No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
Montana recently amended its privacy law through Senate Bill 297, effective October 1, 2025, strengthening consumer protections and requiring businesses to revisit their privacy policies that apply to citizens of Montana....more
On March 24, Virginia Governor Glenn Youngkin signed SB 754 into law. SB 754, which will take effect on July 1, 2025, amends the Virginia Consumer Protection Act (VCPA) to prohibit certain entities from, in connection with a...more
New York State Governor Hochul recently gave us a “pre” New Year’s gift: effective on December 21, 2024, any individuals or businesses possessing the “private information” of New Yorkers must notify them, and certain state...more
On June 25, 2024, Rhode Island became the 20th state to enact a comprehensive consumer data protection law, the Rhode Island Data Transparency and Privacy Protection Act (“RIDTPPA”). The state joins Kentucky, Maryland,...more
On August 2, 2024, Illinois Governor J. B. Pritzker signed legislation reforming Illinois’ Biometric Information Privacy Act (BIPA). Senate Bill 2979 immediately amends BIPA to limit a private entities’ potential liability...more
The Protecting Americans’ Data from Foreign Adversaries Act (PADFA or the Act) was signed into law by President Joe Biden on April 24 as part of a larger foreign aid appropriations bill. Although other portions of the...more
On March 6, 2024, New Hampshire Governor Chris Sununu signed into law SB 255-FN, An Act Relative to the Expectation of Privacy (the “Act”), making New Hampshire the 14th state to enact a comprehensive data privacy law —...more
On January 16, 2024, New Jersey became the fourteenth state to enact comprehensive privacy legislation after the passage of the New Jersey Data Privacy Act (“NJDPA”), adding to the growing national focus on consumer personal...more
On October 10, Governor Newsom signed the Delete Act ( SB 362) into law, which amends California's current data broker law to impose extensive additional disclosure and registration requirements on data brokers, and to...more
This week, California’s governor signed a first-in-the-nation law that will impose new regulations on data brokers, requiring such entities to delete personal data pursuant to consumer requests. Data brokers specialize in...more
In response to a constantly-evolving cyber threat landscape, the Biden Administration recently announced the launch of a new cybersecurity labeling program – the U.S. Cyber Trust Mark program – in an effort to enhance...more
Texas is joining a growing number of states in passing comprehensive privacy legislation intended to safeguard consumer personal data. Specifically, the Texas Data Privacy and Security Act (the “Act”) adds protections for...more
Last month, I reported on five new privacy laws going into effect in 2023. Well, now we can add one more to the list of US state privacy laws on the books. The recent passage of Iowa's data privacy law is a significant...more
Ramping up the state’s continued focus on data privacy, on June 8, 2022, Colorado Governor Jared Polis signed legislation aimed at limiting the use of facial recognition technology by government agencies and state...more
On March 24, 2022, Utah followed California, Virginia, and Colorado in adopting a comprehensive consumer data privacy law. On March 24, 2022, Utah Governor Spencer Cox signed the Consumer Privacy Act ("Act"), making Utah...more
Governor Mark Gordon signed the Wyoming Genetic Data Privacy Act into law on March 8, 2022. The law goes into effect on July 1, 2022. The Genetic Data Privacy Act requires any business that collects genetic data from...more
New York recently passed legislation to amend the definition of elder abuse to include identity theft. This is important as an acknowledgement of the seriousness of the problem of identity theft involving the elderly, and the...more
China recently enacted its Personal Information Privacy Law (PIPL), which came into effect November 1, 2021. PIPL has global reach and broadly regulates entities of all industries that process the personal data of Chinese...more
Very recently, various new personal data laws and substantial amendments to existing laws have been promulgated in the Greater China region. For example: - 10 June 2021: New data security laws were promulgated in China...more
Colorado just became the third state to pass a comprehensive data privacy law, creating more challenges for businesses trying to navigate a variety of state, federal, and international privacy regimes. The Colorado Privacy...more
Introduction Colorado has joined California and Virginia as the third state with a comprehensive data privacy law. On July 7, 2021, Colorado Governor Polis signed the Act into law, following the Colorado Senate's passage of...more
CYBERSECURITY - Fertility Clinic in Georgia Notifies Patients of Data Breach - Reproductive Biology Associates, LLC (RBA) and its affiliate, MyEggBank, notified approximately 38,000 patients that a data breach...more
Like Virginia and Washington before it, on March 19, 2021, Colorado introduced a data privacy bill, the Colorado Privacy Act (CPA). As currently drafted, the CPA would be similar to other U.S. state privacy laws, including...more
On March 2, 2021, Virginia’s Governor signed into law the Consumer Data Protection Act (“CDPA”). Virginia is the second state in the nation, after California, to enact a privacy law protecting the rights of individual...more
The Virginia Consumer Data Protection Act (CDPA) became law earlier this week when the state’s governor signed a bill recently adopted by the state’s legislature, making Virginia the second state in the nation with a...more