No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
For community associations, this is especially important as these organizations often manage large amounts of PII of homeowners and residents (e.g., name, address, phone number, etc.), including certain categories of...more
New York State Governor Hochul recently gave us a “pre” New Year’s gift: effective on December 21, 2024, any individuals or businesses possessing the “private information” of New Yorkers must notify them, and certain state...more
With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more
A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
A Written Information Security Plan, or “WISP,” is essential for any organization that handles sensitive personal information. Here’s a quick breakdown of who needs a WISP and why, as well as a checklist to develop one:...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
The HHS Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying 946,801 people whose protected health information or other personally identifiable information...more
Introduction - The Brazilian General Data Protection Law (“LGPD”), enacted in 2018 and enforced since 2020, serves as the cornerstone of the country's data protection framework. Its primary objective is to ensure the...more
Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more
I recently had the chance to visit with Jonathan Armstrong on a recent data breach case that occurred in the health service provider NHS Lanarkshire (Scotland) during the COVID-19 pandemic. This breach serves as a stark...more
With a dizzying array of state privacy laws on the horizon, the prospect of a federal solution has come into sharp focus. Rather than a patchwork of regional legislation, a comprehensive national framework would potentially...more
Report on Supply Chain Compliance 3, no. 16 (August 20, 2020) - The Office of the Comptroller of the Currency fined Capital One USD 80 million for inadequate data controls leading to a 2019 data breach and for failing to fix...more
Report on Supply Chain Compliance 3, no. 16 (August 20, 2020) - Avon, a popular cosmetics company that sells door to door and online, experienced a data breach caused most likely by ransomware employed by a known hacker...more
The window for getting up to speed on California Consumer Privacy Act requirements is rapidly closing. The state Attorney General’s final version of the regulations goes into effect on July 1. This article provides a...more
With privacy and cybersecurity laws enacted or proposed in well over 100 countries, organizations must understand how to harmonize their cross-border compliance obligations. This webinar will assess the global stature of...more
The California Consumer Privacy Act (CCPA) took effect on New Year’s Day. California is the first state in the union to create a data privacy law for its residents. Other states will follow soon. For compliance purposes,...more
Not to say, I told you so, but around the same time that the Capital One data breach occurred, I was reminding clients that nearly half of all significant data breaches or cyber-incidents occur because of internal actors. ...more
James Grago has a nice business going. He runs a website called ClixSense.com that permits users to earn money by completing surveys and watching advertisements. Revenues grew from $6.7 million in 2015 to $9.1 million in...more
Why does this topic matter to organisations? Each time an organisation processes personal data, it will do so as either a controller or a processor. These roles bear different responsibilities. Therefore, it is critically...more
Data breaches are inevitable. 2017 was the “year of the data breach,” with more exposure of personally identifiable information (“PII”) than ever before. If you were one of the 30% of US-based consumers who were notified of a...more
Whether you are ready or not, the European Union (EU) General Data Protection Regulation (GDPR) goes live today, May 25, 2018. It will impact companies doing business in the United Kingdom (UK) and the EU as much as any other...more
In our continuing countdown to GDPR, we take up a key element in the upcoming General Data Protection Regulation (GDPR), which comes into effect on May 25, 2018, that being the issue of the Data Protection Impact Assessment...more
I am tempted to write something along the lines of “another month, another scandal at Uber” but I do not think that would really help any compliance professional or business executive learn from the latest FUBAR announced by...more