No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
As cybersecurity threats escalate, state legislatures across the country are tightening requirements for how insurance entities respond to data breaches – and thanks to a new law just passed several weeks ago, Missouri is...more
Ally Financial Inc., a digital financial services company, faces two class action lawsuits in the U.S. District Court for the Western District of North Carolina related to an April 2024 data breach. The suits allege that Ally...more
On June 30, 2023, Mount Desert Island Hospital (“MDIH”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party had gained...more
Personal information from federal lawmakers and congressional staff members was available on the dark web following a breach of DC Health Link, the health insurance marketplace for Washington, D.C. In an internal memo sent to...more
The Federal Trade Commission will have its eye on privacy and data security enforcement in 2023. In August, the agency announced that it is exploring ways to crack down on lax data security practices. In the announcement,...more
PCS Revenue Control Systems, Inc. (PCS) was hit with a proposed class action lawsuit last week alleging that it discovered a data breach from a hacking attack in December 2019 but failed to notify the affected students until...more
As one of the largest information technology service providers to local governments, the cyber-attack on Tyler Technologies (Tyler) in Plano, Texas is a sobering reminder of how a cyber-attack on a third-party vendor can put...more
Data breaches are a hot topic and will undoubtedly get even hotter. Cybersecurity for your own enterprise isn’t enough — you must evaluate your vendors and determine if they’re prepared to resist cyberattacks. ...more
The current COVID-19 pandemic has forced many businesses online in order to survive. In many cases, businesses had no plans to be online. Others were forced to move online more quickly than planned. In order to assist these...more
Effective October 23, 2019 for changes in data breach notification requirements, and March 21, 2020 for new data security requirements, New York’s “Stop Hacks and Improve Electronic Data Security Act” (SHIELD Act) broadens...more
On September 13, the final day of its legislative session, the California Legislature approved five amendments to the California Consumer Privacy Act (CCPA), the state’s sweeping new privacy law that takes effect on January...more
Not to say, I told you so, but around the same time that the Capital One data breach occurred, I was reminding clients that nearly half of all significant data breaches or cyber-incidents occur because of internal actors. ...more
In another example of a data breach allegedly caused by a vendor, Choice Hotels is contacting approximately 700,000 of its customers regarding a data breach caused by a third-party vendor that “copied the impacted data from...more
In an unusual move, Delta Airlines (Delta) sued one of its vendors last week for the data breach it experienced in 2017. It’s an unusual move for several reasons. First, in our experience when a vendor causes a data breach,...more
The Federal Trade Commission (FTC) recently released updated data security guidance in connection with a proposed settlement with LightYear Dealer Technologies, LLC (dba DealerBuilt), a service provider for the auto dealer...more
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do...more
A Florida staffing agency which provides physicians to hospitals and nursing homes, has agreed to a $500,000 settlement with the U.S. Department of Health and Human Services, Office for Civil Rights. The settlement comes...more
Data breaches continue to be an unfortunate risk that companies face with increasing frequency. In this podcast, Rebecca Bennett, Stephen Riga, and Justin Tarka discuss data breaches from both a U.S. and EU perspective,...more
Recently, the Federal Trade Commission (“FTC”) announced that it has finalized its expanded settlement with ride-haling giant, Uber Technologies, Inc. (“Uber”) related to two major data breach incidents. The initial breach...more
After several years of cyberattacks, you may be lulled into thinking large, sophisticated companies have now employed adequate safeguards to prevent disclosure of your confidential information. Don’t be so sure. Earlier this...more
What You Need to Know Now - • The new law takes effect January 1, 2020, but there’s a lot to do so you need to start work now. • The new law expands the definition of personal information and gives California consumers...more
• California recently passed the landmark California Consumer Privacy Act that goes into effect in 2020, which grants California residents new privacy rights. • The CCPA creates a private right of action for California...more
In an age where data is widely available and almost everything is stored online, data breaches are becoming more common, and the outcomes of cases involving data breaches are unpredictable. Data involved in a breach can range...more
On May 29, 2018, Colorado passed House Bill 18-1128, which requires "covered entities" to comply with new rules regarding the security and disposal of "personal identifying information" (PII). The new law also provides an...more
Uber Technologies, Inc. (“Uber”) has agreed to an expansion of its initial August 2017 proposed consent agreement with the Federal Trade Commission (“FTC”), in light of revelations of an additional security breach in October...more