No Password Required: Director and Cybersecurity Adviser at KPMG and Rain Culture Authority
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Biometric Litigation
Founder of Cyber Security Unity, Member of the Order of the British Empire, and Appreciator of '80s Soap Operas
Illinois Supreme Court Clarifies BIPA Violation Accruals, Opening the Door for “Annihilative” Damage
No Password Required: The Custom T-Shirt-Wearing CEO Who Not Only Appreciates Mega Man ... He Basically Is One
Hybrid Workforces and Compliance with Sheila Limmroth
Legislating Data Privacy Series: A Conversation with Massachusetts Representatives Dave Rogers and Andy Vargas
State Law Privacy Video Series | Privacy and Sensitive Information
Podcast: BIPA Trends in 2022
State Law Privacy Video Series | Applicability
Getting Personal—Wearable Devices, Data, and Compliance
Episode 8: Why brokers, not breaches, are America's greatest privacy threat (with Rob Shavell)
NGE On Demand: Personal Data Protection Travels: The New Standard Contractual Clause with John Koenigsknecht and David Wheeler
Inside Privacy Law: The Regulation of Personal Data
NGE On Demand: Cybersecurity Considerations for Emerging Companies with Michael Gray and David Wheeler
Oklahoma: Changing Data Privacy as We Know It?
The Convergence of AI and Data Privacy in eDiscovery: Using AI and Analytics to Identify Personal Information
Reducing Cybersecurity Burdens with a Customized Data Breach Workflow
Sitting with the C-Suite: Looking Ahead to Potential Compliance Issues Due to COVID-19
New Jersey officials recently released proposed privacy regulations that would create several new compliance obligations for businesses above and beyond what existing state law and many other state laws require, meaning you...more
Keypoint: In this post: (1) Standing may depend on how specific plaintiffs’ complaint is; (2) the 2d Circuit adopts the 3rd and 9th Circuit’s narrower interpretation of PII under the VPPA; (3) Promises in privacy policies not...more
With the advent of a new year comes a new set of consumer data privacy laws in the United States. Five new state data privacy laws go into effect in January 2025, with additional laws coming throughout 2025 and into 2026....more
A California appeals court just pressed fast-forward and ruled that the state can immediately begin enforcing new regulations governing the state’s cornerstone data privacy law instead of waiting until late next month. This...more
The California Attorney General just announced an investigative sweep of mobile apps that allegedly fail to meet the requirements of state data privacy law, meaning businesses that conduct business through apps need to...more
The case of Popa v. Harriet Carter Gifts, Inc. “began with a quest for pet stairs.” Plaintiff Ashley Popa searched Harriet Carter Gifts’ website, added pet stairs to her cart, but never completed the purchase. During her...more
On October 31, 2022, the Federal Trade Commission (FTC) announced a complaint and proposed consent order against Chegg, an edtech company, over its security practices that resulted in four security breaches in three years....more
As you may recall from our previous advisory, "The European Commission Implements New Standard Contractual Clauses", existing data sharing contracts that include the old standard contractual clauses ("SCCs") will only remain...more
Keypoint: Modifications to the CCPA regulation’s provisions regarding requests to opt-out and authorized agent requests are now final. On March 15, 2021, the California Attorney General’s office announced that the Office...more
Keypoint: There were four notable developments this week: the Florida House passed a bill out of committee, lawmakers proposed a new bill in Texas, the Washington Privacy Act was scheduled for a public hearing and committee...more
On February 7, 2020, the California Attorney General (AG) published, and updated on February 10, modified proposed regulations (Modified Regulations) implementing the California Consumer Privacy Act (CCPA). The Modified...more
Florida lawmakers have proposed data privacy legislation that, if adopted, would impose significant new obligations on companies offering a website or online service to Florida residents, including allowing consumers to “opt...more
On May 29, 2019, Nevada’s governor approved a new privacy law, Senate Bill 220 (“SB 220”). SB 220 amends existing state law that requires operators of websites and online services (“Operators”) to post privacy notices on...more
At Password Protected we strive to inform readers of recent developments in data privacy law. While California Consumer Privacy Act (CCPA) is forcing new changes to data privacy policies, procedures and practices, we want to...more
The CCPA is an unprecedented privacy law that grants California residents sweeping rights concerning the collection and use of their information. Once the law becomes effective on January 1, 2020, covered businesses can...more
In this month's edition of our Privacy & Cybersecurity Update, we discuss a Washington state court decision allowing a data breach lawsuit to move forward on a negligence claim, a Ninth Circuit ruling regarding releasing...more
By now, most everyone has heard it from a friend who, heard it from a friend who, heard it from another about the U.S. Supreme Court’s 2016 decision in Spokeo, Inc. v. Robins. It is the case being cited across the country in...more
The U.S. Court of Appeals for the Eighth Circuit has held that allegations that the security provisions of a privacy policy were violated are sufficient for standing in a data breach case, but that plaintiffs’ contractual...more
Nevada recently became the latest state to pass a law requiring operators of websites and online services to post a public notice regarding their privacy practices. California was the first state to pass such a law in 2004,...more
Boulder Partner David Zetoony published the 2017 edition of his handbook, Data Privacy and Security: A Practical Guide for In-House Counsel, on Jan. 28 – Data Privacy Day. The guide provides an overview of laws relevant to a...more
With the onslaught of Affordable Care Act changes, health plan sponsors have much to think about lately. Given the number of other issues affecting them, plan sponsors may feel that HIPAA privacy and security is an issue they...more
As multinational employers are aware, data privacy laws can vary greatly from jurisdiction to jurisdiction. Ensuring compliance with the different requirements can be challenging, and the penalties for noncompliance can be...more
The Delaware Online Privacy and Protection Act takes a broad approach to the collection and disclosure of personally identifiable information. Delaware Governor Jack Markell recently signed the Delaware Online Privacy...more
The U.S. Court of Appeals for the Third Circuit announced that the Federal Trade Commission (FTC) has the authority to scrutinize a business’s data security protocol -- and to file a complaint if the FTC finds that protocol...more
In Part 1, we covered some basic privacy policy concepts. Here in Part 2, we address three problems associated with privacy policies in practice. 1. You Don’t Have One, But You Really Should - There is no...more