Many privacy professional may have missed it, but In the run-up to the New Year — while many U.S. companies were focused on complying with the California Privacy Rights Act (CPRA) — Congress passed an appropriations bill that contains significant new cybersecurity requirements for medical device companies. The Omnibus Appropriations Bill, which was signed
Philip N. Yannella
yannellap@ballardspahr.com | 215.864.8180 | view full bio
As Practice Leader of Ballard Spahr's Privacy and Data Security Group, and Practice Leader of the firm's E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use of digital information.
Phil regularly advises clients on the Stored Communications Act (SCA), Computer Fraud and Abuse Act (CFAA), EU-US Privacy Shield, General Data Protection Regulation (GDPR), Defense of Trade Secrets Act, PCI-DSS, Telephone Consumer Protection Act (TCPA), New York Department of Financial Services Cybersecurity Regulations, ISO 27001 compliance, HIPAA Security Rules, and FTC enforcement activity, as well as eDiscovery issues—leveraging his experience serving as National Discovery Counsel for more than two dozen companies in nationwide litigation. He harnesses his deep knowledge of privacy, data security, and information governance laws to help multinational companies develop global information governance programs to comply with overlapping, and sometimes conflicting, laws. Phil serves on the advisory board for the ACC Foundation's Cybersecurity Survey, the largest survey of in-house counsel on cybersecurity issues.
2023 Privacy and Data Security Preview

2022 proved to be an historic year for privacy and data security. Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states. For the first time, federal privacy legislation advanced to a House Subcommittee, and though the American Data Privacy and Protection…
Privacy, Cybersecurity and Access to Beneficial Ownership Information: FinCEN Issues Notice of Proposed Regulations Under the Corporate Transparency Act

A Deep Dive Into FinCEN’s Latest Proposals Under the CTA
On December 16, the Financial Crimes Enforcement Network (“FinCEN”) issued a 54-page notice of proposed rulemaking (“NPRM”) regarding access by authorized recipients to beneficial ownership information (“BOI”) that will be reported to FinCEN under the Corporate Transparency Act (“CTA”). The CTA requires covered entities –…
Pennsylvania Amends Data Breach Notification Law
In early November, Pennsylvania amended its data breach notification law broadening the definition of personal information. The amendment adds “health insurance information” and “medical information” as data elements that could trigger breach notification requirements. Coupled with this addition is a breach notification exception for businesses that are (1) subject to and (2) in compliance with…
Webinar Recording – The Colorado Privacy Act and Draft Rules
With its draft rules, Colorado has set forth a new model for state privacy laws. While there are many areas that are interoperable with the California model, the Colorado draft rules include important differences, as well as rules on topics that have been notably absent from California’s draft rules. Ballard partners Phil Yannella and Greg…
New Wiretap Cases Target Hospitals Using Meta Pixel
As we discussed in a recent webcast, there has been a surge in litigation focused on companies’ use of Meta Pixel, which is tracking code that enables the sharing of user online activity with Facebook. Recent litigation has alleged that use of Meta Pixel with online videos violates the Video Privacy Protection Act (VPPA). …
Webinar Recording – Assessing the Surge in Wiretap Litigation
In the past several months, plaintiff’s lawyers have filed dozens of class action lawsuits under state wiretap laws, some of which provide for statutory damages of $5000 per occurrence or more. The lawsuits focus on the use of chatbots, “session replay” software, and tracking code embedded in websites. Plaintiffs contend these tools enable the…
Third Circuit Becomes First Court of Appeals to Address Article III Standing in a Data Breach Case Post TransUnion
The Third Circuit recently became the first federal appellate court to address the question of whether the victim of a data breach has Article III standing to bring a claim for damages based on the fear of identity theft since the Supreme Court’s decision in TransUnion v. Ramirez in 2021. The Third Circuit, in Clemens …
Podcast – A Look at the Metaverse’s Legal Implications, with Special Guest Samantha Green, Director of Content Marketing, Epiq
After discussing what the Metaverse is and its possible uses by providers of legal and other services, we look at an array of legal issues that should be considered by lawyers and their clients operating in the Metaverse or contemplating doing so. Issues discussed include privacy rights of users of Metaverse platforms, data security, moderation…
Webinar Recording – Preparing for Compliance with the California Privacy Rights Act (CPRA)
With the CPRA set to become effective in a little more than three months, Ballard Spahr partners Phil Yannella and Greg Szewczyk discuss CPRA rule-making, the recent Sephora settlement, and outline key compliance steps that businesses should address before the January 1, 2023 deadline.