No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Artificial intelligence (AI), particularly generative AI, thrives on vast amounts of data, fueling AI capabilities, insights, and predictions. But with this reliance on data comes potential privacy and security risks. And...more
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
Pennsylvania’s Governor recently approved amendments to the Commonwealth’s data breach notification law, which represent a significant overhaul to the law. As detailed below, the amended law makes a number of material...more
The Securities and Exchange Commission (“SEC”) has announced the adoption of amendments to Regulation S-P (“Amendments”) to modernize and enhance the rules that govern the treatment of consumers’ nonpublic personal...more
President Biden issued an Executive Order last month calling on the DOJ and relevant government agencies to tighten regulations on bulk data transfers to “countries of concern.” In late February, President Biden issued...more
On February 28, 2024, President Joe Biden issued Executive Order (“EO”) 14117, empowering the Department of Justice (DOJ) to regulate the export of certain consumer data, in order to prevent certain countries’ governments...more
As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a...more
A privacy breach can have detrimental consequences for startups: A privacy breach may trigger legal consequences and regulatory scrutiny, especially for a startup that operates in areas with stringent data protection laws...more
Indiana has amended its breach notification law to require entities to notify individuals “without unreasonable delay, but not more than forty-five (45) days after the discovery of the breach.” It clarifies that a delay is...more
On November 18, 2021, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the Office of the Comptroller of the Currency issued a joint final rule to require banking...more
The updated rule also includes new exemptions, expands the definition of “financial institution,” and creates new accountability requirements. On October 27th the Federal Trade Commission (“FTC”) adopted and published...more
As the onslaught of data breaches and ransomware attacks continues, state governments are grappling with ways to bolster the impact and reach of breach notification laws. All fifty states, Puerto Rico, Guam, the Virgin...more
As the dueling Florida House and Senate consumer data privacy protection bills make their way through various committees in the Florida legislature, April 14, 2021, was the Florida House’s turn for a vote. House Bill 969...more
What is the General Data Protection Regulation (GDPR)? The GDPR is an EU law that was passed by parliament and went into effect on May 25, 2018. The GDPR unifies the EU under a single data protection regime for all member...more
Like Virginia and Washington before it, on March 19, 2021, Colorado introduced a data privacy bill, the Colorado Privacy Act (CPA). As currently drafted, the CPA would be similar to other U.S. state privacy laws, including...more
On Friday, August 14, California’s Office of Administrative Law (OAL) approved the final draft of the Attorney General’s (AG) regulations under the California Consumer Privacy Act (CCPA). Attorney General Xavier Becerra’s...more
On Friday, the California Attorney General issued the final implementing regulations for the California Consumer Privacy Act (CCPA). The final regulations—which had been under review by the California Office of Administrative...more
Last November, the Spanish Data Protection Authority (Spanish DPA) published its new Guidelines on the Use of Cookies within the framework of the GDPR and Spanish E-privacy rules. ...more
Today we are very pleased to welcome guest blogger Moyara Ruehsen, PhD, CAMS, CFCS, who is an Associate Professor and Director of the Financial Crime Management Program at the Middlebury Institute of International Studies in...more
Requirements under a new Dubai International Financial Centre data protection law will apply within the DIFC from 1 July 2020. ...more
On March 11, The California Attorney General (CA AG) released a second set of modifications to the proposed regulations implementing the California Consumer Privacy Act (CCPA)....more
With the CCPA (California Consumer Privacy Act) in effect as of January 1, but regulations still being revised and finalized, businesses are struggling to know what they need to do now to comply....more
The California Attorney General’s office published revised proposed regulations for implementing the California Consumer Privacy Act (CCPA) on February 7, 2020. What are the implications for businesses trying to stay...more
While the final CCPA regulations remain pending, written comments on the recently released proposed modifications are due by February 25, 2020. This article highlights some of the most notable changes to the proposed...more