No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
As cybersecurity threats escalate, state legislatures across the country are tightening requirements for how insurance entities respond to data breaches – and thanks to a new law just passed several weeks ago, Missouri is...more
The New York State Department of Financial Services (NYDFS) and the Attorney General’s office have recently imposed significant fines totalling $11.3 million on Geico and Travelers for data breaches that compromised the...more
In this month's edition, we examine the Court of Justice of the European Union's decision invalidating the EU-U.S. Privacy Shield framework, as well as the U.S. government's response to the decision. We also examine two...more
Now that the CCPA is in effect, some companies will need to revise their policies. The cyber insurance markets are beginning to adapt to the new California Consumer Privacy Act (CCPA) which went into effect on January 1. ...more
Whether in connection with their marketing programs or other data-driven initiatives, nonprofit organizations are becoming more reliant on the data of their customers. Those that are collecting consumer data need to be aware...more
States continue to implement insurance-specific cyber and data security regulations, drawing on either the National Association of Insurance Commissioners Insurance Data Security Model Law (“Model Law”) or the New York...more
Ohio Attorney General Dave Yost recently announced a multistate settlement that will require health insurance company Premera Blue Cross to pay $10 million following a breach of protected health information (PHI). According...more
Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s...more
Following an investigation led by the Washington Attorney General, Premera Blue Cross has agreed to pay $10 million to 30 states after experiencing a data breach in 2014 that compromised the Protected Health Information of...more
• California's protracted legislative and regulatory process has complicated the landscape for businesses needing to implement the operational, technical and procedural changes required by the California Consumer Privacy Act....more
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do...more
Marriott International Inc. (Marriott) has released new numbers relating to its Starwood Hotel’s reservation database by stating that more than 5 million passport numbers were stolen in the database. ...more
We reported last week that a spyware maker recently compromised users’ and victims’ sensitive information. Since that time, another spyware maker, mSpy, which holds itself out as having over a million users employing its...more
Cybersecurity Task Force Launched in Arizona - Arizona Governor Doug Ducey launched the Arizona Cybersecurity Team (ACT) by Executive Order on March 1, 2018. The ACT is comprised of 22 members representing officials from...more
Regulatory components to cyber insurance policies are becoming increasingly valuable as data-breach enforcement continues to surge. The Federal Trade Commission (FTC or Commission), the nation’s primary privacy and data...more
On November 17, 2017, a U.S. district court in Florida narrowly construed personal and advertising injury coverage for data-breach claims under a commercial general liability policy. In Innovak International, Inc., v. The...more
In this hoganlovells.com interview, Hogan Lovells counsel Robert Fettman discusses the evolution of cyber insurance, the level of regulatory oversight applied to covered entities, and ways that noninsurance companies can...more
Effective March 1, 2017, the New York State Department of Financial Services promulgated regulations to help protect against cybercriminals and their efforts to exploit sensitive electronic data. These cybersecurity...more
Anthem Inc. has reportedly agreed to pay a settlement of $115 million to its customers that were affected by what is being called one of the largest data breaches in U.S. history....more
A covered entity will need to arrange for someone to perform the CISO function, dedicate resources to conduct periodic risk assessments, develop and implement policies and procedures, and retain appropriate personnel and...more
As we previously reported, in December 2016 the New York Department of Financial Services (the “DFS”) announced that it was revising its proposed regulation that would require banks, insurance companies and other financial...more
The Sixth Circuit joined the growing trend of appellate courts holding that plaintiffs had demonstrated standing for data breach class actions in Galaria et al. v. Nationwide Mutual Insurance Company. In a recent order, the...more
A recent decision by the U.S. Sixth Circuit Court of Appeals lowers the threshold for standing in data breach cases, giving data breach victims an easier path to sue the companies from which their data was stolen. Adam Frey...more
Last week, the Sixth Circuit held that allegations that personal information was stolen following a data breach was sufficient to confer Article III standing to sue to the affected individuals, even in the absence of...more
Insurers are a prime target for hackers as a result of the vast stores of valuable data they maintain. Not all information is created equal, and it varies in value. Hacker services and software, illegal drugs, cyberweapons...more