No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On April 11, 2025, the Department of Justice (DOJ) announced additional guidance regarding the implementation of the Final Rule (the “Rule”), Provisions Pertaining to Preventing Access to U.S. Sensitive Personal Data and...more
For community associations, this is especially important as these organizations often manage large amounts of PII of homeowners and residents (e.g., name, address, phone number, etc.), including certain categories of...more
In 2024, as in years past, healthcare fraud enforcement by the U.S. Department of Justice (DOJ) was substantial. Federal actions under the False Claims Act (FCA) alone resulted in $1.67 billion in settlements and judgments...more
New York State Governor Hochul recently gave us a “pre” New Year’s gift: effective on December 21, 2024, any individuals or businesses possessing the “private information” of New Yorkers must notify them, and certain state...more
With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:...more
If your business is one of the lucky ones that has not yet had to address the requirements of the various consumer privacy laws across the country, it is once again time to check whether your status has changed. Eight more...more
New York hospitals have less than a year to dust off their Health Insurance Portability and Accountability Act (HIPAA) compliance programs and update them to comply with more stringent and detailed state regulations. Last...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
In today's digital era, the volume of electronic data generated by organizations is staggering. For law firms conducting due diligence, managing this data while ensuring compliance with stringent data privacy regulations is a...more
INTRODUCTION - In August 2024, the Hong Kong Office of the Privacy Commissioner for Personal Data (“PCPD”) released a revision of the “Code of Practice on the Identity Card Number and other Personal Identifiers: Compliance...more
The HHS Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying 946,801 people whose protected health information or other personally identifiable information...more
The U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) on July 26, 2024, issued a notice containing a reference guide for customers of financial institutions (the Reference Guide). The Reference...more
Editor’s Note: During a recent HaystackID webcast, expert panelists explored the role of the Committee on Foreign Investment in the United States (CFIUS) in protecting sensitive technologies, classified contracts, and other...more
In July 2024, the Federal Bureau of Investigation and Department of Treasury’s Financial Crime Enforcement Network and Office of Foreign Assets Control (OFAC) released a joint notice discussing how Mexican-based Transnational...more
Minnesota was the nineteenth state to pass a comprehensive data privacy law, the Minnesota Consumer Privacy Act (H.F. 4757) (MCPA), which becomes effective on July 31, 2025. While we continue to see more of these laws...more
From family farms and businesses to established agribusinesses to emerging ag tech companies, a new federal law requires business entities to disclose their owners’ and control persons’ personal information, and for many...more
A federal law requires franchisor and franchisee business entities to disclose personal information and photographs of persons with ownership and control over their business....more
On May 31, 2024, Colorado enacted H.B. 24-1130, an amendment to the Colorado Privacy Act (CPA) regarding the use of biometric information (the “Biometric Amendment”). The Biometric Amendment, effective July 1, 2025, requires...more
With state privacy laws continuing to increase, will the federal American Privacy Rights Act be adopted? Over 18 states have now enacted comprehensive state privacy laws, three of which go into effect on July 1, 2024, in...more
A working group within the Commodity Futures Trading Commission (CFTC) released a report on May 2, 2024, concerning the risks posed by AI adoption in the derivatives market. The report warns that the adoption of AI tools...more
On July 1, 2024, Florida, Oregon, and Texas will join California, Colorado, Connecticut, Utah, and Virginia by adding privacy laws governing the collection, use, and transfer of consumer personal data. Montana will follow...more