No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
On March 24, 2025, Senate Bill 754 (pdf) was signed into law amending the Virginia Consumer Protection Act (VCPA), the Commonwealth’s general consumer protection law. The VCPA was originally passed in 1977 as remedial...more
Virginia recently amended its Consumer Protection Act (the Act) to provide enhanced protection for reproductive and sexual health information. These protections take effect on July 1, 2025. The amendment prohibits a...more
On March 24, 2025, the governor of Virginia signed into law Senate Bill 754, which amends the Virginia Consumer Protection Act (VCPA) to restrict the collection, use, sale, or sharing of personally identifiable reproductive...more
The recent decision by the Commission d’accès à l’information du Québec (CAI) regarding a popular grocer’s biometric data project in Quebec has far-reaching implications for other businesses considering or currently using...more
On March 12, 2025, the California Privacy Protection Agency (the Agency) announced a settlement with American Honda Motor Company, Inc. (Honda) for multiple violations of the California Consumer Privacy Act (CCPA),...more
In a notable development for corporate defendants grappling with consumer privacy litigation, the Southern District of New York has recently issued a decision in Lee v. Springer Nature America, Inc., embracing a broadened...more
AI algorithms are driven by data – lots and lots of data. One of the challenges associated with so much data driving AI algorithms is that at least some of that data may be sensitive individual personal data. In fact, the...more
On September 29, 2024, California Governor Gavin Newsom signed AB 1824 into law, amending the California Consumer Privacy Act (CCPA) to require entities involved in corporate transactions, such as mergers and acquisitions,...more
The Practical Privacy Workshop is a half day continuing education event designed to keep you informed on important topics, trends, and best practices in the world of data privacy. Join us for breakfast, presentations that...more
Introduction - Below is a brief outline of the legal regulation of personal protection in Ukraine. Governing Data Protection Legislation - 2.1. Overview of principal legislation - The main legal act governing...more
Introduction - The legal regime in India relating to data protection and privacy has undergone a significant re-haul and revamp. The Digital Data Protection Act, 2023 (“DPDPA”) received the President’s assent and was...more
Last month, two key members of Congress released a draft of the American Privacy Rights Act (“APRA”), comprehensive legislation that would change the landscape of consumer privacy law in the United States. If passed, APRA...more
On April 7, 2024, a draft of the American Privacy Rights Act was introduced. Bringing forth this bipartisan-supported bill represents a significant step toward privacy regulation in the United States. The proposed act brings...more
Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more
Keypoint: The past two months have seen many courts dismiss privacy claims as judges appear to be more critical of plaintiffs’ theories while other judges have allowed cases to proceed past the motion to dismiss stage....more
On July 1, 2023, the Colorado Privacy Act (ColoPA) and Connecticut Data Privacy Act (CTDPA) will go into effect, joining California and Virginia, whose data privacy laws are already in effect. Notably, while the California...more
Washington state’s My Health, My Data Act (the Act), signed into law in April 2023, is a broad health data privacy law designed to protect consumer health data that falls outside the scope of HIPAA, such as health-related...more
On November 1, 2021, the Personal Information Protection Law of the People’s Republic of China (the “PRC”) (the “Personal Information Protection Law”) went into effect, two months after the Data Security Law of the PRC (the...more
China recently enacted its Personal Information Privacy Law (PIPL), which came into effect November 1, 2021. PIPL has global reach and broadly regulates entities of all industries that process the personal data of Chinese...more
On August 20, the People’s Republic of China became the latest global economic powerhouse to pass an omnibus privacy law. Titled the Personal Information Protection Law (“PIPL”), the law was adopted by the Standing Committee...more
In today’s interconnected world, personal information has never been more broadly collected and analyzed by governments and corporations alike, making it imperative that we understand, enforce and update privacy laws in order...more
Biometric data is seen as a preferred means of identification by many businesses. Unlocking a smartphone using facial recognition and other biometric identifiers, for example, gives users the feeling as if they are more...more
Keypoint: Some additional changes to the CCPA regulations were made before they were filed with the Secretary of State and became effective. As discussed in our prior post, on Friday, August 14, 2020, the California Office...more
As Canada's federal and provincial health authorities address the novel coronavirus (COVID-19), various questions have arisen regarding the role that organizations should play in balancing the privacy of its employees,...more
The Florida Senate and House of Representatives are considering two bills (SB 1670 and HB 963) that, if adopted, will amend Florida law to create the state’s first comprehensive privacy law (though they do not go nearly as...more