No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
New Jersey officials recently released proposed privacy regulations that would create several new compliance obligations for businesses above and beyond what existing state law and many other state laws require, meaning you...more
In Part Two of this FAQ series, we continue to break down Virginia’s Senate Bill 754, Consumer Protection Act; prohibited practices, etc., reproductive or sexual health information (Act), which amends the Virginia Consumer...more
Montana recently amended its privacy law through Senate Bill 297, effective October 1, 2025, strengthening consumer protections and requiring businesses to revisit their privacy policies that apply to citizens of Montana....more
While most state data breach notification statutes contain similar components, there are important differences, meaning a one-size-fits-all approach to notification will not suffice. What’s more, as data breaches continue to...more
On March 24, Virginia Gov. Glenn Youngkin approved SB 754, titled “Consumer Protection Act; prohibited practices, etc., reproductive or sexual health information.”...more
Much like Blockbuster Video rental stores (of which you might be surprised to learn there is still one remaining), the Video Privacy Protection Act (VPPA) was quietly slipping into obsolescence with the advent of the Internet...more
In a development that seems to have flown mostly under the radar this week, Virginia’s governor signed on Monday SB754, a bill passed by the state’s General Assembly that amends the state’s Consumer Protection Act to strictly...more
In a notable development for corporate defendants grappling with consumer privacy litigation, the Southern District of New York has recently issued a decision in Lee v. Springer Nature America, Inc., embracing a broadened...more
The Video Privacy Protection Act (“VPPA”), a federal statute enacted in 1988, is gaining new relevance in recent years as plaintiffs bring lawsuits with the goal of enforcing online privacy rights. 2024 saw a continuation of...more
The rise of digital transactions has transformed interactions between consumers and businesses. As technology rapidly advances, regulatory frameworks must adapt to address emerging challenges. Federal Decree-Law No. 14/2023...more
Can you believe it? Summer isn’t over yet, but it’s already time to start thinking about the upcoming school year. For parents of younger children, this means shopping for school supplies and new clothes, reestablishing...more
The SEC continues to expand its cybersecurity enforcement authority to include allegations that a company's failure to monitor its managed security service providers (MSSP) amounts to violations of federal securities laws....more
Generally, an attorney can issue subpoenas. However, when you seek to serve an Internet Service Provider ("ISP) to find out the name and address of the subscriber (who may be an infringer of your IP), the Cable Privacy Act...more
The Corporate Transparency Act (the “CTA” or “Act”), enacted as part of the National Defense Authorization Act for Fiscal Year 2021, marks a significant shift in the regulatory framework for businesses in the United States....more
At its December meeting, the Federal Communications Commission approved a Report and Order modifying its data protection rules. The order expands the scope of protected data to include personally identifiable information....more
“Material Cybersecurity Incident” Standard Will Have a Monumental Impact on Current Cyber Disclosure Requirements - On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) adopted the Cybersecurity Risk...more
This second part of a two-part series on U.S. regulation of artificial intelligence systems highlights state legislation and litigation to watch concerning AI systems, and provides practical takeaways as we look toward the...more
When organizations need to certify that their employees and their activities are all accounted for, they often send out a quarterly or annual certification to confirm that: But how do risk and legal teams manage an intake of...more
On June 21, the Department of Homeland Security (DHS) published a final rule to implement security measures that safeguard controlled unclassified information (CUI) from unauthorized access and disclosure and improve incident...more
Amazon Sued for Not Telling New York Store Customers about Tracking Biometrics - “Thanks to a 2021 law, New York is the only major American city to require businesses to post signs letting customers know they’re tracking...more
The newest old privacy law being weaponized in consumer class actions is the Video Privacy Protection Act (VPPA), a Reagan- era law passed in the wake of Judge Robert Bork’s video rental history being leaked to the press. ...more
On August 16, 2022, the Internal Revenue Service issued a final regulation on its ability to provide state governments with information regarding organizations seeking to become exempt and those already exempt from federal...more
In this modern day and age, most attorneys and law firms have a website where they list the services that they offer, provide valuable insights into novel legal issues, and connect with current and prospective clients....more
School districts must consider the sanctity and privacy of data they maintain, as a recent decision underscores from the New York State Education Department’s Office of the Chief Privacy Officer. This alert explains the...more
In a speech to the Securities Regulation Institute conference last week, Chair Gary Gensler signaled the SEC may implement more stringent cybersecurity regulations, and in the meantime, would work to enforce existing...more