No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Our readers may recall our prior pieces in which we discussed a New Jersey State privacy law, colloquially known as Daniel’s Law. As our readers know, many of the defendants in these Daniel’s Law lawsuits challenged the...more
The US Court of Appeals for the Second Circuit has repeatedly affirmed dismissals of putative class actions brought under the Video Privacy Protection Act (VPPA) based on the use of third-party tracking technologies. The...more
On May 1, 2025, the United States Court of Appeals for the Second Circuit issued its decision in Solomon v. Flipps Media, Inc., affirming the dismissal of a putative class action alleging violations of the Video Privacy...more
The Second Circuit Court of Appeals upheld the dismissal of a proposed class action against Flipps Media (now Triller TV), ruling that the company did not violate the federal Video Privacy Protection Act (VPPA) by sharing...more
Much like Blockbuster Video rental stores (of which you might be surprised to learn there is still one remaining), the Video Privacy Protection Act (VPPA) was quietly slipping into obsolescence with the advent of the Internet...more
On June 30, the U.S. Court of Appeals for the First Circuit overruled a district court’s dismissal of a putative class action against a home delivery pharmacy service for allegedly failing to prevent a 2021 data breach that...more
Does your business collect or use fingerprints? Do your building access points use retina, finger, or palm scans? Does your security office use facial recognition technology to identify repeated trespassers? Do your phone...more
A federal appeals court recently addressed whether employees had standing to bring a lawsuit when their personally identifiable information (PII) was inadvertently circulated to other employees at the company, with no...more
Report on Patient Privacy 20, no. 6 (June 2020): A divided Indiana Court of Appeals has reinstated a patient’s claim that a hospital is vicariously liable for the actions of a medical assistant who accessed the patient’s...more
Data scraping is a technique by which automated tools are used to extract data from a website and format the data for analysis. Many companies mine website users’ publicly accessible data in order to tailor products and...more
On June 13, 2019, the U.S. Seventh Circuit Court of Appeals in Miller v. Southwest Airlines, Co., Case 18-3476 (June 13, 2019), ruled that claims asserted under the Illinois Biometric Information Privacy Act (“BIPA”), in the...more
A recent ruling in the Illinois Appellate Court maintained that biometric data claims under the Illinois Biometric Information Privacy Act (BIPA) do not amount to wage-and-hour claims subject to a luxury hotel owner's...more
In a much-anticipated ruling, the Illinois Supreme Court recently held that allegations of actual injury are not required to seek damages under Illinois’ Biometric Information Privacy Act (BIPA or the Act). The case is...more
The Illinois Supreme Court issued its long-awaited ruling in Rosenbach and reversed the appellate court’s decision that technical violations of the Illinois Biometric Information Privacy Act (“BIPA” or “Act”) without “some...more
In a highly anticipated ruling, the Illinois Supreme Court on January 25, 2019, held that plaintiffs who violated the Illinois Biometric Information Privacy Act — which regulates the collection of biometric information such...more
• On January 25, 2019, the Illinois Supreme Court issued a decision interpreting the Biometric Information Privacy Act (BIPA) in the Rosenbach v. Six Flags Entertainment Corp. appeal. The court ruled that a plaintiff does not...more
In a landmark decision with far-reaching implication, the Pennsylvania Supreme Court recently held that employers have an affirmative duty to protect their employees’ personal information from criminal hacking. In particular,...more
On November 20, 2018, the Illinois Supreme Court heard oral arguments in Rosenbach v. Six Flags Entertainment Corp. and Great America LLC to decide whether a technical violation of Illinois’ Biometric Information Privacy Act...more
UK supermarket chain Morrisons has been held vicariously liable for the acts of a malicious employee in the UK’s first data leak class action. The issue began in 2014, when a disgruntled Morrison’s internal IT auditor posted...more
The U.S. Court of Appeals for the Third Circuit has found that plaintiffs must show a causal connection between the theft of their personal information and the purported harm that they have suffered in order to survive a...more
In recent years, the use of biometrics in business has been growing. In the employment context, for example, some employers use biometric time clocks, which allow employees to “clock in” with a fingerprint or iris scan....more
Since mid-September 2017, more than 50 employers that use “biometric timeclocks” in Illinois have been targeted with class action lawsuits alleging violations of the state’s Biometric Information Privacy Act (“BIPA”). A...more
In this month's edition of our Privacy & Cybersecurity Update, we discuss a Washington state court decision allowing a data breach lawsuit to move forward on a negligence claim, a Ninth Circuit ruling regarding releasing...more
UCLA was absolved by a California judge last week in a suit filed by a patient of a UCLA affiliated doctor’s group, who alleged that a temporary worker in the doctor’s office used the doctor’s username and password to get...more
The U.S. Court of Appeals for the Third Circuit announced that the Federal Trade Commission (FTC) has the authority to scrutinize a business’s data security protocol -- and to file a complaint if the FTC finds that protocol...more