No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
The recent decision by the Commission d’accès à l’information du Québec (CAI) regarding a popular grocer’s biometric data project in Quebec has far-reaching implications for other businesses considering or currently using...more
New amendments to Illinois’s Biometric Information Privacy Act (BIPA) expand the ways in which consent may be obtained and reverse a critical holding in Cothron v. White Castle System, Inc., significantly reducing a company’s...more
On August 2, 2024, Illinois Governor J. B. Pritzker signed legislation reforming Illinois’ Biometric Information Privacy Act (BIPA). Senate Bill 2979 immediately amends BIPA to limit a private entities’ potential liability...more
Nearly one and a half years after the Illinois Supreme Court saddled businesses with the potential for massive damage awards under the state’s landmark biometric law, Governor J.B. Pritzker just signed into law amendments...more
On May 31, 2024, Colorado enacted H.B. 24-1130, an amendment to the Colorado Privacy Act (CPA) regarding the use of biometric information (the “Biometric Amendment”). The Biometric Amendment, effective July 1, 2025, requires...more
Last month, two key members of Congress released a draft of the American Privacy Rights Act (“APRA”), comprehensive legislation that would change the landscape of consumer privacy law in the United States. If passed, APRA...more
Does your business collect or use fingerprints? Do your building access points use retina, finger, or palm scans? Does your security office use facial recognition technology to identify repeated trespassers? Do your phone...more
One of the more significant Illinois legal developments in the past month were two Illinois Supreme Court orders interpreting the state’s onerous Biometric Information Protection Act (BIPA). We recently examined how these...more
The Supreme Court of Illinois recently held that use of a fingerprint system by White Castle, Inc. (“White Castle”) to authenticate employees, without the consent of the employees, entailed multiple violations of the Illinois...more
The landscape of biometric privacy just became both more settled and unsettling for companies using biometrics. On February 17, 2023, the Illinois Supreme Court held that each scan or transmission of a person’s biometric...more
Right on the heels of the Illinois Supreme Court’s decision in Tims, the Court delivered yet another crushing blow to Illinois businesses in Cothron v. White Castle System, Inc. Answering the crucial question of when a...more
If companies that employ Illinois residents and use any type of equipment to scan fingers, hands, face, or eyes were not yet aware of and concerned by the Illinois’ biometric privacy law, the Illinois Biometric Privacy Act...more
Biometric data is seen as a preferred means of identification by many businesses. Unlocking a smartphone using facial recognition and other biometric identifiers, for example, gives users the feeling as if they are more...more
Keypoint: While the Washington Privacy Act appears poised to pass the Senate, a competing bill introduced in the House of Representatives would require opt-in consent for processing, create an Illinois-like biometric...more
A bipartisan group of New York state lawmakers recently introduced privacy legislation that would impose new obligations on businesses related to biometric identifiers and biometric information. The Biometric Privacy Act...more
The Florida Senate and House of Representatives are considering two bills (SB 1670 and HB 963) that, if adopted, will amend Florida law to create the state’s first comprehensive privacy law (though they do not go nearly as...more
California Adds Biometric Restrictions to Data-Breach Law, Potentially Creating a De Facto Biometric Privacy Law Subject to the governor’s signature, California’s breach-notification law will gain additional requirements...more
And if you are collecting, storing or using biometric information of any Parrotheads, you may end up being the only bait in town. A bill to create the Florida Biometric Privacy Act was just introduced in the Sunshine State...more
On January 25, 2019, the Illinois Supreme Court issued its long awaited opinion in Rosenbach v. Six Flags Entertainment Corp, ruling that the Illinois Biometric Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) does not require an...more
The Illinois Supreme Court recently handed down its much-anticipated decision in Rosenbach v. Six Flags Entertainment Corporation et al., clarifying what makes someone “aggrieved” and able to bring a claim under the Illinois...more
On January 25, 2019, the Illinois Supreme Court released a unanimous decision holding that individuals do not need to plead or prove actual damages or harm to maintain a private right of action under the Illinois Biometric...more
There are three states with biometric privacy laws. Texas, which passed its law in 2009, and Washington, which passed its law in 2017, followed Illinois’ passage of its 2008 law, the Biometric Information Privacy Act (BIPA)...more
Many businesses collect and store biometric information for a myriad of reasons, including, for example, verifying the accuracy of time cards for employees of manufacturers and restaurants to ensure accurate payment of wages,...more
On January 25, 2019, in Rosenbach v. Six Flags Entm’t Corp., the Illinois Supreme Court held that an individual is an “aggrieved” party under the Illinois Biometric Information Privacy Act (“BIPA”) and may seek damages absent...more
On Friday, January 25, 2019, the Illinois Supreme Court issued its highly anticipated decision in Rosenbach v. Six Flags Entertainment Corp, et al., 2019 IL 123186 (Ill. Jan. 25, 2019). The Court concluded that a private...more