publication...more
California businesses, including employers, who have not already complied with their statutory data privacy obligations under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA),...more
California employers, beware: the state’s top prosecutor just announced his office is conducting an investigative sweep of whether and how large California employers have complied with data privacy and consumer protection...more