No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Keypoint: In this post: (1) Standing may depend on how specific plaintiffs’ complaint is; (2) the 2d Circuit adopts the 3rd and 9th Circuit’s narrower interpretation of PII under the VPPA; (3) Promises in privacy policies not...more
Keypoint: California state courts weigh in on what does, and does not, qualify as a “pen registry” or “tap and trace” device while one California federal court raises whether a wiretapping claim can also allow for a CCPA...more
Keypoint: California district courts continue to split over whether “knowledge” is required to plead liability under Section 631(a)’s fourth prong while two decisions show courts taking different approaches to VPPA claims at...more
On August 23, 2024, a proposed class action lawsuit was filed by Kamilah Jolly, against FurtherEd, Inc., doing business as Lawline, which centers on allegations that Lawline violated the Video Privacy Protection Act (VPPA)....more
Keypoint: Courts have started to issue Pixel-based wiretapping decisions, the Seventh Circuit weighs in on when a manufacturer can be forced to pay arbitration fees, and three courts showed different approaches to dismissing...more
The California Consumer Privacy Act (CCPA), considered one of the most expansive U.S. privacy laws to date, went into effect on January 1, 2020. The CCPA placed significant limitations on the collection and sale of a...more
Keypoint: While the Washington Privacy Act appears poised to pass the Senate, a competing bill introduced in the House of Representatives would require opt-in consent for processing, create an Illinois-like biometric...more
To get prepared for the California Consumer Privacy Act (CCPA), get a grasp of the basic jargonese and terms involved. The CCPA will impact hundreds of thousands of businesses worldwide. In “A Glossary Guide to the CCPA”,...more
Data scraping is a technique by which automated tools are used to extract data from a website and format the data for analysis. Many companies mine website users’ publicly accessible data in order to tailor products and...more
The Federal Trade Commission announced its settlement with Facebook on the same day that Robert Mueller testified before the House Judiciary Committee. While this may have been calculated to take Facebook off the front page,...more
It’s been a tough week for the healthcare industry. Just days after Quest Diagnostics reported a breach at a third-party vendor affecting approximately 11.9 million of its patients, LabCorp disclosed that a breach at the...more
According to reports, bank customers in Australia (yes, data breach notification requirements exist down under) have been affected by “an industry-wide” data breach experienced by a third-party service provider to the banks –...more
Words matter. Nowhere is this truer than in legislation, where word choices—often the product of long debate and imperfect compromise—determine the scope and impact of a law. ...more
The EU’s General Data Protection Regulation (GDPR) goes into effect on May 25th. As most organizations are aware, the GDPR applies not only to EU businesses but also many companies in the U.S. While the deadline is quickly...more
A New York district court opinion is the latest addition to our watch of ongoing VPPA-related disputes, a notable decision on the issue of what exactly is a disclosure of “personally identifiable information” (PII) under the...more
There are several reasons an employer might have employee health information, ranging from the results of a pre-employment physical to the contents of a request for FMLA leave to what’s written in a health provider’s note...more
The Eleventh Circuit issued a notable ruling this week limiting a mobile app’s liability under the Video Privacy Protection Act (VPPA), 18 U.S.C. § 2710, a law enacted in 1988 to preserve “consumer” personal privacy with...more
Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more
On October 6, 2015, California Governor Jerry Brown signed into law several changes to California’s Data Breach Notification Statute. The law, as amended, adds additional categories of information into the definition of...more
A new privacy law requires companies to make specific statements about what information is collected on its website. Like California, it also requires that companies state in writing whether they respect “Do Not Track”...more
A registered investment adviser agreed to settle SEC charges that it failed to adopt adequate cybersecurity policies and procedures reasonably designed to protect customer records and information as required by Rule 30(a) of...more
On September 22, 2015, the Securities and Exchange Commission (SEC) announced the settlement of an enforcement action against a St. Louis-based registered investment adviser (Adviser) brought under Rule 30(a) of Regulation...more
One of the more dramatic privacy law developments in China in 2014 was the August criminal conviction of foreign nationals Peter Humphrey and Yu Yingzeng for their violation of Article 253 of the Criminal Law (??) associated...more
The Social Security and Tax Number (“My Number”) System (the “System”) will go into effect in January 2016, and the government will start distributing My Numbers to all citizens in October 2015. The Act on the Use of Numbers...more
Finding that the Plaintiffs lacked Article III standing to pursue their case, Google, Inc. (“Google”) won dismissal of the Android users’ putative class action lawsuit after more than three years of litigation. In re Google...more