Michael G. Morgan

Subscribe to Michael G. Morgan's Posts
Michael Morgan is a leader of the Firm’s Global Privacy and Cybersecurity practice. Recognized as one of the nation’s leading lawyers in cyber incident response, Mike has guided clients through some of the largest and most complex data breaches, including state-sponsored attacks, breaches involving more than 50 million records, and incidents affecting persons in more than 100 countries around the world. He represents clients in the defense of breach-related government investigations and class action litigation as well as pre-breach planning and post-breach remediation. Read Michael Morgan's full bio.

To Scan or Not to Scan: Surge in Lawsuits under Illinois Biometrics Law


By , and on Jan 9, 2018
Posted In Employment, Privacy and Data Security

The Illinois Biometric Information Privacy Act is having its moment. At least 32 class action lawsuits have been filed by Illinois residents in state court in the past two months challenging the collection, use and storage of biometric data by companies in the state. This may cause a reassessment of company strategies and development of...

Continue Reading



Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws


By and on Jan 12, 2017
Posted In Health and Welfare Plans, Privacy and Data Security

The US Department of Health and Human Services has recently issued guidance under the Health Insurance Portability and Accountability Act on what covered entities and business associates can do to prevent and recover from ransomware attacks; however, other state data breach notification laws can also be triggered by a ransomware attack. The authors of this...

Continue Reading



The Privacy Shield: September 30, 2016, Deadline for Early Self-Certification Offers Compliance Opportunity and Risk


By , and on Sep 6, 2016
Posted In Privacy and Data Security

The European Commission recently determined that the Privacy Shield Framework is adequate to legitimize data transfers under EU law, providing a replacement for the Safe Harbor program. The Privacy Shield is designed to provide organizations on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data...

Continue Reading



Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws


By and on Aug 15, 2016
Posted In Privacy and Data Security

On July 28, 2016, US Department of Health and Human Services (HHS) issued guidance (guidance) under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and recover from ransomware attacks. Ransomware attacks can also trigger concerns under state data breach notification laws. Ransomware is a...

Continue Reading



STAY CONNECTED

TOPICS

ARCHIVES