After a pandemic-related hiatus in 2020, a number of U.S. states have proposed new data privacy laws in 2021 – and several are very close to passage. Virginia’s proposed data privacy law appears to be the closest and is likely to be signed into law by Governor Northam in the near future. Washington and Florida’s
Philip N. Yannella
yannellap@ballardspahr.com | 215.864.8180 | view full bio
As Practice Leader of Ballard Spahr's Privacy and Data Security Group, and Practice Leader of the firm's E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use of digital information.
Phil regularly advises clients on the Stored Communications Act (SCA), Computer Fraud and Abuse Act (CFAA), EU-US Privacy Shield, General Data Protection Regulation (GDPR), Defense of Trade Secrets Act, PCI-DSS, Telephone Consumer Protection Act (TCPA), New York Department of Financial Services Cybersecurity Regulations, ISO 27001 compliance, HIPAA Security Rules, and FTC enforcement activity, as well as eDiscovery issues—leveraging his experience serving as National Discovery Counsel for more than two dozen companies in nationwide litigation. He harnesses his deep knowledge of privacy, data security, and information governance laws to help multinational companies develop global information governance programs to comply with overlapping, and sometimes conflicting, laws. Phil serves on the advisory board for the ACC Foundation's Cybersecurity Survey, the largest survey of in-house counsel on cybersecurity issues.
11th Circuit Finds No Standing Based on Fear of Future Identity Theft
In an opinion that deepens an existing circuit court split, the Eleventh Circuit recently held that the future risk of identity theft is not sufficient to establish Article III standing.…
Continue Reading 11th Circuit Finds No Standing Based on Fear of Future Identity Theft
Ballard PDS Partner to Join Ankura For Cybersecurity Webinar
On February 10, 2021, Phil Yannella, Chair of Ballard’s Privacy & Data Security Group, will join Ankura for a webinar, “2020 Cyber Year in Review”, which will recap cybersecurity events for 2020. Panel members will also offer their predictions for what cybersecurity issues will dominate headlines in 2021. You can register for the event here.
Federal Court Dismisses CCPA Claim Against Marriot International, Inc. For Lack of Standing
On January 12, 2021, the federal District Court for the Central District of California dismissed a data breach law suit—including a claim filed under the California Consumer Privacy Act (“CCPA”)—against Marriott International, Inc. The holding, which dismissed the claims for lack of standing, will likely play a role in a number of CCPA cases that…
Federal Court System—And Possibly Sealed Filings—Breached in Connection With SolarWinds Hack
The Administrative Office of the U.S. Courts (the “AO”) recently disclosed that it has initiated an investigation into an apparent compromise in security of the Judiciary’s Case Management/Electronic Case Files System (“CM/ECF”) as a result of vulnerabilities associated with SolarWinds Orion products. The AO noted that it is currently working with the Department of Homeland…
Federal Agencies Consider Requiring Reporting of Computer Security Incidents
On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator. Under the proposed rule, for incidents…
California Attorney General Shows No Sign of Slowing CCPA Rulemaking with Fourth Set of Proposed Modifications
The California Attorney General’s Office recently released a fourth set of proposed regulatory modifications to the California Consumer Privacy Act (the “CCPA”).
As background, the Attorney General’s Office had only just recently given notice of a third set of modifications on October 12, 2020. The third set of modifications revised the regulations relating to the…
California Voters Approve CPRA
On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”). The CPRA goes into effect on January 1, 2023, and will expand several of the existing protections in the California Consumer Privacy Act (the “CCPA”).
As background, the original CCPA…
Weakened Privacy and Information Security Tools—the Unintended Consequence of Attacks on Section 230 of the CDA
Assaults on Section 230 of the Communications Decency Act (the “CDA”)—which shields online platforms from civil liability for third party content on their services—are abundant these days. On October 15, 2020, FCC Chairman Ajit Pai announced that his agency, at the request of President Trump, will draft rules explaining when platforms’ efforts to moderate user-posted…
Ballard Spahr Q&A on Regulatory Risks Associated With Ransomware Negotiations
PDS Partners Phil Yannella and Greg Szewczyk recently participated in a Q&A with Net Diligence concerning the regulatory risks companies face when negotiating with ransomware threat actors. The Q&A is accessible on Net Diligence’s PDS blog.